Hi !
My question is, how to investigate a hacker.
I'll be honest, I'm a newbie in hacking and ethical security, trying to learn some stuff about Kali Linux.
Anyway, I learned till now, that if you use metasploit to hack, you need to make a payload and send it to the victim.
So I made some thoughts about how to investigate a hacker.
Let's say someone sent me a payload and wants to hack my device, what should I do to catch him ?
I think the possible way is to encode the payload somehow, because if someone makes a payload, he/she needs to set the LHOST = his/her IP address. But the thing is, I don't know how to encode it. I tried to open it with leafpad, but.... nothing was there to understand.
So yeah, can somebody help me with this ? and also, if this is not the right way to catch a hacker, how could I do it then ?
4 Responses
You don't necessarly need to do painful things like reversing (that require high level programming skill). You can for example monitor your network with Wireshark, Snort or any other NIDS. They will log your traffic can also raiso alert on predefined events.
What you're trying to do is like trying to 'get the grapes from the wine'.
Technically this is called 'disassembling' or 'decompiling'.
Payloads will (probably) have some Anti-Reverse Engineering capabilities, so I think you're on a road to nowhere.
If you've a payload that's trying to pwn your computer, and you want to trace the stream back to the source, you'll have to monitor the network traffic to find the IP Address of the hacker.
...unless anyone else can say otherwise.
Right but what if he uses VPN?
VPN don't make you completly anonymous. For example your ISP perfectly know when you're using VPN, of course the VPN Service Provider too. Sometimes Police just ask information to the VPN Service Provider.
It's also possible to get information just by analyzing the traffic but it requires a lot of work.
Share Your Thoughts