This presentation is a fun introduction to the tools used by script kiddies, namely the Remote Admin Tools (or Remote Access Trojans). These GUI based hacking tools include a lot of funny and scary features.
Potential of AI (Generative AI) in Business: Learnings and Insights
Hacking with Remote Admin Tools (RAT)
1. Hacking with Remote Admin
Tools (RATs)
Zoltan Balazs
CTO @MRG Effitas
Budapest IT Security Meetup
January 2014
2. Remote admin tools
Could be legitimate
Usually it is not
All the features for remote administration
Upload/download files
Registry editor
Shell commands
Remote desktop
Using RAT might be illegal, and might be
considered as a crime!
Don’t try this at home!
3. Why are these skiddie toolz
important?
Only pentesters use meterpreter
Script kiddies use RATs
Not just "1337 |-|4x0r5” use RATs!
Know your enemy!
Malware incident response
Forensic investigation
8. Dictionary to skiddie language
Skiddie world
server
client
FUD
cryptor
private/elite/gold version
Average world
client malware on victim
server code @skiddie
Fully UnDetectable
some lame packer
full version (not demo)
9. Tutorialz for script bunniez
How to fail at OPSEC?
https://www.youtube.com/results?
search_query=setup+rat+tutorial
http://www.youtube.com/watch?v
=NkkqPLVscC4
29. Scary feature 1
DLL inject into iexplore.exe
Proxy aware
Transparent proxy authentication
Local software firewall bypass
No new process running
30. Scary feature 2 – Melt/uninstall
Melt server deletes the
dropper
No wipe
Forensics restoration
possible
Uninstall server deletes
the persistence file
No wipe
Forensics restoration
possible
34. Private/elite version
Downloading and running binaries from people
like this is a bad idea!
hxxp://www.theatregelap.com/2012/06/xtreme
rat-v-36-private.html