Monday, August 31, 2020

How To Build A "Burner Device" For DEF CON In One Easy Step

TL;DR: Don't build a burner device. Probably this is not the risk you are looking for.

Introduction

Every year before DEF CON people starts to give advice to attendees to bring "burner devices" to DEF CON. Some people also start to create long lists on how to build burner devices, especially laptops. But the deeper we look into the topic, the more confusing it gets. Why are we doing this? Why are we recommending this? Are we focusing on the right things?

What is a "burner device" used for?

For starters, the whole "burner device" concept is totally misunderstood, even within the ITSEC community. A "burner device" is used for non-attribution. You know, for example, you are a spy and you don't want the country where you live to know that you are communicating with someone else. I believe this is not the situation for most attendees at DEF CON. More info about the meaning of "burner" https://twitter.com/Viss/status/877400669669306369

Burner phone means it has a throwaway SIM card with a throwaway phone, used for one specific operation only. You don't use the "burner device" to log in to your e-mail account or to VPN to your work or home.
But let's forget this word misuse issue for a moment, and focus on the real problem.

The bad advice

The Internet is full of articles focusing on the wrong things, especially when it comes to "burner devices". Like how to build a burner laptop, without explaining why you need it or how to use it.
The problem with this approach is that people end up "burning" (lame wordplay, sorry) significant resources for building a secure "burner device". But people are not educated about how they should use these devices.

The threats

I believe the followings are some real threats which are higher when you travel:
1. The laptop getting lost or stolen.
2. The laptop getting inspected/copied at the border.

These two risks have nothing to do with DEF CON, this is true for every travel.

Some other risks which are usually mentioned when it comes to "burner devices" and DEF CON:
3. Device getting owned via physical access while in a hotel room.
4. Network traffic Man-in-the-middle attacked. Your password displayed on a Wall of Sheep. Or having fun with Shellshock with DHCP. Information leak of NTLM hashes or similar.
5. Pwning the device via some nasty things like WiFi/TCP/Bluetooth/LTE/3G/GSM stack. These are unicorn attacks.

6. Pwning your device by pwning a service on your device. Like leaving your upload.php file in the root folder you use at CTFs and Nginx is set to autostart. The author of this article cannot comment on this incident whether it happened in real life or is just an imaginary example. 

How to mitigate these risks? 

Laptop getting stolen/lost/inspected at the border?
1. Bring a cheap, empty device with you. Or set up a fake OS/fake account to log in if you really need your day-to-day laptop. This dummy account should not decrypt the real files in the real account.

Device getting owned while in a hotel room with physical access

1. Don't bring any device with you.
2. If you bring any, make it tamper-resistant. How to do that depends on your enemy, but you can start by using nail glitter and Full Disk Encryption. Tools like Do Not Disturb help. It also helps if your OS supports suspending DMA devices before the user logs in.
3. If you can't make the device tamper-resistant, use a device that has a good defense against physical attackers, like iOS.
4. Probably you are not that important anyway that anyone will spend time and resources on you. If they do, probably you will only make your life miserable with all the hardening, but still, get pwned.

Network traffic Man-in-the-middle attacked

1. Don't bring any device with you.
2. Use services that are protected against MiTM. Like TLS.
3. Update your OS to the latest and greatest versions. Not everyone at DEF CON has a 0dayz worth of 100K USD, and even the ones who have won't waste it on you. 
4. Use fail-safe VPN. Unfortunately, not many people talk about this or have proper solutions for the most popular operating systems.
5. For specific attacks like Responder, disable LLMNR, NBT-NS, WPAD, and IPv6 and use a non-work account on the machine. If you don't have the privileges to do so on your machine, you probably should not bring this device with you. Or ask your local IT to disable these services and set up a new account for you.

Pwning the device via some nasty thing like WiFi/TCP/Bluetooth/LTE/3G/GSM stack

1. Don't bring any device with you.
2. If you bring any, do not use this device to log in to work, personal email, social media, etc.
3. Don't worry, these things don't happen very often. 

Pwning your device by pwning a service on your device

Just set up a firewall profile where all services are hidden from the outside. You rarely need any service accessible on your device at a hacker conference.

Conclusion

If you are still so afraid to go there, just don't go there. Watch the talks at home. But how is the hotel WiFi at a random place different from a hacker conference? Turns out, it is not much different, so you better spend time and resources on hardening your daily work devices for 365 days, instead of building a "burner device".

You probably need a "burner device" if you are a spy for a foreign government. Or you are the head of a criminal organization. Otherwise, you don't need a burner device. Maybe you need to bring a cheap replacement device.
Related posts
  1. Hack Tools Online
  2. Hack Apps
  3. Hack Tools Online
  4. World No 1 Hacker Software
  5. Hacker Tool Kit
  6. Hackrf Tools
  7. Hacker Tools 2020
  8. Github Hacking Tools
  9. Hack Tools For Windows
  10. Hacker Tools
  11. Hacking Tools For Kali Linux
  12. Free Pentest Tools For Windows
  13. Nsa Hack Tools Download
  14. Best Pentesting Tools 2018
  15. Hacking Tools Pc
  16. Hacking Tools Name
  17. Pentest Tools Framework
  18. Pentest Tools Linux
  19. What Is Hacking Tools
  20. Hacking Tools Name
  21. Hacking Tools Github
  22. Nsa Hacker Tools
  23. Hacking Tools 2019
  24. Hacking Tools For Mac
  25. Hacker Tools List
  26. Tools For Hacker
  27. Free Pentest Tools For Windows
  28. Hack Website Online Tool
  29. Hacker Security Tools
  30. Pentest Automation Tools
  31. Hacker
  32. Pentest Tools Framework
  33. Hacker Tools For Pc
  34. Hacking Tools For Windows Free Download
  35. Hacking Tools Windows 10
  36. Hack App
  37. Hack Tools Mac
  38. Ethical Hacker Tools
  39. Hacker Tools Apk Download
  40. Hack Tools Mac
  41. Hacker Tools Windows
  42. Hacker Hardware Tools
  43. Hacker Tools Github
  44. Hacker Hardware Tools
  45. Hacking Tools For Pc
  46. Hacker Tools Hardware
  47. Hack Tools
  48. Hacking Tools Windows
  49. Hacker Tools Hardware
  50. Hacking Tools Online
  51. Pentest Tools Review
  52. Hacker Search Tools
  53. Hacking Tools Windows
  54. Hacker
  55. Wifi Hacker Tools For Windows
  56. Hack Rom Tools
  57. Hacking Tools For Windows Free Download
  58. Hack Tools Download
  59. Pentest Tools Kali Linux
  60. Hacker Tools For Ios
  61. Install Pentest Tools Ubuntu
  62. Hacker Tools Apk Download
  63. Android Hack Tools Github
  64. Usb Pentest Tools
  65. Hacking Tools Kit
  66. Hacking Tools For Kali Linux
  67. What Is Hacking Tools
  68. Nsa Hacker Tools
  69. Hacker Techniques Tools And Incident Handling
  70. Hacker Tools List
  71. Pentest Tools Find Subdomains
  72. Hack Tools For Mac
  73. Hacker Tools Windows
  74. Nsa Hack Tools Download
  75. Hack Tools Online
  76. Blackhat Hacker Tools
  77. Hack Tools Mac
  78. Hacking Tools Kit
  79. Physical Pentest Tools
  80. Hacking Tools Online
  81. Hack Tools
  82. Hacking Tools
  83. Pentest Tools Free
  84. Hacking Tools Mac
  85. Pentest Tools Android
  86. Hacking Tools And Software
  87. Hacking Tools Usb
  88. Nsa Hack Tools
  89. Hacking App
  90. Hacker Security Tools
  91. Pentest Tools Alternative
  92. New Hacker Tools
  93. Best Hacking Tools 2020
  94. Hacking App
  95. Best Hacking Tools 2019
  96. Hacker
  97. Game Hacking
  98. Kik Hack Tools
  99. Hack Tools 2019
  100. Hack Tools Github
  101. Hacker Tools For Pc
  102. Pentest Tools Kali Linux
  103. Hacking Tools
  104. Hack Tools Pc
  105. Hacker Tools Linux
  106. Hacker Tools List
  107. Pentest Tools Url Fuzzer
  108. Hacking Tools Windows
  109. Hacker Tools Hardware
  110. Hack Apps
  111. Hacker Tools Mac
  112. Hacker Tools Hardware
  113. Hak5 Tools
  114. Top Pentest Tools
  115. Tools 4 Hack
  116. Hacker Tools For Windows
  117. Pentest Box Tools Download
  118. Ethical Hacker Tools
  119. Hacker Tool Kit
  120. Hacking Tools
  121. Hacking Apps
  122. Hacker Tools Github
  123. Hacking Tools Software
  124. Hacker Techniques Tools And Incident Handling
  125. Hacker Tools For Windows
  126. What Is Hacking Tools
  127. Blackhat Hacker Tools
  128. Install Pentest Tools Ubuntu
  129. Hacking Tools Usb
  130. Best Hacking Tools 2020
  131. Hacking Tools For Windows 7
  132. World No 1 Hacker Software
  133. Pentest Tools Find Subdomains
  134. Pentest Tools Website Vulnerability
  135. Pentest Recon Tools
  136. How To Hack
  137. Hacker Tools Hardware
  138. Hacking Tools For Kali Linux
  139. Hacking App
  140. Hacking Tools 2019
  141. Hacker Tools Software
  142. Pentest Automation Tools
  143. Hacker Tools Mac
  144. Hacking Tools And Software
  145. Pentest Tools For Windows
  146. Hacker Tools Apk
  147. Pentest Tools Bluekeep
  148. Hak5 Tools
  149. New Hacker Tools
  150. Pentest Tools Android
  151. Hacking Tools Software
  152. How To Make Hacking Tools
  153. New Hacker Tools
  154. Pentest Tools Github
  155. World No 1 Hacker Software
  156. Hack Tools Online
  157. Pentest Tools List
  158. Black Hat Hacker Tools
  159. Pentest Recon Tools
  160. New Hack Tools
  161. Hacker Tools Hardware
  162. Hacking Tools Software
  163. Pentest Tools
  164. Pentest Box Tools Download
  165. Github Hacking Tools
  166. Pentest Tools Find Subdomains
  167. Pentest Tools Review
  168. Hacking Tools Software
  169. Hacker Tools Free Download
  170. Easy Hack Tools
  171. Hacker Tools Free Download
  172. Pentest Tools Framework
  173. Hack Tools Download
  174. Pentest Tools Url Fuzzer
Posted by at No comments:

Sunday, August 30, 2020

OnionDuke Samples










File attributes

Size: 219136
MD5:  28F96A57FA5FF663926E9BAD51A1D0CB

Size: 126464
MD5:  C8EB6040FD02D77660D19057A38FF769


Size: 316928
MD5:  D1CE79089578DA2D41F1AD901F7B1014


Virustotal info

https://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/
SHA256: 366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b
File name: 366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b
Detection ratio: 8 / 52
Analysis date: 2014-11-15 18:37:30 UTC ( 8 hours, 44 minutes ago ) 
Antivirus Result Update
Baidu-International Trojan.Win32.Agent.adYf 20141107
F-Secure Backdoor:W32/OnionDuke.B 20141115
Ikarus Trojan.Win32.Agent 20141115
Kaspersky Backdoor.Win32.MiniDuke.x 20141115
Norman OnionDuke.A 20141115
Sophos Troj/Ransom-ALA 20141115
Symantec Backdoor.Miniduke!gen4 20141115
Tencent Win32.Trojan.Agent.Tbsl 20141115

https://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/


SHA256: 366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b
File name: 366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b
Detection ratio: 8 / 52
Antivirus Result Update
Baidu-International Trojan.Win32.Agent.adYf 20141107
F-Secure Backdoor:W32/OnionDuke.B 20141115
Ikarus Trojan.Win32.Agent 20141115
Kaspersky Backdoor.Win32.MiniDuke.x 20141115
Norman OnionDuke.A 20141115
Sophos Troj/Ransom-ALA 20141115
Symantec Backdoor.Miniduke!gen4 20141115
Tencent Win32.Trojan.Agent.Tbsl 20141115

https://www.virustotal.com/en/file/0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade/analysis/
SHA256: 0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade
File name: 0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade
Detection ratio: 19 / 55
Analysis date: 2014-11-15 18:37:25 UTC ( 8 hours, 47 minutes ago ) 
Antivirus Result Update
AVware Trojan.Win32.Generic!BT 20141115
Ad-Aware Backdoor.Generic.933739 20141115
Baidu-International Trojan.Win32.OnionDuke.BA 20141107
BitDefender Backdoor.Generic.933739 20141115
ESET-NOD32 a variant of Win32/OnionDuke.A 20141115
Emsisoft Backdoor.Generic.933739 (B) 20141115
F-Secure Backdoor:W32/OnionDuke.A 20141115
GData Backdoor.Generic.933739 20141115
Ikarus Trojan.Win32.Onionduke 20141115
Kaspersky Backdoor.Win32.MiniDuke.x 20141115
McAfee RDN/Generic BackDoor!zw 20141115
McAfee-GW-Edition BehavesLike.Win32.Trojan.fh 20141114
MicroWorld-eScan Backdoor.Generic.933739 20141115
Norman OnionDuke.B 20141115
Sophos Troj/Ransom-ANU 20141115
Symantec Backdoor.Miniduke!gen4 20141115
TrendMicro BKDR_ONIONDUKE.AD 20141115
TrendMicro-HouseCall BKDR_ONIONDUKE.AD 20141115
VIPRE Trojan.Win32.Generic!BT 20141115


More info


Posted by at No comments:

Top Process Related Commands In Linux Distributions


Commands in Linux are just the keys to explore and close the Linux. As you can do things manually by simple clicking over the programs just like windows to open an applications. But if you don't have any idea about commands of Linux and definitely you also don't know about the Linux terminal. You cannot explore Linux deeply. Because terminal is the brain of the Linux and you can do everything by using Linux terminal in any Linux distribution. So, if you wanna work over the Linux distro then you should know about the commands as well. In this blog you will exactly get the content about Linux processes commands which are are given below.

ps

The "ps" command is used in Linux to display your currently active processes over the Linux based system. It will give you all the detail of the processes which are active on the system.

ps aux|grep

The "ps aux|grep" command is used in Linux distributions to find all the process id of particular process like if you wanna know about all the process ids related to telnet process then you just have to type a simple command like "ps aux|grep 'telnet'". This command will give you the details about telnet processes.

pmap

The "pmap" command in Linux operating system will display the map of processes running over the memory in Linux based system.

top

The "top" command is used in Linux operating system to display all the running processes over the system's background. It will display all the processes with process id (pid) by which you can easily kill/end the process.

Kill pid

Basically the kill command is used to kill or end the process or processes by simply giving the process id to the kill command and it will end the process or processes. Just type kill and gave the particular process id or different process ids by putting the space in between all of them. kill 456 567 5673 etc.

killall proc

The "killall proc" is the command used in Linux operating system to kill all the processes named proc in the system. Killall command just require a parameter as name which is common in some of the processes in the system.

bg

The "bg" is the command used in Linux distributions to resume suspended jobs without bringing them to foreground.

fg

The "fg" command is used in Linux operating system to brings the most recent job to foreground. The fg command also requires parameters to do some actions like "fg n" n is as a parameter to fg command that brings job n to the foreground.

Related articles


  1. Hacker Tools Github
  2. Computer Hacker
  3. Growth Hacker Tools
  4. Hacking Tools For Windows
  5. Pentest Tools Review
  6. Growth Hacker Tools
  7. Easy Hack Tools
  8. Hack Tool Apk No Root
  9. Hacking Tools Pc
  10. Pentest Tools Linux
  11. Hacking Tools Software
  12. Hacker Tools 2019
  13. Best Hacking Tools 2020
  14. Hacker Tools Software
  15. Hack Apps
  16. Pentest Tools Subdomain
  17. Kik Hack Tools
  18. Hacking Tools For Windows Free Download
  19. Hacker Tools For Ios
  20. Best Pentesting Tools 2018
  21. Pentest Tools
  22. Hack Tools
  23. Hack Tools For Pc
  24. Hacking Tools For Windows
  25. Hack Tools Download
  26. Hacking Tools 2020
  27. Nsa Hack Tools
  28. Top Pentest Tools
  29. Hacker Tools Free
  30. Hacker Tools For Windows
  31. Hacking Tools 2019
  32. Best Hacking Tools 2019
  33. How To Make Hacking Tools
  34. Hacker Tools Mac
  35. Pentest Tools Review
  36. Hacker Tools 2019
  37. Physical Pentest Tools
  38. Hacking Tools For Mac
  39. Hacking Tools Hardware
  40. Hack Tools Download
  41. Usb Pentest Tools
  42. Pentest Tools Bluekeep
  43. Pentest Tools Url Fuzzer
  44. Pentest Tools Alternative
  45. Pentest Tools List
  46. Hack Tools Download
  47. How To Install Pentest Tools In Ubuntu
  48. Hacker Tools Linux
  49. Hacking Tools For Mac
  50. Hacking Tools For Beginners
  51. Hacker Tools Windows
  52. Top Pentest Tools
  53. Bluetooth Hacking Tools Kali
  54. Hacker Tool Kit
  55. Pentest Tools For Android
  56. Hacking Tools Hardware
  57. Hack Tools For Mac
  58. Growth Hacker Tools
  59. Pentest Tools Review
  60. Free Pentest Tools For Windows
  61. Hacking Tools Online
  62. Pentest Tools
  63. Hack Website Online Tool
  64. Hack Tools Pc
  65. Pentest Reporting Tools
  66. Pentest Tools For Windows
  67. Hack Tools For Games
  68. Hackers Toolbox
  69. Hacking Tools Kit
  70. Pentest Tools Find Subdomains
  71. Hackers Toolbox
  72. Kik Hack Tools
  73. Hacking Tools For Games
  74. Pentest Tools Website
  75. Blackhat Hacker Tools
  76. Hack Tools For Pc
  77. Hack Tools For Games
  78. Wifi Hacker Tools For Windows
  79. Github Hacking Tools
  80. Beginner Hacker Tools
  81. Usb Pentest Tools
  82. Nsa Hacker Tools
  83. Hack Tools 2019
  84. Hacker Techniques Tools And Incident Handling
  85. Hacker Tools Software
  86. Hacker Techniques Tools And Incident Handling
  87. World No 1 Hacker Software
  88. Game Hacking
  89. Hacking Tools Windows
  90. Hacker Search Tools
  91. Pentest Tools Tcp Port Scanner
Posted by at No comments: