The “S” Files
Spiderman – a spot in the Net?.
Read how Spiderman did it all for 10.000 USD! (Updated 1st August 2017) |
|
Tolder – The new Maxided shield company
Read how dedicated servers from Maxided are used and who is behind the setup. (Updated 2nd April 2017) |
|
Bestbuy – VDOS reloaded
Read how Bestbuy operated the largest Mirai-based botnet and the connection with VDOS. (Updated 23rd February 2017) |
|
Mirai and VDOS-S attacks against Lonestarcell in Liberia
Read about how Mirai is being used to attack Lonestarcell in Liberia and how VDOS was also used in the past against the GSM operator (Updated 9th November) |
|
Mirai runs hidden behind a new network prefix at dataflow.su
Read how we discovered where one of the Mirai C2 is hidden and how new network prefixes and fake ASNs are used by bulletproof hosters. Check how routing announcements are pushed from hidden locations, RIPE objects are created with fake documents and how a “grocery store” got the IP space! |
|
Nick The Lim – The upraise
Read about Nick Lim upraise against @MalwareTech and how @BannedOffline makes fun of the very same person that hosted Ghost Hackers Squad website |
|
Who is Raibow?
Learn who is behind many attacks in VDOS and Booter.xyz. Meet one more Pony. Meet Rainbow. |
|
New World Hackers and Blazingfast
Are the latest denial of service attacks really the work of Russian and Chinese hackers? |
|
Ponies in the mist and Stressit.org
Ponies in the mist tells you how we just found stressit.org and the right owner of Proginter.com that hosted booter.xyz powered by VDOS |
|
Booter XYZ and Proginter (Updated 15th October 2016) <PART I>
Who is behind 180k attacks using the VDOS booter API?. This is the story of booter.xyz and Proginter.com |
|
Proginter and the booter.xyz saga <PART II> (Last update: 1st November 2016)
Proginter.com has reached out to us to clarify his role in the stress testing service booter.xyz |
|
Harambe or not harambe! Attacks against SpoofIT (Updated 19th October 2016)
For the past twelve hours, the site is under denial of service attacks. Shame on you! |
|
The 665 Gbps attack on “Krebs On Security”
During the month of September 2016, we have been monitoring the activities of the Ghost Squad Hacker (GSH), a hacker group that until then actively participated in different Anonymous operations as #OpIcarus targeting banks or #OpIsrael. |
|
Kepler, the Russian web flooder If you wonder how malicious actors find newly assigned address space to operate bullet proof hosting providers, keep reading!We have been monitoring VDOS and other similar services for a few years now and trying to understand better this “pay-as-you-go attack industry”. |
|
New Mirai instances are being deployed! (Part 1)
This page collects updates about our findings about the Mirai botnet. The information contained in this page has been obtained after analyzing several samples of the malware. Despite the media attention that Mirai has received so far, very little information is available about the other infrastructure needed to operate the botnet. Mirai Samples (Part 2)
This article includes a collection of Mirai samples that we have collected for different platforms. |
|
Santas Big Candy Cane. Mirai C&C
The Friday 30th September, Anna-senpai posted the source code of the Mirai botnet. After reviewing the code and comparing with our own findings, we can confirm that the code release is authentic. The botnet communicates with two “services”, one of the services is the command and control and the other is a “reporter”… |
|
Fantomnet and Ghost Anti-DDoS
@BannedOffline started to collaborate closely with Fantomnet to build a anti-DDOS hosting service for GSH and their supporters: ghostantiddos.com. Fantonment claims two have two members Crazy and Mike Fantom. ghostantiddos.com’s low-cost DDOS protection strategy was to host the protected site behind third party providers offering DDOS protection and focus on layer 7 (application) protection as this the most common traffic that leaks through such providers. |
|
Are Stress Testing Services Legitimate?
The business logic behind stress testing services is that site owners should have the right to test and benchmark the security and performance of their websites. Stress testing owners offer a service that “in theory” is supposed to be used for legitimate purposes. Here is a collection of reasons why we believe that stress |
|
The “Sindicate” and DNS amplification
Thanks to the leak of data from VDOS stress tester we could get access to the history of commands run in the server. A selection of those commands shows how the owners of VDOS where feeding their attack amplification tools with lists of open resolvers. The lists were obtained by actively scanning the whole Internet from a server of an organization known as the “Sindicate Group”. |