Module 07: Malware Threats

 

Module 07: Malware Threats

Scenario

Malware poses a major security threat to information security. Malware writers explore new attack vectors to exploit vulnerabilities in information systems. This leads to ever more sophisticated malware attacks, including drive-by malware, “maladvertising” (or “malvertising”) and advanced persistent threats. Although organizations try hard to defend themselves using comprehensive security policies and advanced anti-malware controls, the current trend indicates that malware applications are targeting “lower-hanging fruit”; these include unsecured smartphones, mobile applications, social media, and cloud services. This problem is further complicated, because of the challenges faced during threat prediction.

Assessing an organization’s information system against malware threats is a major challenge today, because of the rapidly changing nature of malware threats. One needs to be well-versed in the latest developments in the field and understand the basic functioning of malware to select and implement the controls appropriate for an organization and its needs.

The lab activities in this module provide first-hand experience with various techniques that attackers use to write and propagate malware. You will also learn how to effectively select security controls to protect your information assets from malware threats.

Objective

The objective of the lab is to create malware and perform other tasks that include, but are not limited to:

  • Create a Trojan and exploit a target machine
  • Create a virus to infect the target machine
  • Perform malware analysis to determine the origin, functionality, and potential impact of a given type of malware
  • Detect malware

Overview of Malware

With the help of a malicious application (malware), an attacker gains access to stored passwords in a computer and is able to read personal documents, delete files, display pictures, or messages on the screen, slow down computers, steal personal information, send spam, and commit fraud. Malware can perform various malicious activities that range from simple email advertising to complex identity theft and password stealing.

Programmers develop malware and use it to:

  • Attack browsers and track websites visited
  • Affect system performance, making it very slow
  • Cause hardware failure, rendering computers inoperable
  • Steal personal information, including contacts
  • Erase valuable information, resulting in substantial data losses
  • Attack additional computer systems directly from a compromised system
  • Spam inboxes with advertising emails

Lab Tasks

Ensure that the Windows Defender Firewall is Turn off on the machines you are using for the lab tasks in this module, as it blocks and deletes malware as soon as it is executed.

Attackers, as well as ethical hackers or pen testers, use numerous tools and techniques to gain access to the target network or machine. Recommended labs that will assist you in learning various malware attack techniques include:

  1. Gain access to the target system using Trojans

    • Gain control over a victim machine using the njRAT RAT Trojan
    • Hide a Trojan using SwayzCryptor and make it undetectable to various anti-virus programs
    • Create a server using the ProRat Tool
    • Create a Trojan server using Theef RAT Trojan

  2. Infect the target system using a virus

    • Create a virus using the JPS Virus Maker Tool and infect the target system

  3. Perform static malware analysis

    • Perform online malware scanning using VirusTotal
    • Perform a strings search using BinText
    • Identify packing and obfuscation methods using PEid
    • Find the portable executable (PE) information of a malware executable file using PE Explorer
    • Identify file dependencies using Dependency Walker
    • Perform malware disassembly using IDA and OllyDbg

  4. Perform dynamic malware analysis

    • Perform port monitoring using TCPView and CurrPorts
    • Perform process monitoring using Process Monitor
    • Perform registry monitoring using Regshot and jv16 PowerTools
    • Perform Windows services monitoring using Windows Service Manager (SrvMan)
    • Perform startup program monitoring using Autoruns for Windows and WinPatrol
    • Perform installation monitoring using Mirekusoft Install Monitor
    • Perform files and folder monitoring using PA File Sight
    • Perform device driver monitoring using DriverView and Driver Booster
    • Perform DNS monitoring using DNSQuerySniffer

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more