September 26, 2010 10:54 PM
Posted by: Dan O'Connor
Forensics dd mddWhat does that mean?
Creating an image that is going to have all of the information that you are going to need and persevering as much of that information as possible.
First capture a snap shot of the memory of the target, there is a lot of tools out there to do this. I prefer mdd. If you...
September 26, 2010 9:57 PM
Posted by: Dan O'Connor
stuxnet cybercrimeThis article is extremely interesting.
Two quotes really sticks out
"Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber...
September 26, 2010 9:10 PM
Posted by: Dan O'Connor
saganSoftwink has released an update, they are at version 0.1.5. The rc script I created wont cut it anymore, it will have to be tweaked.
You dont need to add & on the end of the command it has a deamonize option now.
You can download it here http://sagan.softwink.com/download/
Enjoy.
September 26, 2010 8:47 PM
Posted by: Dan O'Connor
casper bot,
casper rfi perl bot,
perl bot,
www perl botSo looking over all of the scripts what do we have?
What is in use here is a collection of scripts by varying authors from multiple nationalities in different languages. This in a best case scenario is a script kiddie, also by the fact that he left his gmail address in the script that was...
September 26, 2010 12:50 AM
Posted by: Dan O'Connor
casper bot,
casper rfi perl bot,
perl bot,
www perl botWhat this appears to be looking for is more machines to exploit, big surprise!
I followed it back for a bit and this is what I ended up with.
sub se_yahoo {
my ($chan,$key,$nf) = @_;
sub s_engine {
my ($f,$se,$type,$chan,$bug,$dork,$ef) = @_;
sub s_cari {
#Type: 1 = Cari...
September 26, 2010 12:23 AM
Posted by: Dan O'Connor
casper bot,
casper rfi perl bot,
perl bot,
www perl botOne more script listed at the top of the main one.
$filebotscan = "scan.txt";
It's full of all sorts of stuff nothing really caught my attention until I reached this.
##[ GOOGLE ]##
sub se_google {
my ($chan,$key,$nf) = @_;
my @daftar;
my $num = 50; my $max = 5000; my...
September 25, 2010 9:21 PM
Posted by: Dan O'Connor
casper bot,
casper rfi perl bot,
perl bot,
www perl botThere is a few more things that are worth looking at.
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
my...
September 16, 2010 10:05 PM
Posted by: Dan O'Connor
casper bot,
casper rfi perl bot,
perl bot,
www perl botSo what is going on next,
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
&DCC::connections;
my @ready = $sel_cliente->can_read(0.6);
next...
September 16, 2010 9:13 PM
Posted by: Dan O'Connor
I found this stumbling around the Internets.
http://wam.dasient.com/wam/infection_library_index
Nice little list for starting research.
