Software - I'm not really sure on how to stop software forensics. It's pretty much impossible right? if you encrypt the file then the key has to be somewhere for the malware to be executed. I've heard of corrupting the data if a copy is taken (think it's from mr robot) but how would this be achieved? The main way i can think of is setting up the encryption with a link to something that unique identifies the specific device.
Internet - I know you could traffic the data through a proxy but is this the best way? I also thought about relaying the data over TOR but the victim would need the tor service installed, right? The main option i can think of is to buy a bulletproof server anonymously and set that up as a C&C. If there are better and smarter ways of getting around this, let us know. Aside from connecting the victim to the attacker what about the attacker connecting to the victim? I'm sure this will almost never work with even simple antivirus detection. You would also need to create a exception or disable the firewall - the main place i see this working is for reverse shells on a Linux server.
Alright hope a lot of my questions can be answered by people who are a lot smarter than me. Thanks for reading.
[link] [comments]
from hacking: security in practice https://ift.tt/3zYv4qC
Comments
Post a Comment