Quantcast

Archive: Jun 2014

AV Evasion 2: Hurdles for Metasploit Payload Execution

David Maloney now breaks the structure of an arbitrary Metasploit payload down into essential constituents and dwells on some common obfuscation problems. So, real quick we are just going to define some terms (see right-hand image), hopefully everyone is familiar with this. In the antivirus world we are...

AV Evasion: Lessons Learned

At DerbyCon event, Metasploit core developer David Maloney aka “Thelightcosine” presents the ins and outs of making payloads undetected by antivirus software. David: Good morning DerbyCon! That’s a lot of people for 10:00 in the morning, so I am just going to throw this out here. I can do this...

Spy-jacking the Booters 7: Fascinating Q&A

This is a captivating questions and answers part reflecting a debate between CloudFlare’s Matthew Prince and Brian Krebs over accusations previously expressed. Question from Matthew Prince: So, Brian, you reached out to me and I actually wrote back to you trying to schedule some time to call, and you never...

Spy-jacking the Booters 6: Types of DDoS Used

Lance James provides further specifics about the investigation of booter services out there, in particular focusing on the 8 types of DDoS being leveraged. Moving on, I started doing database analysis to get a birds-eye view, diverse activity and stuff. We wanted to look at how many people are on this thing...

Spy-jacking the Booters 5: Tracking the Fraudsters Down

It’s now Lance James’ turn to shed light on the activity of booter services from a technical perspective to get a better understanding of who the adversary is. Lance James: How is everybody so far? I’m Lance James, some of you know me. I work at Deloitte. Don’t ask, it’s cool. I get to do some fun...

Spy-jacking the Booters 4: The CloudFlare and PayPal Dilemma

The key spotlight in this part of the presentation is on the issue of legit services like CloudFlare and PayPal being used by booters to stay online and afloat. Rage Booter, pretty much like every single one of these booters out there, was hidden behind CloudFlare, and as I’m sure most of you know, this...

Spy-jacking the Booters 3: Owner Profiles

Brian Krebs now shares the details of his research which pointed to the guys running such infamous DDoS services as Booter.tw, AsylumStresser, and Rage Booter. I decided this whole experience getting hit with a kinetic and a cyber attack at the same time is just too good not to write about. I started asking...