(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A profile image from a Telegram-encrypted social media channel called "Be a Lone Wolf" has the caption, "Lone Wolves: Soon [Will Be] My Turn." (credit: provided by Middle East Media Research Institute)

The investigation into last Friday's coordinated terrorist attacks has quickly turned up evidence that members of the Islamic State (ISIS) communicated with the attackers from Syria using encrypted communications, according to French officials.

Former CIA Deputy Director Michael Morell said in an interview on CBS' Face the Nation on Sunday, "I think what we're going to learn is that these guys are communicating via these encrypted apps, this commercial encryption which is very difficult or nearly impossible for governments to break, and the producers of which don't produce the keys necessary for law enforcement to read the encrypted messages."

The use of encrypted communications by ISIS has prompted various former intelligence officials and media analysts to blame NSA whistleblower Edward Snowden for tipping off terrorist organizations to intelligence agencies' surveillance capabilities and for their "going dark" with their communications. Former CIA Director James Woolsey said in multiple interviews that former NSA contractor and whistleblower Edward Snowden "has blood on his hands," and the changes made by the Obama administration to surveillance as a result of the Snowden leaks and the changes that terrorists made in communicating with each other based on the leaks had led directly to the inability of the intelligence community in the US and in France to stop the Paris attacks from happening.

Read 7 remaining paragraphs | Comments


Sometimes, nmap can be quite noisy an trigger host IPS or network IPS alarms. When doing recon, one of the available options is ARP Ping. Let" />

Not that much ARP packets, isnt it? nmap performs portscan to targets as well. If we want to be quiet, we could use the pattern performed by default gateways, which send ARP request to all the active nodes in its table from time to time. Let" />

We can send the same packet sequence using scapy. Let" />

We just set the destination protocol address and all the other options are missing. What do we need to set?

  • opcode: Need to be set to 1 (request)
  • hardware type: Need to be set to 1 (Ethernet)
  • protocol type: Need to be set to 0x0800 (IP)

Let" />

This scan is definitely not noisy. Let" />

Scapy is so powerful. If you need specific features in pentesting, you should definitely consider building your own tools invoking libraries like this one.

Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
Twitter: @manuelsantander
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: hendonpub.com)

One of the world's most prolific computer worms has been found infecting several police body cameras that were sent to security researchers, the researchers reported.

According to a blog post published last week by security firm iPower, multiple police cams manufactured by Martel Electronics came pre-installed with Win32/Conficker.B!inf. When one such camera was attached to a computer in the iPower lab, it immediately triggered the PC's antivirus program. When company researchers allowed the worm to infect the computer, the computer then attempted to spread the infection to other machines on the network.

"iPower initiated a call and multiple emails to the camera manufacturer, Martel, on November 11th 2015," the researchers wrote in the blog post. "Martel staff has yet to provide iPower with an official acknowledgement of the security vulnerability. iPower President, Jarrett Pavao, decided to take the story public due to the huge security implications of these cameras being shipped to government agencies and police departments all over the country."

Read 4 remaining paragraphs | Comments


Technical.ly Delaware

Security BSides Delaware conference features latest info on infosec
Technical.ly Delaware
Nearly 300 people, including IT professionals, hobbyist hackers and members of the public, converged for two days of all things infosec at the Security BSides Delaware conference, held at Wilmington University Nov. 13-14. The event, part of Delaware ...

[SECURITY] [DSA 3398-1] strongswan security update

The Register

Ex-GCHQ chief now heads up infosec firm's advisory board
The Register
Sir Iain Lobban, the former chief of GCHQ, has joined a British company's advisory council and has said he finds the prospect of a hands-on role "a scintillating propostion". Glasswall Solutions formally launched on Friday. The company claims that its ...

CVE-2015-6357: Cisco FireSIGHT Management Center SSL Validation Vulnerability
Internet Storm Center Infocon Status