CryptoDefense Ransomware PCAP Traffic Sample Malware – How to decrypt your files

    Solution – Step 1 – Install this free trial of Kaspersky to remove the malware   Solution – Step 2 Don’t pay the ransom, there is a solution for CryptoDefense and CryptoLocker, this below is from bleepingcomputer.com How to restore files encrypted by CryptoDefense using the Emsisoft Decryptor If you were infected before… Read More »

Share Button

SSDP Distributed Reflection Denial of Service (DrDoS) Attacks may be biggest threat – Traffic Sample & Snort Rule

SSDP Distributed Reflection Denial of Service attacks are on the rise and may be the biggest threat right now. SSDP attacks do not have the biggest amplification number but they may have the most vulnerable systems to abuse in a reflection attack. Open source reports indicate that there are over 5 million vulnerable systems worldwide… Read More »

Share Button

Converted PCAP sample of a Microsoft Windows Reverse Shell

Converted PCAP sample of a Microsoft Windows Reverse Shell, the shell is spawned on port 4444, the hacked PC initiates the connection to 192.168.1.109 which has a Netcat listener waiting on port 4444 to spawn a command line shell on connect. You can see once the shell is spawned a user is created and added… Read More »

Share Button

Massive Distributed Reflection Denial of Service (DrDoS) DoSNETs for hire – NTP, Chargen, SNMP, SSDP, DNS

DDoS attacks with a few thousand infected windows PCs SYN flooding a network have been taking a back seat to the next generation of Denial of Service attacks, known as Distributed Reflection Denial of Service (DrDoS) attacks. A packet kiddie doesn’t even need to compromise servers and PCs anymore to launch an attack. Many of… Read More »

Share Button

Detailed Analysis of the processes and stages of an Exploit Kit – Java and IE exploited by Flashpack Web Based Kit

Here you can see the webpage that the hackers exploited (arksylhet.com/A67iD4eo/index.html) and inserted within that page an iframe which includes a link to a Javascript Redirect file   2012-09-18 22:41:42.001035 IP 192.168.106.131.1411 > 92.43.108.70.80: Flags [P.], seq 1:395, ack 1, win 64240, length 394 E…*.@…….j.\+lF…P7_Z.X.X.P….?..GET /Lk1SsGQm/js.js HTTP/1.1 Host: web63.server77.publicompserver.de User-Agent: Mozilla/5.0 (Windows; U; Windows NT… Read More »

Share Button