Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

PINNED: research tools & techniques for cleanVPN forensic analyses

Encouraging best practices in the VPN industry via independent, community-certified verification of clean installers and clean basic service operations. Let's reward the good, and make the bad a little bit less tempting 〰 github repo#cleanVPN
User avatar

Topic Author
cryptostorm_team
ForumHelper
Posts: 159
Joined: Sat Mar 02, 2013 12:12 am

PINNED: research tools & techniques for cleanVPN forensic analyses

Postby cryptostorm_team » Sat Feb 28, 2015 8:08 pm

This is a placehoder thread for now.

We will be posting into it the various forensic tools we've used in our research thus far, and encouraging others with specialised expertise to expand and deepen the collection from there.


some contributions from pj:

Static analytic techniques to identify komodia libraries in unpacked executables:

From a technical perspective, the Komodia library is easy to detect. In our research, we found that the software that installs the root CA contains a number of easily searchable attributes that enabled us to match up the certificates we see in the wild with the actual software. These functions, which are Windows PE exports, include “CertInstallAll”, “GetCertPEMDLL”, “InstallFirefoxDirectory”, “SetCertDLL”, and “SetLogFunctionDLL.” Most of these libraries are designed to work on Windows 8 and will not install on older operating systems. Hopefully this information will give some good leads to researchers for further investigation.



VM-based unpacker/scanners:



From parityboy, a pcap scrubber:




~ cryptostorm
cryptostorm_team - a shared, team-wide forum account (not a person)
PLEASE DON'T SEND PRIVATE MESSAGES to this account, as we can't guarantee quick replies!
--> feel free to use any of our other contact channels, or post in the support forum
cryptostorm: structurally anonymous, token-based, unlimited ☂ bandwidth, opensource, darknet data security for everyone!
keybase.io validatorsonename.io validatorsPGP key @ MITnetwork statuscryptostorm github
support team bitmessage address: BM-2cTMH8K5JnjbfSALjZtSkRWCLfc3Tr8GBV
support team email: support@cryptostorm.is
live chat support: #cryptostorm

Return to “#cleanVPN ∴ encouraging transparency & clean code in network privacy service”

Who is online

Users browsing this forum: No registered users and 5 guests

Login