System Hacking Module 05 Quiz

Questions and Answers

What is the main goal of the 'Gaining Access' stage in system hacking?

• To hide malicious activities
• To escalate privileges
• To gain unauthorized access to the system (correct)
• To clear logs

Which technique is NOT typically used for hiding files during a hacking attempt?

• Phishing (correct)
• Trojans
• Rootkits
• Steganography

What type of password attack involves directly communicating with the victim machine?

• Non-Electronic Attacks
• Active Online Attacks (correct)
• Social Engineering
• Passive Online Attacks

Which of the following is an example of a Non-Electronic Attack?

Shoulder Surfing (B)

Which of the following techniques is used in the 'Escalating Privileges' stage of system hacking?

Password cracking (C)

What action can an attacker perform using a USB drive after exploiting PassView?

Store passwords in .TXT files (B)

Which of the following describes a replay attack?

Capturing and reusing authentication tokens (A)

What is a characteristic of wire sniffing as an attack method?

It captures data from the local area network (B)

What is the main purpose of a rainbow table in password cracking?

To precompute hash values for potential passwords (A)

Which of the following is NOT a recommended defense against password cracking?

Use cleartext protocols for convenience (B)

What is a method to increase password security before encryption?

Adding a random string as a prefix or suffix (A)

What type of privilege escalation refers to gaining higher privileges than currently possessed?

Vertical Privilege Escalation (C)

Which of the following is a recommended defense against privilege escalation?

Performing regular system patches (C)

What is the primary purpose of executing malicious applications during an attack?

To gather information for exploitation (C)

Which password practice should be avoided to enhance security?

Using names of loved ones or pets (C)

What is the primary method used in a dictionary attack?

Using a list of common passwords to guess the correct one (A)

What does a brute forcing attack primarily rely on?

Systematic trial of all possible character combinations (A)

Which of the following best describes the action performed during a password guessing attack?

Manually trying a list of possible passwords (C)

What is a default password?

A manufacturer-supplied password provided with new equipment (B)

How does a Trojan/Spyware/Keylogger attack typically operate?

By capturing user credentials during login (D)

An attacker uses offline attacks to crack passwords on the victim's machine directly.

False (B)

In a dictionary attack, the software attempts to crack passwords by using a pre-defined list of words.

True (A)

Trojan/Spyware/Keylogger attacks do not require any action from the victim to collect user credentials.

False (B)

Attackers often include default passwords in their lists for password guessing attacks.

True (A)

Brute forcing attacks try every possible password combination until they find the correct one.

True (A)

Hiding files is a goal of system hacking aimed at concealing an attacker's activities.

True (A)

A passive online attack involves directly communicating with the victim machine.

False (B)

Shoulder surfing is classified as a non-electronic password attack.

True (A)

Brute forcing attacks are a type of passive online attack.

False (B)

The goal of escalating privileges in system hacking is to maintain remote access to the system.

False (B)

Wire sniffing is relatively easy to perpetrate.

False (B)

A rainbow table contains precomputed hash values for passwords.

True (A)

In a replay attack, the attacker captures packets and re-sends authentication tokens to gain access.

True (A)

PassView stores passwords in an encrypted format on the attacker’s USB drive.

False (B)

To defend against password cracking, it is recommended to use passwords that can be found in a dictionary.

False (B)

Using a random string as a prefix or suffix with the password before encrypting is a recommended practice.

True (A)

Vertical privilege escalation involves assuming the identity of another user with the same privileges.

False (B)

Locking out an account after too many incorrect password guesses helps prevent brute force attacks.

True (A)

Encrypting sensitive data is not a necessary defense against privilege escalation.

False (B)

Attackers may execute malicious applications to gather information or maintain unauthorized access to systems.

True (A)

Shoulder surfing is considered a type of active online password attack.

False (B)

Brute forcing attacks are primarily based on pre-defined lists of words.

False (B)

The primary method used in password guessing attacks involves direct communication with the victim's system.

True (A)

A passive online attack allows an attacker to communicate with the authorizing party.

False (B)

Encrypting sensitive data is a recommended defense against password cracking.

True (A)

PassView executed from a USB drive stores passwords in .TXT files on the targeted computer.

False (B)

Wire sniffing is considered relatively hard to perpetrate.

False (B)

A rainbow table attack can crack passwords easily by comparing captured hashes to a precomputed table.

True (A)

A replay attack involves sending previously captured packets back onto the network to gain access.

True (A)

An offline attack involves the attacker trying to crack passwords on their own system after copying the target's password file.

True (A)

In a brute forcing attack, the attacker makes educated guesses about the password based on prior knowledge.

False (B)

To enhance security, it is advised to use system default passwords.

False (B)

Trojan/Spyware/Keylogger attacks collect user credentials by running in the background and sending data to the attacker.

True (A)

Password guessing attacks have a high success rate due to the wide range of passwords used.

False (B)

Default passwords provided by manufacturers are often targeted in password guessing attacks.

True (A)

Using encryption techniques to protect sensitive data is not a necessary defense against privilege escalation.

False (B)

Horizontal privilege escalation refers to gaining higher privileges than currently possessed.

False (B)

Locking out an account after too many incorrect password guesses is an effective measure to prevent brute force attacks.

True (A)

Performing debugging using bounds checkers and stress tests is a recommended measure to defend against privilege escalation.

True (A)

Attackers executing malicious applications is called 'owning' the system.

True (A)

What is the primary goal during the 'Executing Applications' stage of system hacking?

To create and maintain remote access to the system. (A)

Which technique is primarily associated with the 'Hiding Files' goal within system hacking?

Steganography. (A)

What distinguishes passive online attacks from active online attacks in password cracking?

They don't involve direct communication with the victim machine. (B)

Which type of attack is shoulder surfing categorized under?

Non-Electronic attack. (D)

What is a primary method used in the escalation of privileges during hacking?

Exploit known system vulnerabilities. (D)

What is a recommended method to limit potential privilege escalation in a system?

Implement multi-factor authentication and authorization (B)

Which type of privilege escalation involves assuming the same privileges of another user?

Horizontal privilege escalation (A)

Which password-related practice should be avoided to enhance security?

Using passwords that contain personal information (B)

How can servers best defend against brute force attacks on user accounts?

Lock out an account after too many incorrect password guesses (D)

What is one of the main purposes of executing malicious applications during an attack?

To gather intelligence for future attacks (C)

What is a characteristic of a passive online attack such as wire sniffing?

It records raw network traffic to access sensitive information. (C)

Which of the following is a key step in performing a rainbow table attack?

Comparing captured password hashes with a precomputed table. (C)

What must an attacker typically possess to execute a Man-in-the-Middle (MITM) attack?

Trust from one or both communication parties. (B)

What distinguishes a replay attack from other methods of password cracking?

It captures data and uses it without the need to crack passwords. (B)

Which attack involves using a list of potential passwords that have been ranked based on probability?

Password Guessing (A)

What is the main function of a rainbow table in the context of an offline attack?

To quickly match precomputed hash values with passwords (A)

Which option best describes a brute forcing attack?

Systematically trying every possible combination of characters (A)

In an active online attack using Trojan/Spyware/Keylogger, what is the first step taken by the attacker?

Attacker infects the victim's machine (A)

What role do default passwords play in password guessing attacks?

They are often used as common entries in password lists (B)

The primary goal of escalating privileges in system hacking is to bypass access controls to gain initial access to the system.

False (B)

Wire sniffing is an example of an active online attack where the attacker communicates directly with the victim's machine.

False (B)

Social engineering is classified as a non-electronic attack that requires technical knowledge.

False (B)

Brute forcing attacks involve systematically trying every possible password combination until the correct one is found.

True (A)

The clearing of logs is an activity aimed at covering tracks during system hacking.

True (A)

Vertical privilege escalation refers to acquiring the same level of privileges that already has been granted.

False (B)

Implementing multi-factor authentication and authorization can help defend against privilege escalation attacks.

True (A)

Running users and applications on the least privileges is not a recommended strategy against privilege escalation.

False (B)

An attacker may execute malicious programs remotely to maintain unauthorized access to a system by 'owning' it.

True (A)

A privilege separation methodology is used to increase the scope of programming errors and bugs.

False (B)

In a dictionary attack, the attacker relies solely on the specific knowledge of the target's password history to create the dictionary file.

False (B)

The failure rate for password guessing attacks is typically low due to the structured approach the attacker takes in creating potential passwords.

False (B)

Trojan/Spyware/Keylogger attacks necessitate active participation from the victim to collect user credentials successfully.

False (B)

Using pre-computed hashes, such as those in a rainbow table, is not applicable in offline attacks as they rely on real-time interaction with the target's system.

False (B)

Default passwords are commonly utilized by attackers in dictionary attacks to increase the success rate of their password guessing efforts.

True (A)

In a wire sniffing attack, the captured data may include sensitive information such as passwords and emails, making it easy to recover them.

False (B)

A replay attack is characterized by an attacker acquiring access to communication channels between the victim and server to extract information.

False (B)

Setting a password change policy to 30 days is a recommended defense against password cracking.

True (A)

PassView is designed to save passwords in an encrypted format, ensuring their security when stored on a USB drive.

False (B)

Rainbow table attacks rely on precomputed tables containing a list of possible passwords and their hash values, making it easier to crack passwords.

True (A)

Which of the following techniques is primarily used in the 'Hiding Files' stage of system hacking?

Rootkits (D)

Shoulder surfing is an example of an active online attack.

False (B)

What is the main goal of the 'Escalating Privileges' stage in system hacking?

To acquire the rights of another user or an admin.

In password cracking, _____ attacks involve the attacker trying to gain access without communicating with the victim machine.

passive online

Match the following types of password attacks with their descriptions:

Shoulder Surfing = Non-Electronic Attack Dictionary Attack = Active Online Attack Wire Sniffing = Passive Online Attack Social Engineering = Non-Electronic Attack

Which method allows an attacker to collect user credentials from a victim's machine without the victim's knowledge?

Trojan/Spyware/Keylogger (C)

A dictionary attack relies on a predefined list of common passwords to attempt access.

True (A)

What is a common use of default passwords by attackers?

Default passwords are used in password guessing attacks.

In a brute forcing attack, the software tries every possible __________ until the password is cracked.

combination of characters

Which of the following methods is used to gain access during a replay attack?

Re-sending captured packets (B)

Match the following password attack methods with their descriptions:

Dictionary Attack = Uses a list of words to attempt access Brute Force Attack = Attempts every possible combination of characters Password Guessing = Creates a list of likely passwords based on information Trojan/Spyware/Keylogger = Stealthily collects user credentials in the background

Wire sniffing is considered easy to perpetrate.

False (B)

What is the primary purpose of a rainbow table in relation to password cracking?

To compare captured password hashes to precomputed tables, making it easier to recover passwords.

The attacker executes _____ to extract stored passwords when using PassView.

pspv.exe

Match the type of attack with its description:

Wire Sniffing = Recording raw network traffic Replay Attack = Re-sending captured authentication tokens Man-in-the-Middle = Interception of communication channels Rainbow Table Attack = Using precomputed hash tables to crack passwords

What is a primary defense against privilege escalation?

Implement multi-factor authentication (D)

Vertical privilege escalation allows an attacker to acquire the same level of privileges as another user.

False (B)

What should be done to an account that has too many incorrect password attempts?

Lock out the account

Using a random string as a ______ or suffix with the password enhances security before encryption.

prefix

Match the types of privilege escalation with their definitions:

Vertical Privilege Escalation = Gaining higher privileges than currently possessed Horizontal Privilege Escalation = Assuming the identity of another user with similar privileges

Flashcards

System Hacking Goals

The objectives of a hacker during the system hacking phase, including gaining access, escalating privileges, executing applications, hiding files, and covering tracks, each with respective techniques like password cracking or trojan use

Password Cracking Techniques

Methods used to recover passwords, encompassing non-electronic (like social engineering), active online (like brute-force), and passive online (like sniffing) attacks. These approaches exploit system vulnerabilities to breach security.

Non-Electronic Attacks

Password cracking methods that do not require technical skills. These attacks heavily rely on social engineering tactics.

Active Online Attacks

System intrusions where hackers directly interact with the target system to crack passwords using techniques such as dictionary attacks and brute-forcing.

System Hacking Methodology (CHM)

A systematic approach to system hacking, incorporating stages like footprinting, scanning, enumeration, password cracking, privilege escalation, application execution, file hiding, and covering tracks.

Dictionary Attack

Trying passwords from a list (a dictionary) to gain access.

Brute-Force Attack

Trying every possible combination of characters (passwords) until the correct one is found.

Password Guessing Attack

Using information about a user (e.g., from social engineering) to guess their password.

Default Password Attack

Exploiting the use of pre-configured passwords in systems.

Trojan/Spyware/Keylogger Attack

Installing malicious software to steal usernames and passwords.

Password Cracking (BAT)

An attacker copies downloaded files to a USB drive, inserts it, and waits for the autorun feature to execute a malicious program (like PassView) which steals passwords and stores them in a file on the USB.

Wire Sniffing

An attacker uses network tools to intercept network traffic, potentially capturing passwords and other sensitive data.

Replay Attack

An attacker captures and replays previously intercepted network packets or authentication tokens to gain unauthorized access.

Rainbow Table Attack

An offline attack using a precomputed table of hashed passwords to quickly crack accounts.

Man-in-the-Middle (MITM) Attack

An attacker intercepts and manipulates communication between two parties without their knowledge.

Privilege Escalation

Gaining higher-level access to a system than originally granted, often through vulnerabilities.

Vertical Privilege Escalation

Gaining higher privileges than the existing ones.

Horizontal Privilege Escalation

Obtaining the same level of privileges as another user.

Executing Malicious Applications

Running harmful programs remotely to exploit the system.

Password Security Practices

Implementing strong passwords, using strong encryption, and logging security measures.

What are the stages of CHM?

The CEH Hacking Methodology (CHM) consists of several stages including Footprinting, Scanning, Enumeration, System Hacking, Cracking Passwords, Escalating Privileges, Executing Applications, Hiding Files, and Covering Tracks. It's a systematic approach to system hacking.

What is a brute-force attack?

A brute-force attack is a password cracking technique where the attacker tries every possible combination of characters until the correct password is found. This is a time-consuming process but can be effective against weak passwords.

What is the goal of escalating privileges?

The goal of escalating privileges is to acquire the rights and permissions of another user or even an administrator. This allows the attacker to access more sensitive information and carry out more damaging actions.

What are some examples of non-electronic password attacks?

Non-electronic password attacks rely on social engineering and traditional techniques. This includes shoulder surfing where someone observes you typing your password, dumpster diving where you search for discarded documents containing credentials, or social engineering where you trick someone into revealing their password.

What is the purpose of hiding files?

Hiding files is a stage in system hacking where attackers attempt to conceal their malicious activities and stolen data. They use techniques like rootkits or steganography to hide their presence.

Offline Password Attack

An attacker copies a target's password file and attempts to crack the passwords offline, without directly interacting with the target system.

Running services as unprivileged accounts

Minimizing potential damage by running services with limited privileges, so even if compromised, the impact is reduced.

Restricting interactive logon privileges

Preventing attackers from directly logging in with administrative credentials, making system access more secure.

What is a Rainbow Table Attack?

This is an offline attack that uses a pre-computed table of hashed passwords to quickly crack accounts.

What is Wire Sniffing?

This is an attack that utilizes network tools to intercept and capture network traffic, potentially revealing passwords and other sensitive data.

What is a Replay Attack?

An attacker captures network information like authentication tokens and replays them to gain access without authorization.

What is a BAT attack?

Attackers copy downloaded files to a USB drive. When the USB is inserted, the autorun feature executes a malicious program (e.g., PassView), stealing passwords and storing them in a file on the USB drive.

What is a Man-in-the-Middle Attack?

An attacker positions themselves between a victim and a server, intercepting and manipulating communications to steal data.

Password Cracking

Techniques used to recover passwords from computer systems, often exploiting weak or easily guessable passwords.

Escalating Privileges

Acquiring higher-level access to a system, often by exploiting vulnerabilities or using social engineering techniques.

SYSKEY Encryption

Protecting the SAM database using strong passwords and enabling SYSKEY. This makes it harder for attackers to access usernames and passwords.

Shoulder Surfing

A non-electronic attack where an attacker observes someone typing their password, often by looking over their shoulder.

Offline Attack

An attacker copies a target's password file and tries to crack passwords on their own system, without directly interacting with the target system.

Brute Forcing Attack

An attacker attempts every possible combination of characters until the correct password is found.

Rule-based Attack

An attacker guesses passwords based on patterns or rules, like using common dates, names, or simple substitutions.

Man-in-the-Middle Attack (MITM)

An attacker positions themselves between a victim and a server, intercepting and manipulating communications to steal data.

What are the goals of system hacking?

System hacking aims to gain unauthorized access, escalate privileges, execute applications, hide malicious activities, and cover tracks to remain undetected.

What are some password cracking techniques?

These techniques are used to gain access to computer systems by recovering passwords. They include non-electronic attacks like shoulder surfing or social engineering, active online attacks like brute-forcing or using keyloggers, and passive online attacks like sniffing network traffic.

What is the purpose of escalating privileges?

Escalating privileges aims to obtain higher-level access to a system. This allows the attacker to control more of the system, potentially granting them admin-level permissions.

What is privilege escalation?

It's the process of gaining higher-level access to a system than originally granted. It can be vertical (achieving a higher privilege level) or horizontal (gaining privileges equal to another user).

USB-based Password Cracking

Attackers use a USB drive to execute a program that captures passwords from the targeted system. The program runs automatically when the USB is inserted, making it a stealthy attack.

Man-in-the-Middle Attack

Attackers intercept communication between two parties (victim and server). They manipulate the data exchanged, potentially stealing information or impersonating one of the parties.

Salt

A random string added to a password before encryption to make it harder to crack using precomputed tables.

SYSKEY

A security feature that encrypts the SAM database to protect usernames and passwords, making it harder for attackers to access them.

Password Guessing

Attacker creates a list of possible passwords from information gathered through social engineering or other methods and tries them manually on the victim's machine.

Passive Online Attack

Password cracking where attackers steal passwords without direct interaction with the target, like by intercepting network traffic.

What is a Man-in-the-Middle (MITM) attack?

A MITM attack occurs when an attacker intercepts communication between two parties, such as a user and a website. The attacker can then manipulate the data exchanged to steal information or impersonate one of the parties.

Study Notes

System Hacking Module 05

• System hacking module 5 is titled "Unmask the Invisible Hacker"
• The module covers information gathered before the system hacking stage, system hacking goals, and CEH hacking methodology.
• Information at Hand Before System Hacking Stage:
  • Footprinting Module: IP Range, Namespace, Employees
  • Scanning Module: Target assessment, Identified systems, Identified services
  • Enumeration Module: Intrusive probing, User lists, Security flaws
• System Hacking Goals:
  • Gaining Access: Bypassing access controls to access the system using password cracking and social engineering techniques
  • Escalating Privileges: Acquiring the rights of another user or administrator through exploiting known system vulnerabilities
  • Executing Applications: Creating and maintaining remote access to the system using Trojans, spywares, backdoors, and keyloggers
  • Hiding Files: Hiding attackers' malicious activities and data theft via rootkits and steganography
  • Covering Tracks: Hiding evidence of compromise through clearing logs

CEH Hacking Methodology (CHM)

• Footprinting, scanning, enumeration are steps in the methodology
• Gaining access leads to cracking passwords, escalating privileges, executing applications, hiding files, and covering tracks
• Clearing logs is a step in CHM

Password Cracking

• Password cracking techniques are used to recover passwords from computer systems
• Attackers use these techniques to gain unauthorized access to vulnerable systems
• The success of most password cracking techniques is often attributed to weak or easily guessable passwords

Types of Password Attacks

• Non-Electronic Attacks: Attackers don't need technical knowledge to crack passwords, such as shoulder surfing, social engineering, and dumpster diving
• Active Online Attacks: Attackers directly communicate with the victim's machine to crack passwords, including dictionary and brute-force attacks, and hash injection and phishing
• Passive Online Attacks: Attackers crack passwords without direct communication with the victim, like password guessing, and wire sniffing
• Offline Attacks: Attackers copy the target's password file and crack passwords in their own system, such as rainbow table attacks

Active Online Attack: Dictionary, Brute Forcing, and Rule-based Attack

• Dictionary Attack: Uses a dictionary file to crack passwords, running against user accounts.
• Brute Forcing Attack: Tries different combinations of characters until the password is broken.
• Rule-based Attack: Used when the attacker has some information about the password to predict the password

Active Online Attack: Password Guessing

• Attackers create a list of possible passwords, often gathered through social engineering or other means
• The list is then used to try and crack passwords through manual attempts
• Passwords are ranked from high to low probability
• Attackers attempt to key in each password until they discover the correct password

Default Passwords

• Default passwords are those supplied by manufacturers on new equipment (e.g., switches, routers)
• Attackers use lists of default passwords in password-guessing attacks
• Online tools help identify default passwords

Active Online Attack: Trojan/Spyware/Keylogger

• Attackers install Trojan/Spyware/Keylogger on victims' machines to collect usernames and passwords
• These programs run in the background and send user credentials to the attacker
• Attacker perspective: Infects victim's device with Trojan/Spyware/Keylogger, sending login credentials
• Victim perspective: Logs on to a domain server with credentials
• Domain server perspective: Access granted

Example of Active Online Attack Using USB Drive

• Attacker inserts USB drive
• Autorun window pops up
• Contents of launch.bat run
• Password-cracking tool PassView executed in background
• Passwords stored in .TXT files on USB drive
• Download PassView password hacking tool
• Copy downloaded files to USB drive

Passive Online Attack: Wire Sniffing

• Attackers run packet sniffer tools to access and record raw network traffic
• Information like passwords and emails can be captured
• Sniffed credentials are used to gain unauthorized access

Passive Online Attacks: Man-in-the-Middle and Replay Attack

• MITM attack: Attacker intercepts communication channels between victim and server.
• Information is extracted during this process
• In replay attacks, packets and authentication tokens are captured and replayed to gain access

Offline Attack: Rainbow Table Attack

• Precomputed table storing password hashes to quickly decipher passwords.
• Hash values compared with precomputed hashes to recover passwords

How to Defend against Password Cracking

• Enable information security audits
• Use unique passwords during password change
• Avoid sharing passwords
• Never use easily guessable/dictionary passwords
• Avoid cleartext and protocols with weak encryption
• Implement complex password change policy, eg., 30 days
• Keep passwords in secure locations
• Do not use default passwords

How to Defend against Password Cracking (Cont'd)

• Use 8-12 alphanumeric characters
• Use uppercase and lowercase letters, numbers, and symbols
• Ensure apps don't save passwords in memory or disk
• Employ a random string (salt) for password encryption
• Enable SYSKEY for strong password encryption in SAM database
• Avoid sensitive passwords like DOB, names, etc.
• Monitor server logs for brute-force attacks
• Lock out accounts subject to too many incorrect guesses

Privilege Escalation

• Gaining administrative privileges on a network (non-admin account) after initial access
• Exploits design flaws, programming errors, network configuration issues
• Allows attackers to gain administrative access for critical/sensitive data, file deletions, malicious program installation

How to Defend Against Privilege Escalation

• Restrict interactive logon privileges
• Employ encryption to protect data.
• Minimize the amount of code that runs with privileges
• Use multi-factor authentication and authorization
• Implement services with reduced privileges
• Use debugging tools for bounds checkers
• Thoroughly test application code, eg., errors and bugs
• Implement privilege separation methodology to limit errors/bugs
• Patch/update systems regularly

Executing Applications

• Attackers execute various malicious applications to gain access to systems resources
• Techniques include keyloggers, spywares, backdoors, and crackers remotely in victim machines
• These programs may gather information, exploit vulnerabilities, gain access to system resources, and enable access to system resources

Keyloggers

• Keyloggers are programs/hardware devices that monitor keystrokes, logging onto files or transmitted to a remote location
• Keyloggers gather information like emails, passwords, credit card numbers, etc
• Legitimate uses include office/industrial monitoring
• Keyloggers can target chat sessions, IRC, and instant messaging

How to Defend Against Keyloggers

• Use pop-up blockers
• Install up-to-date antivirus/anti-spyware
• Install firewall software with anti-keylogging features
• Recognize and avoid phishing emails
• Use strong passwords, frequently changed, for various online accounts
• Avoid opening junk/doubtful emails

Spyware

• Spyware programs record user activities and interactions, sending information to remote attackers
• Hides processes, files to avoid detection/removal
• Similar to Trojan horses (malicious programs) which are bundled in free software/downloads
• Collects information like email addresses, passwords, credit card numbers, sensitive details, etc
• Attacker: installs spyware on victim system and receives information.
• Victim: unaware of spyware activities. This may compromise user credentials.

How to Defend Against Spyware

• Avoid potentially compromised computer systems
• Be wary of suspicious emails and websites.
• Update software/firewalls regularly
• Regularly check task manager and config manager reports
• Install and use anti-spyware software
• Carefully read privacy policies and license agreements before downloading or installing applications
• Avoid personal information input to unverified systems

Rootkits

• Rootkits hide their presence and attackers' malicious activity within systems
• Replaces OS calls/utilities with their own modified versions
• Compromises target system security
• Typically includes backdoors, DDoS programs, packet sniffers, log-wiping utilities, and more

Steganography

• Steganography is hiding a secret message within an ordinary message
• Utilizing graphics/images as primary method to conceal data

Covering Tracks

• Intrusive users try to hide their activities on the compromised system.
• Methods include disabling auditing, clearing logs, and manipulating logs to avoid detection

Disabling Auditing

• Intruders disable auditing immediately after gaining administrator privileges
• They then restore auditing using auditpol.exe if needed
• This method is to avoid tracking.

Clearing Logs

• Attackers use clearlogs.exe utility to erase security, system, and application logs.
• Metasploit: attacker can use the Metasploit's meterpreter shell to wipe out all logs via command prompt.