Leaderboard

The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The hosting provider OVH faced 1Tbps DDoS attack last week, likely the largest offensive ever seen. The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack. Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. The severest single attack that was documented by OVH reached 93 MMps and 799 Gbps. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps. According to Klaba, the attackers used an IoT botnet composed also of compromised CCTV cameras. Unfortunately, this is not a novelty, in June 2016 security experts from Sucuri firm have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild. Earlier this week, the website of the popular cyber security expert Brian Krebs was targeted by a DDoS attack of 665 Gbps. Experts speculate the attackers hit Krebs in response to his blog post in which he exposed a the operators behind the vDOS DDoS service. IoT devices, including CCTV, often lack proper configuration, it is easy for hackers to locate on the Internet systems with weak or default login credentials. Recently security experts reported several Linux malware targeting IoT devices such as Luabot and Bashlite. Earlier September, experts from Level 3 and Flashpoint confirmed the overall number of devices infected by the BASHLITE malware is more than 1 million. The number includes compromised devices belonging to several botnets, according to the experts, almost every infected device are digital video recorders (DVRs) or cameras (95%), the remaining is composed of routers (4%), and Linux servers (1%). “Of the identifiable devices participating in these botnets, almost 96 percent were IoT devices (of which 95 percent were cameras and DVRs), roughly 4 percent were home routers and less than 1 percent were compromised Linux servers. This represents a drastic shift in the composition of botnets compared to the compromised server- and home router-based DDoS botnets we’ve seen in the past.” states a blog post published by Level 3 firm. The researchers have been tracking more than 200 C&C worldwide used by the BASHLITE botnets. Fortunately, the IP addresses of the C&C servers were found hardcoded in the instance of malware detected in the wild making easy for experts to shut them down. Back to the case of the 1Tbps DDoS attack against the OVH firms, at the time I was writing the servers were back online. Source : http://securityaffairs.co/wordpress/51640/cyber-crime/tbps-ddos-attack.html

<tldr> Luckystrike is a PowerShell based generator of malicious .xls documents (soon to be .doc). All your payloads are saved into a database for easy retrieval & embedding into a new or existing document. Luckystrike provides you several infection methods designed to get your payloads to execute without tripping AV. See the "Installation" section below for instructions on getting started. </tldr> http://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator Enjoy!

Bongacams -> material de laba?

Actually, chiar e o joaca, oricine cu 200-500$ poate avea acces la asa ceva. Cumperi fisierele codate cum trebuie pentru selfreping si fiecare IoT prins scaneaza si infecteaza singur alte dispozitive. Asa se ajunge la atacuri de sute de gbs de cand cu renumitul "qbot". Cam asa arata unul din sutele de variante de fisiere executate pe IoT http://pastebin.com/raw/xQWdg4Uq

Alo e tcp ack cum sa fie joaca?

Largest atack pe pula mea .... a fost in 2012 un atac din China catre un ISP (al carui nume imi scapa) care ajunsese la cateva sute de Tbps.

si cand te gandesti ca poate uni detin sute de servere ... cu Putere nu gluma ... 1 TB chiar mi se pare o joaca de kidzi

On: Vezi ca nu ai voie sa ceri asa ceva si nu ai minim 50 posturi. Off: 5€/bucata

Unul incepator ar trebui cel putin sa scrie codul de mai de jos. wget http://pastebin.com/u/wtfbbq/1; for i in `cat 1 | grep Public | grep -o -P '(?<=href="/).*(?=">)'` ; do wget http://pastebin.com/raw/$i; done Unul mediu wget http://pastebin.com/u/wtfbbq/1 ; cat 1 | grep Public | grep -o -P '(?<=href="/).*(?=</a></td>)' | sed 's#"># #g' >> for_download;while read a b ; do wget -O "$a-$b" http://pastebin.com/raw/$a ; done < for_download; rm 1; rm for_download Unul pro si-ar scrie singur tool-urile de attack. PS: este si pagina 2 dar descurcati voi singuri.

Pentru că e foarte nașpa să iei la mâna a doua... Dacă cumva respectivul își mângâia mânzul și apoi punea mâna pe telefon, sau chestii de genul? Nu știi ce s-a întâmplat cu device-ul respectiv. Și mai e o vorbă... Ce e nou nu e vechi.