Technician procedures

Introduction

The Technician is in charge of infection rules to retrieve important information. Some typical procedures are described below with references to significant chapters. These are only simple indications. Skill and ability are essential to exploit RCS flexibility and adapt it to investigation needs.

Procedures
Injection on HTTP connections

Network Injector must be used for injections on HTTP connections:

Step Action
1

In the System, Network Injector section, create identification and injection rules for Network Injector Appliance and Tactical Network Injector.

See "Network Injector management

NOTE: no agent installation is required.

2

When using Network Injector Appliance, the system applies the identification rules to traffic data. Once target devices are found, they are infected with the injection rules.

Or they can be automatically or manually identified and infected using Tactical Network Injector.

See "Tactical Control Center " .

 

Infecting a computer not connected to Internet

To infect a computer not connected to Internet

Step Action
1

Create a factory, disabling synchronization.

See "Target page". .

2

Compile the factory selecting the installation vector suited to the device platform and installation method, then create the agent.

See "Compiling a factory". .

3

Install the agent on the target device with the selected methods.

See "List of installation vectors" .

4

After the required amount of time, retrieve evidence produced on the target device.

5

Import agent evidence and analyze it.

See "Agent page". .

 

 

Infecting a computer connected to Internet

To infect a computer connected to Internet

Tip: these steps are essential when you do not initially know which target activities to record or to avoid recording an excessive amount of data.

Step Action
1

Create a factory: the system automatically enables synchronization.

See "Target page".

2

Compile the factory selecting the installation vector suited to the device platform and installation method, then create the agent.

See "Compiling a factory". .

3

Install the agent on the target device with the selected methods.

See "List of installation vectors" .

4

The agent appears in the target page at first synchronization.

See "Target page".

5

Reset the agent using the basic or advanced configuration. The agent applies the new configuration at the next synchronization.

See "Factory or agent basic configuration settings".

See "Factory or agent advanced settings". .

 

 

Keeping agent software updated

HackingTeam cyclically updates its software. To update installed agents:

Step Action
1
  • In Operations section, Target update agents. See "Target page".

or

  • In Operations section, Target open an agent and update it. See "Agent page".