Pages: [1]

Author Topic: [question]NetworkForensics  (Read 981 times)

0 Members and 1 Guest are viewing this topic.

Offline gh0st

  • Sir
  • ***
  • Posts: 575
  • Cookies: 8
  • #DEDSec
    • View Profile
[question]NetworkForensics
« on: September 01, 2012, 06:45:23 am »
Is possible to discover any kind of spyware by analyzing network packets? rootkits, RATs , etc?
Report to moderator   Logged

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: [question]NetworkForensics
« Reply #1 on: September 01, 2012, 10:03:01 am »
Of course!  :P   Looking at your network traffic should reveal any suspicious behaviour from any program.. Backdoor Trojans are fairly easy to spot.. ;)
Report to moderator   Logged
~ God is real. Unless declared as an integer.

th3g00n

  • Guest
Re: [question]NetworkForensics
« Reply #2 on: September 01, 2012, 06:11:21 pm »
Well u can, using wireshark and keeping an eye for any phony ip's OR u could just netstat -a (Windows ofcourse)
Report to moderator   Logged

Z3R0

  • Guest
Re: [question]NetworkForensics
« Reply #3 on: September 01, 2012, 07:01:07 pm »
Yes, you can spot bot commands, server usernames/passwords, remote requests for api hooks, etc. You just have to know what to look for, and if it's there you'll see it.

This was all the rage in 2008. Skids would setup bots/rats/stealers, and people that knew what they were doing would infect themselves, take over the command and control servers, and take everything away from the script kids.
Report to moderator   Logged
Pages: [1]