Penetration Testing RoadmapStart Here Firewall Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network P
Trang 1/ ECSA/ LPT
Virus an d Trojan
D t ti Detection
Trang 2Penetration Testing Roadmap
Start Here
Firewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing Cont’d
Trang 3Penetration Testing Roadmap
Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held Device
Penetration Testingg
Telecommunication And Broadband
Email Security
Penetration Testing
Security Patches
Trang 4Steps for Detecting Trojans and
Trang 5Step 1: Use netstat -a to Detect
Trang 6Netstat: Screenshot
Trang 7Step 2: Check Windows Task
Manager
Windows task manager provides advanced
information about programs and processes
running on the computer
running on the computer
It displays standard information, including
applications processes networking and users
on the system.
Trang 8Windows Task Manager:
Screenshot
Trang 9Step 3: Check Whether Scanning
Programs are Enabled
Check whether scanning programs are enabled or not g p g
Use different scanning tools, and check whether they detect the Trojans
and viruses on the system y
Step 3.1: Scan for suspicious running processes
Step 3.2: Scan for suspicious registry entries
Step 3.3: Check for suspicious open ports p 3 3 p p p
Step 3.4: Scan for suspicious network activities
Step 3.5: Use the HijackThis tool to scan for spyware
Trang 10Step 3.1: Perform Scanning for Suspicious Running Processes
Scan the system for
Trang 11Step 3.2: Perform Scanning for Suspicious Registry Entries
Registry shows the g y
different application on
the system.
Check the registry for
unknown exe files.
Trang 12Step 3.3: Check for Suspicious
Open Ports
Scan for suspicious
open ports using
• Netstat.
open ports using
tools, such as:
• Fport.
• TCPView.
Trang 13Step 3.4: Check Whether Suspicious
Network Activities are Present
Scan the system for y
Trang 14Step 3.5: Use HijackThis to Scan
for Spyware
HijackThis continuously detects and removes new hijacks.
Trang 15HijackThis: Screenshot
Trang 16Step 4: Check Whether Anti-Virus and Anti-Trojan Programs are Working
Scan the system for different viruses, worms, and Trojans.
Check whether anti-virus and anti-Trojan programs are working or not.
Trang 17Step 5: Detection of a
Boot-Sector Virus
Boot-sector viruses are spread to computer systems by
booting, or attempting to boot, from an infected floppy disk.
Open the MS-DOS and run CHKDSK command p
If your system is using 640K of memory for the BIOS,
CHKDSK will report:
• 655,360 total bytes of memory.
If the system is infected with a boot-sector virus, CHKDSK
will report:
• 653,312 total bytes of memory.
Trang 21A Trojan horse is a program in which malicious or harmful code is enclosed
within harmless programming or data in such a way that it can access control
and cause its chosen form of damage.
Virus is a self-replicating program that produces its own code by attaching
copies of itself into other executable codes
Process Viewer, What’s on my computer, and HijackThis are some scanning
tools.
Check that automatic updates are turned on
Check that automatic updates are turned on