Scribd
Upload
78 views9 pages

Phases: Covering Your Tracks: - Steganography - Event Logs Alteration

The document discusses different techniques attackers use to cover their tracks after gaining unauthorized access to a system. It describes how attackers erase logins, error messages, and replace system binaries to make the system appear unchanged. Rootkits and trojans can completely disable logging or replace critical files to hide the attacker's activities. Steganography is also discussed as a way to hide secret messages within ordinary files like images or audio to covertly communicate or launch further attacks without detection. The document outlines how different system logs can be altered, including application, security, system, and other specialized logs, to remove evidence of the intrusion.

Uploaded by

hiyu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
78 views9 pages

Phases: Covering Your Tracks: - Steganography - Event Logs Alteration

The document discusses different techniques attackers use to cover their tracks after gaining unauthorized access to a system. It describes how attackers erase logins, error messages, and replace system binaries to make the system appear unchanged. Rootkits and trojans can completely disable logging or replace critical files to hide the attacker's activities. Steganography is also discussed as a way to hide secret messages within ordinary files like images or audio to covertly communicate or launch further attacks without detection. The document outlines how different system logs can be altered, including application, security, system, and other specialized logs, to remove evidence of the intrusion.

Uploaded by

hiyu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Phases: Covering your tracks

• Steganography

• Event Logs Alteration

By-
Harshal
Sankalp
Chetan
Yashasvi
Pankaj
Covering your tracks:
 An attacker needs to destroy evidence of his presence and activities
else he can get caught.

 This usually starts with erasing the contaminated logins and any possible
error message that may have been generated from the attack process.

 It is imperative for attacker to make the system look like it did before
they gained access and established backdoors for their use.
 Trojans such as netcat comes in handy for any attacker who wants
to destroy the evidence from the log files or replace the system
binaries with the same.

 Rootkits are automated tools designed to hide the presence of the


attacker. By executing the script, a variety of critical files are
replaced with trojanned versions, hiding the attacker with ease.

 In some extreme cases, rootkits can disable logging altogether and


discard all existing logs.
Steganography:
 Steganography is the hiding of a secret message within an ordinary
message(audio, image, etc.) and the extraction of it at its destination.

 An attacker can use the system as a cover to launch fresh attacks against other
system or use it as a means of reaching another system on the network without
being detected.

 Steganography takes cryptography a step farther by hiding an encrypted


message so that no one suspects it exists.

 In modern digital steganography, data is first encrypted by the usual means and
then inserted, using a special algorithm, into redundant data that is a part of a
particular file format such a JPEG image.
Event Logs Alteration:
 A log file is a file that records either events that occur in an
operating system or other software runs or messages between
different users of a communication software. Logging is the act of
keeping a log. In the simplest case, messages are written to a single
log file.

 Alteration of such log file is known as event log alteration.


Application log: -

 The application log contains event that are logged by programs.]]

 Event that are written to the application log are determined by the

developers of the software program.

Security log: -

 The security log contains events such as valid and invalid logon attempts. It

also contain events that are related to resource use, e.g. when you create,

open, or delete files.

 You must be logged on as an administrator or as a member of the

administrative group to turn on, to use, and to specify which events are

recorded in the security log.


System log: -

 The system log contains events that are logged by windows system

components. These events are predetermined by windows.

Directory Service log: -

 The Directory Service log contain Active Directory-related events. This log is

available only on domain controllers.

DNS Server log: -

 The DNS Server log contain events that are related to the resolution of DNS

names to or from Internet Protocol (IP) addresses.

 This log is available only on DNS servers.


File Replication Service log: -

 The File Replication Service log contains events that are logged during
the replication process between domain controllers.

 This log is available only on domain controllers.

 By default, Event Viewer log file use the .evt extension and are located
in the ‘%SystemRoot%\System32\Config’ folder.

 Log file name and location information is stored in the registry. You can
edit this information to change the default location of log files.
ANY QUERIES?

You might also like