-1.jpeg "namechanger tracker plguin"){kind=tracking}
The reason why I’m releasing this article now on a group active back in January of this year is that, if you follow the timeline I show below, is that they should have reappeared around this time of year (although I haven’t seen them yet). A big thank you goes out to S!Ri for sharing some historical data on this group. In this blogpost I will perform an analysis on the current version of this family making it’s rounds online and a history of it starting back in 2009.
The family has been active for quite some years, it was first spotted by S!Ri back in April 2009. This family is known under two names, Braviax and FakeRean. Since September 2014 I’ve been seeing a FakeAV family pop up from time to time. Inside Braviax/FakeRean: An analysis and history of a FakeAV family Some weeks ago I noticed someone started to poke the CryptoWall tracker website, this article describes the fun I had messing with the attacker (I’m assuming it was one person, more on that later). Most of the scans (pentests) are automated for all kinds of reasons be it compromising websites to abuse it for CryptoWall proxies (as described ), or simply defacing it for Zone-H 'credits’. When running a publicly accessible website you can expect to get 'free security advise’ from the internet in the form of web pentesting and whatnot. I structured all the information about CryptoWall on a website and made it public in the form of a website known as the ‘CryptoWall Tracker’: On February 10th I released a wealth of information on the CryptoWall ransomware. The game I played with an attacker described in this blog was inspired by a TED talk where someone played games with a 419 scammer: James Veitch - This is what happens when you reply to spam email Playing games with an attacker: how I messed with someone trying to breach the CryptoWall tracker
#Namechanger tracker plguin how to
How to run this project and set it up properly will be explained in the rest of this blog.
#Namechanger tracker plguin code
The code for this project can be found here. The end product of everything combined, including a small web interface to explore collected data, currently looks like this: For this project we actually ended with a set of completed tools including a modified Tor client to do our work. This started our quest of figuring out how DNS worked for hidden services inside the Tor network. One of the things we’d been interested in at work was passively monitoring and researching DNS on the ‘normal’ internet. This is mostly because the fun of building and/or researching is gone at the point that it is fully functioning.Ībout 2 years ago we decided we wanted to do something with the Tor network. When we actually end up going through with building one of the projects on the list we usually only get to a POC stage and we stop working on it. Anything that peaks our interest at the time gets on a list. Every once in a while Lennart Haagsma (a colleague and friend) and me think of new projects to work on.
0 kommentar(er)
