Nowadays the Russian segment of the Web is not dominated by CryptoWall or CTB-Locker, Russia has seen the formation of an "ecosystem" consisting of other types of ransom trojans, which generally don't enter the global arena. Today, we will learn about some of them and, as a bonus, we will briefly run through some "fashionable" trends in global ransomware.
The great problem for many pentests lies in the fact that any "charged" executable file created with Metasploit or other pentest frameworks can be tracked by any antivirus vendor. That is why a pentester has to find out a way to bypass antivirus software instead of going on with penetration. A lot of time is wasted on this task being performed from case to case. So, eventually, various tools for automation of this task started to appear; today we are going to review one of these cool tools, named Shellter.
The most conservative estimates indicate that, by the end of 2015, the share of IPv6 traffic will reach at least 10%, and this growth will continue. A special protocol for regional registries also came into force recently. Now, a new block of IPv4 addresses will be issued only if the company proves it has already implemented IPv6. So if anyone needs a subnetwork of white IPv4 addresses, they will need to implement IPv6. This fact will also encourage the further growth of IPv6 systems and lead to an increase in traffic. As far as ordinary users are concerned, providers began appearing all over the world, issuing real IPv6-addresses to end subscribers. And so, IPv6 will be encountered more and more often, and that’s a fact we cannot ignore.
Everyone cares about their significant others' security. We all know that feeling when your calls are not answered and your Whatsapp messages not marked as read. In a moment like that you would do a lot to have any idea what is happening there. Although cell phone carriers offer geolocation services to locate another user, knowing your girlfriend is somewhere in the middle of Main Street will barely help. So what can we do about it?
Since its rise Windows was a natural habitat for all kinds of malware. Now the OS itself seems to have become one big trojan. Right after being installed it starts acting weird. The data flows in rivers to dozens of servers belonging to Microsoft and its partner companies. We will try to look into complaints of espionage manners of Windows 10 and find out what data it sneaks and where it sends it.
This was one of the most interesting attacks showed on Black Hat Las Vegas 2015. Let’s imagine the situation: there’s a large park of Windows computers in a large organization, and they all need to be updated. Obviously, getting all of them to download updates over the Internet is both pricy and uncomfortable. The common solution is a WSUS (Windows Server Update Services) server, which is used to manage updates. It downloads the updates and delivers them to all other computers.
Before turning to unconventional methods of usage, I will describe how “keep-alive” is working. The process is utterly simple – in a connection, multiple requests are sent instead of just one, and multiple responses come from the server. The benefits are obvious: there is less time spent on establishing connection, less load on CPU and memory. The number of requests in a single connection is usually limited by settings of the server (in most cases, there are at least several dozen). The procedure for establishing a connection is universal.