Posts

Showing posts from 2018

Lessons

Today I just want to rant about some lessons I've learned recently. For starters, on a philosophy level there will always be a sense of each student teaches the next generation. This has remained for a fair amount of time and today I see few people recognize this. Therefor I find it is my duty to inform anyone who bothers to listen. It's becoming more and more noticeable that people will get praised for doing truly minimal work, if they simply keep at it until they do it. While others get no praise trying to go and do more than whats needed. To me, hard work isn't busting your ass on a computer for 13 hours, it's redoing a metal root in the middle of summer for 13 hours. So I find that praise for minor accomplishments mean very very little to me, but apparently means something to others. I've witnessed other people with a real work ethic get into these situations too as of late. In the end, duty becomes more meaningful than work if work is just business. The lesson…

You say you want syndication kid? Well whoop-de-do

Image
Okay, so I know I've discussed it before a few times, but it really annoys me when kids are all uppity about wanting to be gangsters, or their idea of gangsters rather. Yes, now days thugs come in dweebie little twitter thugs posting on zone-h thinkin' they're the hottest act around, all the way to hoodlums arrested 6 times for armed robbery of the exact same store. lol. If this is your idea of gangster life, you're in for a rude awakening. For that matter, if everyone over 30, including every other thug who's ever walked your neighborhood, avoids you and your friends like the plague, you're in for a rude awakening. So lets discuss syndication as it applies to criminal world, and compare those ideals to the "thug life" trivialities.

I would like to start with the obvious errors first, gangsters versus thugs. Gangsters are people who join together for an organized effort, a gang of people if you will, and focus their lives heavily on their group. A thug…

More on domain tracking

Image
I decided I'd spend some time today revisiting malicious domain tracking. Because why not right?  So lets start off with appending to what we have:

https://pastebin.com/raw/vRZvsFWD

As you'll note, this pulls from 0daz.io/ddns.txt. If we look back on a few other posts about this (https://nday.0daz.io/2017/11/passive-intelligence.html || https://nday.0daz.io/2017/11/malware-domains-and-botnet-jacking.html) I have previously setup scripts to pull bits of information from various places on a frequent basis. Some relevant cron entries:

* */3      * * *   user    curl "http://mirror1.malwaredomains.com/files/dynamic_dns.txt"|grep -iv "##"|awk '{print $1}' > /var/www/html/ddns.txtBasically, taking the dynamic dns list and parsing into my own file. Simple, easy, moving on. I also have several other scripts to pull from other sources, however this will be the easiest way to express the idea. Don't use my scripts obviously, just there for concept art at…

The world is trivial

Image
Once you stop believing everything is super complicated or drastically unique, you start to realize how hacking super sophisticated systems work. There is nothing in this world more complicated than solvable by patience. Everything from machine learning (rudimentary statistics over large data sets used to determine goals), or high tech machinery, or even quantum physics.

Often people hold themselves back thinking these things are unobtainable for them, or too difficult to learn. Yet the basics of physics are used in all weapons, the basics of electrical engineering are used in all electronics. it doesn't matter how in depth it goes, it matters how patient you are at resolving how many layers of easy stuff before it becomes what we know today.

The million layered onion.

Nothing in this world is not simply layers of rudimentary functions. Its just a matter of learning those first.

Like reverse engineering, its easy when you reverse everything in life. Its hard when its y…

Party on the malware bus

Image
I've been playing with some ideas recently and it's actually kind of amusing the responses that I can get and identify the sources from. Lets start with one thing I generated with TheFatRat (basically wrapper for building metasploit compatible shells), testing the generation schemes I decided I would build some ways of doing this. Such as adding base64 of exec to one page and unicorn powershell script to another and using all that. Anyway, lets look:

5 minute easy mode analysis:
; Hashes unknown rahash2 -a all ./resume1.doc.exe ./resume1.doc.exe: 0x00000000-0x000041ff md5: 90f7ee1bf4451349dfa7c518a8c6202a ./resume1.doc.exe: 0x00000000-0x000041ff sha1: 0c214854fef6ac5c28f84bf07ee6d39eb3595d82 ./resume1.doc.exe: 0x00000000-0x000041ff sha256: ea2bb0a47fedb86127a59e71285f61036e1ff9c4e0a1d0fae6fe8f2931e4d5a6 ./resume1.doc.exe: 0x00000000-0x000041ff sha384: abfd2915e8b1bce3c871a8faec67b503599908c24ba08dfdcc8ca52c04560ec132328a31f53d4c8853ce12256488d0ad ./resume1.doc.exe: 0x00000000…