Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Search found 7 matches

by pr0tox
Wed Aug 07, 2013 10:22 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: how long...?

An important thing to keep in mind regarding the question of what will, and can, be done with the results of this exploit: since the malware was apparently distributed through all FH sites (at least, that's my understanding), there seems to be no way for whoever receives these data to find out what...
by pr0tox
Wed Aug 07, 2013 10:14 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: leakage

In other words, this is a browser leak - or, if you prefer to call it that, a Tor leak. Mostly semantics, there. One major, serious downside of using Tor (in my personal opinion, to be clear - but this is not as heretical as it might sound to heavy Tor devotees) is that it prefers to operate throug...
by pr0tox
Wed Aug 07, 2013 9:47 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: how long...?

5b. We more or less assume that "people" would have noticed the creepy js iframes even before the FH takedown... but would they? Would off-the-shelf AV/malware scanners be able to poke their noses into torified sessions, on a local machine, and flag this stuff? Were signature files even i...
by pr0tox
Tue Aug 06, 2013 7:22 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: #Torsploit takedown: analysis, reverse engineering, fore

I appreciate the distinction you make here -- and I agree that it's an important one to make since many people are not aware of the risks of traffic manipulation over the unencrypted portion of Tor's network (exit nodes). As I understand it, this exploit could have been delivered any of three main ...
by pr0tox
Mon Aug 05, 2013 9:50 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: #Torsploit takedown: analysis, reverse engineering, fore

Agree 100.00% on the FUD / psyops speculation. While it's almost certainly not *exclusively* psy ops, the IP address was certainly intentional. One simply does not write hand-obfuscated code like that and then put one's IP:80 in plain view. I think that's an extremely safe assumption. If people thin...
by pr0tox
Mon Aug 05, 2013 8:39 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: #Torsploit takedown: analysis, reverse engineering, fore

We've been told by smart folks that the "useragent = NT" isn't actually going to filter for only Windows machines, as the Tor Browser Bundle package all report their useragent as "NT." We've not yet confirmed that, but the folks who told us are much smarter than we are, so we te...
by pr0tox
Mon Aug 05, 2013 7:35 pm
Forum: cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity
Topic: #Torsploit takedown: analysis, reverse engineering, forensic
Replies: 76
Views: 122550

Re: #Torsploit takedown: analysis, reverse engineering, fore

Thank you for spending the time to pull these resources together. Just to be sure I understand the analysis... the operating assumption here is that all of this *only* happens if NoScipt was set to enable scripts AND you were running a windows machine, right? There wasn't an exploit to disable noscr...

Go to advanced search

Nothing to display.

Login