msp432 读一个端口值

截至2020年2月10日的最新消息 (The latest scoop as of February 10, 2020)

The Huntress team recently learned that a person allegedly tied to the w0zniak account has been arrested in Atlanta. We received this information shortly after we released our blog and here are a few key updates:

女猎手团队最近获悉,据称与w0zniak帐户有关的一个人已在亚特兰大被捕 。 我们在发布博客后不久就收到了此信息,以下是一些重要更新:

Insider Threat: w0zniak was a disgruntled ex-employee of the MSP Based on the criminal complaint affidavit, w0zniak is likely the Torum handle belonging to Marquavious Britt, who worked for our victim MSP until he was “terminated for failure to complete tasks assigned to him”.

内部威胁:w0zniak是MSP的一名不满员工,根据刑事诉状 ,w0zniak可能是Marrumvious Britt的Torum把手,他曾为我们的受害者MSP工作,直到他“因未能完成指派给他的任务而被解雇” ”。

From page 3 of the criminal compliant affidavit
从符合刑事要求的誓章第3页开始

What’s especially interesting is the Vultr account sold by w0zniak belonged to Marquavious Britt and included the last four of Britt’s SSN in the password. Additionally, the Coinbase account that received payment for the MSP access was registered to Britt’s name, SSN, address, and date of birth. Sounds like:

尤其有趣的是w0zniak出售的Vultr帐户属于Marquavious Britt,并且密码中包括Britt的SSN的后四个。 此外,已收到用于MSP访问的付款的Coinbase帐户已注册为Britt的姓名,SSN,地址和出生日期。 听起来好像:

  • w0zniak didn’t have the greatest online OPSECw0zniak没有最好的在线OPSEC
  • MSPs need to closely audit admin accounts after employees depart员工离职后,MSP需要紧密审核管理员帐户
From page 5 of the criminal affidavit
从刑事誓章的第5页

Some Dark Web hackers are not super thrilled with our effort

一些Dark Web黑客对我们的努力并不感到兴奋

Since our story was published, we’ve seen hackers warn each other about who they talk to and what they see. They are on high alert, knowing their shady deeds are being watched:

自从我们的故事发表以来,我们已经看到黑客相互警告他们所交谈的对象和所见内容。 他们处于高度戒备状态,知道他们的幕后行为正受到关注:

Security will always be a cat and mouse game, but that game doesn’t have to be checkers. Playing chess probably starts with an offensive approach to defense.

安全永远是猫和老鼠的游戏,但该游戏不必是跳棋。 下棋可能始于采取防御性的进攻方式。

If Britt is responsible, w0zniak is a man

如果布里特负责,w0zniak是一个男人

While we wrote this blog, we definitely had fun imagining our hacker as a woman. It was an interesting thought exercise that challenged us to remove our preconceived notions. However, not everyone agreed with our decision:

当我们撰写此博客时,将黑客想象成一个女人绝对很有趣。 这是一次有趣的思想练习,挑战了我们删除我们先入为主的观念。 但是,并非所有人都同意我们的决定:

At the end of the day, we are just relieved to see one more criminal is receiving their day in court. MSPs are increasingly vulnerable to hackers on the Dark Web. This blog was just another example of our commitment to protecting MSPs to keep them safe.

归根结底,看到另一名罪犯在法庭上受审,我们感到宽慰。 MSP越来越容易受到Dark Web上的黑客的攻击。 该博客只是我们致力于保护MSP以确保其安全的另一个示例。

2020年2月4日以来的原始帖子 (Original Post from February 4, 2020)

Think about all the things you can buy and do on the dark web.

考虑一下您可以在黑暗网络上购买和执行的所有操作 。

Most of what you see on the dark web stems from the fact that it is powered by anonymity. While there is certainly an argument for freedom of expression that drives part of the dark web, most of what we see and hear are nefarious activities of hacktivists and a growing organized cybercrime underworld. But we often hear about the events after their criminal activity has already run its course.

您在暗网中看到的大部分内容都是由匿名支持的。 尽管肯定有言论自由的论点驱动了黑暗网络的一部分,但我们所看到和听到的大多数都是黑客主义者的邪恶活动和日益增长的有组织网络犯罪黑社会。 但是,我们经常听到有关其犯罪活动已经发生的事件。

In a rare encounter, we found ourselves directly interacting with one of these cybercriminals. Read on to see how our very own Kyle Hanslovan, Chris Bisnett, and John Ferrell took a deep dive into the dark web with a first-hand encounter with an attacker.

在一次罕见的相遇中,我们发现自己直接与其中一位网络犯罪分子互动。 请继续阅读以了解我们自己的凯尔·汉斯洛万 ( Kyle Hanslovan) , 克里斯 ·比斯奈特 ( Chris Bisnett )和约翰·费雷尔 ( John Ferrell )如何与攻击者进行第一手接触,从而深入研究了暗网。

当日销售 (The Sale of the Day)

Back in October, Datto identified a threat actor through their routine dark web monitoring practices. This cyber criminal, known by her Torum handle as “w0zniak”, was seen selling access to an MSP’s VPS control panel on the dark web for $600 BTC:

早在10月, Datto就通过常规的暗网监视实践确定了威胁因素。 这位网络犯罪分子被Torum称为“ w0zniak”,被发现以600美元的BTC的价格出售其在深色网上访问MSP的VPS控制面板的权限:

“I’m selling access to a MSP. They’re located in the U.S. , eastern side…… I’m asking for $600 BTC. If you’re interested message me here or on wikr… i’m also on jabber. […] I can provide photos if requested.”

“我正在出售对MSP的访问权限。 他们位于美国东部……我要的是600美元的比特币。 如果您有兴趣在这里或在wikr上给我发消息,我也在jabber上。 […]如果需要,我可以提供照片。”

We’re looking at a businesswoman at work. She’s laying out her terms — establishing price, contact information, and evidence to build trust. But what type of businesswoman is she? What are her motivations? Is it all about just a quick payout, or is there more to her plans?

我们在找一个上班的女商人。 她正在布置自己的条款-建立价格,联系信息和建立信任的证据。 但是她是什么类型的女商人? 她的动机是什么? 仅仅是快速付款,还是她的计划还有更多?

Of course, the primary goal was to identify and help our victimized member of our community. But as crazy curious cyber defenders, our secondary goal was to get a better understanding of who we were dealing with so we could “know our attacker”. It’s not every day where we have the opportunity to talk directly to a cyber criminal. This was our chance to learn more about her motivations and tactics.

当然,主要目标是确定并帮助我们社区中受害的成员。 但是,作为疯狂的好奇网络防御者,我们的次要目标是更好地了解我们与谁打交道,以便我们“ 了解我们的攻击者 ”。 并非每天都有机会直接与网络罪犯交谈。 这是我们有机会了解她的动机和策略的机会。

背景 (Background)

Let’s rewind for a second just to see how we got to this point.

让我们倒转一秒钟,只是看看我们如何达到这一点。

We’ve always believed in the power of collaboration, and we certainly are not alone. Back in July 2019, our very own VP of ThreatOps, John Ferrell, and the CISO of Datto, Ryan Weeks, got together to brainstorm ways to better secure our communities. This conversation quickly expanded to both our Huntress ThreatOps team and Datto’s security team, resulting in the creation of a Slack channel to facilitate collaboration. Evolving into the very first grassroots MSP-ISAC, we had established an avenue for vendors in the MSP community to share what we’ve seen and collaborate together.

我们一直相信协作的力量,我们当然并不孤单。 早在2019年7月,我们自己的ThreatOps副总裁John Ferrell和Datto的CISO Ryan Weeks聚在一起,共同探讨如何更好地保护我们的社区。 此对话Swift扩展到我们的Huntress ThreatOps团队和Datto的安全团队,从而创建了一个Slack渠道来促进协作。 演变为第一个草根MSP-ISAC,我们为MSP社区中的供应商建立了共享我们所见和共同协作的渠道。

What all of our community members have learned through combined decades in security is that intel sharing is one of the best and most effective ways for all of us to stay ahead of the attackers.

我们所有社区成员通过数十年的安全经验共同了解到,情报共享是我们所有人领先于攻击者的最佳,最有效的方法之一。

This story is a perfect example of a team effort. And the biggest takeaway is working together allows us to not just find and resolve threats, but to identify new behavior patterns and methods of cyber criminals. In the end, this makes us all better at protecting ourselves and each other against a potentially new type of adversary.

这个故事是团队合作的完美典范。 最大的收获是,通过共同努力,我们不仅可以发现和解决威胁,还可以识别网络犯罪分子的新行为模式和方法。 最后,这使我们所有人都能够更好地保护自己和彼此免受潜在新型对手的攻击。

侦察 (Reconnaissance)

Okay, enough with the high fives; let’s get back to the story.

好吧,击掌就足够了; 让我们回到这个故事。

Datto, one of the founding members of the MSP-ISAC, came across the Torum post shared above and showed it to the rest of the MSP-ISAC. Given our background in cyber operations at the NSA, seeing this perked up our ears motivating us to go all in to thwart this attacker.

Mat -ISAC的创始成员之一Datto碰到了上面分享的Torum帖子,并向MSP-ISAC的其他成员展示了该帖子。 鉴于我们在NSA从事网络运营的背景,看到这种声音使我们耳目一新,促使我们全力以赴来阻止此攻击者。

We started doing some snooping, watched subsequent posts, and it became evident that our adversary is a person who is looking for ways to grow and develop her business. This next post makes it clear that she’s mastered how to compromise IT departments and managed service providers, but wants to build a team to help with encryption.

我们开始做一些侦探,观察随后的帖子,很明显,我们的对手是一个正在寻找发展和发展业务的人。 下一篇文章清楚地表明,她已经掌握了如何折衷IT部门和受管服务提供商的方法,但是她想组建一个团队来帮助进行加密。

In fact, she turned down someone who offered to work with her because she wanted someone that is willing to work on a longer term strategy. This is a person who is all about the ring on their finger, not just a one-time fling.

实际上,她拒绝了一个愿意与她一起工作的人,因为她想要一个愿意长期工作的人。 这是一个人,他们的手指全靠指环,而不仅仅是一次挥拳。

“Thanks for the offer but I’m looking more for a partner or partners who want to work long time and make money.”

“感谢这项提议,但我正在寻找一个或多个想要长期工作并赚钱的合作伙伴。”

吸引我们的对手 (Engaging Our Adversary)

We knew it was imperative that we sound credible in order to get the attacker to talk. So we zipped up our black hoodies and threw ourselves into a tactical negotiation.

我们知道,为了让攻击者说话,我们必须信誉可靠。 因此,我们拉上了黑色帽衫的拉链,投入了战术谈判。

Our bogus offer:

我们的虚假报价:

  • Proof of access with all the info upfront — We absolutely had no intention of paying, but was it still possible to extract clues that would lead us back to either our victim MSP or one of their clients without handing over a single dime?预先提供所有信息的访问证明-我们绝对不打算付费,但是是否仍有可能提取线索,将我们带回受害者MSP或他们的客户之一,而无需交一分钱?

  • Down to $500 BTC, but we wanted to learn how to get access — not just get access by itself. Remember, our secondary goal is to actually understand more about our adversary.

    最低价格为500美元BTC,但我们想学习如何获得访问权-不仅仅是自己获得访问权。 请记住,我们的次要目标是真正了解我们的对手。

  • And lastly, the payment terms of the deal.最后是交易的付款条件。

Success!! She responded! And more importantly, we’re drawing her in to give us some important details.

成功!! 她回应了! 更重要的是,我们正在吸引她,向我们提供一些重要的细节。

“I was able to get in via phishing the credentials. User accounts, customer list, and compromised accounts I can show via screenshots…. MSP is a great target because of the plethora of clients.”

“我能够通过仿冒凭据进入。 我可以通过屏幕快照显示用户帐户,客户列表和被盗帐户...。 由于客户过多,因此MSP是一个不错的目标。”

私人对话 (Private Conversations)

It worked! We were DM’ing with her on Wickr, pretending to flush out the business arrangement. Our intention was to craft our responses convincingly so that she’d give us enough details to eventually identify the targeted MSP as soon as possible so they could start remediation.

有效! 我们在Wickr上与她DM在一起 ,假装冲销业务安排。 我们的目的是令人信服地制定我们的回应,以便她为我们提供足够的详细信息,以便最终尽快确定目标MSP,以便他们可以开始进行补救。

She sent us a screenshot of what she had compromised. Wickr would have notified w0zniak if we took an “in-app” screenshot, so we resorted to the next best thing — a picture of our phone.

msp432 读一个端口值_对手暴露了一个犯罪分子如何企图在黑暗的网络上出售MSP...相关推荐

  1. js 取得input绑定的datalist中的值_原生JS写一个ToDo Demo

    周六加班没什么事,于是乎...上班摸鱼,用原生JS写了一个ToDo Demo,废话少叙,直接看效果: 如图,实现了以下需求(以下的具体实现我会一一道来): 0.页面的基本布局: 1.rem布局.在不同 ...

  2. ejb能调用另一个ejb吗_异步EJB只是一个Gi头吗?

    ejb能调用另一个ejb吗 在之前的文章( 此处和此处 )中,我展示了当服务器负载沉重时,创建非阻塞异步应用程序可以提高性能. EJB 3.1引入了@Asynchronous批注,用于指定方法将在将来 ...

  3. js动态创建两个div 把其中一个添加到另一个的里面_我开发了一个鸿蒙在线教育APP!...

    鸿蒙 2.0 已经发布了有段时间了,目前网上也有些小 demo 了,但是缺乏稍微大点的项目代码. 我准备计划开发一个稍微正式点的项目,我写了个初略的项目需求清单,来体验鸿蒙应用开发. 目前我已经着手实 ...

  4. java后台传一个对象到前台_前台判断对象中的一个布尔值_前后台分离的项目中,如何优雅的传输boolean类型的参数...

    前言:需求 这是一个Spring + Angular前后台分离的项目,目前有一个查看作业列表的功能,并且已经设置了分页和几个查询参数,如图. 现在需要增加一个已评阅和未评阅的查询功能. Work实体的 ...

  5. java返回一个布尔值_关于java:返回布尔值的方法

    好的,所以我的问题是关于布尔值的回报. 对于我的Comp Sci作业,我必须使用方法制作课程注册程序,其中之一是添加课程方法. 基本上,您在目录中搜索该班级,如果匹配,则将其添加到学生时间表中,并返回 ...

  6. savefiledialog对话框的取消和确定按钮分别返回一个什么值?_确定按钮该放在左边还是右边?...

    更新优化一下. 英国的人机交互课题都喜欢研究一些和文化.游戏.智能硬件.弱势群体之类的"大课题",而我却偏喜欢琢磨一些接地气的东西,比如说:确定按钮应该放在左边还是右边? 做PC端 ...

  7. 如何用python编一个扫雷游戏_用 Python 做一个 Windows 扫雷游戏

    原标题:用 Python 做一个 Windows 扫雷游戏 本文代码基于 python3.6 和 pygame1.9.4. Windows XP 上的扫雷是无数80/90后的集体回忆,今天我们就用 P ...

  8. sh脚本每天创建一个文件夹_我每天创建一个月的视频。 这就是发生的事

    sh脚本每天创建一个文件夹 At the end of 2019 I promised that 2020 would be all about my YouTube channel. So that ...

  9. 用java做一个简单记事本_用记事本写一个简单的java程序

    用记事本写一个简单的java程序 第一步: 安装好jdk,并设置好环境变量. 桌面-计算机(右键)-属性-高级系统设置-环境变量-path-在变量值后加上:和jdk安装路径加上(路径即为C:\Prog ...

最新文章

  1. oracle 登录rman,Oracle 学习之RMAN(二)由此开始
  2. python怎么导入时间-python模块导入和time模块
  3. 微信 小程序组件 分页传参
  4. 中科大计算机是一流学科吗,安徽2017双一流学科排行榜:中国科技大学第一
  5. 多线程基础(二)pthread的了解
  6. Mysql SQLyog 使用详解
  7. 那些堪称软件神器的工具或网站
  8. 多变量时间序列相似度量
  9. 如何给猫起一个英文名字
  10. 微软必应(bing)不是一个好兆头!今天你病了吗?
  11. 介绍java 8 的 Period 和 Duration 类
  12. COMSOL和Matlab联合仿真之复合材料填充建模
  13. MakerBot Replicator Z18使用说明文档
  14. CVE-2020-1472NetLogon权限提升漏洞
  15. MathType7安装使用及please restart word to load mathtype addin properly的问题。
  16. Confluence 7 删除页面和子页面
  17. 【每天1分钟】MarkDown语法学习之插入表格
  18. Web系统大规模并发—电商秒杀与抢购
  19. C语言编写一下棋程序,C语言编写的与电脑下棋程序代码
  20. Submerge 3 for Mac 3.4.6 字幕制作工具 中文破解版下载

热门文章

  1. 牛客-小H的询问(线段树)
  2. xp系统简单tcpip服务器,xp系统没有tcpip协议怎么办,xp安装tcpip协议的方法
  3. windows media player 成为全能播放器
  4. ASIL等级确定与分解
  5. Docker 基本操作 数据卷 -- docker 数据卷基本操作、挂载数据卷
  6. DirectX 学习笔记(1)--什么是DirectX 和DirectX3D?
  7. 说人话的外科总论-第二章 无菌术
  8. 【Maven】自定义插件(新建项目开始):AbstractMojo,Mojo,pluginGroups,build,plugin,execution,phase,goals
  9. IT咨询巨头埃森哲遭遇勒索攻击事件,给了我们哪些启示?
  10. 一招搞定微软验证蓝色五角星。并通过微软正版验证计划!