Irregular Expressions

Jun 21 2011   11:55PM GMT

Zeus code walkthrough – Part 6

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I am just at the point where I am ready to take our bot we built and see if we can get it to run on the target machine.  But I want to make sure we are going to collect every little thing we can.

What we are going to setup to do is the following.

  1. Capture network traffic with a sniffer, I have wireshark already on the server so it will do fine.
  2. Take a registry snapshot of the target machine.
  3. Raw disk image of the target machine.
  4. Finally process and memory snapshots.
The traffic is encrypted but capturing it will give a starting point.  The registry, raw disk and process snapshots will be compared before and after infection.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: