Evilblog

In this post we are going to learn how to detect and remove a backdoor malware which is listening through some TCP connection and later we will learn to detect and delete that malware which is listening through a periodic connection from its C2 domain. For this i am going to use a non-malicious program name "504lab" created by SANS institute it will create a backdoor on my system and my task is to find it and delete it from my system. I will attach link below so that you can practice it yourself. Before doing this we need to make sure our firewall is completely off so first we will stop our firewall, to do this go to your command prompt and type " netsh advfirewall set allprofiles state off "   Now go to directory where the program is located and start it through cmd prompt After executing, it will ask us to start another command prompt and execute netstat -aon command so that we can see what service are running on our network so start ano