UFONET – Open Redirect DDoS tool

Capture
UFONet is an open redirect DDoS tool designed to launch attacks against a target, using insecure redirects in third party web applications, like a botnet. Obviously, only for testing purposes.

UFONet – Open Redirect DDoS Tool

The tool abuses OSI Layer 7-HTTP to create/manage ‘zombies’ and to conduct different attacks using; GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.

Definition of an “Open Redirect”:

An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance.

 

 

Stunning story on how Netragard used social engineering to execute an irrecoverable infrastructure compromise against one of its healthcare customers.

nsa-customer-hacking-tools-seller-vupenWhat’s more interesting on this story is – probably Netragard is one of the “anti-hacking solution” provider of NSA.

Is it a coincidence? Who is Netragard?

Netragard is a security company that delivers anti-hacking services, including penetration testing, vulnerability assessments, web application security testing, and related functions.

Netragard is a Massachusetts firm that sold more than fifty exploits to private businesses and US government agencies in 2012 . Prices ranged from $20,000 to more than $250,000. The founder of Netragard, Adriel Desautels, revealed that some of the above exploits could be considered “weaponised.” That means that the exploits have been acquired by governments for offensive purposes or active defense.

Read more here – http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/

Continue reading

Introduction of Hyperloop – future of public transportation.

Image

What would be our next transportation look like? I found this good documentation called “Hyperloop Alpha” This is basically an introduction of hyperloop itself, ideas on how could it be implement, technical explanation and solar energy, geographical & coordination and the story behind it. Beside that it explains on how this new technology be able to reduce time to travel from dedicated destination……

Continue reading

Mandiant APT1 – Exposing One of China’s Cyber Espionage Units

Mandiant_APT1

“China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.

Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge.”1

— U.S. Rep. Mike Rogers, October, 2011

“It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.”2

— Chinese Defense Ministry, January, 2013

If you are looking for something interesting and latest news on internet security and cyber war, stop and read this
report form Mandiant: Last couple of week, Mandiant from private security company in USA
has released report including analysis of China’s cyber espionage unit.

Download Mandiant APT1 here: Mandiant_APT1_Report

Scapy – Easy way to scan available IPs in LAN using ARP reply.

To perform ARP Ping scan, use this command on scapy. 

>>> ans,unans=srp(Ether(dst=”ff:ff:ff:ff:ff:ff”)/ARP

(pdst=”192.168.0.0/24″),timeout=2) Begin emission:

………….*………………Finished to send 256 packets.
…………………………………………………….

………….* Continue reading

SSH Honeypotting – Bad guy in action.

SSH Server allows remote control and access the system. This article, I would like to present my analysis from captured files and activities by the attacker, which is trapped in our SSH-Honeypot.

In here also I am going to post several videos or playback screen of the attackers activity in my honeypot.

Begin:

As few months back, I have launched my project  “Capturing Malware with Honeypot on Unifi https://wnnsnn.wordpress.com/2012/09/19/malware-honeypot-on-unifi-dionaea/

Basically this project is something I interested in and is able to publish this to public base on my finding.

An SSH server is a software program which uses the secure shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connection are popular use cases for a SSH server.

SSH Server has been used widely by private sectors and government – example SSH Server has been deployed in DNS Server, Mail Server and mostly Linux & UNIX servers.

I would like to start this post with statistic and results  I got from my honeypot.

Top 10 SSH clients

This vertical bar chart displays the top 10 SSH clients used by attackers during their hacking and total detected attempts.

SSH Client Version

Top 10 usernames

This vertical bar chart displays the top 10 usernames that attackers try when attacking the system.

Top Username Been Used

Play back screen – watch this:

This video shows the attacker activity after they managed to guess password from my running kippo.

Play back screen – From log file – Deleting history and logs file from the attacker.

On this video you will find few methods and commands executed by the attacker in order to remove and to hide their activities.

From log file – wget commands

The following table diplays the latest “wget” commands entered by attackers in the honeypot system.

Screen shot 2013-01-29 at 10.40.32 AM