//
archives

Hacking / Counter Intelligence

This category contains 26 posts

Who is Th3J35t3r ?

Mach2600 AgentDarkApple Render64 Jesse Woods TomRyan Kelly Hallissey john patterico frey Laura Walker       Advertisements

Backtrace Security just invited me to speak at a conference in Miami

First of all, a big thank you to Hubris of Backtrace Security for the invite. I always enjoy sharing my knowledge and it is always an honor to be thought of as a guest speaker! Hubris works a lot in RF so I thought that something along those lines would be a good topic for … Continue reading

Blackhole exploit kit PT2: Locating similar vectors

qpttsrhk.dns-stuff.com/stats/ga.php -> 78.83.177.244 cewrbwkehf.longmusic.com/stats/ga.php -> 78.83.177.244 eoqwllp.freeddns.com/stats/ga.php -> 78.83.177.244 wpixfbse.dsmtp.com/stats/ga.php -> 78.83.177.244 xpath /output/entries/entry/url on http://support.clean-mx.de/clean-mx/xmlviruses.php?ip=78.83.177.244&sort=first%20desc http://vttnmt.gr8domain.biz/ep/links/header.php?fwb=333509350a&mwbgcia=0733040609030a380b04&vmge=03&wikzcy=msvcxnpx&zrzxrc=puao http://rnocimcxay.ocry.com/ep/links/header.php?jhex=36060a3533&uwlsqt=0733040609030a380b04&uhwud=03&bffvyeuy=eekyguw&jlrpkonb=lavn http://qmpbusws.ourhobby.com/ep/links/header.php?ymivpcjc=0207053434&jwqe=0733040609030a380b04&kcqdlcrh=03&iaudk=boapryqf&bmzj=uwvkctr http://hxmzfauqf.sendsmtp.com/ep/links/treated_as.php?aoh=02370a0836&vrm=3434093307020b340704&ejruq=03&rzyveq=ibggdng&twvx=cqsjx http://bklvolypf.mrbasic.com/ep/links/header.php?qyfon=3536353534&zuxoc=0733040609030a380b04&ggend=03&fsqku=kfwl&qxdytinv=fcggjwc http://xljdpxxolc.ninth.biz/ep/links/header.php?lkqya=0b38030709&auwn=0733040609030a380b04&czz=03&balpd=nfgoofa&azhrn=cyj http://xezaebnx.qpoe.com/ep/links/header.php?nf=3607090937&le=0733040609030a380b04&o=02&ab=u&rj=e http://xemqgnorzk.ddns.ms/ep/links/header.php?ksuzoakh=0233380b35&qdhkcd=0733040609030a380b04&vhrw=03&zupdt=yicgm&btag=mpf http://vxkcouhry.lflink.com/ep/links/treated_as.php?kgf=0702090535&vdhabuh=3434093307020b340704&xpqlqzo=03&nhgh=nistrvoq&bbnpt=zzmy http://trqxuflk.ns01.info/ep/links/header.php?wrzzr=0233380b35&grkt=0733040609030a380b04&vdirvhot=03&qvqvrhoo=fjf&kckba=dhp http://thgtpvzb.ns02.biz/ep/links/header.php?npjatxgl=0509083405&piapycmo=0733040609030a380b04&lemrxid=03&fmtppfvt=vwhk&geljbkr=msyzb http://tfdgruf.dyndns.pro/ep/links/header.php?himsb=0b330a0b04&baoc=0733040609030a380b04&snd=03&mmjrz=bkco&bgewes=rfzr http://rglqps.vizvaz.com/ep/links/header.php?vf=03330803070b080234040836360606090a0b3333330908020704343435080433&oe=0733040609030a380b04&r=02&lt=m&qj=j http://pjiulpiaqv.epac.to/ep/links/header.php?tuyqxxf=35380a0a363737020b033436350b330407353402373605370935360b07020606&auavwhwde=0733040609030a380b04&nyegwthz=02&xzsvyzsh=ufgs&kfrddut=xilkmxbo http://nylglmmusi.myddns.com/ep/links/header.php?utgmf=0b080a0b05340835070a0908053603373803350b0b09090b0208380436043738&kuiojye=0733040609030a380b04&hsegfid=02&xth=guqq&fgnt=fsvjcg http://niklih.ftpserver.biz/ep/links/treated_as.php?jrcpkb=0233370202&ayv=3434093307020b340704&dwl=03&yhctvcah=yqo&uveqj=xwe http://nekgfwp.pcanywhere.net/ep/links/header.php?piaaoda=0233380b35&hgkgj=0733040609030a380b04&bqtwuj=03&rdm=opswgxvj&masz=dyudnh http://jjksesgoyx.ns01.biz/ep/links/header.php?shrrzq=0233380b35&ptyfgdm=0733040609030a380b04&jxkjzw=03&fczo=zhx&divpwvdz=bcnf http://ihluruybwa.got-game.org/ep/links/header.php?hqdwq=0204330237&scwv=0733040609030a380b04&khu=03&jyn=dewznh&hhdxfbi=atnzllc http://hwvhyj.sexxxy.biz/ep/links/header.php?lhn=35090a3436&yutkkc=0733040609030a380b04&xdo=03&xflt=xbz&khug=koj http://esljloq.ddns.mobi/ep/links/header.php?qhau=0735093403360b070204033609043638020304030238030b02080b090833020b&xdmrcru=0733040609030a380b04&ygz=03&jxfedj=radyd&ofquec=exjd http://cqfjqvbaq.portrelay.com/ep/links/header.php?zaoj=363734340b&jjgyl=0733040609030a380b04&mwqawoeq=03&uprlxhzl=qcxal&ukgqqvz=cxry http://cgwkwfzrjp.ns01.biz/ep/links/header.php?nvzt=0802330633&fnqbl=0733040609030a380b04&gprvp=03&yuse=caqfygo&kcasbwvl=bvw http://bjrzztbhqk.ns02.us/ep/links/header.php?iwhnbhp=0804063735&lxz=0733040609030a380b04&wvl=03&ycmqltm=zvxsm&mwhy=krjl http://xznqego.jkub.com/ep/links/header.php?ayl=330a090a08&dmzqv=0733040609030a380b04&jianypvl=03&ssmqks=gxzeazm&smdwmsh=qawpq http://yeuhddmk.epac.to/ep/links/treated_as.php?agbklxz=370b030203&yvuv=3f&cjh=3434093307020b340704& http://pnzeejovvb.findhere.org/ep/data/java.jar

Blackhole exploit kit PT1: De-obfuscation

While on PasteBin last night I found this interesting bit of javascript posted by scurit at http://pastebin.com/mAkfEzTx the most interesting piece of code being this Being that I am curious, I decoded it’s contents.

Anatomy of a hack: Expanding compromised resources

So many kiddies I teach always stop to short in hacks these days. I see very few hacks that are extensive in that they go beyond an initial point of entry. Take the Westboro Baptist Church hack for example. Was it a simple DoS? NO! Was it limited to a single point of entry? NO! … Continue reading

Tracking Website Visitors Pt5: Installation Script

/tracker/install.php Tracking Website Visitors Pt1: Masking Image Requests Tracking Website Visitors Pt2: Returning Image From Database Tracking Website Visitors Pt3: Returning Tracking Information Tracking Website Visitors Pt4: Uploading Image to MySql Tracking Website Visitors Pt5: Installation Script

Tracking Website Visitors Pt4: Uploading Image to MySql

/tracker/upload_image.php Tracking Website Visitors Pt1: Masking Image Requests Tracking Website Visitors Pt2: Returning Image From Database Tracking Website Visitors Pt3: Returning Tracking Information Tracking Website Visitors Pt4: Uploading Image to MySql Tracking Website Visitors Pt5: Installation Script

Tracking Website Visitors Pt3: Returning Tracking Information

This is just a simple page for reading the hits from the database with your tracking information for the image id involved. /tracker/status.php Tracking Website Visitors Pt1: Masking Image Requests Tracking Website Visitors Pt2: Returning Image From Database Tracking Website Visitors Pt3: Returning Tracking Information Tracking Website Visitors Pt4: Uploading Image to MySql Tracking Website … Continue reading

Tracking Website Visitors Pt2: Returning Image From Database

/tracker/return_image.php Tracking Website Visitors Pt1: Masking Image Requests Tracking Website Visitors Pt2: Returning Image From Database Tracking Website Visitors Pt3: Returning Tracking Information Tracking Website Visitors Pt4: Uploading Image to MySql Tracking Website Visitors Pt5: Installation Script

Tracking Website Visitors Pt1: Masking Image Requests

Email marketers commonly use small images embedded in email messages as tracking mechanisms. These email tracking images enable marketers to track approximately how many people viewed a particular email campaign. The same technology has implications in security. Now and then I am asked to consult on Bond skips. Bounty hunters will ask me to help … Continue reading