[Solved] The spoof who sat by the door...
[Solved] The spoof who sat by the door...
Salutations...
I'm writing this thread to to reflect on and share my experiences,
regarding the sometimes possible odd behavior of compromised systems.
See if you can add to this list...
Disappearing file structures (missing tree on media source?).
Modules refusing to load (out of memory skipping?).
Additional (unknown?) modules loading.
Configuration file entries disappearing (edited file blank or returning to default?).
Ethernet stack disappearing (wifi only?).
File transfer errors (splicing?).
Missing installed packages (in /var/log/packages?).
Loaded modules failing to execute (or no menu entry?).
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
I'm writing this thread to to reflect on and share my experiences,
regarding the sometimes possible odd behavior of compromised systems.
See if you can add to this list...
Disappearing file structures (missing tree on media source?).
Modules refusing to load (out of memory skipping?).
Additional (unknown?) modules loading.
Configuration file entries disappearing (edited file blank or returning to default?).
Ethernet stack disappearing (wifi only?).
File transfer errors (splicing?).
Missing installed packages (in /var/log/packages?).
Loaded modules failing to execute (or no menu entry?).
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 12 May 2016, 20:36, edited 10 times in total.
Re: The spoof who sat by the door...
<removed>
Last edited by Evan on 24 Jun 2016, 11:27, edited 1 time in total.
Re: The spoof who sat by the door...
Salutations...
I'm saying that this is what ANY booted OS could look like... AFTER being compromised.
It goes without saying... "if you see smoke then look for fire".
"Best Regards"...
I'm saying that this is what ANY booted OS could look like... AFTER being compromised.
It goes without saying... "if you see smoke then look for fire".
"Best Regards"...
Last edited by fullmoonremix on 18 Apr 2016, 13:06, edited 4 times in total.
Re: The spoof who sat by the door...
<removed>
Last edited by Evan on 24 Jun 2016, 11:27, edited 1 time in total.
Re: The spoof who sat by the door...
Salutations...
Add to the list...
... @ boot time tab edit string variables randomly overwritten w/ numbers when scrolling the cursor.
... @ boot time font case randomly switching.
... mouse/touchpad moving erratically.
... UEFI/BIOS logging in by itself.
... system hangs or refuses to boot after the splash screen.
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Add to the list...
... @ boot time tab edit string variables randomly overwritten w/ numbers when scrolling the cursor.
... @ boot time font case randomly switching.
... mouse/touchpad moving erratically.
... UEFI/BIOS logging in by itself.
... system hangs or refuses to boot after the splash screen.
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Re: [Solved] The spoof who sat by the door...
Salutations...
After many months of being attacked by what appears to be BadUSB I have prevailed (unfortunately... the radioactive stuff goes to "Area 51").
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
After many months of being attacked by what appears to be BadUSB I have prevailed (unfortunately... the radioactive stuff goes to "Area 51").
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
- brokenman
- Site Admin
- Posts: 6105
- Joined: 27 Dec 2010, 03:50
- Distribution: Porteus v4 all desktops
- Location: Brazil
Re: [Solved] The spoof who sat by the door...
Glad to see you prevailed. badUSB is a work of art. A beautiful thing. Here is the (apparent) source code:
https://github.com/adamcaudill/Psychson
I truly hope it forces USB manufacturers to up their game. It is truly frightening how insecure most of the devices out there are. With the 'internet of things' looking like a real imaginable future they had better step up.
Forgot to add. Finding if your machine is compromised really comes back to one single thing. Why would someone compromise a system? If they are good then it is to glean information. How will this be done? Most probably via a network. This is where you should start looking. As you connect look at your machines network movement. What is open? What is communicating with it? Why? This is the 'ma bu' or horse stance of penetration investigation. Finding this and working backwards is one technique.
https://github.com/adamcaudill/Psychson
I truly hope it forces USB manufacturers to up their game. It is truly frightening how insecure most of the devices out there are. With the 'internet of things' looking like a real imaginable future they had better step up.
Forgot to add. Finding if your machine is compromised really comes back to one single thing. Why would someone compromise a system? If they are good then it is to glean information. How will this be done? Most probably via a network. This is where you should start looking. As you connect look at your machines network movement. What is open? What is communicating with it? Why? This is the 'ma bu' or horse stance of penetration investigation. Finding this and working backwards is one technique.
How do i become super user?
Wear your underpants on the outside and put on a cape.
Wear your underpants on the outside and put on a cape.
Re: [Solved] The spoof who sat by the door...
Salutations...
Yesterday I created a LXQT/PekWM... IPS "tarpit" router Porteus build to address the intrusion issue.
I will also build my custom "Coreboot" tarpit router ($350 USD) on the 1st of the month.
(... after my credit card cools off )
"Best Regards"...
Posted by 71.250.239.251 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Yesterday I created a LXQT/PekWM... IPS "tarpit" router Porteus build to address the intrusion issue.
I will also build my custom "Coreboot" tarpit router ($350 USD) on the 1st of the month.
(... after my credit card cools off )
"Best Regards"...
Posted by 71.250.239.251 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Re: [Solved] The spoof who sat by the door...
Salutations...
To add insult to injury... I lost 2 AMD mITX Kabini's and my dual mITX case (the front panel USB controller) to infection.
The butchers bill... $500 (USD). I just cannot transition to "Coreboot" fast enough.
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
To add insult to injury... I lost 2 AMD mITX Kabini's and my dual mITX case (the front panel USB controller) to infection.
The butchers bill... $500 (USD). I just cannot transition to "Coreboot" fast enough.
"Best Regards"...
Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service