Irregular Expressions

Jun 21 2011   11:55PM GMT

Zeus code walkthrough – Part 6

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am just at the point where I am ready to take our bot we built and see if we can get it to run on the target machine.  But I want to make sure we are going to collect every little thing we can.

What we are going to setup to do is the following.

  1. Capture network traffic with a sniffer, I have wireshark already on the server so it will do fine.
  2. Take a registry snapshot of the target machine.
  3. Raw disk image of the target machine.
  4. Finally process and memory snapshots.
The traffic is encrypted but capturing it will give a starting point.  The registry, raw disk and process snapshots will be compared before and after infection.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: