BsidesChicago and THOTCON 2015

A few days ago, THOTCON 0x6 and BSidesChicago took place in Chicago. We were both privileged enough to be accepted to speak at BSidesChicago which, for an event that almost didn’t happen, was the best BSidesChicago we’ve attended.


AK: I was finally able to speak about the results I discovered from DGA seed bruteforcing research I previously blogged about here. Botnet command and control architectures were discussed while DGA backends were focused on, Ramnit and its DGA were described, the algorithm I used ...

Five Things To Know About The Tesla Motors Compromise

As many of you have heard, Tesla Motors’ website was “hacked” on Saturday as well as its official Twitter account. The website was redirected to a server hosted in Amsterdam. Within a few minutes, the account began sending tweets promising free Tesla cars to those who called a certain phone number, which belonged to a computer repair shop in Illinois, and was presumably tweeted out to flood the number’s owner with calls. Later that same day it was revealed that Tesla ...

“Operation Source” AAEH Botnet Takedown

“Operation Source” scored a win for the home team yesterday by taking down the AAEH botnet (also known as Beebone). This multi-organization effort (see the full list of organizations below) resulted in the domains associated with the botnet being sinkholed. This effort provides a window of time for the infection to be cleaned up before it receives new marching orders.

You can read more about the malware associated with this network in the US-CERT post or in the press release from ...

Finding Malicious Connections within Memory

The Importance of Memory Forensics

Information security practitioners know the benefits of examining multiple sources of system data. This is one of the corner stones of the SIEM. By accumulating multiple sources of log data a richer and fuller picture can be developed. I like to break down sources of security data into four categories:

system state including memory contents, registry entries, logged on users and more system disk including stored files and their locations, system or event logs and more recorded network traffic ...

Solving the Honeynet Forensic Challenge – “Weird Python”

Two weeks ago I saw on Twitter that Thomas Chopitea and Maximilian Hils of The Honeynet Project were nice enough to create an online forensics challenge. I had a Sunday afternoon free and thought I’d give it a shot. I ended up completing most of the challenge. This blog serves as a walk through for my solution.

Network Forensics

I’ve talked about my approach to network forensics before and thought, “what better time to practice what I preach?”. First I read over ...