Description |
The malicious program renames itself with same name of authorized application, and has
to be put into the same folder
|
Leaktests |
LeakTest |
Description |
The program uses the fact that few firewall have automatics rules inside them
to automatically allow few kind of traffic
|
Leaktests |
Yalta |
DIRECT NETWORK INTERFACE USE
|
Description |
The program go under Windows TCP/IP layer to reach directly network adaptator, bypassing
in this matter firewalls limited to the IP layer
|
Leaktests |
Outbound, Yalta (advanced test), MBtest |
Description |
The program injects it into an application process area, and references to his own
malicious DLL to make firewall believes that it's the application which is using the DLL.
The code written into the process can now called functions that are in the foreign DLL
to do whatever it wants, all the traffic will appears to coming from the trusted application
|
Leaktests |
PCAudit, FireHole, PCAudit v2, CPIL |
Description |
The program injects directly into an authorized process. This "hacking" makes
firewalls thinking that his traffic belong to injected process
|
Leaktests |
Thermite, CopyCat |
Description |
The program does not try to bypass directly the firewall, in fact it use a network access
usually blocked by firewalls (send a packet, launch directly an application, etc...).
But since firewall can only _react_ to the Operating System events, the program try to
bypass firewall using his advantage to be the first to play.
If it can finish sending data before the firewall see it, it has then all the time
to choose what to do before the firewall knocks the door
|
Leaktests |
Ghost |
Description |
Instead of attacking/modifying a trusted application to use it, the leaktest will use
a system service (a windows service or feature) to make it do what it wanted to do, and to retrieve information
to it, without it had done it itself.
An HTTP request to a proxy is a recursive request because it's not you finally who go on the Internet, but
a mandatory, and information anyway come back to you
|
Leaktests |
DNStester |
Description |
The leaktest does not attack or modify the target process, but instead
write information into the registry that the target will load by itself
|
Leaktests |
Jumper |
Description |
The leaktest sends Windows 'Message' to the target window, like sending the url to the
browser. Messages are sent via the API SendMessage.
|
Leaktests |
Breakout v1, PCFlank |
|
|