Absolutely! Malware creation tools like VIEL Evasion, Empire, FAT RAT all have these capabilities of migrating backdoor to a legitimate PIDs. However, like you rightly said, good starting point for beginners dealing with script kiddies.
Thanks for sharing this, very helpful. If you have a broadcast IP with a port (192.168.x.x: 0000 whose state shows CLOSE_WAIT on the netstat -ano). What does that mean?
Hello very helpful video but one question I searched and found nothing suspicious but some PID numbers on cmd I couldn't find them In task manager should I be worried? Thanks in advance
Hey bro i have established connections with apple company , and i when i click on it its shows apple company files like bonjour file,is it possible that someone has created a backdoor and named it on apple😢
You Good!!! Apple's Bonjour Program? Bonjour is Apple's implementation of zero-configuration networking (zeroconf). It allows devices running both Windows and Apple operating systems (like macOS and iOS) to connect and share resources without any configuration settings.
is it possible that hackers can hide their acitivity in the netstat? because i checked the pc im currently are using and theres none suspicious established network
Thank you so much for explaining in a way that is easy to understand
You are very welcome
Great information!
Glad it was helpful!
Thanks for explaining this for me. Very useful and understandable.
You are welcome!
thanks man!!
You are welcome
Basic but I didnt know it, so very useful.
Glad it was helpful!
Useful information for a beginner. Checking the connections is not enough. Malware writers can hide their backdoor through normal PIDs.
Absolutely! Malware creation tools like VIEL Evasion, Empire, FAT RAT all have these capabilities of migrating backdoor to a legitimate PIDs. However, like you rightly said, good starting point for beginners dealing with script kiddies.
@@KamilSec Are you familiar with sysinternals tools ?
Great video and very helpful.
thanks for explaining it so well
You're welcome!
Thanks for sharing this, very helpful. If you have a broadcast IP with a port (192.168.x.x: 0000 whose state shows CLOSE_WAIT on the netstat -ano). What does that mean?
This means the remote server side connection socket is closed and waiting on the local connection socket to close.
double click PID to get them in numerical order
Thank you!
You're welcome!
Hello very helpful video but one question I searched and found nothing suspicious but some PID numbers on cmd I couldn't find them In task manager should I be worried? Thanks in advance
Try to expand the down arrow on the task managers to see the rest of the PIDs.
@@KamilSec Same here, i cant seem to find some of the PID connections in task manger.
Not a single one of my established networks are loopback ip. They are all different. What does that mean?
It is not always a bad idea, they could be legitimate connections for the process on your device
what if u find a stablished connection in cmd but the pid found in cmd doesnt show on task manager?
It should, sometimes you just have to expand the rows
Great video.
Thanks!
Thank you very much for you video
You are welcome
Thanks a bunch!! :3
You're very welcome
Should i be worried because i have some program with nothing in the publisher name no "unknown" just nothing ?
No I don't think is anything to worry about, just keep checking on the status of the connections
thanks you!!
You're very welcome!
Interesting that we can do -ano; all three commands in one. Hehe. 🔥🤓😎👨💻
Help most of my established connections are popular companies such as Razer, Microsoft and Nvidia should i still delete them?
No, those are fine
@@KamilSec ok
MALWAAAAAAAAREE
Cant find pid of an established network . What should i do
It show be there. On the left hand side, you will see a pull down arrow, when you click on that it expands some of the hidden PID on the task manager.
if i have a pid number at cmd but at taskbar that pid doestn appear what does it mean?
You can turn on the PID on taskbar by "right clicking" on any of the others shown and select PID to display.
Hey bro i have established connections with apple company , and i when i click on it its shows apple company files like bonjour file,is it possible that someone has created a backdoor and named it on apple😢
You Good!!! Apple's Bonjour Program? Bonjour is Apple's implementation of zero-configuration networking (zeroconf). It allows devices running both Windows and Apple operating systems (like macOS and iOS) to connect and share resources without any configuration settings.
is it possible that hackers can hide their acitivity in the netstat? because i checked the pc im currently are using and theres none suspicious established network
Yes they can, but hopefully thats not the case here.
@@KamilSec im in a big problem. i think ive been gangstalked for years. i need to make sure they will not have access to my life anymore.