Loki - Hacking Detection.



  • Hello! Today I will talk about Loki, its flags and installation.

    What is Loki?

    Loki is a hack detection scanner.

    Detection Methods:

    • File names.
    • Checking the rules of Yara.
    • Checking hashes.
    • Check feedback C2.
    • Checking the Regin file system.
    • Checking process anomalies.
    • Scan unpacked SWF.
    • SAM dump check.
    • DoublePulsar Check.
    • Flags:
    -p - The path to scan.
    -s - Maximum size in KiloBytes. (Default: 4096 KB)
    -l - Logs.
    -a - Indicates an alarm.
    -w - Displays a warning.
    -n - Shows notifications.
    --printAll - Print all scanned files.
    --allreasons - Displays all the reasons why a hazard indicator was calculated.
    --noprocscan - Skips process scanning.
    --nofilescan - Skips file scanning.
    --norootkit - Skips rootkit scanning.
    --noindicator - Does not show a progress indicator.
    --reginfs - Do a check of the Regin virtual file system.
    --dontwait - Does not wait before exiting.
    --intense - Intensive scan mode.
    --csv - Logs the CSV format to STDOUT.
    --onlyrelevant - Only displays warning and alarm messages.
    --nolog - Does not write logs.
    --update - Update.
    --debug - Debug output.
    ![9142f54d-f948-4aee-a518-3f3b011945e0-image.png](/assets/uploads/files/1579620493143-9142f54d-f948-4aee-a518-3f3b011945e0-image.png) 
    

    Installation:

    Kali Linux:

    Install the necessary components:

    sudo pip2 install psutil netaddr pylzma colorama
    

    Download from github:

    git clone https://github.com/Neo23x0/Loki.git

    We go to the utility folder:

    cd Loki /

    Update utility:

    python2 loki-upgrader.py
    

    Run the utility:

    python2 loki.py -h
    

    Linux Mint or Ubuntu:

    Install the necessary components:

    sudo apt install yara python-yara python-pip python-setuptools python-dev git
    

    Update:

    sudo pip2 install --upgrade pip
    

    Install:

    sudo pip2 install -U setuptools
    

    Install the components:

    sudo pip2 install psutil netaddr pylzma colorama
    

    Download from github:

    git clone https://github.com/Neo23x0/Loki.git

    We go to the utility folder:

    cd Loki /

    Update utility:

    python2 loki-upgrader.py
    

    Run the utility:

    python2 loki.py -h
    

    BlackArch:

    Install the components:

    sudo pacman -S yara python2-pip python2-yara
    

    Install more components:

    sudo pip2 install psutil netaddr pylzma colorama
    

    Download from github:

    git clone https://github.com/Neo23x0/Loki.git

    We go to the utility folder:

    cd Loki /

    Update utility:

    python2 loki-upgrader.py
    

    Run the utility:

    python2 loki.py -h
    ![d2844469-91d8-4ab4-9b4b-c61161aca750-image.png](/assets/uploads/files/1579620532738-d2844469-91d8-4ab4-9b4b-c61161aca750-image.png) 
    

    Windows:

    Download:

    https://github.com/Neo23x0/Loki/releases

    Unpack the archive.

    We carry out:

    Win + r

    We write in the line:

    cmd

    Press Enter.

    Drag the loki-upgrader.exe file to the command line.

    Press Enter.

    Drag and drop the loki.exe file to the command line.

    Press Enter.

    bc0b689f-65aa-481c-a641-b48cbdb91dd8-image.png

    Display alarms, alerts and notifications.

    Alarm (ALERT):

    Alarm detection is highlighted in red:

    b6445e74-627c-47cb-8f40-b9ad040b7390-image.png

    Warning (WARNING):

    Alert detection is highlighted in yellow:

    99d078ff-df85-4214-b123-2a8c81707811-image.png

    NOTICE:

    Detection of notifications is highlighted in cyan color:
    c07f7ace-fd6a-4f74-a74b-250d0d4ba4ef-image.png

    Directories for exclusion:

    The utility supports exceptions. You can exclude specific directories regardless of the name of the drive where they are located, file extensions in specific folders, and all files and directories that belong to anti-virus scan sensitive products.

    The path to the file:

    /home/user/Loki/config/excludes.cfg

    Looks like that:

    6fdf4d1a-f970-4e75-9539-54c599bf2ea9-image.png



  • Useful information


Log in to reply
 


LIVE Chat
Login in your account to Start Chat