Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) Overwrites code with unconditional jumps - possibly settings hooks in foreign process Maps a DLL or memory area into another process
Injects code into the Windows Explorer (explorer.exe) Multi AV Scanner detection for submitted fileĬontains functionality to compare user and computer (likely to detect sandboxes)Ĭontains functionality to detect virtual machines (IN, VMware) Multi AV Scanner detection for dropped file PS: Do excuse my grammar, I am not a native English speaker.Antivirus / Scanner detection for submitted sampleĭetected unpacking (changes PE section rights)ĭetected unpacking (overwrites its own PE header) My question is: Would any of you tell me in easy to understand terms, how can I use Wireshark to detect "who" is hacking my system and "how" they are compromising it?ĭo keep in mind that I am a newbie, and you would have to cite an article with step-by step instructions that a toddler can follow. I picked up a book on Wireshark Analysis, and I tried going through it, only to end up with a headache. Anyways I would very much like to run wireshark and identify who these attackers are and how have they compromised my system. I run Windows 8 64Bit on a laptop and for the past one year no one had any physical access to it, I am sure about that. It seems to me that the attacker has near full access and can detect websites I visit and words I type. Recently, I have discovered some hint that point to my computer being compromised. I am your average computer user with no knowledge on hacking and things like that. First of all, I should say that I am a total newbie when it comes to computers and internet security.
0 kommentar(er)
