Malware and Persistence

O’Leary, Mike

doi:10.1007/978-1-4842-4294-0_11

Mike O’Leary²

2606 Accesses
1 Citations

Abstract

Chapter 11 shows some elementary ways an attacker can gain an initial foothold on a network using active content in a browser or some simple malware generated through msfconsole. The Metasploit package also includes msfvenom, a tool that can be used to create more sophisticated malware. A limitation of msfvenom is that the malware it generates is often caught by modern antivirus products. Veil-Evasion can be used to craft malware that is not usually detected by antivirus.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 16.99; Price excludes VAT (USA)

Softcover Book: USD 89.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

Hunting for metamorphic JavaScript malware

Article 11 September 2014

A Large-Scale Analysis of Download Portals and Freeware Installers

Notes

1.
Metasploit 5 was released in January 2019, and has changed this command to msfvenom --list platforms
2.
Metasploit 5 was released in January 2019, and has changed this command to msfvenom --list formats
3.
Windows Defender on Windows 10 is quite capable of detecting this malware.
4.
The other tool, Veil-Ordnance, is a very nice shellcode generator.
5.
The command C:\>echo %comspec% can be used to determine the value of this environment variable.
6.
This command may fail if run as SYSTEM, with Error 0x00000522, “A required privilege is not held by the client.”
7.
Be sure to pass the full name of the domain. If just the NetBIOS name is passed (e.g., pluto instead of pluto.test), the command may report success, but the resulting ticket will be empty.
8.
Recall that ~ refers to the user’s home directory. As an example, the user dhilbert on a CentOS system has the home directory /home/dhilbert/, so the ~/.bash_profile file is /home/dhilbert/.bash_profile.
9.
The command nohup is used to start a program in the background that ignores hangup signals issued by the kernel; this will let the program continue running if the user logs out.

Author information

Authors and Affiliations

Towson, MD, USA
Mike O’Leary

Authors

Mike O’Leary
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

O’Leary, M. (2019). Malware and Persistence. In: Cyber Operations. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4294-0_11

Download citation

DOI: https://doi.org/10.1007/978-1-4842-4294-0_11
Published: 02 March 2019
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4293-3
Online ISBN: 978-1-4842-4294-0
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books

Publish with us

Policies and ethics

Malware and Persistence

Abstract

Access this chapter

Similar content being viewed by others

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

Hunting for metamorphic JavaScript malware

A Large-Scale Analysis of Download Portals and Freeware Installers

Notes

Author information

Authors and Affiliations

Rights and permissions

Copyright information

About this chapter

Cite this chapter

Download citation

Publish with us

Navigation

Malware and Persistence

Abstract

Access this chapter

Similar content being viewed by others

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

Hunting for metamorphic JavaScript malware

A Large-Scale Analysis of Download Portals and Freeware Installers

Notes

Author information

Authors and Affiliations

Rights and permissions

Copyright information

About this chapter

Cite this chapter

Download citation

Share this chapter

Publish with us

Search

Navigation