Enero 2019
 << < > >>


¿Quién está en línea?

Miembro: 0
Visitante: 1

rss Sindicación

07 Agos 2015 - 13:00:57

Hack like HammerToss: Students spin social media into data siphons - The Register

It utilizes RSA along with Base64 encoding, in add-on to steganography which can hide data inside sounds along with images.

The team includes Nelson; Bryan Wasti; Gabe Butterick; Nick Francisci; Bonnie Ishiguro, and also Nora Mohamed.

The student's Sneaky Creeper Python instrument inside development prior to the HammerToss revelations enables hackers to move data in along with from popped networks more than Tumblr, Twitter, along with SoundCloud.

"It is actually kinda cool that you can encode your information as audio along with upload it in order to SoundCloud along with download it later," Butterick says.

A sextet associated with security students have released any instrument that spins social media networks into stealthy data siphons, an approach currently inside use by simply an elite Russian hacking group.

. it can encoding and will be also actually flexible and also adaptable," researcher Dakota Nelson says.

"From the particular network perspective it looks just like someone uploading to become able to SoundCloud as normal, with nothing unusual heading on, nevertheless you're one command series coming from pulling which data out."

They questioned the protection neighborhood to help make make contact with with the particular team for any advice or remark that might aid making use of their exfiltration works.

"It is actually a fresh sort associated with attack vector, along with we're wanting to bring focus on it," Wasti says.

The device released from BSides las Vegas this week assists hackers emulate your information pillaging tactics with the HammerToss crime group. ®

Sneaky Creeper will be useful however requires much polishing and also can be compiled to a Linux binary with a Windows port inside the works. Olin college associated with Engineering throughout Massachusetts.

The team will think about working about "push-button" exfiltration for the ultra-lazy hacker described like a "one-stop-shop" for manual theft.

"It is truly a framework designed to get modules added while they tend to be needed.

"It can become a information exfiltration framework which that makes use of social media to move your data in and also out, regarding command as well as manage ... FireEye last week described its social media siphon tricks as marking the actual group's elite status.

"If you played the background music it sounds terrible."

The Twitter module could issue and pull down encoded tweets from an attacker's Twitter account associated with choice.

The social network channels help keep information movements beneath the actual radar, according towards the team coming from Franklin W

Admin · 21471 vistas · Escribir un comentario

Vínculo permanente hacia el artículo completo


Este artículo no tiene Comentario por el momento .....

Escribir un comentario

Estatuto de los nuevos comentarios: Publicado

Se mostrará tu URL

Por favor introduce el código contenido en las imágenes.

Texto del comentario

   (Salvar el nombre, el mail y la URL en los cookies)