Rombertik is a complex piece of malware with several layers of obfuscation and anti-analysis functionality that is ultimately designed to steal user data.
lié depuis http://www.cyberisques.com/fr/mots-cles-3/442-etude-trend-ponemon-proteger-sa-vie-privee-contre-la-divulgation-de-donnees-sensibles-et-confidentielles-sans-autorisation-est-un-droit
(voir les liens en bas pour le rapport complet)
This tool is for parsing, decoding and logging information from the Master File Table ($MFT) to a csv. It is logging a large amount of data and that has been the main purpose from the very start. Having all this data in a csv is convenient for further analysis. It supports getting the $MFT from a variety of sources.
https://github.com/jschicht/Mft2Csv/wiki/Mft2Csv
https://github.com/jschicht
http://www.cisco.com/c/en/us/products/ios-nx-os-software/eos-eol-listing.html
? IOS 12.2 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-release-12-2/prod_end-of-life_notice0900aecd80330813.html
-> IOS 12.2.33 SXJ http://www.cisco.com/c/en/us/products/collateral/switches/mgx-8800-series-switches/end-of-life-notice-c51-729742.html
? IOS 12.3 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-3-mainline/prod_end-of-life_notice0900aecd8052e110.html
? IOS 12.4 http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-software-releases-12-4-mainline/end_of_life_notice_c51-574251.html
? IOS 15.x http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-15-1m-t/eos-eol-notice-listing.html
and browse here: http://www.cisco.com/cisco/web/psa/default.html?mode=prod&level0=268438303
ex:
- 3548 XL http://www.cisco.com/c/en/us/support/switches/catalyst-3548-xl-switch/model.html IOS 12.0(5)WC17 http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3500-xl-series-switches/prod_end-of-life_notice0900aecd8021a948.html
? PANOS https://www.paloaltonetworks.com/support/end-of-life-announcements/end-of-life-summary.html
? ScreenOS http://www.juniper.net/support/eol/screenos.html
? TMOS F5 / BIGIP https://support.f5.com/kb/en-us/solutions/public/3000/200/sol3225.html
http://www.nosdeputes.fr/anne-yvonne-le-dain http://www.assemblee-nationale.fr/presse/communiques/20150409-11.asp
voir portail de L'office parlementaire d'évaluation des choix scientifiques et technologiques http://www.assemblee-nationale.fr/commissions/opecst-index.asp
sénat, http://www.senat.fr/opecst/index.html
auditions http://www.senat.fr/rap/r14-271-2/r14-271-2.html
http://www.r00tsec.com/2011/10/list-of-javascript-obfuscate-tools.html
dollars javascript code – yet another Javascript obfuscation method for cc frauds
http://extraexploit.blogspot.fr/2010/10/dollars-javascript-code-yet-another.html
http://relentless-coding.org/projects/jsdetox/info
http://stackoverflow.com/questions/26382658/alternative-to-window-crypto-signtext-in-firefox-33
encryption exemple http://blog.engelke.com/2014/07/16/symmetric-cryptography-in-the-browser-conclusion/
http://qnimate.com/post-series/web-cryptography-api-tutorial/
subtle crypto object https://msdn.microsoft.com/en-us/library/ie/dn302325%28v=vs.85%29.aspx
Mouse Input - OSDev Wiki http://wiki.osdev.org/Mouse_Input
...
The PS/2 Mouse Interface http://www.computer-engineering.org/ps2mouse/
http://letsmakerobots.com/content/reading-usb-mouse-data-linux-somebody-else-c-app-and-my-python (http://letsmakerobots.com/node/9355)
Writing Linux Mouse Drivers (Alan Cox) http://www.linux-mag.com/id/330/
--
https://131002.net/blake/
http://www.seanet.com/~bugbee/crypto/blake/
http://www.cl.cam.ac.uk/~fms27/serpent/
https://www.gnupg.org/%28de%29/documentation/manuals/gcrypt/Working-with-cipher-handles.html
http://search.cpan.org/~aar/Crypt-GCrypt-1.24/lib/Crypt/GCrypt.pm
https://github.com/doegox/python-cryptoplus http://wiki.yobi.be/wiki/PyCryptoPlus
http://stackoverflow.com/questions/14174486/issue-with-encryption-and-decryption-of-a-file-in-c-with-aes256-cbc-using-libgcr
https://en.wikipedia.org/wiki/Zip_%28file_format%29
https://en.wikipedia.org/wiki/Ciphertext_stealing#CBC_ciphertext_stealing
https://fr.wikipedia.org/wiki/Mode_d%27op%C3%A9ration_%28cryptographie%29#Chiffrement_avec_vol_de_texte_:_.C2.AB_CipherText_Stealing_.C2.BB_.28CTS.29
http://stackoverflow.com/questions/10411036/how-can-i-encrypt-decrypt-data-using-aes-cbccts-ciphertext-stealing-mode-in-p
http://stackoverflow.com/questions/12328320/php-implementing-ciphertext-stealing-cts-with-cbc
Simian Army consists of services (Monkeys) in the cloud for generating various kinds of failures, detecting abnormal conditions, and testing our ability to survive them. The goal is to keep our cloud safe, secure, and highly available. More details can be found at this blog.
http://techblog.netflix.com/2011/07/netflix-simian-army.html
Hiding executables and DLLs in PNG files is yet another attempt to avoid detection and deliver malicious content to user systems. In this instance, the malicious content is placed at the end of the real PNG file data.
kvm, virsh, xml....
à voir pour compléter la caisse à clous
myst (my snifing tool) arp cache poisoning MitM with scapy
via http://sebsauvage.net/links/?O4AeMQ
bouquemarque: répondre au FUD
http://timesofindia.indiatimes.com/tech/tech-news/After-layoffs-IBM-announces-bonus-for-top-executives/articleshow/46074624.cms
http://www.livenewspak.com/ibm-brings-back-bonuses-for-top-execs-even-as-profits-slide/
http://www.usatoday.com/story/money/2015/01/30/despite-lackluster-performance-ibms-rometty-gets-36-million-2014-bonus/22613197/
http://www.poughkeepsiejournal.com/story/news/local/2015/01/30/ibm-ceo-pay-raise/22618399/
http://uk.businessinsider.com/ibm-ceo-ginni-rometty-gets-a-raise-2015-1?r=US