The other forum post contained a good amount of info. If you want to be a responsible repair tech then anyone running anything less that Windows 7 should be advised to upgrade to Windows 7/8. If the hardware is as old as the OS, the it would make sense to just get new system and be done with it. I know my time is valuable and if someone comes…[Read more]
At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I’ve heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This…[Read more]
Agreed with Seph, depending on the country that this is taking place in, it can be a privacy issue and may be against the law. As for weather or not it is technically malware, most AV software will pick up a number of “free” keyloggers as malware. They may not clean/delete them, but will certainly alert the user or admin about it.
Microsoft Baseline Security Analyzer can probably accomplish this as well. It can be used via cmdline and scripted to run on a schedule job. It can also be dumped to default reports within MBSA or you can dump it to an text file. Not sure if it is delimited since I haven’t run it in a while. Back in Nessus you can check if the account is…[Read more]
All booked up, heading in early for Corelan’s class. This year 4x 50min main tracks with 30 min stable talks. Check out some of the abstracts that Irongeek posted. It will certainly be tough to figure out which ones to go to and which ones to watch later online.
Always an interesting topic for discussion. If you have the desire to take things apart to see how they tick then you have the mindset to become a professional hacker. Did you grow up with legos? Do you pick up puzzles in the toy stores and try to solve them while your significant other is looking for a kid’s gift? Do you reverse engineer the…[Read more]
Thanks, I figured that would be the best bet. What I think happened is that in GEdit and Notepad++ you can set auto-indent, they must have thrown some garbage in there somewhere. So I turned that feature off. I think I will rewrite the code from scratch and see what happens. What I did learn from this is the -t and -tt switches when run…[Read more]
Most likely you have been compromised and either A) haven’t fixed the hole, or B) they have your creds and you haven’t changed those. You will need a clean system, one that hasn’t been used before. Power down the compromised systems. Change all your passwords. Chances are they may be exploiting a vulnerability in your code/site which keeps all…[Read more]
Welcome to AIX, bit of a different beast from Windows. http://www.auditunix.com/unix-security-tool/ this might help. Some of the best practices around securing Linux can also apply to AIX – root shouldn’t have remote access, users should remote in with their IDs and use SUDO to execute elevated commands. don’t use telnet if other more secure me…[Read more]
I was thinking something like Facebook’s session tracking, but that only shows the city/state, app, and the device used. Or maybe Google’s Activity tracking, that gives you an IP address of the last bit of activity, the app and the date/time.
First question, have you hardened your server to the best of your abilities/knowledge? Have you covered the Security 101 basics?
renamed default admins?
use complex passwords?
disable unneeded services?
installed AV and configured it?
enabled the client based firewall and configured it?
Fully patched on both the Operating System…[Read more]
Thanks hurtl0cker, I actually grabbed the Ciphers book a couple weeks ago. Looking forward to reading through that. Going to work my way through violent python. And yes, practice practice practice. I heard someone mention it is best to do a little bit of coding every day than try to do a couple hours in a single day once a week. Get’s the…[Read more]