hacktricks/forensics/basic-forensic-methodology/malware-analysis.md

# Uchambuzi wa Programu Hasidi

{% hint style="success" %}
Jifunze na zoea AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Timu Nyekundu Mtaalam (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na zoea GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Timu Nyekundu Mtaalam (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Angalia [**mpango wa michango**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Vicharazio vya Uchunguzi

[https://www.jaiminton.com/cheatsheet/DFIR/#](https://www.jaiminton.com/cheatsheet/DFIR/)

## Huduma za Mtandaoni

* [VirusTotal](https://www.virustotal.com/gui/home/upload)
* [HybridAnalysis](https://www.hybrid-analysis.com)
* [Koodous](https://koodous.com)
* [Intezer](https://analyze.intezer.com)
* [Any.Run](https://any.run/)

## Zana za Kugundua na Kupambana na Programu za Kupambana na Virus Bila Mtandao

### Yara

#### Sakinisha
```bash
sudo apt-get install -y yara
```
#### Jipange sheria

Tumia script hii kupakua na kuchanganya sheria zote za yara za zisizo kutoka kwa github: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
Unda directory ya _**sheria**_ na kuitekeleza. Hii itaunda faili iliyoitwa _**malware\_rules.yar**_ ambayo ina sheria zote za yara kwa ajili ya zisizo.
```bash
wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
mkdir rules
python malware_yara_rules.py
```
#### Kagua
```bash
yara -w malware_rules.yar image  #Scan 1 file
yara -w malware_rules.yar folder #Scan the whole folder
```
#### YaraGen: Angalia kwa zisomaji wa programu hasidi na Unda sheria

Unaweza kutumia zana [**YaraGen**](https://github.com/Neo23x0/yarGen) kuzalisha sheria za yara kutoka kwa faili ya binary. Angalia mafunzo haya: [**Sehemu 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Sehemu 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Sehemu 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
```bash
python3 yarGen.py --update
python3.exe yarGen.py --excludegood -m  ../../mals/
```
### ClamAV

#### Sakinisha
```
sudo apt-get install -y clamav
```
#### Kuchunguza
```bash
sudo freshclam      #Update rules
clamscan filepath   #Scan 1 file
clamscan folderpath #Scan the whole folder
```
### [Capa](https://github.com/mandiant/capa)

**Capa** inagundua uwezo wa uwezekano wa kwa faili za kutekelezwa: PE, ELF, .NET. Kwa hivyo itapata vitu kama mbinu za Att\&ck, au uwezo wa shaka kama vile:

* angalia kosa la OutputDebugString
* tekeleza kama huduma
* unda mchakato

Pata katika [**repo ya Github**](https://github.com/mandiant/capa).

### IOCs

IOC inamaanisha Kiashiria cha Kukiuka. IOC ni seti ya **mazingira yanayotambua** programu fulani inayoweza kutokuwa ya kutaka au **malware** iliyothibitishwa. Timu za Bluu hutumia aina hii ya ufafanuzi kutafuta faili za aina hii ya uovu katika **mifumo** yao na **mitandao**.\
Kushiriki ufafanuzi huu ni muhimu sana kwani wakati malware inatambuliwa kwenye kompyuta na IOC kwa malware hiyo inaundwa, Timu zingine za Bluu wanaweza kutumia hiyo kuitambua malware haraka zaidi.

Zana ya kuunda au kuhariri IOCs ni [**Mhariri wa IOC**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
Unaweza kutumia zana kama [**Redline**](https://www.fireeye.com/services/freeware/redline.html) kutafuta IOCs zilizofafanuliwa kwenye kifaa. 

### Loki

[**Loki**](https://github.com/Neo23x0/Loki) ni skana ya Viashiria Rahisi vya Kukiuka.\
Ugunduzi unategemea njia nne za ugunduzi:
```
1. File Name IOC
Regex match on full file path/name

2. Yara Rule Check
Yara signature matches on file data and process memory

3. Hash Check
Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files

4. C2 Back Connect Check
Compares process connection endpoints with C2 IOCs (new since version v.10)
```
### Uchunguzi wa Malware wa Linux

[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) ni skana ya malware kwa Linux iliyotolewa chini ya leseni ya GNU GPLv2, ambayo imeundwa kuzunguka vitisho vinavyokabiliwa katika mazingira ya kuhudumia pamoja. Inatumia data ya vitisho kutoka kwa mifumo ya uchunguzi wa kuvamia pembe ya mtandao ili kutoa malware ambayo inatumika kwa shughuli za mashambulizi na kuzalisha saini za uchunguzi. Aidha, data ya vitisho pia inatokana na michango ya watumiaji na kipengele cha ukaguzi wa LMD na rasilimali za jamii ya malware.

### rkhunter

Zana kama [**rkhunter**](http://rkhunter.sourceforge.net) inaweza kutumika kuchunguza mfumo wa faili kwa **rootkits** na malware.
```bash
sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]
```
### FLOSS

[**FLOSS**](https://github.com/mandiant/flare-floss) ni chombo ambacho kitajaribu kupata strings zilizofichwa ndani ya faili za utekelezaji kwa kutumia njia tofauti.

### PEpper

[PEpper](https://github.com/Th3Hurrican3/PEpper) huchunguza vitu vya msingi ndani ya faili ya utekelezaji (data ya binary, entropy, URLs na IPs, baadhi ya sheria za yara).

### PEstudio

[PEstudio](https://www.winitor.com/download) ni chombo kinachoruhusu kupata habari za faili za utekelezaji wa Windows kama vile uingizaji, utoaji, vichwa, lakini pia itachunguza virus total na kupata mbinu za shambulizi za uwezekano.

### Detect It Easy(DiE)

[**DiE**](https://github.com/horsicq/Detect-It-Easy/) ni chombo cha kugundua ikiwa faili ime **fichwa** na pia kupata **packers**.

### NeoPI

[**NeoPI**](https://github.com/CiscoCXSecurity/NeoPI) ni skripti ya Python inayotumia aina mbalimbali za **njia za takwimu** kugundua maudhui yaliyofichwa na yaliyofichwa ndani ya faili za maandishi/skripti. Lengo la NeoPI ni kusaidia katika **ugunduzi wa nambari iliyofichwa ya web shell**.

### **php-malware-finder**

[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) inafanya bidii yake kugundua **nambari iliyofichwa**/**nambari ya shaka** pamoja na faili zinazotumia kazi za **PHP** mara nyingi hutumiwa katika **malwares**/webshells.

### Saini za Binary za Apple

Unapochunguza sampuli fulani za **malware** unapaswa daima **kuangalia saini** ya binary kwani **mwendelezaji** aliyetia saini inaweza tayari kuwa **husiana** na **malware.**
```bash
#Get signer
codesign -vv -d /bin/ls 2>&1 | grep -E "Authority|TeamIdentifier"

#Check if the app’s contents have been modified
codesign --verify --verbose /Applications/Safari.app

#Check if the signature is valid
spctl --assess --verbose /Applications/Safari.app
```
## Mbinu za Kugundua

### Kufunga Faili

Ikiwa unajua kwamba folda fulani inayohifadhi **faili** za seva ya wavuti ilikuwa **imeboreshwa mwisho tarehe fulani**. **Angalia** tarehe ambayo **faili zote** kwenye **seva ya wavuti ziliumbwa na kuhaririwa** na ikiwa tarehe yoyote ni **ya shaka**, hakiki faili hiyo.

### Vipimo vya Msingi

Ikiwa faili za folda **hazipaswi kuhaririwa**, unaweza kuhesabu **hash** ya **faili za asili** za folda na **kuzilinganisha** na **za sasa**. Kitu chochote kilichohaririwa kitakuwa **cha shaka**.

### Uchambuzi wa Takwimu

Wakati habari inahifadhiwa kwenye magogo unaweza **kuchunguza takwimu kama mara ngapi kila faili ya seva ya wavuti ilipatikana kwani ganda la wavuti inaweza kuwa mojawapo ya**.

{% hint style="success" %}
Jifunze & jifunze AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze & jifunze GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>unga mkono HackTricks</summary>

* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								# Uchambuzi wa Programu Hasidi
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								{% hint style="success" %}
 								Jifunze na zoea AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Timu Nyekundu Mtaalam (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Jifunze na zoea GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Timu Nyekundu Mtaalam (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								<summary>Support HackTricks</summary>
-												https://training.hacktricks.xyz/

											
										
										
											2023-12-30 10:12:47 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								* Angalia [**mpango wa michango**](https://github.com/sponsors/carlospolop)!
 								* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								{% endhint %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								## Vicharazio vya Uchunguzi
-												GitBook: [#3165] No subject

											
										
										
											2022-05-01 16:32:23 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								[https://www.jaiminton.com/cheatsheet/DFIR/#](https://www.jaiminton.com/cheatsheet/DFIR/)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								## Huduma za Mtandaoni
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
 								* [VirusTotal](https://www.virustotal.com/gui/home/upload)
 								* [HybridAnalysis](https://www.hybrid-analysis.com)
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								* [Koodous](https://koodous.com)
 								* [Intezer](https://analyze.intezer.com)
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								* [Any.Run](https://any.run/)
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								## Zana za Kugundua na Kupambana na Programu za Kupambana na Virus Bila Mtandao
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### Yara
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#### Sakinisha
-												GitBook: [master] 2 pages modified
											
										
										
											2020-12-21 20:50:30 +00:00
+								```bash
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								sudo apt-get install -y yara
 								```
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								#### Jipange sheria
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Tumia script hii kupakua na kuchanganya sheria zote za yara za zisizo kutoka kwa github: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
 								Unda directory ya _**sheria**_ na kuitekeleza. Hii itaunda faili iliyoitwa _**malware\_rules.yar**_ ambayo ina sheria zote za yara kwa ajili ya zisizo.
-												GitBook: [master] 2 pages modified
											
										
										
											2020-12-21 20:50:30 +00:00
+								```bash
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
 								mkdir rules
 								python malware_yara_rules.py
 								```
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#### Kagua
-												GitBook: [master] 2 pages modified
											
										
										
											2020-12-21 20:50:30 +00:00
+								```bash
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								yara -w malware_rules.yar image  #Scan 1 file
-												Update malware-analysis.md
											
										
										
											2022-09-08 08:47:03 +00:00
+								yara -w malware_rules.yar folder #Scan the whole folder
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								#### YaraGen: Angalia kwa zisomaji wa programu hasidi na Unda sheria
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Unaweza kutumia zana [**YaraGen**](https://github.com/Neo23x0/yarGen) kuzalisha sheria za yara kutoka kwa faili ya binary. Angalia mafunzo haya: [**Sehemu 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Sehemu 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Sehemu 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
-												GitBook: [master] one page modified
											
										
										
											2021-08-18 23:59:47 +00:00
+								```bash
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								python3 yarGen.py --update
 								python3.exe yarGen.py --excludegood -m  ../../mals/
-												GitBook: [master] one page modified
											
										
										
											2021-08-18 23:59:47 +00:00
+								```
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### ClamAV
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								#### Sakinisha
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								sudo apt-get install -y clamav
 								```
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								#### Kuchunguza
-												GitBook: [master] 2 pages modified
											
										
										
											2020-12-21 20:50:30 +00:00
+								```bash
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								sudo freshclam      #Update rules
 								clamscan filepath   #Scan 1 file
-												Update malware-analysis.md
											
										
										
											2022-09-08 08:47:03 +00:00
+								clamscan folderpath #Scan the whole folder
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### [Capa](https://github.com/mandiant/capa)
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								**Capa** inagundua uwezo wa uwezekano wa kwa faili za kutekelezwa: PE, ELF, .NET. Kwa hivyo itapata vitu kama mbinu za Att\&ck, au uwezo wa shaka kama vile:
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								* angalia kosa la OutputDebugString
 								* tekeleza kama huduma
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								* unda mchakato
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Pata katika [**repo ya Github**](https://github.com/mandiant/capa).
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								### IOCs
-												GitBook: [master] 508 pages modified
											
										
										
											2021-08-16 23:29:43 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								IOC inamaanisha Kiashiria cha Kukiuka. IOC ni seti ya **mazingira yanayotambua** programu fulani inayoweza kutokuwa ya kutaka au **malware** iliyothibitishwa. Timu za Bluu hutumia aina hii ya ufafanuzi kutafuta faili za aina hii ya uovu katika **mifumo** yao na **mitandao**.\
 								Kushiriki ufafanuzi huu ni muhimu sana kwani wakati malware inatambuliwa kwenye kompyuta na IOC kwa malware hiyo inaundwa, Timu zingine za Bluu wanaweza kutumia hiyo kuitambua malware haraka zaidi.
-												GitBook: [master] 508 pages modified
											
										
										
											2021-08-16 23:29:43 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Zana ya kuunda au kuhariri IOCs ni [**Mhariri wa IOC**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
 								Unaweza kutumia zana kama [**Redline**](https://www.fireeye.com/services/freeware/redline.html) kutafuta IOCs zilizofafanuliwa kwenye kifaa.
-												GitBook: [master] 508 pages modified
											
										
										
											2021-08-16 23:29:43 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### Loki
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**Loki**](https://github.com/Neo23x0/Loki) ni skana ya Viashiria Rahisi vya Kukiuka.\
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Ugunduzi unategemea njia nne za ugunduzi:
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								```
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
+. File Name IOC
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Regex match on full file path/name
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
 . Yara Rule Check
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Yara signature matches on file data and process memory
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
 . Hash Check
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
+. C2 Back Connect Check
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								Compares process connection endpoints with C2 IOCs (new since version v.10)
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
+								```
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								### Uchunguzi wa Malware wa Linux
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) ni skana ya malware kwa Linux iliyotolewa chini ya leseni ya GNU GPLv2, ambayo imeundwa kuzunguka vitisho vinavyokabiliwa katika mazingira ya kuhudumia pamoja. Inatumia data ya vitisho kutoka kwa mifumo ya uchunguzi wa kuvamia pembe ya mtandao ili kutoa malware ambayo inatumika kwa shughuli za mashambulizi na kuzalisha saini za uchunguzi. Aidha, data ya vitisho pia inatokana na michango ya watumiaji na kipengele cha ukaguzi wa LMD na rasilimali za jamii ya malware.
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### rkhunter
-												GitBook: [master] 3 pages modified
											
										
										
											2020-12-23 19:52:25 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Zana kama [**rkhunter**](http://rkhunter.sourceforge.net) inaweza kutumika kuchunguza mfumo wa faili kwa **rootkits** na malware.
-												GitBook: [master] 3 pages modified
											
										
										
											2020-12-23 19:52:25 +00:00
+								```bash
 								sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]
 								```
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### FLOSS
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**FLOSS**](https://github.com/mandiant/flare-floss) ni chombo ambacho kitajaribu kupata strings zilizofichwa ndani ya faili za utekelezaji kwa kutumia njia tofauti.
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
 								### PEpper
-												GitBook: [master] 3 pages modified
											
										
										
											2020-12-23 19:52:25 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[PEpper](https://github.com/Th3Hurrican3/PEpper) huchunguza vitu vya msingi ndani ya faili ya utekelezaji (data ya binary, entropy, URLs na IPs, baadhi ya sheria za yara).
-												GitBook: [master] 3 pages modified
											
										
										
											2020-12-23 19:52:25 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### PEstudio
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[PEstudio](https://www.winitor.com/download) ni chombo kinachoruhusu kupata habari za faili za utekelezaji wa Windows kama vile uingizaji, utoaji, vichwa, lakini pia itachunguza virus total na kupata mbinu za shambulizi za uwezekano.
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
 								### Detect It Easy(DiE)
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**DiE**](https://github.com/horsicq/Detect-It-Easy/) ni chombo cha kugundua ikiwa faili ime **fichwa** na pia kupata **packers**.
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
 								### NeoPI
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**NeoPI**](https://github.com/CiscoCXSecurity/NeoPI) ni skripti ya Python inayotumia aina mbalimbali za **njia za takwimu** kugundua maudhui yaliyofichwa na yaliyofichwa ndani ya faili za maandishi/skripti. Lengo la NeoPI ni kusaidia katika **ugunduzi wa nambari iliyofichwa ya web shell**.
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												GITBOOK-3999: change request with no subject merged in GitBook

											
										
										
											2023-07-04 15:58:34 +00:00
+								### **php-malware-finder**
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) inafanya bidii yake kugundua **nambari iliyofichwa**/**nambari ya shaka** pamoja na faili zinazotumia kazi za **PHP** mara nyingi hutumiwa katika **malwares**/webshells.
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								### Saini za Binary za Apple
-												GitBook: [master] 504 pages and 3 assets modified
											
										
										
											2021-08-03 16:29:03 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Unapochunguza sampuli fulani za **malware** unapaswa daima **kuangalia saini** ya binary kwani **mwendelezaji** aliyetia saini inaweza tayari kuwa **husiana** na **malware.**
-												GitBook: [master] 504 pages and 3 assets modified
											
										
										
											2021-08-03 16:29:03 +00:00
+								```bash
 								#Get signer
 								codesign -vv -d /bin/ls 2>&1 | grep -E "Authority|TeamIdentifier"
 								#Check if the app’s contents have been modified
 								codesign --verify --verbose /Applications/Safari.app
 								#Check if the signature is valid
 								spctl --assess --verbose /Applications/Safari.app
 								```
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								## Mbinu za Kugundua
-												GitBook: [master] 504 pages and 3 assets modified
											
										
										
											2021-08-03 16:29:03 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								### Kufunga Faili
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Ikiwa unajua kwamba folda fulani inayohifadhi **faili** za seva ya wavuti ilikuwa **imeboreshwa mwisho tarehe fulani**. **Angalia** tarehe ambayo **faili zote** kwenye **seva ya wavuti ziliumbwa na kuhaririwa** na ikiwa tarehe yoyote ni **ya shaka**, hakiki faili hiyo.
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								### Vipimo vya Msingi
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Ikiwa faili za folda **hazipaswi kuhaririwa**, unaweza kuhesabu **hash** ya **faili za asili** za folda na **kuzilinganisha** na **za sasa**. Kitu chochote kilichohaririwa kitakuwa **cha shaka**.
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated to Swahili

											
										
										
											2024-02-11 02:13:58 +00:00
+								### Uchambuzi wa Takwimu
-												GitBook: [master] 4 pages and 2 assets modified
											
										
										
											2021-08-19 22:50:46 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								Wakati habari inahifadhiwa kwenye magogo unaweza **kuchunguza takwimu kama mara ngapi kila faili ya seva ya wavuti ilipatikana kwani ganda la wavuti inaweza kuwa mojawapo ya**.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								{% hint style="success" %}
 								Jifunze & jifunze AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**Mafunzo ya HackTricks AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Jifunze & jifunze GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**Mafunzo ya HackTricks GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								<summary>unga mkono HackTricks</summary>
-												https://training.hacktricks.xyz/

											
										
										
											2023-12-30 10:12:47 +00:00
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
 								* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md

											
										
										
											2024-07-18 18:37:42 +00:00
+								{% endhint %}