References -Info Gathering

Python module : google, shodan

https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf

http://www.mrjoeyjohnson.com/Google.Hacking.Filters.pdf

from Pastebin import PastebinAPI
x = PastebinAPI()
url = x.paste('1f2bcfc951d60cfc9c650f807173a207' ,'Snippet of code to paste goes here',paste_name = 'title of paste2',api_user_key = '4f95b64d1969e3f177f9492e3a5efc49', paste_format = 'python',
paste_private = 'unlisted',paste_expire_date = '10M')
print (url)
from google import search

for url in search('lgdisplay', stop=20):
    print(url)
import shodan

SHODAN_API_KEY="aZqb9lOL6QTLRlzrVBozDv9C0noTl85i"

api = shodan.Shodan(SHODAN_API_KEY)

try:
    results = api.search('net:183.98.81.0/24')
   # results = api.host('183.98.81.202')
    print(results)
    print ('Results found: %s' % results['total'])
    for result in results['matches']:
        print ('IP:%s' % result['ip_str'])
        print (result['data'])
        print ('')

except shodan.APIError(e):
        print ('Error:%s' % e)

Malware Sampling site

http://www.malware-traffic-analysis.net/training-exercises.html

http://contagiodump.blogspot.kr/

http://malware.dontneedcoffee.com/

site list site https://zeltser.com/malware-sample-sources/

 https://github.com/ytisf/theZoo/tree/master/malwares/Source/Original

Ransomware history
http://www.csoonline.com/article/3095956/data-breach/the-history-of-ransomware.html

Reference – Intelligence-Driven Threat Analysis Related

 

Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf

lm-white-paper-intel-driven-defense

http://www.cyberdefensereview.org/2016/10/13/darknet-mining/

https://threatpost.com/the-time-has-come-to-hack-the-planet/117419/

Reference – Cryptography (enigma ,ps3)

Enigma emulator (Symmetric)

 

http://enigma.louisedade.co.uk/enigma.html

http://enigma.louisedade.co.uk/howitworks.html

http://www.techrepublic.com/article/the-women-who-helped-crack-nazi-codes-at-bletchley-park/

How was hacked?

  • Only Word Character , Pattern
  • condition only alphabet and Heil Hitler (하일 히틀러), Keine besonderen Ereignisse (보고할 것 없음, 또는 이상 무) An die Gruppe (집단군에게)  ,’ein’ word
  • General used Enigma when he talked kidding.

==================================================

PS3 (Asymmetric – ECDSA)

other linux function on PS
jailbreaking

“when fail0verflow worked backwards from generated keys, they found out that a parameter that should have been randomized for each key generation wasn’t being randomized at all. Instead, the PS3 was using the same number for that variable, every single time, making it easy to work out acceptable keys.”

“In December 2010, a group calling itself fail0verflow announced recovery of the ECDSA private key used by Sony to sign software for the PlayStation 3 game console. However, this attack only worked because Sony did not properly implement the algorithm, because {\displaystyle k}k was static instead of random. As pointed out in the Signature generation algorithm section above, this makes {\displaystyle d_{A}}d_{A} solvable and the entire algorithm useless.[6]

http://arstechnica.com/gaming/2010/12/ps3-hacked-through-poor-implementation-of-cryptography/

https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Signature_generation_algorithm

Fail0verflow mov:

http://psx-scene.com/forums/content/sony-s-ps3-security-epic-fail-videos-within-581/

Reference site

https://www.cybrary.it/0p3n/information-research-content-categorization/

Video Training /Training Sites:

===========================================================