greetings to you all,

this is my first post here. I have been a C#/web programmer for 10+ years but I am a total newbie when it comes to security and exploits. I have forgotten most of C, make, linux, bash stuff since college so I have to get back with some help from you. I want to educate myself about these things out of curiosity and need. At the moment I am studying Aryan RAT source code, I admit I needed quite some time to make it build fine because it's been a long time since I have done my programming in C++ (also in college probably) ... well I wrote a simple dll injector and I tried the RAT. Already I have a few questions. First of my quiestions is this:

how do you protect your privacy with reverse connection scenario? Let's say you install the server RAT to a remote location, well then your IP is surely exposed. Do you use chain of proxies, is that considered safe, or are there any other better methods? I want to know what is done in real life, not theoretical scenarios. What are some other option of communication with a RAT that don't expose your home LAN ports for connections? Is there a way a reverse connection rat would be used from let's say an internet cafe, where you sit behind some router and there is no way to open LAN for connections?

second group of questions is about dll injection. I am using CreateRemoteThread method, because it was the first one I googled up, however it does not work for system processes like svchost. I also tried using a tool APM, which also failed to inject into svchost. So, my question here goes, by what criteria is the process for dll injection selected, which methods are then used in real life? Which are the most suitable processes to inject dll into? Why wont it work to inject into svchost?

Well here are my first total newbie questions, I hope somebody can answer them for me.
Thanks,
M


PS
I also see the need to understand windows internals in more detail since it is becoming obvious to me, that without this I can only collect scripts nad backdoors on my computer. Is there a good book you can recommend?

To answer your reverse connection question, there are a variety of ways to "hide" your IP address, and some of these include TOR, proxies, shells and insecure/public access combined with some stealth depending on the situation and ideally a combo of those.

Thank you very much Halla. I am aware of tor and proxies, however ...



... could you be so kind and provide me with a real life example of running an RAT client (one, which is being reverse connected to) from a public access, let's say public library wifi? How is this possible?

Just using it to install the server to a remote location, or spoofing your mac address and using the net connection to have your traceability limited to "they were here, and at this time, but we dont know who they were" - keeping in mind not to sign in or be on any cameras, etc.

College campuses are great for this. Many common places like libraries have fast internet connection but don't require any type of signing in.

ok, but when you need to control the remote server from a client it still has to be from some fixed ip or domain name, which can both lead to you. Tor and proxies can help you stay "obscure", but theoretically your IP can be traced to your name if there is will to do it. Isn't there any solution where one could use publicly available services like ftp servers/email/irc as a medium to communicate to servers from an unsecured public place with a spoofed MAC, where the only thing one has to care about is not be physically seen. I wonder if there exists such a solution. If not, it has to be developed I guess

does anyone know of such a solution?

Most botnets use IRC as command and control centers, and others use websites via http or ftp. Im sure something similar can be applied to the circumstances you are talking about.