Archive for May, 2014

Recently, The Wall Street Journal published an interesting article about single pixel advertising on the website USFunVideos.com. Besides the content, the website displayed several tiny websites, each the size of a single pixel on a computer screen.

Those tiny websites had barely any content but served up advertisements which were invisible to the naked eye.

The Whois details of USFunVideos.com reveal that the domain is registered to Malcom Dawn in Malaga, Spain but “Mr. Dawn” is unknown at the provided telephone number.

According to Mdot’s team oneemedia.com is associated with the site but the researchers were unable to find additional information.

Does the trail really end here?

Digging deeper, we actually can link USFunVideos.com and the single pixel advertising incident to Creafi Online Media, an advertising company with offices in Seville – Marbella – Madrid | Spain, London | UK, Martin | Slovakia, Sliema | Malta, Los Angeles | USA, Sao Paulo | Brazil and Johannesburg | South Africa.

    1. The registrant email of USFunVideos.com is daniel@guesswho.eu.

Creafi Online Media

    1. In the source code of USFunVideos.com there’s a commented out iframe to ads.guesswho.eu.

Creafi Online Media

    1. The registrant email of ads.guesswho.eu is daniel@guesswho.eu, the registrant name is Daniel Novak from Martin | Slovak Republic where Creafi Online Media has an office. “Daniel Novak” is associated with about 152 other domains.

Creafi Online Media

    1. Daniel Novak is the CTO of Creafi Online Media in Martin | Slovakia.

Creafi Online Media

    1. ads.guesswho.eu is an alias for www.srv3-creafi-online-media.com.

Creafi Online Media

    1. The Registry Tech ID for www.srv3-creafi-online-media.com is Jens Haxgart, Cierva16 in Marbella, Spain.

Creafi Online Media

    1. C/Juan de la Cierva 16 in Marbella, Spain is also an office of Creafi Online Media.

Creafi Online Media

Creafi Online Media

Creafi Online Media is also a founding member of the Crazy4Media Group.

The Crazy4Media Group is made up of various companies specialised in different areas of the interactive marketing sector. Each company offers complementary functions and knowledge, including:

  • Creafi Online Media, Online and Mobile Advertising Network
  • Froggie Mobile Marketing, Mobile Marketing & Billing Agency
  • HaxHax, Premium RTB Partner for Display and Video on PC & Mobile

Source: IAB Europe

ads.creafi-online-media.com

The domain ads.creafi-online-media.com can be linked to Yahoo / Right Media.

X-RightMedia-Hostname: raptor0498.rm.ne1.yahoo.com

Creafi Online Media

The domain ads.creafi-online-media.com is cited at Server Fault, possibly related to a click-fraud botnet and open proxy abuse.

Creafi Online Media

According to VirusTotal, several malware binaries are communicating with ads.creafi-online-media.com.

Creafi Online Media

 

NS1.MOJHOSTING.SK

 

Reverse Name Server Lookup
4elements.sk | 4friends.sk | a-kustra.sk | accmanager.eu | accserver.eu | accsystems.eu | adsrv-s1.com | adsrv-s2.com | adsrv-s3.com | adsrv-s4.com | agenturadomino.com | agenturapf.sk | aloeveradrink.sk | alva.sk | alzbetka-no.sk | animaltv.hu | art-time.sk | asaauto.sk | ascorpsk.sk | atechbau.com | auto-moto-pneuservis.sk | autocambio.sk | avvocato.sk | bafer.sk | baksagarden.sk | barretro.sk | belhouse.sk | belmar.sk | best-football.org | bestenglish.sk | bestgoals.net | boba.sk | boraros2.eu | bratislava2011.sk | brent.sk | byvanicko.sk | cato.sk | cernobileturne.sk | chelemendik.sk | chemex-media.com | clovekprecloveka.sk | clreas.com | clubber.sk | clubbermedia.sk | computer-software-download.info | conser.eu | copa-media.com | corro.sk | creafi-online-media.co.uk | dadaconsult.sk | danoheriban.sk | datacar.sk | denkz.net | dermek.sk | dirtyharry.sk | dobre-rano.sk | dobrovolnik.sk | dolezite.sk | domaz.sk | domeny-webhosting.info | domsvitania.sk | doubleb.sk | durdovansky.sk | dusanschiffel.com | easysms.sk | ekoauditor.sk | ekoservis.sk | ellmedi.com | elprof.sk | elteq.sk | envysports.cz | eshop24.sk | externautomotive.com | faixas.net | fakturuj.sk | feketesolyom.sk | finallyproduction.com | fordcapri.sk | fscslovakia.sk | fullmoonparty.sk | fullservis.sk | funhax.com | fxpeon.com | galloway.sk | garderoba.sk | go4.sk | golfreport.sk | gossiptale.com | gpnet.eu | gpnet.sk | grade.sk | gravirovane.sk | greengroup.sk | gryphon.sk | guesswho.eu | habitus.sk | haxgart.com | haxhax.com | heddykeddy.com | hiconsulting.sk | hokejbal.sk | homosexualita.sk | hotelenchante.sk | hotelsmokovec.sk | hrykomunikacie.sk | hudacky.sk | iboard.sk | ideme.sk | imrichcar.sk | interaktivnatabula.sk | interrupcia.sk | istartup.sk | iveko.sk | jaw.sk | jjautomotive.eu | jkmertz.com | jmazan.sk | jurajtatar.com | kadako.sk | kakaoveboby.sk | kalabria.biz | katarinaknechtova.com | katarinaknechtova.sk | katkaknechtova.com | keselakova.sk | klimapo.sk | klonovanie.sk | kozenepenazenky.eu | kozenepenazenky.sk | krojovanebabiky.sk | kywitech.sk | laax.sk | lecristal.sk | ledit.sk | ledpoint.sk | likebreak.com | loma-media.com | lonelyplanet.sk | lucerna-tvrdosovce.com | magmedia.sk | makita-sk.sk | marencin.sk | marimex.sk | marioturnergolf.sk | marki-online.net | martinhorkavy.sk | marvelpit.sk | mas-com.sk | maurer.sk | mcm.sk | meditex-piestany.sk | merida-media.com | mobilemovietrailers.com | mojatvorba.sk | mojbazar.sk | mojeciele.sk | mojhosting.sk | mojshop.sk | monitorio.sk | mulheres-insanas.com.br | multi-gyn.sk | mvaace.sk | neonex.sk | netporadna.sk | new-music-downloads.info | ngoflos.sk | nigmae.net | nilland.com | nussy.sk | nuxbi.com | obadisaleh.com | octopusenergi.cz | odc.sk | oknoplast-jr.cz | olejko.sk | omikron-rk.sk | oneemedia.com | oneemedia.sk | ozvucenie.com | palisades.sk | peknamodra.sk | petrox.sk | pga.sk | pink-gossip.net | pink-maiden.com | pinkie.sk | pkplast.sk | plejsyapartmany.sk | plusshop.sk | pneumatshop.eu | poradenskapsychologicka.sk | prank-monkey.net | premiumpresent.sk | priateliazvierat.sk | profitelektro.sk | profitters.sk | progressivefr.com | provizny-system.sk | realizsportteam.sk | regiony.sk | reportgirl.com | rex-rotary.sk | rivals.sk | rltaxi.sk | rocco-digital-media.com | rokli.net | rovinka-park.eu | sajch.sk | salonsissi.sk | saning.sk | sappe.at | sappe.cz | sappe.sk | sappeeu.eu | sappeeurope.de | sappeeurope.eu | sarisancek.sk | savol.info | schwarz.sk | scooby.sk | senior.sk | senziwood.sk | servispraciek.com | setuphosting.net | sevcovic.sk | shockwomen.com | shopmagic.sk | shopmania.sk | siba.sk | sipox-media.com | skolajanos.sk | skvrk.sk | slovakiapromotion.com | slovakiapromotion.sk | slovmont.sk | sofis.sk | spermolado.com | sportdoor.cz | sportdoor.sk | sportiestore.com | squash-imet.sk | srv3-creafi-online-media.com | starlit.sk | stefanvrabec.sk | steridex.sk | streethockey.sk | studentservisbj.sk | stuzkova.com | stuzkove.com | superdefense.sk | svetnechtov.sk | szzp.sk | tampex.sk | tatra-travel.sk | terradeselinan.sk | thermastav.sk | thomas-dexter.com | towers.sk | trabel.sk | travnatekoberce.sk | tri-con.sk | umeleoplodnenie.sk | uniko.sk | urbancasuals.sk | usbestvideos.com | usfunvideos.com | ustreamvideo.com | videos4fun.net | vivanet.sk | vladimir-uhrin.sk | webmagic.sk | wildhorsesmc.sk | womenscandal.com | zahrada24.sk | zdravastrava.sk | zdravycaj.sk | zepter-media.com | zombotron.sk | zsapka.com

 

Other domains associated with daniel@guesswho.eu

www.usbestvideos.com | usbestgames.com | vstreamvideo.com | vstreamvideo2.com | vstreamvideo3.com

 

Hat tip to http://stopmalvertising.com/

This content is password protected. To view it please enter your password below:

Zombie Browsers

| May 31st, 2014

Zombie browsers


Browser extensions, that may harm your computer. Firefox, Chrome, Safari browser extensions, Rails command & control server, meterpreter scripts, SET plugin.

Contributors: Z & Misi

Web site: https://github.com/skinsch/ZombieBrowserPack  (forked)

Interesting Stuff

| May 31st, 2014

Talks

Paul Asadoorian and John Strand
DerbyCon 2.0 2012 – Offensive Countermeasures: Still trying to bring sexy back
DerbyCon 3.0 2013 – Hacking Back Active Defense And Internet Tough Guys

Raphael Mudge

Bsides Las Vegas 2012 – Force Multipliers for Red Team Operations
DEFCON 20 2012 – Cortana: Rise of the Automated Red Team
Derbycon 3.0 2013 – Browser Pivoting (FU2FA)
ShowMeCon 2014 – Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing

Tom Steele and Dan Kottmann

Defcon 21 – Collaborative Penetration Testing With Lair
DerbyCon 3.0 2013 – Collaborative Penetration Testing With Lair

Tom Steele

ShmooCon 2013 Firetalks – ShellSquid Distributed Shells With Node

Solomon Sonya, Nick Kulesza

Derbycon 3.0 2013 – Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network

Chris Gates and Joe McCray

Shmoocon Epilogue 2013 – The Evolution of Pentesting High Security Environments

Chris Gates and Mubix “Rob” Fuller

DerbyCon 1.0 2011 – The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
DerbyCon 2.0 2012 – Dirty Little Secrets Part 2
DerbyCon 3.0 2013 – Windows Attacks: AT is the new black

Rick Redman

DerbyCon 3.0 2013 – Cracking Corporate Passwords – Exploiting Password Policy Weaknesses

Andrew MacPherson and Roelof Temmingh

Black Hat 2013 – Maltego Tungsten As a Collaborative Attack Platform


Shane Macdougall

DerbyCon 3.0 2013 – Practical Osint

Moxie Marlinspike

Blackhat 2010 – New threats to privacy

Articles and Slides

Defense

Active defense

Active Defense Harbinger Distribution (ADHD) – http://sourceforge.net/projects/adhd/

Project Artillery – https://www.trustedsec.com/downloads/artillery/

HoneyDocs – https://www.honeydocs.com/

Honeywords Project – http://people.csail.mit.edu/rivest/honeywords/

Honeytokens – http://www.symantec.com/connect/articles/honeytokens-other-honeypot
Honeytokens – https://www.auto.tuwien.ac.at/Workshops/dimva05/papers/cenys.pdf

Honeyports – http://pauldotcom.com/2013/08/honeyports-tech-segment-with-p.html

Whitelisting

Whitetrash – http://whitetrash.sourceforge.net/

Penetration testing

Team collaboration tools

Armitage – http://www.fastandeasyhacking.com/

Cobalt Strike – http://www.advancedpentest.com/

Immunity STRATEGIC (CANVAS) – http://www.immunityinc.com/products-strategic.shtml

Splinter – https://github.com/splinterbotnet

Information sharing tools

Dradis – http://dradisframework.org/

Lair – https://github.com/fishnetsecurity/Lair

White Chapel – http://www.room362.com/blog/2013/01/18/intro-to-white-chapel/

Magic Tree – http://www.gremwell.com/what_is_magictree

Information Gathering and Reconnaissance

osintstalker – https://github.com/milo2012/osintstalker

rapportive.py – http://jordan-wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-rapportive/

Alexa – http://www.alexa.com/
Alexa 1 Million Top-Sites CSV – http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

Scanning and Exploitation

SMBEXEC – https://github.com/pentestgeek/smbexec

Powershell Portscanner – http://webstersprodigy.net/2013/07/01/powershell-portscanner/

Post Exploitation

Post Exploitation Wiki – https://github.com/mubix/post-exploitation-wiki

Poor man’s VPN pivoting – http://www.phillips321.co.uk/2013/10/29/poor-mans-vpn-pivot-at-last/

Password Cracking

“Crack Me If You Can” – DEFCON 2010, Korelogic Rules – http://contest-2010.korelogic.com/rules.html

John The Ripper rockyou.chr README – https://www.korelogic.com/Resources/Tools/README-rockyou.txt
John The Ripper rockyou.chr – https://www.korelogic.com/Resources/Tools/rockyou.chr
John The Ripper rockyou-lanman.chr – https://www.korelogic.com/Resources/Tools/rockyou-lanman.chr

Wordlist mode rulesets for use with John the Ripper – http://openwall.info/wiki/john/rules

Free Rainbow Tables – https://www.freerainbowtables.com/

ophcrack – http://ophcrack.sourceforge.net/

Phising

Phishing Frenzy – http://www.pentestgeek.com/2013/11/04/introducing-phishing-frenzy/

Phish5 – https://phish5.com/

Threat Agent – https://www.threatagent.com/

Phishing Simulator – https://secure.tracesecurity.com/index.cfm

Other

Binwalk – https://code.google.com/p/binwalk/

Netzob: Reverse Engineering Communication Protocols – http://www.netzob.org/

Malware

Online checks / sandboxes

VirusTotal – https://www.virustotal.com

Malwr – https://malwr.com/

Cuckoo Sandbox – http://www.cuckoosandbox.org/

HOWTOs

Windows 7 / Kali Dualboot with Full Disk Encryption (FDE) – http://0x776b7364.wordpress.com/2013/06/19/windows-7-kali-dualboot-with-full-disk-encryption-fde/

Reset Local Administrator Password Using A Different Random String On Each Computer And Recover The Passwords Securely – http://www.sans.org/windows-security/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise

IT security / Pentest job interview questions/stuff

Daniel Miessler’s blog post – http://www.danielmiessler.com/study/infosec_interview_questions/

Jamie Rougvie’s blog – http://jamierougive.co.uk/jobs/interviewing/

Craig Freyman’s blog post – http://www.pwnag3.com/2013/12/penetration-testing-interviews-minimum.html

My Information Security Job – http://www.myinfosecjob.com/2010/03/itinformation-security-interview-questions/

Websites

Podcasts

Risky Business – http://risky.biz/

Secure GSM communication

Whispersystems (RedPhone, TextSecure) – https://whispersystems.org/
Abine (DoNotTrachMe, MaskMe) – https://www.abine.com/

Real time honeymaps


HoneyMap – http://map.honeynet.org/

CIRCL map – http://map.circl.lu/
Sicherheitstacho (T-Systems) – http://www.sicherheitstacho.eu/

Other
Thinkts.com – http://thinkst.com/index.shtml
ConCollector – http://cc.thinkst.com/

This content is password protected. To view it please enter your password below: