headers
Gadi Evron | 23 Aug 2009 12:38

LinkedIn: Internet Security Operation Community group

I am starting to put life into the group, feel free to join.
http://www.linkedin.com/groups?home=&gid=130203

	Gadi.
_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
Romeo8881 roma | 5 Jul 2009 14:43
Picon

Botnet sources

Hi all.
I would like to look at the sources of some botnets. some of them are GPL like SDBOT but some how I could not find sources on the web.
May be some of you will give me the link?

--
Regards,
Roman

_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
Marc Landolt | 5 Jul 2009 12:56
Picon

Am i part of a Botnet?

Hello

I installed the point Release of Lenny 5.0.2. While i was installing with apt-get upgrade the system, or better only the sshd died and i could not open any new session, but the one i was upgrading with was still alive. I could not reboot the system with this sesion, this was on the 1st of July. So i had to reboot it physically and restart the upgrade. Then the server came up and worked again.

One Day later, my network trafic (torrus says) is increased very lineary, and bevore someone tried to sudo with an account i did not create. My nagios running on this computer told me that there are (to) many processes. but ps -x does not list them, so it could be possible that this server has become part of an botnet.

I shutdown the computer. Is there some group that can help to analyze this machine, if this would have been a productive machine i would have big problems now.

If i restart, iptraf shows a lot of udp trafic, but no suspicious tcp connections. 

Remark:
i mostly use debian packages and seldom install from source, i watch for updates with cron-apt and install them if i see the mail. I installed snort so there is maybe some useful logfile.


With kind regards

Marc Landolt
Rombacht‰li 13
5022 Rombach
079 291 078 7
mail <at> marclandolt.ch
_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
PinkFreud | 20 Apr 2009 05:17

Mac trojan in the wild?

http://www.cbc.ca/consumer/story/2009/04/15/ibotnet-trojan.html
- I knew it wouldn't be long for that to crop up.

--

-- 
PinkFreud
Chief of Security, Nightstar IRC network
irc.nightstar.net | www.nightstar.net
Server Administrator - Blargh.CA.US.Nightstar.Net
Unsolicited advertisements sent to this address are NOT welcome.

_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
S. Praburaajan | 15 Apr 2009 06:08

HITBSecConf2009 - Malaysia: Call for Papers

The Call for Papers for HITB Security Conference 2009 Malaysia is now open!

Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Summaries not exceeding 1250 words should be
submitted (in plain text format) to cfp -at- hackinthebox.org for review
and possible inclusion in the programme.

Submissions are due no later than 31st July 2009

TOPICS

Topics of interest include, but are not limited to the following:

# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# VoIP security
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
# File system security
# Security of Embedded Devices
# Side Channel Analysis of Hardware Devices

PLEASE NOTE:

We do not accept product or vendor related pitches. If your talk
involves an advertisement for a new product or service your company is
offering, please do not submit.

Your submission should include:

# Name, title, address, email and phone/contact number
# Short biography, qualification, occupation (limit 250 words)
# Summary or abstract for your presentation (limit 1250 words)
# Technical requirements (video, internet, wireless, audio, etc.)

Each non-resident speaker will receive accommodation for 2 nights/3
days. For each non-resident speaker, HITB will cover travel expenses up
to USD 1,200.00.

HITBSecConf2009 - Malaysia
http://conference.hackinthebox.org/hitbsecconf2009kl/

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and
Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
PinkFreud | 16 Mar 2009 02:36

unknown bot

Recently, the admin of an irc network reported a bot that had cropped
up in a channel called #Vigil:

[08:01.38] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) has joined #Vigil
[08:01.39] <DELON4920> b695 e6 735 75ff71  391f43; 0b34:b3b37
[08:03.08] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) Quit (Client exited)
[08:18.02] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) has joined #Vigil
[08:18.03] <DELON4920> b695e 673 5 75ff713 91f4 3 ;0b34:b3b37
[08:19.35] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) Quit (Client exited)
[08:32.07] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) has joined #Vigil
[08:32.07] <DELON4920> b695e673 575  ff7 1 391f43; 0b34:b3b37
[08:33.35] * DELON4920 (~DELONG <at> hidden-41041.w86-204.abo.wanadoo.fr) Quit (Client exited)

You might notice that, save for random spacing, the bot is sending the
same string of numbers.

This appears to be the same bot that I ran across in November 2005 in
#WatchZone on several networks.  See attached log.

Here's what I know about the bot:
The nick is made up of the first 5 characters of the ident + realname,
followed by 4 digits.  The ident / realname appears to be a Windows
machine name.

semi-colon (;) and colon (:) tend to appear towards the end of the
string, sometimes more than once.

'30b34b' appears towards the end in most of the bots output.  One of
them has '40b35b', though.

There's typically only one bot per channel per network.  No drone
runner in sight.

Not every bot is as chatty as these.  See JAL-WINXPP in the attached log
- other than joining the channel and quitting, it wasn't terribly
talkative.  This also goes for 'Uber-Mobile', a bot I'm keeping an eye
on on another network right now:
16:15 [xxx] <*> Uber-5692 [~Uber-Mobi <at> ip72-201-109-42.ph.ph.cox.net]
16:15 [xxx] <*>  ircname : Uber-Mobile
16:15 [xxx] <*>  channels : #WatchZone 

These bots don't appear to respond to any CTCP requests for
information.

Any idea what these are, or what the numbers they send to the channel
mean?  Given the wide range of ISPs they appear on, coupled with what
appears to be the machine's name used in nick/ident/realname, these
would indeed appear to be compromised PCs.

--

-- 
PinkFreud
Chief of Security, Nightstar IRC network
irc.nightstar.net | www.nightstar.net
Server Administrator - Blargh.CA.US.Nightstar.Net
Unsolicited advertisements sent to this address are NOT welcome.

_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 1 comment |
headers
Praburaajan Selvarajan | 14 Mar 2009 01:47

HITB2009 - Dubai: Conference Agenda & Noteworthy Presentations

The agenda for HITBSecConf2009 - Dubai is now online along with details
on both the conference keynote sessions. There are still another 4 more
weeks to grab your seats to the GCC's premier network security event!

Keynote 1 - Philippe Langlois (Founder, Qualys / Intrinsec / TSTF)
"From Hacking, Startups to HackLabs: Global Perspective and New Fields"

Keynote 2 - Mark Curphey (Director CISG, Microsoft Corp)
"Security Cogs and Levers"

Other noteworthy papers:

# Cross Domain Leakiness: Divulging Sensitive Information and Attacking
SSL Sessions - Chris Evans and Billy Rios

# VBootKit 2.0 - Attacking Windows 7 via Boot Sectors - Vipin & Nitin Kumar

# The Reverse Engineering Intermediate Language REIL and its
Applications - Sebastian Porst

# Pickpocketing mWallets: A Guide to Looting Mobile Financial Services -
The Grugq

# Psychotronica: Exposure, Control, and Deceit - Nitesh Dhanjani

# NKill - The Internet Killboard - Anthony 'kugutsumen' Zboralski

This is a new tool which gives  attackers the ability to discover
interesting relationships between seemingly unrelated hosts and
companies and to pull vulnerable hosts for a specific domain, company or
even an entire country!

===

Conference Agenda:
http://conference.hackinthebox.org/hitbsecconf2009dubai/agenda.htm

===

On a related note, the conference videos from HITB2007 Malaysia that
were previously available only through Bit Torrent are now available for
streaming direct from Google Video:

http://video.google.com/videosearch?q=HITBSecConf2007&emb=0&aq=f#q=HITBSecConf2007+Malaysia
Permalink | Reply | 0 comments |
headers
Praburaajan | 20 Jan 2009 23:14

Videos from HITBSecConf2008 - Malaysia released!

The videos from HITBSecConf2008 - Malaysia are now available for download!

Day 1
=====

http://thepiratebay.org/torrent/4654588/HITBSecConf2008_-_Malaysia_Videos___Day_1
	
Keynote Address 1: The Art of Click-Jacking - Jeremiah Grossman
Keynote Address 2: Cyberwar is Bullshit - Marcus Ranum

Presentations:

- Delivering Identity Management 2.0 by Leveraging OPSS
- Bluepilling the Xen Hypervisor
- Pass the Hash Toolkit for Windows
- Internet Explorer 8 - Trustworthy Engineering and Browsing
- Full Process Reconsitution from Memory
- Hacking Internet Kiosks
- Analysis and Visualization of Common Packers
- A Fox in the Hen House - UPnP IGD
- MoocherHunting
- Browser Exploits: A New Model for Browser Security
- Time for a Free Hardware Foundation?
- Mac OS Xploitation
- Hacking a Bird in The Sky 2.0
- How the Leopard Hides His Spots - OS X Anti-Forensics Techniques

Day 2
=====

http://thepiratebay.org/torrent/4654974/HITBSecConf2008_-_Malaysia_Videos___Day_2

Keynote Address 3:  Dissolving an Industry as a Hobby - THE PIRATE BAY

Presentations:

- Pushing the Camel Through the Eye of a Needle
- An Effective Methodology to Enable Security Evaluation at RTL Level
- Remote Code Execution Through Intel CPU Bugs
- Next Generation Reverse Shell
- Build Your Own Password Cracker with a Disassembler and VM Magic
- Decompilers and Beyond
- Cracking into Embedded Devices and Beyond!
- Client-side Security
- Top 10 Web 2.0 Attacks

===

On a related note, the registration for HITBSecConf2009 - Dubai (20th -
23rd April) is now open!

http://conference.hitb.org/hitbsecconf2009dubai/

The Call for Papers (CFP) for HITBSecConf2009 - Malaysia (October 5th -
8th) will open in March 2009.

A belated Happy New Year from all of us at Hack in The Box and may all
your exploits result in root shell!  :)

The HITB Team.

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments
should be considered a crucial phase in the development of any web application. What methodology should
be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Permalink | Reply | 0 comments |
headers
Gadi Evron | 10 Dec 2008 01:45

ISOI 6, Dallas, TX - January 29, 30

Hi all. ISOI is once again happening, and back to the States.

Almost final agenda: http://isotf.org/isoi6.html

As usual, while attendance is limited to the folks who are busy "saving the 
Internet"/"fighting crime", it is free of charge.

Once again we offer the public at-large the opportunity to attend without such 
membership. The process is: you submit a relevant talk, get vetted and get 
accepted. We have two slots reserved for such a purpose.

Subjects of interest: case studies, attacks, botnets, fraud, ...
To submit email your talk idea to contact <at> isotf.org.

Is it time to say merry Xmas yet?

 	Gadi.
_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
Gadi Evron | 29 Oct 2008 09:28

[funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)


---------- Forwarded message ----------
Date: Tue, 28 Oct 2008 20:47:48 -0700
From: Paul Ferguson <fergdawgster <at> gmail.com>
To: funsec <at> linuxbox.org
Subject: [funsec] ICANN Terminates EstDomains' Registrar Accreditation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Dear Mr. Tsastsin,

"Be advised that the Internet Corporation for Assigned Names and Numbers
(ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc.
(customer No. 919, IANA No. 943) is terminated..."

Via ICANN.org:
http://www.icann.org/correspondence/burnette-to-tsastsin-28oct08-en.pdf

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFJB9zaq1pz9mNUZTMRAiNOAKCKGwfwxJxnCxR/5zo4wU77enGQRACeKCY7
Sc2Bwob4aRRtRocYArtoVtU=
=ggSS
-----END PGP SIGNATURE-----

--
"Fergie", a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawgster(at)gmail.com
  ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
botnets <at> , the public's dumping ground for maliciousness
All list and server information are public and available to law enforcement upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Permalink | Reply | 0 comments |
headers
Praburaajan | 19 Oct 2008 01:10

HITBSecConf2008 - Malaysia: Online registration closes on 24th Oct

This is a reminder that online registration for HITBSecConf2008 -
Malaysia, the largest network security conference in Asia and the Middle
East, closes on the 24th of October - walk in registrations are still
accepted thereafter but prices increase to MYR1099. To book your seats
online, please register through:

http://conference.hitb.org/hitbsecconf2008kl/register/

27th & 28th October 2008
========================

TECH TRAINING 1 - Structured Network Threat Analysis and Forensics
Trainers: Meling Mudin (spoonfork) and Lee Chin Sheng (geek00l)
Seats Left: 3

TECH TRAINING 2 - Bluetooth, RFID & Wireless Hacking - UPDATED COURSE
CONTENTS!
Trainers: Andrew 'Q' Righter (HacDC) and King Tuna
Seats Left: 9

TECH TRAINING 3 - Web Application Security - Advanced Attacks and Defense
Trainer: Shreeraj Shah (Director, BlueInfy)
Seats Left: CLASS IS FULL

TECH TRAINING 4 - The Exploit Laboratory 3.0 - UPDATED COURSE CONTENTS!
Trainers: Saumil Shah (Founder/CEO, Net-Square) & SK Chong (Security
Consultant, SCAN Associates Bhd.)
Seats Left: 6

Keynote Address - 29th & 30th October 2008
==========================================

KEYNOTE 1 - "The Art of Click-Jacking" - Jeremiah Grossman (Founder &
Chief Technology Officer, White Hat Security.)

KEYNOTE 2 - "Cyberwar is Bullshit" - Marcus Ranum (Chief Security
Officer, Tenable Network Security)

KEYNOTE 3 - "Welcome to the 0wned World" - Dr. Anton Chuvakin (Chief
Research Officer, Log Logic Inc.)

KEYNOTE 4 - "Dissolving an Industry as a Hobby" - Peter Sunde [brokep]
and Fredrik Neij [TiAMO] (Founders of The Pirate Bay - TPB)

FULL CONFERENCE AGENDA:
http://conference.hitb.org/hitbsecconf2008kl/agenda.htm

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Permalink | Reply | 0 comments |

Gmane