SlideShare a Scribd company logo

Dissecting the heart beat apt rat functionalities - Part 2

Download as PPTX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

December meet

TechnologyBusiness
1 of 44
Advanced Malware Analysis Training Series www.SecurityXploded.com
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions of any kind. Also the views/ideas/knowledge expressed here are solely of the trainer’s only and nothing to do with the company or the organization in which the trainer is currently working. However in no circumstances neither the Trainer nor SecurityXploded is responsible for any damage or loss caused due to use or misuse of the information presented here. www.SecurityXploded.com
Acknowledgement  Special thanks to Null community for their extended support and co-operation.  Special thanks to ThoughtWorks for the beautiful venue.  Thanks to all the trainers who have devoted their precious time and countless hours to make it happen. www.SecurityXploded.com
Advanced Malware Analysis Training This presentation is part of our Advanced Malware Analysis Training program. Currently it is delivered only during our local meets for FREE of cost. For complete details of this course, visit our Security Training page. www.SecurityXploded.com
Who am I Monnappa  m0nna  Member of SecurityXploded  Info Security Investigator @ Cisco  Reverse Engineering, Malware Analysis, Memory Forensics  Email: monnappa22@gmail.com  Blog: http://malware-unplugged.blogspot.in  Twitter: @monnappa22  LinkedIn: http://www.linkedin.com/pub/monnappa-ka-grem-ceh/42/45a/1b8 www.SecurityXploded.com
Contents  HeartBeat RAT Functionalities  Part 2A - Demo  Part 2B - Demo  Part 2C – Demo  Part 2D – Demo  Part 2E– Demo  Part 2F– Demo  Part 2G - Demo  References www.SecurityXploded.com
HeartBeat RAT Functionalities  In this session, we will cover below HeartBeat RAT functionalities o Part 2a) Decrypting various communications o Part 2b) Functionality 1 - Process enumeration o Part 2c) Functionality 2 - Process termination o Part 2d) Functionality 3 - Create and Write to File o Part 2e) Functionality 4 - Launch new application (create process) o Part 2f) Functionality 5 - Reverse Shell o Part 2g) Functionality 6 - Restart System www.SecurityXploded.com
Encrypted Process listing Below screenshot shows the encrypted process listing sent to the C2 server www.SecurityXploded.com
Decrypted Process listing Below screenshot shows the decrypted process listing www.SecurityXploded.com
Encrypted Reverse Shell Below screenshot shows the encrypted reverse shell sent by the malware www.SecurityXploded.com
Decrypted Reverse Shell Below screenshot shows the decrytped reverse shell www.SecurityXploded.com
Sending Fake Data Since malware expects atleast 2056 bytes of data, sending more than 2056 bytes of fake data www.SecurityXploded.com
Malware Received Fake Data Malware received the fake date we sent www.SecurityXploded.com
Malware Decrypts Received Data Malware decrypts the received data from 9th byte www.SecurityXploded.com
Malware Checks for Command Code 1 Malware checks if the first four byte is 01 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Malware Enumerates Processes When malware receives the command code 1 (01 00 00 00), its enumerates processes on the system www.SecurityXploded.com
Encrypts Enumerated Processes Malware encrypts the enumerated processes using the xor encryption algorithm www.SecurityXploded.com
Sends Encrypted Process Listing Malware sends encrypted process listing to the C2 (command and control) server www.SecurityXploded.com
Malware Checks for Command Code 2 Malware checks if the first four byte is 02 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Terminate the calc.exe (pid 1968) Malware interprets 9th byte as process id and terminates the process with that process id. Lets give malware the process id of calc.exe www.SecurityXploded.com
Opens Handle to Process Malware opens handle to the calc.exe pid 1968 www.SecurityXploded.com
Terminates calc.exe process Malware terminates the process by calling “TerminateProcess” API call www.SecurityXploded.com
Malware Sends Encrypted Status Code After terminating the process, malware encrypts the process termination status code and sends it to C2 www.SecurityXploded.com
Malware Checks for Command Code 3 Malware checks if the first four byte is 03 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Malware Creates File Malware reads the data starting from the 9th byte It interprets this as the file name and creates a file www.SecurityXploded.com
Malware Writes Encrypted Data Malware receives data from C2, encrypts it and writes the encrypted data to the file. www.SecurityXploded.com
Malware Checks for Command Code 4 Malware checks if the first four byte is 04 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Malware Launches Application Malware reads bytes starting from the 9th byte and interprets this as the path to the application to launch. www.SecurityXploded.com
Sends Encrypted Status Code After launching the new application, malware encrypts the application launch status code and sends it to C2 www.SecurityXploded.com
Malware Checks for Command Code 5 Malware checks if the first four byte is 05 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Malware launches cmd.exe Malware creates cmd.exe process www.SecurityXploded.com
Malware creates Reverse Shell Malware creates Reverse Shell www.SecurityXploded.com
Sends Encrypted Reverse Shell Malware sends encrypted reverse shell to the C2 www.SecurityXploded.com
Malware Checks for Command Code 0A Malware checks if the first four byte is 0A 00 00 00, so modifying the first four bytes www.SecurityXploded.com
Malware Restarts The System Malware restarts the system www.SecurityXploded.com
References  http://blog.trendmicro.com/trendlabs-security-intelligence/pulsing-theheartbeat-apt/  http://www.spamfighter.com/News-18135-Trend-Micro-Discovers-HeartBeat- APT-Targeting-Attack-vis-%C3%A0-vis-SK-Government.htm www.SecurityXploded.com
Thank You ! www.SecurityXploded.com www.SecurityXploded.com

Recommended

Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...securityxploded
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareCysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresCysinfo Cyber Security Community
 
Watering hole attacks case study analysis
Watering hole attacks case study analysisWatering hole attacks case study analysis
Watering hole attacks case study analysisCysinfo Cyber Security Community
 

Recommended

Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Advanced malware analysis training session11 part2 dissecting the heart beat ...
Advanced malware analysis training session11 part2 dissecting the heart beat ...Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...
Advanced Malware Analysis Training Session 11 - (Part 2) Dissecting the Heart...securityxploded
 
Reversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareReversing and decrypting communications of apt malware
Reversing and decrypting communications of apt malwareCysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory ForensicsAdvanced Malware Analysis Training Session 7 - Malware Memory Forensics
Advanced Malware Analysis Training Session 7 - Malware Memory Forensicssecurityxploded
 
Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Advanced malware analysis training session10 part1
Advanced malware analysis training session10 part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of MalwaresAdvanced Malware Analysis Training Session 1 - Detection and Removal of Malwares
Advanced Malware Analysis Training Session 1 - Detection and Removal of Malwaressecurityxploded
 
Advanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresAdvanced malware analysis training session1 detection and removal of malwares
Advanced malware analysis training session1 detection and removal of malwaresCysinfo Cyber Security Community
 
Watering hole attacks case study analysis
Watering hole attacks case study analysisWatering hole attacks case study analysis
Watering hole attacks case study analysisCysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Return address
Return addressReturn address
Return addressCysinfo Cyber Security Community
 
Internet security 2016
Internet security 2016Internet security 2016
Internet security 2016rachid Barro
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis Cysinfo Cyber Security Community
 
null Bangalore meet Feb 2010 - news Bytes
null Bangalore meet Feb 2010 - news Bytesnull Bangalore meet Feb 2010 - news Bytes
null Bangalore meet Feb 2010 - news Bytesn|u - The Open Security Community
 
Hunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryHunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryCysinfo Cyber Security Community
 
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Cysinfo Cyber Security Community
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsCysinfo Cyber Security Community
 
How to-ascend-the-e book
How to-ascend-the-e bookHow to-ascend-the-e book
How to-ascend-the-e bookLittle Daisy
 
Sancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.ptSancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.ptEstuques A.E.MORAIS Lda
 
Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010Tawanda Kanhema
 
Hardwarerobs
HardwarerobsHardwarerobs
HardwarerobsRobson Santos
 
UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic Tawanda Kanhema
 
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa Tawanda Kanhema
 
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...Allen School
 
Golden words
Golden wordsGolden words
Golden wordsApurva Desai
 
27 Nov 2013 CDE creating effective proposals part 2 of 2
27 Nov 2013 CDE creating effective proposals part 2 of 227 Nov 2013 CDE creating effective proposals part 2 of 2
27 Nov 2013 CDE creating effective proposals part 2 of 2Defence and Security Accelerator
 
Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!einfach präsentieren
 
Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisAbdulrahman Bassam
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 

More Related Content

What's hot

Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Internet security 2016
Internet security 2016Internet security 2016
Internet security 2016rachid Barro
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2securityxploded
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsCysinfo Cyber Security Community
 

What's hot (10)

Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Return address
Return addressReturn address
Return address
 
Internet security 2016
Internet security 2016Internet security 2016
Internet security 2016
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 
null Bangalore meet Feb 2010 - news Bytes
null Bangalore meet Feb 2010 - news Bytesnull Bangalore meet Feb 2010 - news Bytes
null Bangalore meet Feb 2010 - news Bytes
 
Hunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memoryHunting rootkit from dark corners of memory
Hunting rootkit from dark corners of memory
 
Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics Hunting gh0st rat using memory forensics
Hunting gh0st rat using memory forensics
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
Advanced Malware Analysis Training Session 3 - Botnet Analysis Part 2
 
Reversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basicsReversing malware analysis training part10 exploit development basics
Reversing malware analysis training part10 exploit development basics
 

Viewers also liked

How to-ascend-the-e book
How to-ascend-the-e bookHow to-ascend-the-e book
How to-ascend-the-e bookLittle Daisy
 
Sancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.ptSancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.ptEstuques A.E.MORAIS Lda
 
Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010Tawanda Kanhema
 
UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic Tawanda Kanhema
 
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa Tawanda Kanhema
 
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...Allen School
 
Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!einfach präsentieren
 

Viewers also liked (10)

How to-ascend-the-e book
How to-ascend-the-e bookHow to-ascend-the-e book
How to-ascend-the-e book
 
Sancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.ptSancas de luz indirecta - www.estuque-decorativo.com.pt
Sancas de luz indirecta - www.estuque-decorativo.com.pt
 
Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010Conflicting Interests: World Cup 2010
Conflicting Interests: World Cup 2010
 
Hardwarerobs
HardwarerobsHardwarerobs
Hardwarerobs
 
UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic UN Report: Ethnic Cleansing in the Central African Republic
UN Report: Ethnic Cleansing in the Central African Republic
 
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
U.S. Consolidates Zimbabwe Sanctions - Investigative Africa
 
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
Frustrated? Avoid Arguments in the Workplace with Allen School's Conflict Res...
 
Golden words
Golden wordsGolden words
Golden words
 
27 Nov 2013 CDE creating effective proposals part 2 of 2
27 Nov 2013 CDE creating effective proposals part 2 of 227 Nov 2013 CDE creating effective proposals part 2 of 2
27 Nov 2013 CDE creating effective proposals part 2 of 2
 
Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!Besser präsentieren durch Kontraste!
Besser präsentieren durch Kontraste!
 

Similar to Dissecting the heart beat apt rat functionalities - Part 2

Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisAbdulrahman Bassam
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsAbdulrahman Bassam
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Reversing and decrypting the communications of HeartBeat Rat - Part1
Reversing and decrypting the communications of HeartBeat Rat - Part1Reversing and decrypting the communications of HeartBeat Rat - Part1
Reversing and decrypting the communications of HeartBeat Rat - Part1n|u - The Open Security Community
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsCysinfo Cyber Security Community
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
Advanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of MalwaresAdvanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of Malwaresn|u - The Open Security Community
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)securityxploded
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisCysinfo Cyber Security Community
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsAbdulrahman Bassam
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi OdessaJS Conf
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineAditya K Sood
 

Similar to Dissecting the heart beat apt rat functionalities - Part 2 (20)

Reversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysisReversing & malware analysis training part 9 advanced malware analysis
Reversing & malware analysis training part 9 advanced malware analysis
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Reversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensicsReversing & malware analysis training part 8 malware memory forensics
Reversing & malware analysis training part 8 malware memory forensics
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
 
Reversing and decrypting the communications of HeartBeat Rat - Part1
Reversing and decrypting the communications of HeartBeat Rat - Part1Reversing and decrypting the communications of HeartBeat Rat - Part1
Reversing and decrypting the communications of HeartBeat Rat - Part1
 
Advanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensicsAdvanced malware analysis training session 7 malware memory forensics
Advanced malware analysis training session 7 malware memory forensics
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
Fake malware and virus scanners
Fake malware and virus scannersFake malware and virus scanners
Fake malware and virus scanners
 
Advanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of MalwaresAdvanced Malware Analysis Training - Detection and Removal of Malwares
Advanced Malware Analysis Training - Detection and Removal of Malwares
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)Reversing and Decrypting the Communications of APT Malware (Etumbot)
Reversing and Decrypting the Communications of APT Malware (Etumbot)
 
Reversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysisReversing malware analysis trainingpart9 advanced malware analysis
Reversing malware analysis trainingpart9 advanced malware analysis
 
Reversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basicsReversing & malware analysis training part 10 exploit development basics
Reversing & malware analysis training part 10 exploit development basics
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 

Dissecting the heart beat apt rat functionalities - Part 2