The UK's National Cyber Security Center and their Western European friends today released a report which focuses on the most commonly used hacking tools.
The study presents five classes of available hacking tools widely used by criminals, spies and hacktivists worldwide. Your list below will not surprise those involved in penetration testing but is valuable to the public who wants the security of their systems.
PDF lists some of the tools most likely to be used in targeted networks.
Remote Access Trojans (RATs): "Invisible" programs for backdoors implantation and data removal
Web Shells: scripts which are planted on servers to provide remote admin control
Mimikatz: Stalks passwords and other credentials stored in memory
PowerShell Empire: This framework allows hackers to enter sensitive systems
Locating tools and control and tools of destruction: Utilities used to hide the location of a hacker.
Of course, they are also popular penetration-testing kits.
Often these tools are not inherently malicious and can legitimately be used for penetration testing aimed at detecting vulnerabilities. But they can also be used for malicious network violations. The NCSC says that the parallel use of the above tools can bring impressive results and make it more difficult to detect them.
"Many are used in combination with each other, posing a huge challenge for the network's defender," says GCHQ.
The NCSC states that some simple steps could greatly help to prevent possible attacks. Basic defenses include two or multiple agent authentication, network partitioning, and many more that you can read in the PDF below.
__________________________
- Internet Archive the first decentralized Web is online
- Chrome restore of WWW and HTTP
- Tails 3.9.1 ISO has just been released from the Tails Project
- Google's DeepMind: dopamine use from neural networks