Malware Analysis

RAT-a-tat-tat

22 November 2013 ~1 min By jeremy

Conferences Defense Malware Analysis Nmap Presentations Programming

Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor. Rat a-tat-tat from SensePost nmap-service-probes.pi poison-ivy.nse extract-DCconfig-from-binary.py An example of finding and extracting Camellia key from live Poison Ivy C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi --script=poison-ivy.nse <ip_address/range) Finding Poison Ivy, DarkComet and/or Xtreme RAT C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi <ip_range>

Conferences
Defense
Malware Analysis
Nmap
Presentations
Programming

Page 1 of 1