Hacking with Remote Admin Tools (RAT)
Download as PPTX, PDF14 likes49,847 views
The document discusses the use of Remote Admin Tools (RATs) in cyber security, highlighting their legitimate applications as well as potential misuse in illegal activities. It emphasizes the importance of understanding these tools for penetration testing and malware response, while warning against their malicious use by various actors, including script kiddies. Additionally, it outlines various features of RATs and the associated risks, including evasion tactics against security measures.
Hacking with Remote Admin Tools (RAT)
- 1. Hacking with Remote Admin Tools (RATs) Zoltan Balazs CTO @MRG Effitas Budapest IT Security Meetup January 2014
- 2. Remote admin tools Could be legitimate Usually it is not All the features for remote administration Upload/download files Registry editor Shell commands Remote desktop Using RAT might be illegal, and might be considered as a crime! Don’t try this at home!
- 3. Why are these skiddie toolz important? Only pentesters use meterpreter Script kiddies use RATs Not just "1337 |-|4x0r5” use RATs! Know your enemy! Malware incident response Forensic investigation
- 5. 1998
- 6. DEF CON 6 on August 1, 1998
- 8. Dictionary to skiddie language Skiddie world server client FUD cryptor private/elite/gold version Average world client malware on victim server code @skiddie Fully UnDetectable some lame packer full version (not demo)
- 9. Tutorialz for script bunniez How to fail at OPSEC? https://www.youtube.com/results? search_query=setup+rat+tutorial http://www.youtube.com/watch?v =NkkqPLVscC4
- 10. #opsecfail
- 11. #opsecfail
- 12. #opsecfail
- 13. #opsecfail
- 14. #opsecfail
- 16. The skiddie’s youtube list on Cyber Threat Task Force (google cache only)
- 19. But a script kitty’s life is not just about work But FUN as well!
- 20. Fun manager - Fun menu
- 21. Extra fun
- 22. Fun feature 3
- 23. Fun feature 4 – Matrix chat
- 24. Fun feature 5
- 25. Ultimate fun …
- 26. Ultimate fun feature 6 - Piano
- 28. Scary features
- 29. Scary feature 1 DLL inject into iexplore.exe Proxy aware Transparent proxy authentication Local software firewall bypass No new process running
- 30. Scary feature 2 – Melt/uninstall Melt server deletes the dropper No wipe Forensics restoration possible Uninstall server deletes the persistence file No wipe Forensics restoration possible
- 31. Scary feature - Alternate data stream
- 32. Scary feature 3 - Anti AV
- 33. Scary feature 4 – Anti VM, Anti sandbox
- 34. Private/elite version Downloading and running binaries from people like this is a bad idea! hxxp://www.theatregelap.com/2012/06/xtreme rat-v-36-private.html
- 35. JRAT Multiplatform Evade some software firewalls (java.exe allowed) Easier to obfuscate Screenshots ©Symantec
- 36. AndroRAT © VRT Snort blog
- 37. Cryptor