Phase 2 Co-ordination

Discussion in 'Live Events' started by LordPixie, Dec 19, 2016.

Thread Status:
Not open for further replies.
  1. LordPixie

    LordPixie Active Agent

    Co-ordination on Phase 2 investigation.

    The com-Division site is throwing 500 errors for me, and seems offline. (stressed?) Correction: Just came back up.

    Definition of terms -- malicious activity

    MitM -- Man in the Middle. An attacker is able leverage their position between a victim and the resources they are trying to access. Used to eavesdrop on communications, and/or modify them in flight.

    HTTP -- Hyper Text Transport Protocol. The method used to request web pages. You're using it right now.

    HTTPS -- HTTP using SSL/TLS security. Provides encryption, and authentication via signed certificates and a chain of trust.

    SSH -- The Secure SHell. A protocol for establishing a secure communication channel. Encrypted, and authenticated using Fingerprints.

    sslstrip -- Stripping the encryption from a normally secure channel. This usually involves a MitM attack, selectively removing references to encryption. (eg: Rewriting https:// links to HTTP:// instead)

    DNS -- The Domain Name System. Converts English readable addresses to numeric Internet Protocol addresses. (eg: www.google.com is the DNS name for 172.217.6.100)

    DNS Censorship -- Presumably responding or modifying DNS requests for sites, to return unreachable, false, or otherwise incorrect information. Could be used to prevent a victim from reaching a website, or to send them to a different one.

    IMAPS -- The Internet Message Access Protocol (Secure). This is a protocol used to retrieve E-Mail, encrypted with SSL/TLS. Is oftentimes opportunistic, and will fail back to unencrypted channels. (ie: sslstripping) While it ostensibly uses SSL certificates, I don't think I've ever seen it actually verify those certificates.

    IMAPS Antivirus -- Well, antivirus is something that's used to detect viruses. And it's often applied against incoming mail. But it's not an attack, or even a problem.
     
    Last edited: Dec 19, 2016
    Clockwise, Ravenhold and jen-jen like this.
  2. Josh Lloyd

    Josh Lloyd Active Agent

    I'm still getting ERROR 500's
     
  3. Steelgramps

    Steelgramps Gold Member

    Today it might be down because of maintenance. I know that Anashel said yesterday that there where stuff he was going to fix with the com-div today.
     
Thread Status:
Not open for further replies.

Share This Page