CyberSensor
Copyright © MegaSecurity
Informations
| Family | CyberSensor |
| Category | Remote Access |
| Version | CyberSensor |
Author Information / Description
Instructions for trying out the CyberSensor demo
================================================
. Make sure that you have Windows NT 4.0 on your machine.
. Copy and unzip the attached .ZIP file in some directory
on your harddrive.
. Run CyberSensor.Exe
Conventions
===========
The machine on which you running CyberSensor.Exe is termed as "Source
Machine" and the machine which you want to spy is termed as
"Target Machine". In case of single machine demo, both "Source
Machine" and "Target Machine" are same.
Single machine demo
===================
1. Make sure that you are logged in as administrator on the "Source
Machine". You can verify this by starting programs such as
windisk. Windisk will run without any "access denied" errors if
you are administrator.
2. From the CyberSensor machine list, select the same machine on which
you are running CyberSensor.
3. Select the appropriate agent from the agents list box. Select
the process you want to spy on from process list box. You can
skip selecting process if you want to spy system wide.
4. Click the Start Agent icon/menu item. Look at your spy agent
selection and Click "Start Spy".
5. After successful installation of spy, you will get one window
which will show the spy specific activity.
6. Perform any spy specific activity on the machine e.g If you
have selected process spy then start and stop some processes
on the target machine.
Multi-machine demo
==================
1. Make sure that you have administrator privilege on the "Target
Machine". You can verify this by connecting to C$ admin share.
e.g If "Source Machine" named "A" and the "Target Machine" is
named "B". Run the following command on "Source Machine"
net use \\B\C$
If this command succeeds, then you have admin privilege on the
target.
Note:
If both the "Source Machine" and "Target Machine" belongs to
same domain say CYBERDOM and you are logged in as user X on
machine "A" then make sure that "CYBERDOM\X" belongs to local
administrator group of machine "B". This can be done as follows.
Logon to machine "B" as local administrator, run musrmgr.exe
select "Administrators" group. You should see "CYBERDOM\X"
belonging to this group. If not, then add the user to local
administrator group by selecting from the user list.
If you are logged in as Domain administrator on machine "A",
then make sure that "Domain Admins" group belongs to local
administrator group of machine "B"
If both the "Source Machine" and "Target Machine" are peer
i.e not belonging to same domain, then make sure that you have
an account with same name and password on both the machines
and this account is belonging to local administrator group of
the "Target Machine".
2. Rest of the steps i.e 2 to 6 are same as single machine demo.
Comments
========
. There are two spy agents provided along with this demo.
ProcessSpy - Monitors execution of processes. Shows total CPU
time, user time and kernel time spent by process.
RegSpy - Monitors registry activity e.g Registry key/value
creations/deletion/modification etc.
. For ProcessSpy agent, you need to have PSAPI.DLL in your windows
system directory, otherwise the agent will not show the executable
names. It will show "Unknown" process name. PSAPI.DLL is present
in the attached .ZIP file.
. When starting spy agent, you might get "Failed to start service"
message. Please try again in this case.If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.