SlideShare uma empresa Scribd logo

Bh mirror image-public

Nathan Broadbent
Nathan Broadbent

Black Hat.

Tecnologia
1 de 33
Attrition.org MIRROR::IMAGE Black Hat Briefings 2001 – July 12, 2001 Written by Jericho, Founder Assisted by Mcintyre, Staff Member
Attrition.org * This is an informal discussion * Feel free to ask questions * These slides are 183% different than the ones in your BH Bible. Take notes accordingly. * Feel free to shower us with money and booze * Mcintyre has not seen 50% of these slides, harass him like you were harassed as a child
Attrition.org MIRROR::IMAGE Introduction • Who Are We (Passionate Masochists) • jericho • mcintyre • munge • null • What is Attrition.org (Clusterf...) • Hobby website • Free resource • Raw information, little presentation
Attrition.org MIRROR::IMAGE Jericho • Security Curmudgeon • jericho@attrition.org • ...internet villain!
Attrition.org MIRROR::IMAGE Mcintyre • Least bitter of us • mcintyre@attrition.org • ...before breast augmentation!
Attrition.org MIRROR::IMAGE Munge • Data Munger • munge@attrition.org • ...with dinner and date!
Attrition.org MIRROR::IMAGE Introduction • What is the Mirror • What is a Defacement • The How-To of “Taking a Mirror” • Walking the Fine Line of Neutrality • This could be an hour long discussion on ethics alone
Attrition.org MIRROR::IMAGE Defacements…priceless!
Attrition.org MIRROR::IMAGE Self-Induced Neutrality • Who can run a mirror? • Hackers can’t – self glorification • Security companies can’t – they’ll profit • Hobby site – perfect • Commentary and notification as non-biased news feed
Attrition.org MIRROR::IMAGE Notification • “I stumbled across this site..” (18 times) • “I’ll send them 5 mails to make sure they get it..” • “I’ll send it to them before I run my script to deface the site..” • “I’ll hit all the virtual domains on this server and send one email per vhost...” • I could only hack domain.com NOT www.domain.com • I could only hack index.html Not the Root Document (eg: default.htm)
Attrition.org MIRROR::IMAGE Notification Complications • IRC – Insipid Relay Chat • Incriminate selves (legally bind us to report them) • Sending to channel when no one was watching • Chatting from home IP • Fed Warning – our nicks showed up in channel logs being used in investigations. During China ‘cyberwar’, they sure didn’t have a problem with it. (hypocrites)
Attrition.org MIRROR::IMAGE What We Received • Free Server Defacements • Hoaxes (go styleproject.com!) • Mail Servers (smtp, mail, etc) • DNS Servers (ns1, ns2, etc) • PC Dialups, DSL boxes, Cable modems • Corporate nodes (e8320.company.com) Despite being posted, this goes toward showing the real extent of computer intrusions.
Attrition.org MIRROR::IMAGE Attrition Get (aget) • 1000+ line shell script • 3 Types of an OS Fingerprint • actually mirroring the Site (wget) • Labeling the Site (whois, google cache, etc..) • Categorizing the Site (adult, security, church, youth org, etc..) • 3rd Party Notification (CERTs, NIPC, NIC contact, mail lists)
Attrition.org MIRROR::IMAGE The Administrators • What We Sent Them • Defaced. Report it. We offer FREE advice. • Thank You (fairly rare) • Fuck You and Legal Threats (plentiful, see “going postal”) • Reporting to FBI and Other LE • Contacting our ISP (chain of command)
Attrition.org MIRROR::IMAGE The Monitors & Response • CERT (‘R’ is for REJECTED) • NIPC • FedCIRC • NASIRC • Foreign CERTs (hello Brazil?) • iDefense/TruSecure etc (hi gimps)
Attrition.org MIRROR::IMAGE The Media • Inability to Understand (or lack of desire to?) • Misquoting Stats (munge@attrition for kickass commentary/details) • Misquoting Attrition Staff • Asking Us to Call THEM – Long Distance and Global • Fluff, FUD and other undesirables
Attrition.org MIRROR::IMAGE The Media • Requesting Info Hours Before Deadline (“answer these 18 essay questions, provide a breakout of this group and call me before noon”) • Not verifying claims before printing them (deadline matters, facts don’t) • Hyping It Up (Wag the Delio)
Attrition.org MIRROR::IMAGE The Ambulance Chasers • One of our biggest Pet Peeves • Pitching products/services to recently defaced • Some used Attrition name and implied it was solicitation on our behalf • Lead to modification of warning e-mail sent to admins
Attrition.org MIRROR::IMAGE The Thieves • One of our biggest Pet Peeves • Stealing Statistics • not citing us • claiming as their own • Stealing Mirrors Without Credit • Stealing Information • Blacklist -> Errata
Attrition.org MIRROR::IMAGE Trends and Incidents • Military and Government trends • Foreign Web site trends • sadmind/iis thingy • US vs. China • Israel vs. Palestine • Pakistan vs. India • Media-made and perpetuated trends/incidents (Wag the Delio)
Attrition.org MIRROR::IMAGE From “Hacker Site” to “Security Site” • 2 years ago: Evil Hackers • 1 year ago: Mix of hacker group and security site • Last six months: Respected Security Site • We didn’t change... • Who Quoted Us • Who Wouldn’t (gimps)
Attrition.org MIRROR::IMAGE Tracking Hackers • Why We Didn’t (not our job d00d) • Why We Could (moron defacers) • X-Originating IP, legit account, admitting guilt, etc • Web Logs (href-tail and IP tracking) • Only 2 Subpoenas • #1 flipz/fuqrag • #2 pimpshiz
Attrition.org MIRROR::IMAGE href-tail.pl
Attrition.org MIRROR::IMAGE Automation • No CGI/Webform • No Auto-Retrieval from Email • Lack of Time to Program (concept easy, making it kidiot proof hard) • Issue of Manual Mirrors (wget isn’t fullproof) • Bottom line: Way too easy to abuse automated systems
Attrition.org MIRROR::IMAGE Where we failed • So many things we could have done given time and resources while running the mirror • Greetz Chart (x defacement greets defacer y) • Controlled Dialogue with defacers • Anonymous surveys/questionnaires w/ defacers • Delusions of grandeur • Any real purpose? • Heavy examination of HTML (meta tags, style, html generator, embedded image comments)
Attrition.org MIRROR::IMAGE Where we failed • So many things we could have done given time and resources while running the mirror • Exchanging notes with Honeynet (we had dealings with same kids) • Further analysis of statistics and trends • Defacement duration (admin response time) • Compare normal vs when admin notified • Defacement views (via href to attrition image) • Many defacements used images on attrition
Attrition.org MIRROR::IMAGE Who follows.. • Two other well known mirrors • Alldas (defaced.alldas.de) • Safemode (www.safemode.org) • Numerous offers to fund us.. • .. From various people • .. For various reasons • .. Why we said no
Attrition.org MIRROR::IMAGE FIN • What’s Next? • Commentary and Stats • Lots of Errata • Newbie Security Texts • More articles • Continued Bitterness, Sarcasm, and Sharp Wit
Attrition.org MIRROR::IMAGE FIN, part too >=) • What’s Next? • This presentation a precursor to a larger more detailed paper on the mirror. • Don’t ask when! It will be finished when I get off my lazy ass, quit playing Everquest and motivate myself to finish it……
Attrition.org MIRROR::IMAGE • We PROMISE to get this stuff done soon...
Attrition.org MIRROR::IMAGE Questions, comments and all that crap • Questions about ANYTHING related to Attrition. Really, we aren’t hiding anything. Well, not much. • Comments/suggestions. We DO listen. We just pretend to ignore you.
Attrition.org MIRROR::IMAGE Other Resources • Mirror Archive (http://attrition.org/mirror/attrition) • Errata (http://attrition.org/errata) • Commentary (http://attrition.org/security/commentary) • News (http://attrition.org/news/) • This Presentation (http://attrition.org/security/blackhat) • Going Postal (http://attrition.org/postal/)
Attrition.org MIRROR::IMAGE Go forth, cause havoc...

Recomendados

Mirrors ppt
Mirrors pptMirrors ppt
Mirrors ppt2015baileygriggs
 
Mirror by Sylvia Plath
Mirror by Sylvia PlathMirror by Sylvia Plath
Mirror by Sylvia Plathcoolmum4u
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 

Recomendados

Mirrors ppt
Mirrors pptMirrors ppt
Mirrors ppt2015baileygriggs
 
Mirror by Sylvia Plath
Mirror by Sylvia PlathMirror by Sylvia Plath
Mirror by Sylvia Plathcoolmum4u
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Stephen Abram
 
Social Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsSocial Zombies II: Your Friends Need More Brains
Social Zombies II: Your Friends Need More BrainsTom Eston
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
Smalltalk Security Landscape
Smalltalk Security LandscapeSmalltalk Security Landscape
Smalltalk Security LandscapeESUG
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Ar design reality2018
Ar design reality2018Ar design reality2018
Ar design reality2018Anselm Hook
 
The Seven Hackers v6
The Seven Hackers v6The Seven Hackers v6
The Seven Hackers v6Tom Gilheany, MBA, CISSP
 
Hackers are people too
Hackers are people tooHackers are people too
Hackers are people tooAmanda Berlin
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17Keith Goode
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?SecuRing
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentationdelmount
 
The Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case studyThe Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case studyApril Arrglington
 
Red team Engagement
Red team EngagementRed team Engagement
Red team EngagementIndranil Banerjee
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
Web Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat EastWeb Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat EastJon Warbrick
 
Cyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notesCyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notesSighbearuk
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Mais conteúdo relacionado

Semelhante a Bh mirror image-public

Smalltalk Security Landscape
Smalltalk Security LandscapeSmalltalk Security Landscape
Smalltalk Security LandscapeESUG
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and PrivacyBrian Pichman
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Ar design reality2018
Ar design reality2018Ar design reality2018
Ar design reality2018Anselm Hook
 
Hackers are people too
Hackers are people tooHackers are people too
Hackers are people tooAmanda Berlin
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxBrian Pichman
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17Keith Goode
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?SecuRing
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentationdelmount
 
The Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case studyThe Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case studyApril Arrglington
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation dhirujapla
 
Web Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat EastWeb Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat EastJon Warbrick
 
Cyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notesCyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notesSighbearuk
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and librariesDorothea Salo
 

Semelhante a Bh mirror image-public (20)

Smalltalk Security Landscape
Smalltalk Security LandscapeSmalltalk Security Landscape
Smalltalk Security Landscape
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Ar design reality2018
Ar design reality2018Ar design reality2018
Ar design reality2018
 
The Seven Hackers v6
The Seven Hackers v6The Seven Hackers v6
The Seven Hackers v6
 
Hackers are people too
Hackers are people tooHackers are people too
Hackers are people too
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
Securing & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptxSecuring & Safeguarding Your Library Setup.pptx
Securing & Safeguarding Your Library Setup.pptx
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
 
Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17Enterprise SEO and AI - Houston IMA Interactive Strategies 17
Enterprise SEO and AI - Houston IMA Interactive Strategies 17
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
 
The Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case studyThe Miracle Mile Paradox ARG Case study
The Miracle Mile Paradox ARG Case study
 
Red team Engagement
Red team EngagementRed team Engagement
Red team Engagement
 
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist WarningsSucuri Webinar: Understand and Fix Google Blacklist Warnings
Sucuri Webinar: Understand and Fix Google Blacklist Warnings
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
Web Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat EastWeb Authenication with Shibboleth - a view from the Flat East
Web Authenication with Shibboleth - a view from the Flat East
 
Cyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notesCyber threat-by-sighbear-notes
Cyber threat-by-sighbear-notes
 
Privacy and libraries
Privacy and librariesPrivacy and libraries
Privacy and libraries
 

Último

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

Bh mirror image-public

  • 1. Attrition.org MIRROR::IMAGE Black Hat Briefings 2001 – July 12, 2001 Written by Jericho, Founder Assisted by Mcintyre, Staff Member
  • 2. Attrition.org * This is an informal discussion * Feel free to ask questions * These slides are 183% different than the ones in your BH Bible. Take notes accordingly. * Feel free to shower us with money and booze * Mcintyre has not seen 50% of these slides, harass him like you were harassed as a child
  • 3. Attrition.org MIRROR::IMAGE Introduction • Who Are We (Passionate Masochists) • jericho • mcintyre • munge • null • What is Attrition.org (Clusterf...) • Hobby website • Free resource • Raw information, little presentation
  • 4. Attrition.org MIRROR::IMAGE Jericho • Security Curmudgeon • jericho@attrition.org • ...internet villain!
  • 5. Attrition.org MIRROR::IMAGE Mcintyre • Least bitter of us • mcintyre@attrition.org • ...before breast augmentation!
  • 6. Attrition.org MIRROR::IMAGE Munge • Data Munger • munge@attrition.org • ...with dinner and date!
  • 7. Attrition.org MIRROR::IMAGE Introduction • What is the Mirror • What is a Defacement • The How-To of “Taking a Mirror” • Walking the Fine Line of Neutrality • This could be an hour long discussion on ethics alone
  • 8. Attrition.org MIRROR::IMAGE Defacements…priceless!
  • 9. Attrition.org MIRROR::IMAGE Self-Induced Neutrality • Who can run a mirror? • Hackers can’t – self glorification • Security companies can’t – they’ll profit • Hobby site – perfect • Commentary and notification as non-biased news feed
  • 10. Attrition.org MIRROR::IMAGE Notification • “I stumbled across this site..” (18 times) • “I’ll send them 5 mails to make sure they get it..” • “I’ll send it to them before I run my script to deface the site..” • “I’ll hit all the virtual domains on this server and send one email per vhost...” • I could only hack domain.com NOT www.domain.com • I could only hack index.html Not the Root Document (eg: default.htm)
  • 11. Attrition.org MIRROR::IMAGE Notification Complications • IRC – Insipid Relay Chat • Incriminate selves (legally bind us to report them) • Sending to channel when no one was watching • Chatting from home IP • Fed Warning – our nicks showed up in channel logs being used in investigations. During China ‘cyberwar’, they sure didn’t have a problem with it. (hypocrites)
  • 12. Attrition.org MIRROR::IMAGE What We Received • Free Server Defacements • Hoaxes (go styleproject.com!) • Mail Servers (smtp, mail, etc) • DNS Servers (ns1, ns2, etc) • PC Dialups, DSL boxes, Cable modems • Corporate nodes (e8320.company.com) Despite being posted, this goes toward showing the real extent of computer intrusions.
  • 13. Attrition.org MIRROR::IMAGE Attrition Get (aget) • 1000+ line shell script • 3 Types of an OS Fingerprint • actually mirroring the Site (wget) • Labeling the Site (whois, google cache, etc..) • Categorizing the Site (adult, security, church, youth org, etc..) • 3rd Party Notification (CERTs, NIPC, NIC contact, mail lists)
  • 14. Attrition.org MIRROR::IMAGE The Administrators • What We Sent Them • Defaced. Report it. We offer FREE advice. • Thank You (fairly rare) • Fuck You and Legal Threats (plentiful, see “going postal”) • Reporting to FBI and Other LE • Contacting our ISP (chain of command)
  • 15. Attrition.org MIRROR::IMAGE The Monitors & Response • CERT (‘R’ is for REJECTED) • NIPC • FedCIRC • NASIRC • Foreign CERTs (hello Brazil?) • iDefense/TruSecure etc (hi gimps)
  • 16. Attrition.org MIRROR::IMAGE The Media • Inability to Understand (or lack of desire to?) • Misquoting Stats (munge@attrition for kickass commentary/details) • Misquoting Attrition Staff • Asking Us to Call THEM – Long Distance and Global • Fluff, FUD and other undesirables
  • 17. Attrition.org MIRROR::IMAGE The Media • Requesting Info Hours Before Deadline (“answer these 18 essay questions, provide a breakout of this group and call me before noon”) • Not verifying claims before printing them (deadline matters, facts don’t) • Hyping It Up (Wag the Delio)
  • 18. Attrition.org MIRROR::IMAGE The Ambulance Chasers • One of our biggest Pet Peeves • Pitching products/services to recently defaced • Some used Attrition name and implied it was solicitation on our behalf • Lead to modification of warning e-mail sent to admins
  • 19. Attrition.org MIRROR::IMAGE The Thieves • One of our biggest Pet Peeves • Stealing Statistics • not citing us • claiming as their own • Stealing Mirrors Without Credit • Stealing Information • Blacklist -> Errata
  • 20. Attrition.org MIRROR::IMAGE Trends and Incidents • Military and Government trends • Foreign Web site trends • sadmind/iis thingy • US vs. China • Israel vs. Palestine • Pakistan vs. India • Media-made and perpetuated trends/incidents (Wag the Delio)
  • 21. Attrition.org MIRROR::IMAGE From “Hacker Site” to “Security Site” • 2 years ago: Evil Hackers • 1 year ago: Mix of hacker group and security site • Last six months: Respected Security Site • We didn’t change... • Who Quoted Us • Who Wouldn’t (gimps)
  • 22. Attrition.org MIRROR::IMAGE Tracking Hackers • Why We Didn’t (not our job d00d) • Why We Could (moron defacers) • X-Originating IP, legit account, admitting guilt, etc • Web Logs (href-tail and IP tracking) • Only 2 Subpoenas • #1 flipz/fuqrag • #2 pimpshiz
  • 23. Attrition.org MIRROR::IMAGE href-tail.pl
  • 24. Attrition.org MIRROR::IMAGE Automation • No CGI/Webform • No Auto-Retrieval from Email • Lack of Time to Program (concept easy, making it kidiot proof hard) • Issue of Manual Mirrors (wget isn’t fullproof) • Bottom line: Way too easy to abuse automated systems
  • 25. Attrition.org MIRROR::IMAGE Where we failed • So many things we could have done given time and resources while running the mirror • Greetz Chart (x defacement greets defacer y) • Controlled Dialogue with defacers • Anonymous surveys/questionnaires w/ defacers • Delusions of grandeur • Any real purpose? • Heavy examination of HTML (meta tags, style, html generator, embedded image comments)
  • 26. Attrition.org MIRROR::IMAGE Where we failed • So many things we could have done given time and resources while running the mirror • Exchanging notes with Honeynet (we had dealings with same kids) • Further analysis of statistics and trends • Defacement duration (admin response time) • Compare normal vs when admin notified • Defacement views (via href to attrition image) • Many defacements used images on attrition
  • 27. Attrition.org MIRROR::IMAGE Who follows.. • Two other well known mirrors • Alldas (defaced.alldas.de) • Safemode (www.safemode.org) • Numerous offers to fund us.. • .. From various people • .. For various reasons • .. Why we said no
  • 28. Attrition.org MIRROR::IMAGE FIN • What’s Next? • Commentary and Stats • Lots of Errata • Newbie Security Texts • More articles • Continued Bitterness, Sarcasm, and Sharp Wit
  • 29. Attrition.org MIRROR::IMAGE FIN, part too >=) • What’s Next? • This presentation a precursor to a larger more detailed paper on the mirror. • Don’t ask when! It will be finished when I get off my lazy ass, quit playing Everquest and motivate myself to finish it……
  • 30. Attrition.org MIRROR::IMAGE • We PROMISE to get this stuff done soon...
  • 31. Attrition.org MIRROR::IMAGE Questions, comments and all that crap • Questions about ANYTHING related to Attrition. Really, we aren’t hiding anything. Well, not much. • Comments/suggestions. We DO listen. We just pretend to ignore you.
  • 32. Attrition.org MIRROR::IMAGE Other Resources • Mirror Archive (http://attrition.org/mirror/attrition) • Errata (http://attrition.org/errata) • Commentary (http://attrition.org/security/commentary) • News (http://attrition.org/news/) • This Presentation (http://attrition.org/security/blackhat) • Going Postal (http://attrition.org/postal/)
  • 33. Attrition.org MIRROR::IMAGE Go forth, cause havoc...