Hi All,

I have a PC set up for pentesting, and I am still building it, finding programs ect. Two issues, 1. I am fairly certain I am getting good downloads from the official sites, except in one notable case, the windows binary is no longer maintained and of course now I have something listening I can see in netstat connection 220.90.198.65 port 1064 supposedly the JSTEL service. I have blocked the connection at the Windows Firewall, and redirected it to localhost through the hosts file, but I am not sure if this really is malicious, or a side effect of a legit program.

So I could use any advice on determining the nature of this connection.

2. because I am downloading applications that will be detected by my a/v, how can I distinguish between a hacking tool, and malware?

That IP Address traces back to Korea:
http://whatismyipaddress.com/ip/220.90.198.65

Some additional info which might or might not be applicable (taken from http://www.pczone.com.tw/vbb3/archive/t-108256.html):

> download.microsoft.com
Server: query.ttn.net
Address: 202.145.138.1

Non-authoritative answer:
Name: a767.ms.akamai.net
Addresses: 220.90.198.90, 220.90.198.65, 220.90.198.83
Aliases: download.microsoft.com, download.microsoft.com.nsatc.net
download.microsoft.com.d4p.net, download.microsoft.com.georedirector.akadns.net

As ziggy_567 mentioned, capturing traffic and viewing the captured packets might give you an idea what connections are being created and the relative destination address.  You could also use TCPView from Sysinternals to gather more information about the connections on your computer: http://technet.microsoft.com/en-us/sysinternals/bb897437
Using TCPView, you can highlight the connection and view properties of that process (if possible) which might give you more information on what application created the connection.

Regarding setting up a lab, what I like to do is not install any A/V on the attacking/testing machine, I also make sure that this machine is isolated from the rest of my machines, I also ensure that this machine never connects to the internet once I'm done setting it up.

i'll create small trojan file but i cannot send it in email to another party. because yahoo identified it is an virus. and i use obsidium and poison ivy to create undetectable trojan file but i cannot win it.

please help me to do this. this for my education

thank you   

I want to be a create undetectable trojan . ill create trojan file but it is detecting like virus how can i set this trojan undetectable. i ll tried to use poison ivy, obsidiumsetup and more how can i create this trojan file to undetectable virus.

please help me. sorry about my poor english sorry

thank you

 

:::::   SephStorm

you are right. but how can i create this undetectable trojan i used obsidium also but it is not working please help me to resolve this problem

thanking you