I did a talk at Botconf in Nancy, France where I try to map Russian DDoS booter sites to their respective DDoS botnets.
Saturday, December 13, 2014
Thursday, September 18, 2014
Let’s Talk About NewPosThings
Riding the PoS malware coattails:
https://www.arbornetworks.com/blog/asert/lets-talk-about-newposthings/
https://www.arbornetworks.com/blog/asert/lets-talk-about-newposthings/
Wednesday, August 13, 2014
Five Sinkholes of newGOZ
Dave Loftus and I did some sinkholing of the new Zeus Gameover variant known as newGOZ:
https://www.arbornetworks.com/blog/asert/five-sinkholes-of-newgoz/
Lil' bit of press:
Lil' bit of press:
- http://www.v3.co.uk/v3-uk/news/2360338/newgoz-malware-sees-1-879-percent-infection-boom-in-july
- http://www.scmagazineuk.com/new-zeus-gameover-employs-novel-approach-to-malware/article/366221/
- http://threatpost.com/gameover-zeus-botnet-rebuilds/107776 (Dave)
- http://www.networkworld.com/article/2465461/new-gameover-zeus-botnet-keeps-growing-especially-in-the-us.html
- http://www.invincea.com/2014/08/newgoz-malware-sees-1879-percent-infection-boom-in-july/
- http://www.theregister.co.uk/2014/08/15/gameover_zeus_back_from_the_dead_as_/
- http://www.pcadvisor.co.uk/news/security/3536420/new-gameover-zeus-botnet-keeps-growing-especially-in-the-us/
- https://labs.opendns.com/2015/01/26/shmoocon-2015-infrastructure-tracking/
Saturday, July 5, 2014
Full Disk Encryption with Key Disk on OpenBSD
Just some notes to myself on how to setup full disk encryption with a key disk on OpenBSD. Pretty much http://tildedennis.blogspot.com/2013/08/full-disk-encryption-on-openbsd.html and http://www.undeadly.org/cgi?action=article&sid=20110530221728.
2.
cd /dev
sh ./MAKEDEV sd1
fdisk -i sd1 (key disk)
disklabel -E sd1
w
q
install (use crypto disk, sd2)
Tuesday, June 24, 2014
The Citadel and Gameover Campaigns of 5CB682C10440B2EBAF9F28C1FE438468
Where I ride the coattails of the Zeus Gameover takedown (and probably upset more researchers):
https://www.arbornetworks.com/blog/asert/the-citadel-and-gameover-campaigns-of-5cb682c10440b2ebaf9f28c1fe438468/
https://www.arbornetworks.com/blog/asert/the-citadel-and-gameover-campaigns-of-5cb682c10440b2ebaf9f28c1fe438468/
Tuesday, April 22, 2014
Thursday, April 17, 2014
Thursday, March 20, 2014
io Solutions
Back in December I received an out of the blue, hostile email from the admins of io saying that I was ruining the Internets by posting my solutions and that my lame attempts were nothing more than weak twitter fame-whoring. It should be noted that their page doesn't mention anything about the solution sharing as being frowned upon.
My response of "Woah! It's a little early in the morning to be so hostile. Chill" when translated into German must of insulted their mother or something because their mature course of action was to ban my IPs, change the level passwords, call out random commenters on this blog, call out the company I work for, send angry complaing emails to my boss, send angry complaining emails to my former boss, and call me lame for not being able to solve all their games in a day. It should be noted that my io solutions and other posts on this blog are unrelated to my 9-5 and done completely in my spare time.
While one of them calmed down a bit after he couldn't hide behind his hacker handle anymore--even congratulating me on how far I'd gotten--I still kind of feel like they came out guns blazing when a simple, polite "hey man, nice work on our game and all, but think we could talk about taking down your solutions for the good of community?" email would of been far more productive.
Anyway, I would of loved to finish the game and post the rest of my solutions out of spite, but I've decided to take thier advice and not waste my time. They've made it abundantly clear that if I want to work my way up to the fame and fortune of an et el on an infosec celebrity's next book that playing io is not the way.
I've reposted my solutions for posterity and because fuck being Internet bullied!
My response of "Woah! It's a little early in the morning to be so hostile. Chill" when translated into German must of insulted their mother or something because their mature course of action was to ban my IPs, change the level passwords, call out random commenters on this blog, call out the company I work for, send angry complaing emails to my boss, send angry complaining emails to my former boss, and call me lame for not being able to solve all their games in a day. It should be noted that my io solutions and other posts on this blog are unrelated to my 9-5 and done completely in my spare time.
While one of them calmed down a bit after he couldn't hide behind his hacker handle anymore--even congratulating me on how far I'd gotten--I still kind of feel like they came out guns blazing when a simple, polite "hey man, nice work on our game and all, but think we could talk about taking down your solutions for the good of community?" email would of been far more productive.
Anyway, I would of loved to finish the game and post the rest of my solutions out of spite, but I've decided to take thier advice and not waste my time. They've made it abundantly clear that if I want to work my way up to the fame and fortune of an et el on an infosec celebrity's next book that playing io is not the way.
I've reposted my solutions for posterity and because fuck being Internet bullied!
Subscribe to:
Posts (Atom)