hacking with remote admin tools (rat)

Report

Tags:

Post on 08-Jun-2015

23.184 Views

Category:

Technology

3 Downloads

Preview:

Click to see full reader

DESCRIPTION

This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.

TRANSCRIPT

Hacking with Remote Admin Tools (RATs)

Zoltan BalazsCTO @MRG Effitas

Budapest IT Security MeetupJanuary 2014

Remote admin tools

Could be legitimateUsually it is not

All the features for remote administrationUpload/download filesRegistry editorShell commandsRemote desktop

Using RAT might be illegal, and might be considered as a crime!Don’t try this at home!

Why are these skiddie toolz important?

Only pentesters use meterpreterScript kiddies use RATsNot just "1337 |-|4x0r5” use RATs!

Know your enemy!Malware incident responseForensic investigation

Typical RAT scenario

1998

DEF CON 6 on August 1, 1998

Dictionary to skiddie language

Skiddie worldserver clientFUD

cryptorprivate/elite/gold version

Average worldclient malware on victim

server code @skiddieFully UnDetectablesome lame packer

full version (not demo)

Tutorialz for script bunniez

How to fail at OPSEC?

https://www.youtube.com/results?search_query=setup+rat+tutorialhttp://www.youtube.com/watch?v=NkkqPLVscC4

https://www.youtube.com/results?search_query=setup+rat+tutorial
https://www.youtube.com/results?search_query=setup+rat+tutorial
https://www.youtube.com/results?search_query=setup+rat+tutorial
https://www.youtube.com/results?search_query=setup+rat+tutorial
http://www.youtube.com/watch?v=NkkqPLVscC4
http://www.youtube.com/watch?v=NkkqPLVscC4

#opsecfail

#opsecfail

#opsecfail

#opsecfail

#opsecfail

The skiddie’s youtube list on Cyber Threat Task Force (google cache only)

But a script kitty’s life is not just about work

But FUN as well!

Fun manager - Fun menu

Extra fun

Fun feature 3

Fun feature 4 – Matrix chat

Fun feature 5

Ultimate fun …

Ultimate fun feature 6 - Piano

Hacking Internet Explorer

Scary features

Scary feature 1

DLL inject into iexplore.exeProxy awareTransparent proxy authenticationLocal software firewall bypassNo new process running

Scary feature 2 – Melt/uninstall

Melt server deletes the dropper

No wipeForensics restoration possible

Uninstall server deletes the persistence file

No wipeForensics restoration possible

Scary feature - Alternate data stream

Scary feature 3 - Anti AV

Scary feature 4 – Anti VM, Anti sandbox

Private/elite version

Downloading and running binaries from people like this is a bad idea!hxxp://www.theatregelap.com/2012/06/xtremerat-v-36-private.html

JRATMultiplatformEvade some software firewalls (java.exe allowed)Easier to obfuscateScreenshots ©Symantec

AndroRAT

© VRT Snort blog

Cryptor

High profile attacks

High profile attacks

top related

a hacking atlas: holistic hacking in the urban theater ·...
Documents
apogée - sendeyo · 2020-06-15 · v v v v rat rat rat rat...
Documents
hacking exposed: mobile rat edition - rsa conference
Documents
hacking rural medicine - hacking 101
Health & Medicine
senior db admin/architect, mozilla -...
Documents
saint: mapping the cybercrime · 2018-04-20 · #hacking...
Documents
hacking wireless world, rfid hacking
Technology
hacking training - flane.de · infrastructure hacking web...
Documents
ethical hacking - good aspect of hacking
Technology
hacking: computer hacking beginners guide
Documents
hacking health-camp - hacking health
Government & Nonprofit
hacking and civic hacking
Social Media
université hassan 1er - sendeyo · 2020-06-15 · v v rat...
Documents
hacking and ways to prevent hacking
Documents
hacking & ethical hacking
Documents
brown rat - nixalite · 2016-01-25 · brown rat aka: rat,...
Documents
the hacker news: hacking wireless dsl routers via admin...
Technology
hacking and anti hacking
Technology
# !@ ethical hacking. 2 # !@ ethical hacking - ? why –...
Documents
rat and rat trap
Documents