Detecting Trojans includes identifying bogus certificates, excessive resource usage, and unusual computer activity. Using Wireshark, Lisa dissects a packet capture to expose a Tor Bot that is mining bitcoins on an unsuspected victim’s computer.
- [Teacher] When there's malicious activity…on a network, it's not always obvious.…You may not have this picked up by your…anti-malware protection, but someone might…complain that things just don't seem right.…There's some lags in response, and they…can't really pinpoint what the problem is.…Now in this packet capture, I have indicators…of something going on, but we really don't…know what it is until we dig deeper.…Once I've opened the packet capture, I'll take a look at it.…And I'll just scroll down through, and simply looking at it,…it looks normal, I don't see anything that's jumping out.…
Well here's one re-transmission that might indicate latency,…but just one doesn't really throw up any flags.…What I will do is take a look at…taking a look at conversations.…Go to Statistics and then Conversations,…and here's where I'm going to take a look at the ports.…When I open up Conversations, I can take a look at Ethernet,…which is your frame header, either IP version 4 or…IP version 6, UDP or in this case, I'm going to look at TCP.…
Join cybersecurity expert Lisa Bock in this course as she explains how to identify vulnerabilities in your system, and how to then take countermeasures to prevent unwanted access. Lisa explains how hackers can use a Trojan to penetrate a network and lists the methods and tools that they use. She follows up by sharing how you can perform ethical hacking of your own system to detect areas of susceptibility, so you can address the flaws and defend against attacks. She also discusses rootkits, SSDP amplification attacks, ICMP, and more.
Note: Learning about ethical hacking for Trojans and backdoors is part of the Malware competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Identifying and removing Trojans
- Defending against Trojans
- Blended threats
- SSDP amplification attack
- Disguising FTP, HTTP, and ping
- Using ICMP
- Detecting, removing, and avoiding rootkits