The covering track including networks,Windows, Linux, etc. So let’s start by seeing how track is also covered over networks. Please note that ready to i will be able to be able to cover only ways and slightly bit about how the attacker uses them, but information doesn’t meant to dig deep into technical aspects of each kind of attack.
Using Reverse IMP Shells
An attacker starts this attack by first infecting a victim’s machine by some malicious code and thereby, installing reverse HTTP shell on the victim’s system. This reverse HTTP shell is programmed in such how that it might invite commands to an external master who controls the reverse HTTP shell or a daily basis, this sort of traffic is taken into account as normal traffic by an organization’s network perimeter security like DMZ, firewall, etc.
Once an attacker types something on the master system, the command is retrieved and executed on the victim’s system. The victim here will act as an internet client who is executing HTTP GET commands whereas the attacker behaves sort of a web server and responds to the requests. Once the previous commands get executed, the results are sent within the next web request.
All the other users within the network can normally access the net, therefore, this traffic between the attackers and therefore the victim is seen as a normal traffic.
Using Reverse ICMP Tunnels
ICMP tunneling may be a technique where an attacker uses ICMP echo and lav IP reply packets as a carrier of TCP payload, so as to access or control a system stealthily. This method will be used to easily bypass firewall rules because most of the organizations have security mechanisms that only check incoming ICMP packets but not outgoing IDA P packets.
An attacker first configures the local client to attach with the victim. The victim’s system is triggered to encapsulate a TCP payload in an ICMP echo packet which is forwarded to the proxy server. The proxy server de-encapsulates and extracts the TCP payload and sends it to the attacker.
Using DNS Tunneling
Attackers can use DNS tunneling to encode malicious content or data of other programs within DNS queries and replies. DNS tunneling usually includes data payload which will be added to the victim’s DNS server to make a channel to access a foreign server and applications, Attackers can make use of this channel to exfiltrate stolen, confidential or sensitive information from the server.
Attackers perform DNS tunneling in various stages; firstly, they compromise an inside system to possess a reference to an external network, Then, they use that compromised system as a command and control server to access the system remotely and transfer files covertly from within the network to outside the network.
Using TCP Parameters
TCP parameters will be utilized by the attacker to distribute the payload and to make covert channels.
A number of the TCP fields where data are often hidden are as follow:
IP Identification field : This can be a simple approach where a payload is transferred bitwise over a longtime session between two systems. Here, one character is encapsulated per packet.
TCP acknowledgement number : This approach is sort of difficult because it uses a bounce server that receives packets from the victim and sends it to an attacker. Here, one hidden character is relayed by the bounce server per packet.
TCP initial sequence number : This method also does not require a longtime connection between two systems. Here, one hidden character is encapsulated per SYN request and Reset packets.
Covering tracks is one of the most stage during system hacking. during this stage, the attacker tries to cover and avoid being detected, or “traced out,” by covering all track, or logs, generated while gaining access to the target networks or computer. let’s examine how attacker removes traces of an attack within the target computer.
Erasing evidence is a requirement for any attacker who would like to stay obscure. this is often one method to evade a trace back. This starts with erasing the contaminated logs and possible error messages generated within the attack process. Then, attackers make changes within the system configuration so that it does not log future activities. By manipulating and tweaking the event logs, attackers trick the supervisor in believing that there’s no malicious activity within the system, which no intrusion or compromise has actually taken place.
Because the first thing a supervisor does in monitoring unusual activity is to see the system log files, it’s common for intruders to use a utility to switch these logs. In some cases, rootkits can disable and discard all existing logs. Attackers remove only those portions of logs which will reveal their presence if they shall use the system for a extended period as a launch base for the longer term exploitations.
It is imperative for attackers to form the system appear because it did before access was gained and a backdoor established. this permits them to vary any file attributes back to their original state. Information listed, like file size and date, is simply attribute information contained within the file.
Protecting against attackers trying to hide their tracks by changing file information are often cfifficult. However, it’s possible to detect whether an attacker has done so by calculating the filers cryptographic hash. this sort of hash may be a calculation of the whole file before encryption.
Covering Tracks Tools
Track-covering tools help the attacker to scrub up all the tracks of computer and online networks activities on the pc . They free cache space, delete cookies, clear Internet history, shared temporary files, delete logs, and discard junk.
CCleaner may be a system optimization, privacy, and cleaning tool. It allows you to get rid of unused files and cleans track of online networks browsing details from the P. It keeps your privacy online, and makes the system faster and safer. additionally, it frees up hard disc space for further use. With this tool, an attacker can erase his/her track very easily. CCleaner also deans traces of your online activities like online networks history.
To cleans the following areas of your Computer :
– Internet Explorer: Temporary files, history, cookies, Auto complete form history, index.dat,
– Firefox: Temporary files, history, cookies, download history, form history
– Google Chrome: Temporary files, history, cookies, download history, form history
– Opera: Temporary files, history, and cookies
Safari: Temporary files, history, cookies, form history
– Windows: Recycle Bin, Recent Documents, Temporary files and Log files.
Some of the covering tracks tools are listed below :
– Privacy Eraser
– AVG TuneUp
– Norton Utilities
– Glary Utilities
– Clear My History
– WinTools.net Professional
– Free Internet window washer