From the course: Complete Guide to Penetration Testing
Join today to access over 24,700 courses taught by industry experts.
Analyzing BlackEnergy and GreyEnergy
From the course: Complete Guide to Penetration Testing
Analyzing BlackEnergy and GreyEnergy
- [Instructor] The BlackEnergy Trojan started life in 2007 as a denial-of-service attack module, and it's been fairly well analyzed now. It uses PHP command and control system accessed through HTTP with a MySQL back-end database for its configuration data. The command and control platforms are often Linux or BSD servers. The BlackEnergy command and control server has an informative help file written in Russian. It uses HTTP basic authentication as a password protection scheme to protect the botnet. Its configuration file enables a high level of customization of the denial-of-service attack, allowing the form of denial-of-service and the packet size and frequency to be configured. Its attacks include ICMP ping flooding, TCP SYN attacks, UDP flooding, HTTP GET request flooding, DNS flooding, and basic binary data flooding. BlackEnergy comes as a kit with a GUI configuration and build tool to make the botnet implants. It doesn't contain its own exploit for delivery, and the build tool…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.