Hamad Alnakal

The primary focus of this assignment was to get up to speed with newer and more complex vulnerabilities and learning the usage of different tools or methods to exploit them, thereby improving and developing my penetration testing skillset. My scope was not restricted in the selection of systems or performing exploitation or post-exploitation. It was encouraged to perform the same and learn the usage of newer tools and technologies, which is a highly essential practical experience for a penetration tester.

The malware is a form of ransomware identified as the Ryuk ransomware. When the ransomware is run it kills a list of processes and drops readme files in several directories and encrypts most files.

The trojan belonging to the Carberp family of trojans. The malware repeatedly sends requests over the network to three different Command and Control(C&C) servers. The malware does not appear to perform any malicious activity without first successfully connecting to one of the C&C servers.

In this project I will be discussing about the Mirai Botnet malware which is utilized for the DDOS attack is a part of a Trojan IoT malware. It was first discovered in May-2016 and the initial malware was Linux.DDoS.87, then another variant named Linux.DDoS.89 and finally Linux.Mirai that was discovered in the month of August-2016. The Mirai malware is responsible for infecting at least 500,000 IoT devices in almost 164 countries, making bots and launching DDoS attacks globally. DDoS attacks on KrebsOnSecurity, French web host OVH and Dyn in the year 2016 are the largest DDoS attacks ever know till date, these attacks were initiated using the Mirai malware which scans for the unsecured IoT devices and then uses them as a launch platform for DDoS attacks.