Jump to content

How to detect a FUD Keylogger / RAT


disk2019

Recommended Posts

Network Statistics netstat " Netstat is a common command line TCP/IP networking utility available in most versions of Windows, Linux, UNIX and other operating systems. Netstat provides information and statistics about protocols in use and current TCP/IP network connections" is a awesome connection analysis tool.
There are so many articles on web that suggests to keep a keen eye upon process but if a FUD Fully Undetectable Keylogger /RAT created via Veil Evasion Framework coded in perpetual language using c & python is installed on system & is hidden somewhere in system volume information which remains always hidden on a NTFS Partition then it is really difficult to detect it. I think everybody is known of a rootkit which transfer itself from ram random access memory to mbr master boot record of a system while boot & changes its attributes according to its manual instruction provided at time of creation by its signer vice versa at the time of system shut down it changes its location from somewhere inside mbr master boot records to ram accordingly.
 

Simply type a command netstat -abno  & there you will see a list of protocols with port number trying to connect or established there connection with process name & id & local address + foriegn remote address to where connection is established. Block the connection you find suspected via applying filters to your firewall.

Article on nsaneforums written by myself cuz i dont beleive in copy paste .
Pl if anybody can differentiate between nodes of a network for example relay/bridge node as well as both Host & Network based  intrusion detection / prevention systems please write by yourself dont copy paste its a request.

Link to comment
Share on other sites


  • Views 797
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...