Hacking with Remote Admin Tools (RAT)

•Télécharger en tant que PPTX, PDF•

14 j'aime•49,808 vues

This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.

Technologie

Hacking with Remote Admin
Tools (RATs)
Zoltan Balazs
CTO @MRG Effitas
Budapest IT Security Meetup
January 2014

Remote admin tools
Could be legitimate
Usually it is not

All the features for remote administration
Upload/download files
Registry editor
Shell commands
Remote desktop

Using RAT might be illegal, and might be
considered as a crime!
Don’t try this at home!

Why are these skiddie toolz
important?
Only pentesters use meterpreter
Script kiddies use RATs
Not just "1337 |-|4x0r5” use RATs!

Know your enemy!
Malware incident response
Forensic investigation

Dictionary to skiddie language
Skiddie world
server
client
FUD
cryptor
private/elite/gold version

Average world
client malware on victim
server code @skiddie
Fully UnDetectable
some lame packer
full version (not demo)

Tutorialz for script bunniez
How to fail at OPSEC?
https://www.youtube.com/results?
search_query=setup+rat+tutorial
http://www.youtube.com/watch?v
=NkkqPLVscC4

The skiddie’s youtube list on Cyber Threat Task Force (google cache only)

But a script kitty’s life is not just about
work
But FUN as well!

Scary feature 1
DLL inject into iexplore.exe
Proxy aware
Transparent proxy authentication
Local software firewall bypass
No new process running

Scary feature 2 – Melt/uninstall
Melt server deletes the
dropper
No wipe
Forensics restoration
possible

Uninstall server deletes
the persistence file
No wipe
Forensics restoration
possible

Private/elite version
Downloading and running binaries from people
like this is a bad idea!
hxxp://www.theatregelap.com/2012/06/xtreme
rat-v-36-private.html

JRAT
Multiplatform
Evade some software firewalls
(java.exe allowed)
Easier to obfuscate
Screenshots ©Symantec

Contenu connexe

Tendances

этичный хакинг и тестирование на проникновение (Publ)Teymur Kheirkhabarov

Metasploit framework in Network SecurityAshok Reddy Medikonda

SAST vs. DAST: What’s the Best Method For Application Security Testing?Cigital

Ethical hackingAlapan Banerjee

Red Team Methodology - A Naked LookJason Lang

Windows Registry Forensics with Volatility FrameworkKapil Soni

Metasploit seminarhenelpj

Bug bountyn|u - The Open Security Community

Penetration testing reporting and methodologyRashad Aliyev

Malware Static AnalysisHossein Yavari

WTF is Penetration Testing v.2Scott Sutherland

Cyber SecurityNcell

Recon and Bug Bounties - What a great love story!Abhijeth D

Introduction to penetration testingNezar Alazzabi

Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov

SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...WhiteSource

MalwareTuhin_Das

Penetration testing using metasploitAashish R

How to Reverse Engineer Web ApplicationsJarrod Overson

Bug Bounty 101Shahee Mirza

Tendances (20)

этичный хакинг и тестирование на проникновение (Publ)

Metasploit framework in Network Security

SAST vs. DAST: What’s the Best Method For Application Security Testing?

Ethical hacking

Red Team Methodology - A Naked Look

Windows Registry Forensics with Volatility Framework

Metasploit seminar

Bug bounty

Penetration testing reporting and methodology

Malware Static Analysis

WTF is Penetration Testing v.2

Cyber Security

Recon and Bug Bounties - What a great love story!

Introduction to penetration testing

Hunting for Credentials Dumping in Windows Environment

SAST (Static Application Security Testing) vs. SCA (Software Composition Anal...

Malware

Penetration testing using metasploit

How to Reverse Engineer Web Applications

Bug Bounty 101

Similaire à Hacking with Remote Admin Tools (RAT)

Porting your favourite cmdline tool to AndroidVlatko Kosturjak

DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado

How to be come a hacker slide for 2600 laosOuthai SAIOUDOM

Pentesting Android ApplicationsCláudio André

ShinoBOT SuiteShota Shinogi

Smart Cards & Devices Forum 2012 - Smart Phones SecurityOKsystem

Night of the living vulnerabilities: forever-days of IoT - Stefano Zanero, Ro...Codemotion

How Printers Get Hacked ?HusseinMuhaisen

The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor

Metasploit3 - David CalligarisDaniele Albrizio

Antivirus Evasion Techniques and Countermeasuressecurityxploded

Anti-Virus Evasion Techniques and Countermeasuresn|u - The Open Security Community

Rootkit Hunting & Compromise Detectionamiable_indian

Rooted con 2020 - from the heaven to hell in the CI - CDDaniel Garcia (a.k.a cr0hn)

Blue team reboot - HackFest Haydn Johnson

CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKACODE BLUE

TSC Summit #3 - Reverse engineering and anti debugging techniquesMikal Villa

From printed circuit boards to exploitsvirtualabs

LET'S GO FLUTTER – Introduzione a Dart Federico Parezzan

Similaire à Hacking with Remote Admin Tools (RAT) (20)

Porting your favourite cmdline tool to Android

DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...

How to be come a hacker slide for 2600 laos

Pentesting Android Applications

ShinoBOT Suite

Smart Cards & Devices Forum 2012 - Smart Phones Security

Night of the living vulnerabilities: forever-days of IoT - Stefano Zanero, Ro...

How Printers Get Hacked ?

The Hacking Games - Operation System Vulnerabilities Meetup 29112022

Metasploit3 - David Calligaris

Antivirus Evasion Techniques and Countermeasures

Anti-Virus Evasion Techniques and Countermeasures

Rootkit Hunting & Compromise Detection

Rooted con 2020 - from the heaven to hell in the CI - CD

Blue team reboot - HackFest

CODE BLUE 2014 : how to avoid the Detection by Malware by HIROSHI SNINOTSUKA

TSC Summit #3 - Reverse engineering and anti debugging techniques

From printed circuit boards to exploits

LET'S GO FLUTTER – Introduzione a Dart

Plus de Zoltan Balazs

[ Hackersuli ] Privacy on the blockchainZoltan Balazs

MLSEC 2020Zoltan Balazs

Web3 + scams = It's a matchZoltan Balazs

MIPS-XZoltan Balazs

How to hide your browser 0-day @ DisobeyZoltan Balazs

Explain Ethereum smart contract hacking like i am a fiveZoltan Balazs

How to hide your browser 0-daysZoltan Balazs

Test & Tea : ITSEC testing, manual vs automatedZoltan Balazs

Hacking Windows 95 #33c3Zoltan Balazs

Ransomware - what is it, how to protect against itZoltan Balazs

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs

IoT security is a nightmare. But what is the real risk?Zoltan Balazs

SandboxesZoltan Balazs

Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs

[ENG] Hacktivity 2013 - Alice in eXploitlandZoltan Balazs

[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - Zoltan Balazs

[HUN] Védtelen böngészők - Ethical Hacking Zoltan Balazs

[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensionsZoltan Balazs

[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012Zoltan Balazs

Plus de Zoltan Balazs (20)

[ Hackersuli ] Privacy on the blockchain

MLSEC 2020

Web3 + scams = It's a match

MIPS-X

How to hide your browser 0-day @ Disobey

Explain Ethereum smart contract hacking like i am a five

How to hide your browser 0-days

Test & Tea : ITSEC testing, manual vs automated

Hacking Windows 95 #33c3

Ransomware - what is it, how to protect against it

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...

IoT security is a nightmare. But what is the real risk?

Sandboxes

Sandbox detection: leak, abuse, test - Hacktivity 2015

DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...

[ENG] Hacktivity 2013 - Alice in eXploitland

[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -

[HUN] Védtelen böngészők - Ethical Hacking

[ENG] Hacker halted 2012 - Zombie browsers, spiced with rootkit extensions

[ENG] Zombie browsers spiced with rootkit extensions - Hacktivity 2012

Dernier

TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey

So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda

Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Time Series Foundation Models - current state and future directionsNathaniel Shimoni

How to write a Business Continuity PlanDatabarracks

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada

Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes

Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3

A Framework for Development in the AI AgeCprime

Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal

2024 April Patch TuesdayIvanti

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

Data governance with Unity Catalog PresentationKnoldus Inc.

The State of Passkeys with FIDO Alliance.pptxLoriGlavin3

How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda

Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani

Dernier (20)

TeamStation AI System Report LATAM IT Salaries 2024

So einfach geht modernes Roaming fuer Notes und Nomad.pdf

Generative AI for Technical Writer or Information Developers

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Time Series Foundation Models - current state and future directions

How to write a Business Continuity Plan

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024

Assure Ecommerce and Retail Operations Uptime with ThousandEyes

Generative Artificial Intelligence: How generative AI works.pdf

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx

A Framework for Development in the AI Age

Digital Identity is Under Attack: FIDO Paris Seminar.pptx

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...

2024 April Patch Tuesday

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Data governance with Unity Catalog Presentation

The State of Passkeys with FIDO Alliance.pptx

How AI, OpenAI, and ChatGPT impact business and software.

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...

Potential of AI (Generative AI) in Business: Learnings and Insights

Hacking with Remote Admin Tools (RAT)

1. Hacking with Remote Admin Tools (RATs) Zoltan Balazs CTO @MRG Effitas Budapest IT Security Meetup January 2014

2. Remote admin tools Could be legitimate Usually it is not All the features for remote administration Upload/download files Registry editor Shell commands Remote desktop Using RAT might be illegal, and might be considered as a crime! Don’t try this at home!

3. Why are these skiddie toolz important? Only pentesters use meterpreter Script kiddies use RATs Not just "1337 |-|4x0r5” use RATs! Know your enemy! Malware incident response Forensic investigation

4. Typical RAT scenario

5. 1998

6. DEF CON 6 on August 1, 1998

8. Dictionary to skiddie language Skiddie world server client FUD cryptor private/elite/gold version Average world client malware on victim server code @skiddie Fully UnDetectable some lame packer full version (not demo)

9. Tutorialz for script bunniez How to fail at OPSEC? https://www.youtube.com/results? search_query=setup+rat+tutorial http://www.youtube.com/watch?v =NkkqPLVscC4

10. #opsecfail

11. #opsecfail

12. #opsecfail

13. #opsecfail

14. #opsecfail

15.

16. The skiddie’s youtube list on Cyber Threat Task Force (google cache only)

17.

18.

19. But a script kitty’s life is not just about work But FUN as well!

20. Fun manager - Fun menu

21. Extra fun

22. Fun feature 3

23. Fun feature 4 – Matrix chat

24. Fun feature 5

25. Ultimate fun …

26. Ultimate fun feature 6 - Piano

27. Hacking Internet Explorer

28. Scary features

29. Scary feature 1 DLL inject into iexplore.exe Proxy aware Transparent proxy authentication Local software firewall bypass No new process running

30. Scary feature 2 – Melt/uninstall Melt server deletes the dropper No wipe Forensics restoration possible Uninstall server deletes the persistence file No wipe Forensics restoration possible

31. Scary feature - Alternate data stream

32. Scary feature 3 - Anti AV

33. Scary feature 4 – Anti VM, Anti sandbox

34. Private/elite version Downloading and running binaries from people like this is a bad idea! hxxp://www.theatregelap.com/2012/06/xtreme rat-v-36-private.html

37. Cryptor

38. High profile attacks

39. High profile attacks

Hacking with Remote Admin Tools (RAT)

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Hacking with Remote Admin Tools (RAT)

Similaire à Hacking with Remote Admin Tools (RAT) (20)

Plus de Zoltan Balazs

Plus de Zoltan Balazs (20)

Dernier

Dernier (20)

Hacking with Remote Admin Tools (RAT)