Leaderboard

The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The hosting provider OVH faced 1Tbps DDoS attack last week, likely the largest offensive ever seen. The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack. Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. The severest single attack that was documented by OVH reached 93 MMps and 799 Gbps. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps. According to Klaba, the attackers used an IoT botnet composed also of compromised CCTV cameras. Unfortunately, this is not a novelty, in June 2016 security experts from Sucuri firm have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild. Earlier this week, the website of the popular cyber security expert Brian Krebs was targeted by a DDoS attack of 665 Gbps. Experts speculate the attackers hit Krebs in response to his blog post in which he exposed a the operators behind the vDOS DDoS service. IoT devices, including CCTV, often lack proper configuration, it is easy for hackers to locate on the Internet systems with weak or default login credentials. Recently security experts reported several Linux malware targeting IoT devices such as Luabot and Bashlite. Earlier September, experts from Level 3 and Flashpoint confirmed the overall number of devices infected by the BASHLITE malware is more than 1 million. The number includes compromised devices belonging to several botnets, according to the experts, almost every infected device are digital video recorders (DVRs) or cameras (95%), the remaining is composed of routers (4%), and Linux servers (1%). “Of the identifiable devices participating in these botnets, almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers and less than 1 percent were compromised Linux servers. This represents a drastic shift in the composition of botnets compared to the compromised server- and home router-based DDoS botnets we’ve seen in the past.” states a blog post published by Level 3 firm. The researchers have been tracking more than 200 C&C worldwide used by the BASHLITE botnets. Fortunately, the IP addresses of the C&C servers were found hardcoded in the instance of malware detected in the wild making easy for experts to shut them down. Back to the case of the 1Tbps DDoS attack against the OVH firms, at the time I was writing the servers were back online. Source : http://securityaffairs.co/wordpress/51640/cyber-crime/tbps-ddos-attack.html

Bongacams -> material de laba?

<tldr> Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. See the "Installation" section below for instructions on getting started. </tldr> http://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator Enjoy!

Actually, chiar e o joaca, oricine cu 200-500$ poate avea acces la asa ceva. Cumperi fisierele codate cum trebuie pentru selfreping si fiecare IoT prins scaneaza si infecteaza singur alte dispozitive. Asa se ajunge la atacuri de sute de gbs de cand cu renumitul "qbot". Cam asa arata unul din sutele de variante de fisiere executate pe IoT http://pastebin.com/raw/xQWdg4Uq

Alo e tcp ack cum sa fie joaca?

Au fost vreo 200gbps man. Atacurile de +500gbps au inceput decand cu dns/ntp amplification. Si vezi ca e tcp ack, deci nu e low profile attack. Deci cine a trimis, e profesionist

Largest atack pe pula mea .... a fost in 2012 un atac din China catre un ISP (al carui nume imi scapa) care ajunsese la cateva sute de Tbps.

si cand te gandesti ca poate uni detin sute de servere ... cu Putere nu gluma ... 1 TB chiar mi se pare o joaca de kidzi

On: Vezi ca nu ai voie sa ceri asa ceva si nu ai minim 50 posturi. Off: 5€/bucata

This paper is a short summary of a real world mirroring attack on the Apple iPhone 5c passcode retry counter under iOS 9. This was achieved by desoldering the NAND Flash chip of a sample phone in order to physically access its connection to the SoC and partially reverse engineering its proprietary bus protocol. The process does not require any expensive and sophisticated equipment. All needed parts are low cost and were obtained from local electronics distributors. By using the described and successful hardware mirroring process it was possible to bypass the limit on passcode retry attempts. This is the first public demonstration of the working prototype and the real hardware mirroring process for iPhone 5c. Although the process can be improved, it is still a successful proof-of-concept project. Knowledge of the possibility of mirroring will definitely help in designing systems with better protection. Also some reliability issues related to the NAND memory allocation in iPhone 5c are revealed. Some future research directions are outlined in this paper and several possible countermeasures are suggested. We show that claims that iPhone 5c NAND mirroring was infeasible were ill-advised. http://arxiv.org/pdf/1609.04327v1

Unul incepator ar trebui cel putin sa scrie codul de mai de jos. wget http://pastebin.com/u/wtfbbq/1; for i in `cat 1 | grep Public | grep -o -P '(?<=href="/).*(?=">)'` ; do wget http://pastebin.com/raw/$i; done Unul mediu wget http://pastebin.com/u/wtfbbq/1 ; cat 1 | grep Public | grep -o -P '(?<=href="/).*(?=</a></td>)' | sed 's#"># #g' >> for_download;while read a b ; do wget -O "$a-$b" http://pastebin.com/raw/$a ; done < for_download; rm 1; rm for_download Unul pro si-ar scrie singur tool-urile de attack. PS: este si pagina 2 dar descurcati voi singuri.

Pentru că e foarte nașpa să iei la mâna a doua... Dacă cumva respectivul își mângâia mânzul și apoi punea mâna pe telefon, sau chestii de genul? Nu știi ce s-a întâmplat cu device-ul respectiv. Și mai e o vorbă... Ce e nou nu e vechi.