This post are some questions I had about the following video that I was watching on YouTube about removing RATs.
- I was watching this video:
and from 18:46 - 23:53 he explains that the RAT basically created a folder that was not able to be accessed unless you knew the path. I was wondering how to do that.
- I was also wondering if there was any trusted versions of RATs ( preferably Dark Comet ) on the web.
- Someone in the comments explained how RATs install on different hierarchical protection domains a.k.a. protection rings. The ones demonstrated in the video install on ring 3 or the ring for applications. He also explained how some RATs install on ring 1 or the device driver ring and some even install on ring 0 or the kernel ring. I was wondering how one would do this.
Thanks for your time.
3 Responses
I don't know a way how you could hide a RAT in such a folder, but you can put it inside a "hidden folder" in windows, like C:/ProgramData, i know poor example.
I also don't know about a trusted version of DarkComet, mainly because i don't have much to do with such "mainstream" RATs.
Probably through an exploit, but i don't know that either..
-phil
I've decided not to use RATs anymore and as for the hidden folder thanks to CRACKER | HACKER I know that to hide a folder. I should make a post on that in the How-To section.
maybe go into youtube, and leave a comment on his video. Im sure he know how to, since he did it. Maybe e-mail him.
Share Your Thoughts