CATEGORIES
  > CATEGORIES
  LEAK TESTING
  KILL TESTING
  ADVICES
  DOCUMENTS
  REWARDS
  > IN THE WILD
  > LINKS
  > FAQ
  > TOOLS

     SCAN YOUR COMPUTER

     TEST YOUR BROWSER
SUBSTITUTION
Description The malicious program renames itself with same name of authorized application, and has to be put into the same folder
Leaktests LeakTest


LAUNCHER
Description The program access to the Internet in launching an authorized application and in going
trough it
Leaktests Tooleaky, FireHole, WallBreaker, Ghost, Surfer


HIDDEN RULES
Description The program uses the fact that few firewall have automatics rules inside them to automatically allow few kind of traffic
Leaktests Yalta


DIRECT NETWORK INTERFACE USE
Description The program go under Windows TCP/IP layer to reach directly network adaptator, bypassing
in this matter firewalls limited to the IP layer
Leaktests Outbound, Yalta (advanced test), MBtest


DLL INJECTION
Description The program injects it into an application process area, and references to his own malicious DLL to make firewall believes that it's the application which is using the DLL. The code written into the process can now called functions that are in the foreign DLL to do whatever it wants, all the traffic will appears to coming from the trusted application
Leaktests PCAudit, FireHole, PCAudit v2, CPIL


PROCESS INJECTION
Description The program injects directly into an authorized process. This "hacking" makes firewalls thinking that his traffic belong to injected process
Leaktests Thermite, CopyCat


TIMING ATTACK
Description The program does not try to bypass directly the firewall, in fact it use a network access usually blocked by firewalls (send a packet, launch directly an application, etc...). But since firewall can only _react_ to the Operating System events, the program try to bypass firewall using his advantage to be the first to play. If it can finish sending data before the firewall see it, it has then all the time to choose what to do before the firewall knocks the door
Leaktests Ghost


RECURSIVE REQUEST
Description Instead of attacking/modifying a trusted application to use it, the leaktest will use a system service (a windows service or feature) to make it do what it wanted to do, and to retrieve information to it, without it had done it itself. An HTTP request to a proxy is a recursive request because it's not you finally who go on the Internet, but a mandatory, and information anyway come back to you
Leaktests DNStester

REGISTRY 'INJECTION'
Description The leaktest does not attack or modify the target process, but instead write information into the registry that the target will load by itself
Leaktests Jumper

Windows Messaging + OLE
Description The leaktest sends Windows 'Message' to the target window, like sending the url to the browser. Messages are sent via the API SendMessage.
Leaktests Breakout v1, PCFlank


Home      News      Contact      Online form      Mailing list