Quantcast

Author: david b.

Unexpected Stories from a Hacker inside the Government 4: Hacker Equals Researcher, Not Criminal

This part is dedicated to the interactions between the Government and the hacker researcher communities, also covering recommendations to both parties. Government communities and the hacker researcher communities Now the fourth story, and maybe I’ll do the fifth story about Barnaby Jack and Abu Dhabi –...

Unexpected Stories from a Hacker inside the Government 3: Game Theory Is a Bitch

Mudge now shares some of his thoughts about why the Government tends to stay with the same contractors even after their tech findings have been compromised. 3. Game theory is a bitch My third story is … well, let me give you a little background. I’ve got a lot of people approach me outside of work and...

Unexpected Stories from a Hacker inside the Government 2: DoD’s Controversial Message

Another story by Mudge is about how blurred and poorly worded statements of the Government agencies can pull off cyber attacks by movements like Anonymous. 2. Department of Defense vs. Anonymous The second story is about Anonymous and the Department of Defense. I remember Anonymous from way back. I mean,...

Unexpected Stories from a Hacker inside the Government

Peiter C. Zatko, aka Mudge, a well-known former member of the L0pht and ex-researcher at DARPA, tells a few stories from his past experience at Defcon. Just so we’re clear, I’m only speaking as myself today. I am not a representative of the U.S. Government; I am not a representative of my current...

The Next Crypto Wars 6: Obstacles to Dragnet Surveillance

Winding up with the Defcon talk, Chris Soghoian highlights the merits of the companies that focus on user data security rather than usability only. Meanwhile The FBI has this team of agents who are doing nothing but delivering malware to the computers of surveillance targets. We only have a couple of cases...

The Next Crypto Wars 5: Government Contractors’ Activity Revealed

ACLU’s Chris Soghoian now delves into how he discovered the activities of contractor company employees supporting the Government’s hacking endeavors. What about the Feds? The feds have the big bucks, federal law enforcement agencies in the United States have enough money to use bespoke custom malware....

The Next Crypto Wars 4: Surveillance Tools by Gamma and Hacking Team

Chris Soghoian’s focus in this entry is on private sector companies providing assistance to the government by developing tools for intercepting communications. Government Hacking Alright, so if they can’t force Google to put a backdoor in Android OS, and if they can’t force Apple to put a backdoor in...

The Next Crypto Wars 3: Government Mandating Backdoors

Chris Soghoian zeroes in on the government’s attempts to circumvent privacy measures by the Silicon Valley companies that all came to employ encryption. Silicon Valley vs. telco surveillance What we have seen in the last few years is a transition. We’ve seen a migration away from telecommunications...

The Next Crypto Wars 2: Going Dark

Delving further into crypto evolution, Chris Soghoian focuses on the relationship between law enforcement and companies that adopted strong privacy algos. Going Dark And so, things were good for a while. It didn’t really matter that your browser could do strong crypto. It didn’t really matter that you...

Backdoors, Government Hacking and the Next Crypto Wars

Christopher Soghoian, ACLU’s Principal Technologist, presents his study at Defcon highlighting the past and the present of the privacy and cryptography realm. Good morning or good afternoon, my name is Chris Soghoian, I am the Principal Technologist for the Speech, Privacy and Technology Project at the...

AV Evasion 6: Best-Performing Tactics

Having overviewed antivirus evasion methods that didn’t turn out too efficient, David Maloney now describes some successful approaches that he came up with. We are not going to use stagers anymore, that is to say, we are not going to use the ones that come as payloads in Metasploit Framework. We are going...

AV Evasion 5: Blending in Instead of Hiding the Bad

Continuing to elaborate on ways to circumvent antivirus detection, David Maloney dissects code generation and Ghost-Writing techniques in this regard. One of my co-workers said to me: “What about doing code generation, what if you never put your payload in the executable at all; instead, you have your...

AV Evasion 4: Encoders and Fuzzy NOPs Fail

What gets scrutinized in the given entry is whether or not the use of encoders and generating fuzzy NOPs can help avoid interception by AV. Alright, what about inlining it? Like a said, typically we have been shoving stuff into a variable, then doing some dereferencing tricks in C, and then executing it as...

AV Evasion 3: EXE Templates and Run-Time Dynamic Linking

Delving further into techniques to keep payloads undetected by antiviruses, David Maloney analyzes the efficiency of several popular obfuscation methods. Alright, so how do we get around the problem of the EXE Template? Well, like I said, the default template with no payload is 42 detections. We have the...

AV Evasion 2: Hurdles for Metasploit Payload Execution

David Maloney now breaks the structure of an arbitrary Metasploit payload down into essential constituents and dwells on some common obfuscation problems. So, real quick we are just going to define some terms (see right-hand image), hopefully everyone is familiar with this. In the antivirus world we are...

AV Evasion: Lessons Learned

At DerbyCon event, Metasploit core developer David Maloney aka “Thelightcosine” presents the ins and outs of making payloads undetected by antivirus software. David: Good morning DerbyCon! That’s a lot of people for 10:00 in the morning, so I am just going to throw this out here. I can do this...

Spy-jacking the Booters 7: Fascinating Q&A

This is a captivating questions and answers part reflecting a debate between CloudFlare’s Matthew Prince and Brian Krebs over accusations previously expressed. Question from Matthew Prince: So, Brian, you reached out to me and I actually wrote back to you trying to schedule some time to call, and you never...

Spy-jacking the Booters 6: Types of DDoS Used

Lance James provides further specifics about the investigation of booter services out there, in particular focusing on the 8 types of DDoS being leveraged. Moving on, I started doing database analysis to get a birds-eye view, diverse activity and stuff. We wanted to look at how many people are on this thing...

Spy-jacking the Booters 5: Tracking the Fraudsters Down

It’s now Lance James’ turn to shed light on the activity of booter services from a technical perspective to get a better understanding of who the adversary is. Lance James: How is everybody so far? I’m Lance James, some of you know me. I work at Deloitte. Don’t ask, it’s cool. I get to do some fun...

Spy-jacking the Booters 4: The CloudFlare and PayPal Dilemma

The key spotlight in this part of the presentation is on the issue of legit services like CloudFlare and PayPal being used by booters to stay online and afloat. Rage Booter, pretty much like every single one of these booters out there, was hidden behind CloudFlare, and as I’m sure most of you know, this...

Spy-jacking the Booters 3: Owner Profiles

Brian Krebs now shares the details of his research which pointed to the guys running such infamous DDoS services as Booter.tw, AsylumStresser, and Rage Booter. I decided this whole experience getting hit with a kinetic and a cyber attack at the same time is just too good not to write about. I started asking...

Spy-jacking the Booters 2: Swatting as a Retaliation

Delving further into the subject, Brian Krebs depicts a situation from his personal experience telling what bad things can happen if you screw with hacktivists. So, how did I get interested in the ‘noob persistent threat’, these DDoS services? Well, it started with a story that I wrote last fall...

Spy-jacking the Booters

Investigative reporter Brian Krebs and cybersecurity expert Lance James taking the floor at Black Hat to dissect the infrastructure of DDoS-for-hire industry. Brian Krebs: Hey everyone! My name is Brian Krebs, I’m an independent investigative reporter at Krebsonsecurity.com. I think this is my fifth or...

Forensic Fails 5: Wrongfully Accused

This part covers the presentation’s final forensic case where charges against a person got dropped in the long run owing to examiners’ scrupulous analysis. Eric: Alright, the last story is a little bit different than the others. This is the “Epic Porno Fail”. The difference in this one is...

Forensic Fails 4: The RDP Bounce Story

The forensic examiners share another real-world exposure story where the Remote Desktop Protocol was used to get hold of a company’s confidential documents. Michael: This next case (see right-hand image) was probably one of the most fun cases that I have worked on. Right from the start I could tell that...

Forensic Fails 3: Smoking Gun.txt and Hiding in the Cloud

Michael Perklin and Eric Robi recall two more non-trivial cases about fails due to no or little effort hiding insider activities, including IE history. Michael: I call the next one “Smoking Gun.txt” (see right-hand image). If you work in the forensic arena, you’ve probably heard the term...

Forensic Fails 2: “The Nickelback Guy” and “Just Bill Me Later” Cases

This part covers two stories where an insufficiently vigilant ill-minded ex-employee and an overinflated billing scam got exposed via forensic analysis. Michael: Alright, this case (see right-hand image) was a lot of fun. I didn’t expect it to be fun when I started out but it ended up being a lot of fun....

Forensic Fails: Shift + Delete Won’t Help You Here

While presenting at Defcon, forensic examiners Eric Robi and Michael Perklin tell some hilarious stories about data destruction fails they’ve come across. Eric Robi: Our talk is about forensic fails. I’m this guy over here (see right-hand image). I founded Elluma Discovery Company about 11 years...

The Rise of Hacktivism and Insiders 4: Mitigating the Risks

Security software, appropriate corporate policies and staff education are highlighted by Andrew Horbury as mitigations for insider and hacktivist risks. What can you do about it? Well, you can never entirely eliminate the risks from hacktivists and insiders, but you can certainly mitigate them by enhancing...

The Rise of Hacktivism and Insiders 3: Profile of a Culprit

Andrew Horbury outlines the typical insider activities and the related threats to businesses, and dwells on the profile for the average insider and hacktivist. Did you know that insider theft makes up between 8-14% of confirmed data breaches, compared to the 88-92% attributed to external actors? Those...