Scribd Logo
Upload

Welcome to Scribd!

  • Did Anyone Get The Name of That Hacker Who PWNED Me?: Lance Cottrell

    Uploaded by

    lancecottrell
    6 views15 pages
    This document discusses techniques that hackers and attackers use to hide their identity and location online. It provides tips for spotting hidden identities, such as looking for unusual IP addresses, browser fingerprints, or signs the system is using virtualization. The document advises that to effectively investigate attackers, defenders also need to employ stealth techniques like using anonymity services, virtual machines, and avoiding habits that could reveal their identity or activity.

    Original Description:

    Original Title

    BR F43 Cottrell

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses techniques that hackers and attackers use to hide their identity and location online. It provides tips for spotting hidden identities, such as looking for unusual IP addresses, browser fingerprints, or signs the system is using virtualization. The document advises that to effectively investigate attackers, defenders also need to employ stealth techniques like using anonymity services, virtual machines, and avoiding habits that could reveal their identity or activity.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views15 pages

    Did Anyone Get The Name of That Hacker Who PWNED Me?: Lance Cottrell

    Uploaded by

    lancecottrell
    This document discusses techniques that hackers and attackers use to hide their identity and location online. It provides tips for spotting hidden identities, such as looking for unusual IP addresses, browser fingerprints, or signs the system is using virtualization. The document advises that to effectively investigate attackers, defenders also need to employ stealth techniques like using anonymity services, virtual machines, and avoiding habits that could reveal their identity or activity.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    Did Anyone Get the Name of That Hacker Who PWNED Me?

    Lance Cottrell
    Chief Scientist: Ntrepid / Anonymizer

    Session ID: BR-F43 Session Classification: Intermediate

    When You Are Under Attack You may ask:

    Did Anyone Get the Name of That Hacker Who PWNED Me?

    As a Defender, You See....

    IP: 37.123.118.67
    Lat / Long: +54 / -2 Country: UK Ping: 110ms ISP: as13213.net (AKA UK2.net) server hosting Open Ports: SSH, HTTP

    Was That Really the Attacker?

    Which is the Real Attacker?

    Its Turtles All the Way Down

    What If You Could Spot People Hiding

    Block Web Access

    Redirect to HoneypotAdd Firewall RuleDeny Credit CardFlag in Logs

    How Do They Hide?


    ProxiesVPNsChained VPNs / TORBotnets / Compromised HostsAdvanced Persistent Threats

    How You Can Spot Them

    Known Anonymity IPOpen Proxy / VPN PortsInappropriate / Non-consumer IPBulletproof HostHigh Latency vs. PingProtocol Leakage

    Track the Computer Itself

    Browser Fingerprints

    Fingerprint may stand outUnusual OS / BrowserSystem TOO cleanSystem TOO HardenedLying in UserAgent String

    Virtualization Makes Your Job Harder


    Advantages
    Easy to Clean No Cookies or Super-Cookies Detection as VM Requires Local Execution

    Disadvantages
    Cloned Each Time Too Clean or Outdated Cruft

    Can Be Detected as VM

    Fortunately (for you), Good OPSEC is

    Tools can be slow and cumbersomeMay go direct for innocent activity / reconnaissanceMay forget to use itAccidentally cross the streams of personasCorrelate attacker print with all previous activity

    Why Should YOU be Stealthy


    Lurk in IRC and ForumsDiscover PlansLearn TechniquesHide your interest & activityBait HoneypotsDrop False Leads and LinksGovernmentHas Other More Aggressive Options

    10 Tips for Defender Stealth Part 1


    1. 2. 3. 4. 5.

    Using a known anon IP is good Use only VPN type privacy servicesUse a VM for identity isolation and malware preventionUse a different VM

    10 Tips for Defender Stealth Part 2


    6. 7. 8. 9. 10. Files on the VM are definitionally contaminated

    Thanks
    Contact me at: Email: lance.cottrell@ntrepidcorp.com Commercial / Gov: http://ntrepidcorp.com Consumer: http://anonymizer.com Blog: http://theprivacyblog.com Twitter: @LanceCottrell LinkedIn: http://linkedin.com/in/LanceCottrell

    You might also like