Intruder executes malicious applications after gaining administrative privileges so they can run malicious programs remotely, to capture all sensitive data, crack passwords, capture screenshots or to install a backdoor.
Attackers execute malicious applications in this stage. This is called “owning” the system.Attacker executes malicious programs remotely in the victim’s machine to gather information that leads to exploitation or loss of privacy, gain unauthorized access to system resources, crack the password, capture the screenshots, install backdoor to maintain easy access, etc.
psexec \\IP -u USER -p PW cmd.exe
-s: Run the remote process in the System account
winexe -U USER%PW //IP cmd.exe
- The password after % can also be hashed
- RemoteExec remotely installs applications, executes programs/scripts, and updates files and folders on Windows systems throughout the network.
- It allows attacker to modify the registry, change local admin passwords, disable local accounts, and copy/update/delete files and folders.
- PDQ Deploy:
- PDQ Deploy is a software deployment tool that allows admins to silently install almost any application or patch.
- DameWare Remote Support:
- DameWare Remote Support lets you mange servers, notebooks, and laptops remotely.
- It allows attacker to remotely manage and administer Windows computers.
- Keystroke loggers are programs or hardware devices that monitor each keystroke as user types on a keyboard, logs onto a file, or transmits them to a remote location.
- Legitimate applications for keyloggers include in office and industrial settings to monitor employees’ computer activities and in home environments where parents can monitor and spy on children’s activity.
- It allows attacker to gather confidential information about victim such as email ID, passwords, banking details, chat room activity, IRC, instant messages, etc.
- Physical keyloggers are placed between the keyboard hardware and the operating system.
Types of Keystroke Loggers
- Keystroke Loggers:
- Hardware Keystroke Loggers:
- PC/BIOS Embedded
- Keylogger Keyboard
- External Keylogger:
- Wi-Fi Keylogger
- Bluetooth Keylogger
- Acoustic/CAM Keylogger
- PS/2 and USB Keylogger
- Software Keystroke Loggers:
- Application Keylogger
- Kernel Keylogger
- Hypervisor-based Keylogger
- Form Grabbing Based Keylogger
Keylogger: All In One Keylogger
- All In One Keylogger allows you to secretly track all activities from all computer users and automatically receive logs to a desire email/FTP/LAN accounting.
Keyloggers for Windows
- Actual keylogger is the-best keylogging tool you can install on Windows 10/11. The comprehensive tools record a host of things, including running and closing applications on the computer, keystrokes, copied content to the clipboard, printing activity, disk changes, etc.
keylogger for Mac: Amac Keylogger for Mac
- Amac Keylogger for Mac invisibly records all keystrokes types, IM chats, websites visited and takes screenshots and also sends all reports to the attacker by email, or upload everything to attacker’s website.
- Spyware is a program that records user’s interaction with the computer and Internet without the user’s knowledge and sends them to the remote attackers.
- Spyware hides its process, files, and other objects in order to avoid detection and removal.
- It is similar to Trojan horse, which is usually bundled as a hidden component of freeware programs that can be available on the Internet for download.
- It allows attacker to gather information about a victim or organization such as email addresses, user logins, passwords, credit card numbers, banking credentials, etc.
- Spyware Propagation:
- Drive-by download
- Masquerading as anti-spyware
- Web browser vulnerability exploits (IE)
- Piggybacked software installation
- Browser add-ons (Firefox)
Watering hole attack (Watering hole attack): Insert attack syntax on legitimate websites to attack website visitors
- Spytech SpyAgent:
- Spytech SpyAgent allows you to monitor everything users do on your computer.
- It provides a large array of essential computer monitoring features, website, application, and chat client blocking, lockdown scheduling, and remote delivery of logs via email or FTP.
- Power Spy 2014:
- Power Spy secretly monitors and records all activities on your computer.
- It records all Facebook use, keystrokes, emails, web sites visited, chats, and IMs in Windows Live Messenger, Skype, Yahoo Messenger, Tencent QQ, Google Talk, AOL Instant Messenger (AIM), and others.
USB Spyware: USBSpy
- USBSpy lets you capture, display, record, and analyze data what is transferred between any USB device connected to PC and applications.
Audio Spyware: Spy Voice Recorder and Sound Snooper
- Spy Voice Recorder:
- Spy Voice Recorder records voice chat message of instant messengers, including MSN voice chat, Skype voice chat, Yahoo! messenger voice chat, ICQ voice chat, QQ voice chat, etc.
- Sound Snooper:
- Voice activated recording
- Store records in any sound format
- Conference recordings
- Radio broadcasts logging
Cellphone Spyware: Mobile Spy
- Mobile Spy records GPS locations and every SMS and logs every call including phone numbers with durations and afterwards you can view real-time results in your private online account.
GPS Spyware: SPYPhone
- SPYPhone software have ability to send events (captured data) from target phone to your web account via Wi-Fi, 3G, GPRS, or SMS.
How to Defend Against Keyloggers
- Use pop-up blocker.
- Install anti-spyware/antivirus programs and keeps the signatures up to date.
- Install good professional firewall software and anti-keylogging software.
- Recognize phishing emails and delete them.
- Choose new passwords for different online accounts and change them frequently.
- Avoid opening junk emails.
- Do not click on links in unwanted or doubtful emails that may point to malicious sites.
- Use keystroke interference software, which inserts randomized characters into every keystroke.
- Scan the files before installing them on to the computer and use registry editor or process explorer to check for the keystroke loggers.
- Keep your hardware systems secure in a locked environment and frequently check the keyboard cables for the attached connectors.
- Use Windows on-screen keyboard accessibility utility to enter the password or any other confidential information.
- Install a host-based IDS, which can monitor your system and disable the installation of keyloggers.
- Use automatic form-filling programs or virtual keyboard to enter user name and password.
- Use software that frequently scans and monitors the changes in the system or network.
- Hardware Keylogger Countermeasures:
- Restrict physical access to sensitive computer systems
- Periodically check all the computers and check whether there is any hardware device connected to the computer
- Use encryption between the keyboard and its driver
- Use an anti-keylogger that detects the presence of a hardware keylogger such as Oxynger KeyShield
Anti-Keylogger: Zemana AntiLogger
- Zemana AntiLogger eliminates threats from keyloggers, SSL banker Trojans, spyware, and more.
How to Defend Against Spyware
- Try to avoid using any computer system which is not totally under your control.
- Adjust browser security settings to medium or higher for Internet zone.
- Be cautious about suspicious emails and sites.
- Enhance the security level of the computer.
- Update the software regularly and use a firewall with outbound protection.
- Regularly check task manager report and MS configuration manager report.
- Update virus definition files and scan the system for spyware regularly.
- Install and use anti-spyware software.
- Perform web surfing safely and download cautiously.
- Do not use administrative mode unless it is necessary.
- Do not use public terminals for banking and other sensitive activities.
- Do not download free music files, screensavers, or smiley faces from Internet.
- Beware of pop-up windows or web pages. Never click anywhere on these windows.
- Carefully read all disclosures, including the license agreement and privacy statement before installing any application.
- Do not store personal information on any computer system that is not totally under your control.
- Identify potentially unwanted programs and securely removes them.
- Detect and remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, Keyloggers, Hijackers, Parasites, Rootkits, Rogue security products and many other types of threats.