This post are some questions I had about the following video that I was watching on YouTube about removing RATs.
- I was watching this video:
and from 18:46 - 23:53 he explains that the RAT basically created a folder that was not able to be accessed unless you knew the path. I was wondering how to do that.
- I was also wondering if there was any trusted versions of RATs ( preferably Dark Comet ) on the web.
- Someone in the comments explained how RATs install on different hierarchical protection domains a.k.a. protection rings. The ones demonstrated in the video install on ring 3 or the ring for applications. He also explained how some RATs install on ring 1 or the device driver ring and some even install on ring 0 or the kernel ring. I was wondering how one would do this.
Thanks for your time.