[Solved] The spoof who sat by the door...

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
fullmoonremix

[Solved] The spoof who sat by the door...

Post#1 by fullmoonremix » 15 Apr 2016, 01:31

Salutations... :good:

I'm writing this thread to to reflect on and share my experiences,
regarding the sometimes possible odd behavior of compromised systems.

See if you can add to this list...

Disappearing file structures (missing tree on media source?).
Modules refusing to load (out of memory skipping?).
Additional (unknown?) modules loading.
Configuration file entries disappearing (edited file blank or returning to default?).
Ethernet stack disappearing (wifi only?).
File transfer errors (splicing?).
Missing installed packages (in /var/log/packages?).
Loaded modules failing to execute (or no menu entry?).

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service
Last edited by fullmoonremix on 12 May 2016, 20:36, edited 10 times in total.

Evan
Shogun
Shogun
Posts: 466
Joined: 11 Apr 2016, 09:00
Distribution: Distribution: *

Re: The spoof who sat by the door...

Post#2 by Evan » 18 Apr 2016, 12:27

<removed>
Last edited by Evan on 24 Jun 2016, 11:27, edited 1 time in total.

fullmoonremix

Re: The spoof who sat by the door...

Post#3 by fullmoonremix » 18 Apr 2016, 12:51

Salutations... :good:

I'm saying that this is what ANY booted OS could look like... AFTER being compromised.
It goes without saying... "if you see smoke then look for fire".

"Best Regards"... :beer:
Last edited by fullmoonremix on 18 Apr 2016, 13:06, edited 4 times in total.

Evan
Shogun
Shogun
Posts: 466
Joined: 11 Apr 2016, 09:00
Distribution: Distribution: *

Re: The spoof who sat by the door...

Post#4 by Evan » 18 Apr 2016, 12:57

<removed>
Last edited by Evan on 24 Jun 2016, 11:27, edited 1 time in total.

fullmoonremix

Re: The spoof who sat by the door...

Post#5 by fullmoonremix » 04 May 2016, 22:36

Salutations... :good:

Add to the list...
... @ boot time tab edit string variables randomly overwritten w/ numbers when scrolling the cursor.
... @ boot time font case randomly switching.
... mouse/touchpad moving erratically.
... UEFI/BIOS logging in by itself.
... system hangs or refuses to boot after the splash screen.

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

fullmoonremix

Re: [Solved] The spoof who sat by the door...

Post#6 by fullmoonremix » 12 May 2016, 20:42

Salutations... :good:

After many months of being attacked by what appears to be BadUSB :evil: I have prevailed :x (unfortunately... the radioactive stuff goes to "Area 51"). :wall:

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: [Solved] The spoof who sat by the door...

Post#7 by brokenman » 13 May 2016, 02:23

Glad to see you prevailed. badUSB is a work of art. A beautiful thing. Here is the (apparent) source code:
https://github.com/adamcaudill/Psychson

I truly hope it forces USB manufacturers to up their game. It is truly frightening how insecure most of the devices out there are. With the 'internet of things' looking like a real imaginable future they had better step up.

Forgot to add. Finding if your machine is compromised really comes back to one single thing. Why would someone compromise a system? If they are good then it is to glean information. How will this be done? Most probably via a network. This is where you should start looking. As you connect look at your machines network movement. What is open? What is communicating with it? Why? This is the 'ma bu' or horse stance of penetration investigation. Finding this and working backwards is one technique.
How do i become super user?
Wear your underpants on the outside and put on a cape.

fullmoonremix

Re: [Solved] The spoof who sat by the door...

Post#8 by fullmoonremix » 13 May 2016, 04:52

Salutations...

Yesterday I created a LXQT/PekWM... IPS "tarpit" router Porteus build to address the intrusion issue.
I will also build my custom "Coreboot" tarpit router ($350 USD) on the 1st of the month.
(... after my credit card cools off :wall: )

"Best Regards"... :beer:

Posted by 71.250.239.251 via http://webwarper.net
This is added while posting a message to avoid misusing the service

fullmoonremix

Re: [Solved] The spoof who sat by the door...

Post#9 by fullmoonremix » 25 May 2016, 00:09

Salutations... :good:

To add insult to injury... I lost 2 AMD mITX Kabini's and my dual mITX case (the front panel USB controller) to infection. :wall:
The butchers bill... $500 (USD). I just cannot transition to "Coreboot" fast enough.

"Best Regards"... :beer:

Posted by 73.150.85.78 via http://webwarper.net
This is added while posting a message to avoid misusing the service

Post Reply