Triban

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #53541
      Triban
      Participant

      The other forum post contained a good amount of info. If you want to be a responsible repair tech then anyone running anything less that Windows 7 should be advised to upgrade to Windows 7/8. If the hardware is as old as the OS, the it would make sense to just get new system and be done with it. I know my time is valuable and if someone comes to me with an old XP system they want to fix, that is usually my first recommendation. If they don’t want to, I will spend a little time cleaning out temp files and such but I will not waste time rebuilding to XP. If I ask them if they have their original media and they say no, then I tell them I can’t help them or I recommend going linux 😀

    • #53566
      Triban
      Participant

      At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I’ve heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This type of attack reiterates a number of security measures that should be in place. Patching systems, not running as a privileged user, backing up your data regularly, and smart internet/email usage. You can read up on Kreb’s recent articles on the matter http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/ he does have some preventative measures listed but nothing to help if you have already been hit with it.

    • #53597
      Triban
      Participant

      Agreed with Seph, depending on the country that this is taking place in, it can be a privacy issue and may be against the law. As for weather or not it is technically malware, most AV software will pick up a number of “free” keyloggers as malware. They may not clean/delete them, but will certainly alert the user or admin about it.

      Also if you do not have an acceptable use policy in place stating that “computer activity will be monitored and users may be held responsible if they violate policy…” yada yada yada… Then it could come back an bite you in the arse. I know in most European countries, user’s personal privacy is a huge thing and it is against the law to implement such monitoring behaviors without the user’s consent. The US, it is certainly more of a gray area.

    • #52049
      Triban
      Participant

      I like the way Dynamik thinks. I’ll be there taking the Corelan course and looking forward to some good discussions, talks and all around fun. Dynamik, incoming!

    • #53213
      Triban
      Participant

      Microsoft Baseline Security Analyzer can probably accomplish this as well. It can be used via cmdline and scripted to run on a schedule job. It can also be dumped to default reports within MBSA or you can dump it to an text file. Not sure if it is delimited since I haven’t run it in a while. Back in Nessus you can check if the account is disabled using a credentialed scan. Guest is disabled by default so if you find devices with it enabled, then you probably have a bigger problem on your hands. With the size of your network I would hope there is no legitimate need for that account to be active on local workstations. Here is an article from Tenable on properly setting up a credentialed scan: http://static.tenable.com/documentation/nessus_credential_checks.pdf

      Good luck!

    • #52043
      Triban
      Participant

      All booked up, heading in early for Corelan’s class. This year 4x 50min main tracks with 30 min stable talks. Check out some of the abstracts that Irongeek posted. It will certainly be tough to figure out which ones to go to and which ones to watch later online.

    • #53181
      Triban
      Participant

      Always an interesting topic for discussion. If you have the desire to take things apart to see how they tick then you have the mindset to become a professional hacker. Did you grow up with legos? Do you pick up puzzles in the toy stores and try to solve them while your significant other is looking for a kid’s gift? Do you reverse engineer the VCR so it can play blu-rays?? Then you might be a hacker… 😀

      That is the mindset one needs for that. Now to the security side, it is all a matter of one’s knowledge base. One can certainly be taught how to run tools or go through a checklist of tests. But to excel in the field, you need to have some decent background and strong desire to continue learning. Never admit you can’t learn anything else, there is always more.

    • #53054
      Triban
      Participant

      Thanks, I figured that would be the best bet.  What I think happened is that in GEdit and Notepad++ you can set auto-indent, they must have thrown some garbage in there somewhere.  So I turned that feature off.  I think I will rewrite the code from scratch and see what happens.  What I did learn from this is the -t and -tt switches when running the python command.  That is handy.

    • #53033
      Triban
      Participant

      Most likely you have been compromised and either A) haven’t fixed the hole, or B) they have your creds and you haven’t changed those.  You will need a clean system, one that hasn’t been used before.  Power down the compromised systems.  Change all your passwords.  Chances are they may be exploiting a vulnerability in your code/site which keeps allowing them to have control.  If it is hosted, you may want to take it up with the hosting provider.  If you are hosting them on your own equipment, hand that over to an experienced web hosting provider.  If you backed up any data during the time of the compromise, restoring that data could just reinfect you with the attacker’s malware.  It is a vicious circle, but having an ethical hacker at your disposal may not help you.  In order to determine what is going on, a forensic investigator may be better suited to help you.  An EH will be able to give you ideas as to how you keep getting compromised, but may not be able to tell you specifics.  If you are a developer, I would recommend you check out OWASP, they give a great run down at better web site security – https://www.owasp.org/ check out the top 10 project.  Good luck!

    • #52864
      Triban
      Participant

      Excellent!  Thanks for the info.  once I am through Violent Python I will probably hit Intro to CS. 

    • #52862
      Triban
      Participant

      Udacity looks interesting, I may have to check it out.  Didn’t see the course numbers though, is 101 the intro class?  253 is the Web Dev?  How long did each one take?

    • #52999
      Triban
      Participant

      Welcome to AIX, bit of a different beast from Windows.  http://www.auditunix.com/unix-security-tool/ this might help.  Some of the best practices around securing Linux can also apply to AIX – root shouldn’t have remote access, users should remote in with their IDs and use SUDO to execute elevated commands.  don’t use telnet if other more secure methods are supported.  Here is a link to a Tenable post, it is older, but some of the plugins may still apply: http://www.tenable.com/blog/aix-best-practice-and-pci-configuration-audits.  You will probably require SSH access to the systems to adequately audit them.  Oh and be careful when scanning these systems, they area  bit more sensitive than Windows and some scanners will break them even if you are running with safe scans.

      Good luck!

    • #52988
      Triban
      Participant

      Nothing I am aware of, at most it would be a distraction to confuse IR folks.  Do you have a sample of the file?  Maybe a some file just happens to have the string in it that makes AV recognize EICAR.

    • #52911
      Triban
      Participant

      I was thinking something like Facebook’s session tracking, but that only shows the city/state, app, and the device used.  Or maybe Google’s Activity tracking, that gives you an IP address of the last bit of activity, the app and the date/time. 

    • #52885
      Triban
      Participant

      ZOMG!!! WE ARE DOOMED!!!!! Y2K!!! 12/21/2012!!!  AAAAAHHHHHHH….

      oh, here’s my wallet….

Viewing 14 reply threads

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?