Creating malware

  • A backdoor is a file that gives full control over the machine (Windows, Linux, macOS) that it gets executed on.

    • Backdoors can be caught by antivirus programs.

  • A keylogger is a program that records keys pressed on the keyboard.

    • Runs in the background of target system.

    • Reports every key pressed on the target machine to email.

    • Starts with system boot, hence can be caught by antivirus programs.

  • A password recovery tool can be used as a post exploitation tool to retrieve saved passwords on local computer. It needs to be executed on target computer and displays logs on screen or stores them in a local file. Find one that:

    • Recovers saved passwords from lots of programs.

    • Recovers passwords from memory.

    • Works with Windows and Linux.

    • Displays result on screen or stores it on local machine.

  • A trojan presents itself as a useful legitimate program so that users could get fascinated by it and install it. It usually tricks users by using social engineering techniques. For example:

    • Download backdoor + keylogger.

    • Download keylogger + password recovery tool.

    • Download keylogger + password recover tool + backdoor.

    • Use it as a trojan – evil file + a normal file.

Attack tree

1 Create payload (AND)
    1.1 Backdoor
    1.2 Keylogger
    1.3 Password recovery tool
    1.4 Trojan
    1.5 ...
4 Download to & execute payloads on target machine