EvilZone

Programming and Scripting => Projects and Discussion => : gh0st September 01, 2012, 06:45:23 AM

: [question]NetworkForensics
: gh0st September 01, 2012, 06:45:23 AM

Is possible to discover any kind of spyware by analyzing network packets? rootkits, RATs , etc?

: Re: [question]NetworkForensics
: z3ro September 01, 2012, 10:03:01 AM

Of course!  :P   Looking at your network traffic should reveal any suspicious behaviour from any program.. Backdoor Trojans are fairly easy to spot.. ;)

: Re: [question]NetworkForensics
: th3g00n September 01, 2012, 06:11:21 PM

Well u can, using wireshark and keeping an eye for any phony ip's OR u could just netstat -a (Windows ofcourse)

: Re: [question]NetworkForensics
: Z3R0 September 01, 2012, 07:01:07 PM

Yes, you can spot bot commands, server usernames/passwords, remote requests for api hooks, etc. You just have to know what to look for, and if it's there you'll see it.

This was all the rage in 2008. Skids would setup bots/rats/stealers, and people that knew what they were doing would infect themselves, take over the command and control servers, and take everything away from the script kids.