Irregular Expressions:

zeus walkthrough

1

July 17, 2012  10:30 PM

The Return Of Zeus



Posted by: Dan O'Connor
zeus, zeus analysis, zeus botnet, zeus download, zeus source code, zeus walkthrough

I am finally ready to continue my analysis of the zeus sample I have.  I am just getting a couple of machines ready to continue. From this point in I want to continue the behavioral analysis with Capture-BAT on the client and some other honeynet projects on a Linux machine to emulate...

June 25, 2011  12:29 AM

Zeus code walkthrough – Part 8



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

Our last bit we need before we hit the big red button and infect the machine is getting wireshark ready to go. http://www.wireshark.org/download.html I have wireshark loaded with a filter string to only capture traffic from the workstation...


June 22, 2011  12:12 AM

Zeus code walkthrough – Part 7



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

In case you are following at home you will need to go download the following; - WireShark http://www.wireshark.org/download.html. - RegShot 


June 21, 2011  11:55 PM

Zeus code walkthrough – Part 6



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

I am just at the point where I am ready to take our bot we built and see if we can get it to run on the target machine.  But I want to make sure we are going to collect every little thing we can. What we are going to setup to do is the following.

  1. Capture network traffic with a...


June 11, 2011  11:20 PM

Zeus code walkthrough – Part 5



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

After the fact of building my bot, it's worth looking at what the basic config file looks like.

entry "StaticConfig"
  ;botnet "btn1"
  timer_config 60 1
  timer_logs 1 1
  timer_stats 20 1
  url_config "http://localhost/config.bin"
  remove_certs 1
  disable_tcpserver 0
 ...


May 29, 2011  12:47 AM

Zeus code walkthrough – Part 4



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

Next we need to build our bot, and configure it. This is the zsb.exe file, point it at the config.txt.  The IP address of the server will need to be set, and the key configured. For bonus points, you can use the zsb.exe to check if the host you are running it on is infected.  But you will...


May 29, 2011  12:15 AM

Zeus code walkthrough – Part 3



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

If all has gone well you should be able to get the install screen. Uploaded with

Bookmark and Share     0 Comments     RSS Feed     Email a friend


May 28, 2011  12:44 AM

Zeus code walkthrough – Part 2



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

If you are following at home you are going to need to install some webby stuff on your "server". I am going to use XAMPP. Also your machines are going to need to be able to talk, so make sure you are all setup.  Using VMWare I setup a network that only the server and the machine that is...


May 25, 2011  10:25 PM

Zeus code walkthrough – Part 1



Posted by: Dan O'Connor
zeus analysis, zeus botnet, zeus source code, zeus walkthrough

I am going to step through the Zeus bot source code.  I will start with the PHP stuff, which should be pretty light.  There is about 44 PHP files to go over.

> find . -type f -name...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: