Learning Hacks The Chinese Hackers Use
By Dan Morrill
You might be surprised by how mundane this list is, most security engineers should have them in their toolboxes as well. A few here are new to me, and worth sharing.
The Dark visitor has a list of common tools that Chinese hackers are using, the good part is that if you find any of these on your network, and they are not yours you might have an idea of where they came from. Although many of these tools are in just about every security engineer's toolbox, some tools like Snow are new to me, and could be interesting to try out. It is always good to know what tools the bad guys are using so you can work out countermeasures for them.
Password detector: the use of snow can easily be traced back the completion of various forms of web-based password guessing, such as email, forum registered user passwords.
Password crackers: chaos knife can crack unix system dark text password for access to the etc / passwd file hackers, this is indispensable. The bad part is that there are many exposed Unix systems (check Google) that are sharing the password files. This just makes the hackers job easier to do, so always guard your ect/password files.
This is one of the few Chinese certified security software firewalls. It also integrates into hardware as well making a nice way for hackers to protect the systems they hack, from other hackers. The use of this software is funny, but the competition between hackers is fierce, so they will protect what they hack. Often they will do this better than the original system administrator who might find they no longer hve any access to their systems.
This is a domestic Chinese Trojan software that is used for remote monitoring and information gathering. This is a neat little tool to play around with, but it is written in native Chinese, so hard for non-Chinese speakers to use.
This is a free network monitoring and network protocol analysis tool, great for finding out what is going on with the network.
This is a highly efficient and quick network scanner.
Local Port Scanner Local Port Scanner
This is another port scanning software, used mostly to see if a computer has been infected with a Trojan. Hackers will usually see if someone has been there before, and then try all the common things they can do to hack the other hacker's installation. Some hackers do not change the malware's default passwords, making this very easy to do if they know the system has been compromised in the past.
This is a Windows system call monitor, and can help the hacker find rootkits and other hidden malware. Much like any other root kit process finder, this is a great tool to have around.
Continue reading this article.
About the Author:
Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community.
NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
archives | advertising info | news headlines | newsletters | comments/feedback | submit article