what would be one of the last steps that would be taken to ensure that the compromise is not traced back to th
After an attacker has successfully compromised a remote computer, what would be one of the last
steps that would be taken to ensure that the compromise is not traced back to the source of the
problem?
Which command would you execute to extract the Trojan to a standalone file?
You have hidden a Trojan file virus.exe inside another file readme.txt using NTFS streaming.
Which command would you execute to extract the Trojan to a standalone file?
What is the next step you would do?
You suspect that your Windows machine has been compromised with a Trojan virus. When you
run anti-virus software it does not pick of the Trojan. Next you run netstat command to look for
open ports and you notice a strange port 6666 open.
What is the next step you would do?
In Linux, the three most common commands that hackers usually attempt to Trojan are:
In Linux, the three most common commands that hackers usually attempt to Trojan are:
What can he do to help ensure this?
John wishes to install a new application onto his Windows 2000 server.
He wants to ensure that any application he uses has not been Trojaned.
What can he do to help ensure this?
Identify the remote server’s port number by decoding the packet?
Jason’s Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the
trojan communicates to a remote server on the Internet. Shown below is the standard “hexdump”
representation of the network packet, before being decoded. Jason wants to identify the trojan by
looking at the destination port number and mapping to a trojan-port number database on the
Internet. Identify the remote server’s port number by decoding the packet?
Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?
Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024
ports?
Sniffing is considered an active attack.
Sniffing is considered an active attack.
A file integrity program such as Tripwire protects against Trojan horse attacks by:
A file integrity program such as Tripwire protects against Trojan horse attacks by:
cell(?(c)????
Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the
following at the command prompt.
$ nc -l -p 1026 -u -v
In response, he sees the following message.
cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found 47 Critical Errors.
To fix the errors please do the following:
1. Download Registry Repair from: www.reg-patch.com
2. Install Registry Repair
3. Run Registry Repair
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
What would you infer from this alert?