isoeh.com https://www.isoeh.com/tutorialdetails/MTg3/malware-in-penetration-testing-1 MALWARE IN PENETRATION TESTING 1 MALWARE IN PENETRATION TESTING 1 (#isoeh) © ISOEH 2014 for more articles visit https://www.isoeh.com/tutorial.php Since this month we will dive into core malware analysis, it will be better if we take a first hand intro into this world and its elements. In present scenario,cyber-espionage has replaced the old fashion spying methodology to obtain secret and confidential data. Therefore malware, together with other malicious activities are increasingly becoming a true weapon in the hands of the Military and Governments, used to re-establish the balance of power or better the balance of threat. As we all know, on the top of priority, some of the threats may impact the infrastructures are: Social Engineering techniques (Phishing, Scamming, Theft, Fraud and Unauthorized Activity…) DDoS attack to disrupt Web applications and Servers Malware infection infecting emails and data Bug and Vulnerabilities that may be used to perform an attack Researchers are uncovering close to 55,000 new malware samples a day, overwhelming malware analysis resources!! So what is a malware? Malware is: "A code designed to intentionally damage or disrupts a system and the data stored" Malwares have three main objectives: ->Install on a device (e.g. a computer or smartphone). To have better chances of surviving is necessary that these programs have the higher compatibility with target platforms. ->Hide from user and administrator, in order to survive the longer possible. To achieve his goal, the malware often uses a very sophisticated masking technique, which makes it virtually invisible. ->To propagate much as possible and compromise the highest number of devices and files. The communication medium it’s very important for this purpose. Devices such as: floppy disks, Cd/DVD Rom, USB memory, emails, compromised Web pages or even File Sharing applications and messaging software, are propagation vectors! Next we will learn about propagation of malware and will start learning about core malware analysis

Malware in penetration testing 1

Download PDF Report

Upload
arbab-usmani
View
30
Download
0

Embed Size (px)

DESCRIPTION

Since this month we will dive into core malware analysis, it will be better if we take a first hand intro into this world and its elements.In present scenario,cyber-espionage has replaced the old fashion spying methodology to obtain secret and confidential data. Therefore malware, together with other malicious activities are increasingly becoming a true weapon in the hands of the Military and Governments, used to re-establish the balance of power or better the balance of threat.

Citation preview

isoeh.com https://www.isoeh.com/tutorialdetails/MTg3/malware-in-penetration-testing-1

MALWARE IN PENETRATION TESTING 1

MALWARE IN PENETRATION TESTING 1 (#isoeh) © ISOEH 2014

for more articles visit https://www.isoeh.com/tutorial.php

Since this month we will dive into core malware analysis, it will be better ifwe take a first hand intro into this world and its elements.

In present scenario,cyber-espionage has replaced the old fashion spyingmethodology to obtain secret and confidential data.

Therefore malware, together with other malicious activities areincreasingly becoming a true weapon in the hands of the Military andGovernments, used to re-establish the balance of power or better thebalance of threat.

As we all know, on the top of priority, some of the threats may impact the infrastructures are:

Social Engineering techniques (Phishing, Scamming, Theft, Fraud and Unauthorized Activity…)

DDoS attack to disrupt Web applications and Servers

Malware infection infecting emails and data

Bug and Vulnerabilities that may be used to perform an attack

Researchers are uncovering close to 55,000 new malware samples a day, overwhelming malware analysisresources!!

So what is a malware?

Malware is: "A code designed to intentionally damage or disrupts a system and the data stored"

Malwares have three main objectives:

->Install on a device (e.g. a computer or smartphone). To have better chances of surviving is necessary thatthese programs have the higher compatibility with target platforms.

->Hide from user and administrator, in order to survive the longer possible.

To achieve his goal, the malware often uses a very sophisticated masking technique, which makes it virtuallyinvisible.

->To propagate much as possible and compromise the highest number of devices and files.

The communication medium it’s very important for this purpose. Devices such as: floppy disks, Cd/DVD Rom, USB memory, emails, compromised Web pages or even FileSharing applications and messaging software, are propagation vectors!

Next we will learn about propagation of malware and will start learning about core malware analysis

https://www.isoeh.com

https://www.isoeh.com/tutorialdetails/MTg3/malware-in-penetration-testing-1

http://www.facebook.com/sharer.php?u=https://www.isoeh.com/fb_share.php?t_b=MTg3

https://www.facebook.com/hashtag/isoeh?source=feed_text&story_id=765868626790301

https://www.facebook.com/l.php?u=https://www.isoeh.com/tutorial.php&h=WAQHeHPD-&enc=AZPqxPXZ8LNKqNDvLUlW5AvkD9ujxtO9RLE8L5ba582-VyTfupg90xeeot_zjvXiqU7MiJmsDamX3yeGgjbekhz7XXDWuols1v9VYNxMEzYy-8SZW9g8I6v6SJbXAmG2rNJTt80IeoTUWAvS3uw_5IZiAuokf8hIuqleTUg7vhGlmA&s=1