Electronic Books

Wireless
601
The attacker will now be back to the command shell of his or her own machine.
*Note: I like this application due to its size, and it is quite effective. As with Lab 84,
readers tend to ask ???how??? to get the victim to execute the connection. Using
tools such as Elitewrap (Lab 87), Windows scheduler, or Linux cron jobs are
a few ways.
Successful attackers tend to think outside the box. Several techniques, such
as covert channels or files made with Elitewrap, can be picked up by updated
antivirus software. I can tell you with 100 percent certainty that it is possible
to remove the antivirus prior to initiating the connection with applications
built with the InstallShield application. The key to doing this successfully is
to know exactly what changes are made to a system when antivirus software
is installed and then reverse the installation process while installing another
application.
For example, if an attacker releases a popular PC game, screen saver, or
similar software and during this installation process disables or removes your
antivirus ???under the hood,??? there is a good chance that a covert channel can
be made to the attacker. I personally ran across this situation while working
for a company that had not updated its antivirus software in years. The version
that this company had was so outdated that the newer version could not be
installed without uninstalling all the old versions first.


Pages:
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206