References -Info Gathering

Python module : google, shodan

from Pastebin import PastebinAPI
x = PastebinAPI()
url = x.paste('1f2bcfc951d60cfc9c650f807173a207' ,'Snippet of code to paste goes here',paste_name = 'title of paste2',api_user_key = '4f95b64d1969e3f177f9492e3a5efc49', paste_format = 'python',
paste_private = 'unlisted',paste_expire_date = '10M')
print (url)
from google import search

for url in search('lgdisplay', stop=20):
import shodan


api = shodan.Shodan(SHODAN_API_KEY)

    results ='net:')
   # results ='')
    print ('Results found: %s' % results['total'])
    for result in results['matches']:
        print ('IP:%s' % result['ip_str'])
        print (result['data'])
        print ('')

except shodan.APIError(e):
        print ('Error:%s' % e)

Malware Sampling site

site list site

Ransomware history

Reference – Intelligence-Driven Threat Analysis Related


Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains


Reference – Cryptography (enigma ,ps3)

Enigma emulator (Symmetric)

How was hacked?

  • Only Word Character , Pattern
  • condition only alphabet and Heil Hitler (하일 히틀러), Keine besonderen Ereignisse (보고할 것 없음, 또는 이상 무) An die Gruppe (집단군에게)  ,’ein’ word
  • General used Enigma when he talked kidding.


PS3 (Asymmetric – ECDSA)

other linux function on PS

“when fail0verflow worked backwards from generated keys, they found out that a parameter that should have been randomized for each key generation wasn’t being randomized at all. Instead, the PS3 was using the same number for that variable, every single time, making it easy to work out acceptable keys.”

“In December 2010, a group calling itself fail0verflow announced recovery of the ECDSA private key used by Sony to sign software for the PlayStation 3 game console. However, this attack only worked because Sony did not properly implement the algorithm, because {\displaystyle k}k was static instead of random. As pointed out in the Signature generation algorithm section above, this makes {\displaystyle d_{A}}d_{A} solvable and the entire algorithm useless.[6]

Fail0verflow mov:

Reference site

Video Training /Training Sites: