Hey, kudos!
You don't run arbitrary scripts either!

My apologies for the JS on this page…
it's prettify.js for syntax highlighting
in code blocks. I've added one line of
CSS for you; the rest of this site
should work fine.

      ♥Ⓐ isis

code.

Other articles

  1. Botnets and DDoSing

    I was recently the Distributed Denial of Service (DDoS) target of a known Chinese botnet. Why some random Chinese botmaster decided to target me, I have no clue. Fortunately, the attack didn’t really do any damage because I use CloudFlare. Which is awesome (and free!). It made it slightly more difficult for me to update my blog, and I ended having to go into Wordpress though the frontend after tunneling to the server over the Tor network. But, due to CloudFlare, my sight stayed up throughout the entire attack, which lasted several days. Take that, Chinese hackers!

    I mostly wanted to say that I just tested a new web server stress analyzer, called Hailstorm, made by some of my friends over at Radical Designs. It’s basically a website (with a pretty UI!) that you tell to go to your website, and it attempts to DDoS your website, and then gives you a bunch of pretty graphs and charts on what happened. I set the concurrent threads to their highest setting at 1000, and the maximum requests to the highest setting at 5000. I gave Hailstorm the highest bandwidth requests I could muster, like some of my music files and artwork. My site didn’t flinch. Not one bit. I even Hailstormed this site several times within a period of a few minutes. Nothing.

    So, Hailstorm, you didn’t really tell me anything. You should allow your maximum requests and concurrent thread settings to go way higher. I guess if you did tell me anything, you told me that that Chinese botnet was a giant scary monster of a botnet. Which told me, in turn, that CloudFlare is an even more giant monster, albeit less scary. Thanks, Hailstorm and CloudFlare, for teaching me things!

    And, fuck you, Chinese botmaster.

    read more

  2. Defcon Report Back, Part II

    Saturday 6^th^ August 2011, Defcon 19, Las Vegas

    Smartfuzzing

    I missed Smartfuzzing the Web: Carpe Vestra Foramina, by Nathan Hamiel et. al., which I had wanted to attend. I went through the pdf of the presentation just now, and I wouldn’t exactly call it smartfuzzing, but I did note the cleverness of the presenters’ idea to use wordlists comprised of words taken from the robots.txt file of websites for fuzzying purposes. Their new tool, RAFT, is being released soon, though it is currently available as an svn checkout.

    Creating Cracks and Keygens for .NET Applications

    The first presentation I attended was Hacking .Net Applications by Jon McCoy. He detailed the extensive uses of his GreyWolf and GreyDragon tools, including the production of cracks, keygens, and malware. GreyWolf, which is currently in Beta, is a reverse engineering tool which allows extraction of source code from .dll files, and GreyDragon is a .NET injection tool. It was astounding how little actual security is put into authentication of enterprise applications. The funniest use of GreyDragon was an instance in the demo in which McCoy altered a Boolean string controlling a password check from var a=true to var a!=true, which meant that only wrong passwords would allow access to the program. He was also able to extract source code from .dlls, find the security and authentication mechanisms, and then create a keygen for the demonstrated program – a commercial keylogger – within five minutes.

    VoIP Botnetting

    The presentation which might possibly rank as the most impressive was Sounds Like Botnet by Itzik Kotler and Iftach Ian Amit, on VoIP botnetting. The idea is that certain networks which do not allow active connections to the outside internet usually do allow VoIP traffic, and these packets are not often paid much attention. Basically, SIP (Session Initiation Protocol) is quite similar to HTTP and has little security built in. SIP supports TSL, but even with this type of encryption enabled the traffic can be easily sniffer. What this means is that SIP traffic can easily transverse firewalls, and SIP-to-PSTN (Public Service Telephony Network, a.k.a. standard telephone lines) can be used to relay commands to botnetted machine within a closed network, or a network which does not allow internet access.

    Researchers Kotler and Amit used an Asterisk server hosted in the cloud as the Command-and-Control (C&C). Conference calls were used to link botnetted boxes together and issue commands from the botmaster, which also allows for more anonymous direction of the botnet with conference call bridge numbers. Moshi Moshi, an open source VoIP botnet, was used to communicate with the botnet using Text-to-Speech engines for output to the botmaster and DTMF tones for input. DTMF stands for Dual-Tone Multi-Frequency signalling, and, if you remember the adventures of phreaker Captain Crunch and his 2600Hz whistle tones which allowed for free telephone calls, you’ve basically got the idea. With DTMF, standard keyboard inputs are mapped to certain tonal frequencies, and when a …

    read more

Page 1 / 1

blogroll

social