SlideShare ist ein Scribd-Unternehmen logo

NPTs

Brandon Levene
Brandon Levene

BSides Boston and RI 2013 Video (BSides RI: http://www.irongeek.com/i.php?page=videos/bsidesri2013/2-0-booting-the-booters-stressing-the-stressors-allison-nixon-and-brandon-levene)

Technologie
1 von 44
Downloaden Sie, um offline zu lesen
The Noob Persistent Threat June 15, 2013
Who are we? Allison Nixon (@nixon.nixoff) • Security Consultant • Pentesting, Incident response • Host on the Pauldotcom podcast • SANS GCIA Gold certified Brandon Levene (@seraphimdomain) • Incident Handler/Incident Response for a Cloud Provider • Malware + Vuln analysis • Independent Security Researcher • SANS Certified Pentester
What is this Noob Persistent Threat? • Script kiddies o Sometimes financially motivated o Sometimes hacking out of curiosity o The lowest level of the criminal underground o Low technical skills o Often poor opsec o Often frequent hacking forums o Often American or EU citizens
...but I don't have anything worth stealing... Do you have any of the following: • Credit or Debit Card • Bank Account • Paypal Account • Medical Records • Social Media Profile • Computer • Digital Delivery Account(s) (Steam, Origin, Xbox) http://www.rsa.com/products/consumer/whitepapers/11634_CYBRC12_WP_0112.pdf
The Noob Renaissance 2011 Discussion Topics Beginner Hacking/Tutorials - 25% Hacking Tools/Programs - 22% Website/Forum Hacking - 21% 2012 Discussion Topics • Beginner Hacking/Tutorials - 28% • *Hacking Methods - 5% (This is in ADDITION to Beginner content) • Hacking Tools/Programs - 21% • Website/Forum Hacking - 21% Source: http://www.imperva.com/resources/hacker_intelligence.asp
A Smattering of ServicesList of Services Offered on the Underground
Recognize
Homework Service
Ewhoring (GIRL = Guy In Real Life)
Cash for Sale ...If you can get it
Want some credit cards?
Mattfeuter.ru Arrests http://www.scmagazine.com/police-arrest-mattfeuter-site-operators- break-up-200m-carder-racket/article/296609/
Carder Shops • Just like any other shopping web app o Shopping cart features o Ticket system • Buy credit card details, Paypal accounts • Proxies are sold to bypass region limitations
Bootershells
Power of the Gods
Fun for all Ages
PedoStresser Rebranding • Same Staff • Same Paypal account • Same font used in logo • Crosslinked Ads to PedoStresser
Booter source code
Ragebooter Comedy Hour
Going legit?
Technical Analysis of Ragebooter -Half the functions of the site didn't work -C&C infrastructure could be discovered -Username transmitted within attack data for no reason
Sample Flood Packets POST Flood ARME CVE-2011-3192 Username is transmitted for no reason X-forwarded-for information leakage Obvious use of open proxies Most flood options resulted in no traffic
Asylumstresser • Another booter on the market (Deceased) • Largely nonfunctional o Only capable of reflected DNS and UDP flooding • Made thousands of dollars anyways • Accepts Paypal • Protected by Cloudflare • Run by children
Asylumstresser Earnings Report Earnings by month: Oct-11 $26.25 Nov-11 $477.28 Dec-11 $884.69 Jan-12 $1,243.02 Feb-12 $1,614.64 Mar-12 $1,349.52 Apr-12 $855.14 May-12 $1,438.89 Jun-12 $1,658.80 Jul-12 $1,403.94 Aug-12 $1,666.36 Sep-12 $1,812.30 Oct-12 $2,662.95 Nov-12 $3,915.85 Dec-12 $3,983.47 Jan-13 $4,109.29 Feb-13 $3,403.34 Mar-13 $2,875.81 Grand total: $35,381.54 • $23,604 earned in 2012 split between the owner and several support staff. • The database did not record any chargebacks, fraud, fees, or server costs, so the take home pay is much lower • Conclusion: get a real job
Asylumstresser Earnings Report • Analysis of customer base o Many gaming server admins o Ironically, some of these admins have blogged about getting DDOSed. Are they taking up arms themselves and starting a cyber-war? o Self-described gamers o Very elite hackers o I even found one connected to a police officer in Florida
Additional Services Cloudflare "resolver" Oh, you mean the nmap dns-brute script? nmap --script dns-brute www.foo.com http://nmap.org/nsedoc/scripts/dns- brute.html
Skype Resolver (API) Searching for Skype resolver "source" will generally result in something akin to the script above.
The "api" consists of a modified Skype binary (cleartext logging enabled) located on a http accessible server, generally a cheap VPS. Here's the script that parses the API request and pulls the results from the plaintext logs.
twBooter (aka Bootertw) • This one made the news several months ago • Allegedly used by hacker 'Phobia' to ddos krebsonsecurity.com while he swatted its owner • Database was leaked containing evidence of the launched attack • Database contained logs of 48,844 attacks launched in two month's time
twBooter (aka Bootertw) • We were able to correlate different parts of the database to find out: • Which account was used • Their IP • Their user-agent • When the attacks occurred
Jacking • Identify gamertag • Identify owner • Use sites like spokeo or ssndob.ru to find owner's details • Call service provider in order to reset password • ??? • Profit This technique can be used to social engineer any company and abuse their customers. Famous case: Mat Honan August 2012. "How Apple and Amazon Security Flaws Led to My Epic Hacking"
The Krebs Cycle 1. You SWAT Brian Krebs. 2. Brian Krebs finds out everything about you, your family, and your friends. 3. SWAT team visits your house. (optional: DDOS his website because he made you mad)
The Krebs Cycle • We were informed that 'Phobia' was suspected • Phobia left a lot of information laying around • Youtube channel full of bragging. "RealTeamHype" o Full of information leakage o Allowed us to find some of his friends o Profile the programs, operating systems they use o Profile them by voice o Their VPN providers • Phobia has been doxed before • E-mails can be linked to Facebook • Hackforums.net, Forumkorner profiles
Counter Booters?
OSINT for Bads... ...or why I love poor OPSEC
Maltego is Awesome
Abuse of Legitimate Services Paypal “While we cannot share specifics on our customers’ accounts due to our privacy policy, we can confirm that we will review suspicious accounts for malicious activity and work with law enforcement to ensure cyber criminals are reported properly. We take security very seriously at PayPal and we do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down web sites.” -Paypal (In response to Brian Krebs' article) http://krebsonsecurity.com/2013/05/ddos-services- advertise-openly-take-paypal/ Cloudflare "I do find it troubling when there are extralegal measures taken to determine what is and is not going on," he said, in an apparent reference to the investigation by Krebs, Nixon and Levene. "How far do you go with that, if someone assumes XYZ shouldn't be on the Internet? Should Google remove them from their search index?" he asked. "We believe in due process," said Prince. -Cloudflare CEO (Matthew Prince) http://www.itworld.com/it-management/357306/legitimate- online-services-enabling-ddos-attacks-hire-sites
“Extralegal?”
TOP SECRET Its like PRISM, but lame.
Tying it Together
Questions? Allison's perfect specimen

Empfohlen

Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 

Empfohlen

Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseGreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To NoiseAndrew Morris
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Ransomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationRansomware: History, Analysis, & Mitigation
Ransomware: History, Analysis, & MitigationWhiskeyNeon
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
OSINT tools for security auditing with python
OSINT tools for security auditing with pythonOSINT tools for security auditing with python
OSINT tools for security auditing with pythonJose Manuel Ortega Candel
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Phd final
Phd finalPhd final
Phd finalPositive Hack Days
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Jason Broz, CIPP/US
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)Phillip Maddux
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008Ali Ikinci
 
Hunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul AlvarezHunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul AlvarezEC-Council
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareAmit Serper
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedMazin Ahmed
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Jason Broz, CIPP/US
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteEC-Council
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Eric Kolb
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFAndy Thompson
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...Frans Rosén
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Cyphort
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationHostway|HOSTING
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededFrans Rosén
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)Phillip Maddux
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSideOWASP EEE
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008Ali Ikinci
 
Hunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul AlvarezHunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul AlvarezEC-Council
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)Justin Hoang
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareAmit Serper
 

Was ist angesagt? (20)

Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Phd final
Phd finalPhd final
Phd final
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin AhmedBackup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
 
Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...Assessing a pen tester: Making the right choice when choosing a third party P...
Assessing a pen tester: Making the right choice when choosing a third party P...
 
Hacking Web Apps by Brent White
Hacking Web Apps by Brent WhiteHacking Web Apps by Brent White
Hacking Web Apps by Brent White
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
 
Ransomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDFRansomware: History, Analysis, & Mitigation - PDF
Ransomware: History, Analysis, & Mitigation - PDF
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
 
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
Sony Attack by Destover Malware. Part of Cyphort Malware Most Wanted Series.
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
DNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification neededDNS hijacking using cloud providers – No verification needed
DNS hijacking using cloud providers – No verification needed
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide[Bucharest] #DontTrustTheDarkSide
[Bucharest] #DontTrustTheDarkSide
 
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security TechnologyAngelo Alviar OSINT 101 Presentation - Forensics and Security Technology
Angelo Alviar OSINT 101 Presentation - Forensics and Security Technology
 
MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008MonkeySpider at Sicherheit 2008
MonkeySpider at Sicherheit 2008
 
Hunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul AlvarezHunting Layered Malware by Raul Alvarez
Hunting Layered Malware by Raul Alvarez
 
Hacking your Android (slides)
Hacking your Android (slides)Hacking your Android (slides)
Hacking your Android (slides)
 
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adwareOSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
 

Ähnlich wie NPTs

Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksCyphort
 
From russia final_bluehat10
From russia final_bluehat10From russia final_bluehat10
From russia final_bluehat10F _
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseJohn Bambenek
 
Log Stealers - Shopping time for Threat Actors!
Log Stealers - Shopping time for Threat Actors!Log Stealers - Shopping time for Threat Actors!
Log Stealers - Shopping time for Threat Actors!Speck&Tech
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"StHack
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and DefenseAndrew McNicol
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Anomaly Detection and You
Anomaly Detection and YouAnomaly Detection and You
Anomaly Detection and YouMary Kelly Rich
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 

Ähnlich wie NPTs (20)

Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
Understanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value AttacksUnderstanding Malware Lateral Spread Used in High Value Attacks
Understanding Malware Lateral Spread Used in High Value Attacks
 
From russia final_bluehat10
From russia final_bluehat10From russia final_bluehat10
From russia final_bluehat10
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionHeartbleed Bug Vulnerability: Discovery, Impact and Solution
Heartbleed Bug Vulnerability: Discovery, Impact and Solution
 
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for DefenseSANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
SANSFIRE18: War Stories on Using Automated Threat Intelligence for Defense
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Log Stealers - Shopping time for Threat Actors!
Log Stealers - Shopping time for Threat Actors!Log Stealers - Shopping time for Threat Actors!
Log Stealers - Shopping time for Threat Actors!
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
Sthack 2015 - Ramon Vicens & Victor Acin - Cyber threats "the reality"
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
Anomaly Detection and You
Anomaly Detection and YouAnomaly Detection and You
Anomaly Detection and You
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 

Kürzlich hochgeladen

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Kürzlich hochgeladen (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

NPTs

  • 2. Who are we? Allison Nixon (@nixon.nixoff) • Security Consultant • Pentesting, Incident response • Host on the Pauldotcom podcast • SANS GCIA Gold certified Brandon Levene (@seraphimdomain) • Incident Handler/Incident Response for a Cloud Provider • Malware + Vuln analysis • Independent Security Researcher • SANS Certified Pentester
  • 3. What is this Noob Persistent Threat? • Script kiddies o Sometimes financially motivated o Sometimes hacking out of curiosity o The lowest level of the criminal underground o Low technical skills o Often poor opsec o Often frequent hacking forums o Often American or EU citizens
  • 4. ...but I don't have anything worth stealing... Do you have any of the following: • Credit or Debit Card • Bank Account • Paypal Account • Medical Records • Social Media Profile • Computer • Digital Delivery Account(s) (Steam, Origin, Xbox) http://www.rsa.com/products/consumer/whitepapers/11634_CYBRC12_WP_0112.pdf
  • 5. The Noob Renaissance 2011 Discussion Topics Beginner Hacking/Tutorials - 25% Hacking Tools/Programs - 22% Website/Forum Hacking - 21% 2012 Discussion Topics • Beginner Hacking/Tutorials - 28% • *Hacking Methods - 5% (This is in ADDITION to Beginner content) • Hacking Tools/Programs - 21% • Website/Forum Hacking - 21% Source: http://www.imperva.com/resources/hacker_intelligence.asp
  • 6. A Smattering of ServicesList of Services Offered on the Underground
  • 9. Ewhoring (GIRL = Guy In Real Life)
  • 10. Cash for Sale ...If you can get it
  • 13. Carder Shops • Just like any other shopping web app o Shopping cart features o Ticket system • Buy credit card details, Paypal accounts • Proxies are sold to bypass region limitations
  • 15. Power of the Gods
  • 16. Fun for all Ages
  • 17. PedoStresser Rebranding • Same Staff • Same Paypal account • Same font used in logo • Crosslinked Ads to PedoStresser
  • 21.
  • 22.
  • 23. Technical Analysis of Ragebooter -Half the functions of the site didn't work -C&C infrastructure could be discovered -Username transmitted within attack data for no reason
  • 24. Sample Flood Packets POST Flood ARME CVE-2011-3192 Username is transmitted for no reason X-forwarded-for information leakage Obvious use of open proxies Most flood options resulted in no traffic
  • 25. Asylumstresser • Another booter on the market (Deceased) • Largely nonfunctional o Only capable of reflected DNS and UDP flooding • Made thousands of dollars anyways • Accepts Paypal • Protected by Cloudflare • Run by children
  • 26. Asylumstresser Earnings Report Earnings by month: Oct-11 $26.25 Nov-11 $477.28 Dec-11 $884.69 Jan-12 $1,243.02 Feb-12 $1,614.64 Mar-12 $1,349.52 Apr-12 $855.14 May-12 $1,438.89 Jun-12 $1,658.80 Jul-12 $1,403.94 Aug-12 $1,666.36 Sep-12 $1,812.30 Oct-12 $2,662.95 Nov-12 $3,915.85 Dec-12 $3,983.47 Jan-13 $4,109.29 Feb-13 $3,403.34 Mar-13 $2,875.81 Grand total: $35,381.54 • $23,604 earned in 2012 split between the owner and several support staff. • The database did not record any chargebacks, fraud, fees, or server costs, so the take home pay is much lower • Conclusion: get a real job
  • 27. Asylumstresser Earnings Report • Analysis of customer base o Many gaming server admins o Ironically, some of these admins have blogged about getting DDOSed. Are they taking up arms themselves and starting a cyber-war? o Self-described gamers o Very elite hackers o I even found one connected to a police officer in Florida
  • 28. Additional Services Cloudflare "resolver" Oh, you mean the nmap dns-brute script? nmap --script dns-brute www.foo.com http://nmap.org/nsedoc/scripts/dns- brute.html
  • 29. Skype Resolver (API) Searching for Skype resolver "source" will generally result in something akin to the script above.
  • 30. The "api" consists of a modified Skype binary (cleartext logging enabled) located on a http accessible server, generally a cheap VPS. Here's the script that parses the API request and pulls the results from the plaintext logs.
  • 31. twBooter (aka Bootertw) • This one made the news several months ago • Allegedly used by hacker 'Phobia' to ddos krebsonsecurity.com while he swatted its owner • Database was leaked containing evidence of the launched attack • Database contained logs of 48,844 attacks launched in two month's time
  • 32. twBooter (aka Bootertw) • We were able to correlate different parts of the database to find out: • Which account was used • Their IP • Their user-agent • When the attacks occurred
  • 33. Jacking • Identify gamertag • Identify owner • Use sites like spokeo or ssndob.ru to find owner's details • Call service provider in order to reset password • ??? • Profit This technique can be used to social engineer any company and abuse their customers. Famous case: Mat Honan August 2012. "How Apple and Amazon Security Flaws Led to My Epic Hacking"
  • 34. The Krebs Cycle 1. You SWAT Brian Krebs. 2. Brian Krebs finds out everything about you, your family, and your friends. 3. SWAT team visits your house. (optional: DDOS his website because he made you mad)
  • 35. The Krebs Cycle • We were informed that 'Phobia' was suspected • Phobia left a lot of information laying around • Youtube channel full of bragging. "RealTeamHype" o Full of information leakage o Allowed us to find some of his friends o Profile the programs, operating systems they use o Profile them by voice o Their VPN providers • Phobia has been doxed before • E-mails can be linked to Facebook • Hackforums.net, Forumkorner profiles
  • 37. OSINT for Bads... ...or why I love poor OPSEC
  • 39.
  • 40. Abuse of Legitimate Services Paypal “While we cannot share specifics on our customers’ accounts due to our privacy policy, we can confirm that we will review suspicious accounts for malicious activity and work with law enforcement to ensure cyber criminals are reported properly. We take security very seriously at PayPal and we do not condone the use of our site in the sale or dissemination of tools, which have the sole purpose to attack customers and illegally take down web sites.” -Paypal (In response to Brian Krebs' article) http://krebsonsecurity.com/2013/05/ddos-services- advertise-openly-take-paypal/ Cloudflare "I do find it troubling when there are extralegal measures taken to determine what is and is not going on," he said, in an apparent reference to the investigation by Krebs, Nixon and Levene. "How far do you go with that, if someone assumes XYZ shouldn't be on the Internet? Should Google remove them from their search index?" he asked. "We believe in due process," said Prince. -Cloudflare CEO (Matthew Prince) http://www.itworld.com/it-management/357306/legitimate- online-services-enabling-ddos-attacks-hire-sites
  • 42. TOP SECRET Its like PRISM, but lame.