Friday, July 24, 2015

Brief history of DDoS attacks

Discovery and first experiments
DDoS are discovered and starts to be used by researchers and then script kiddies.

1996: Syn flood
1997-1998: smurf attacks and first DDoS tools come out
1999: Trinoo, Stacheldraht tools become popular

First DDoS big attacks
The experiments start to hit big targets which are usually unprepared to respond. Attackers feel very powerful.

2000: Attacks on ebay, yahoo, amazon, CNN
2002: Attack to the DNS root servers
2003: 1 milion zombie computers infected by the worm MyDoom perform a DDoS attack

DDoS against important targets
DDoS are used as a powerful tool to hit important targets and are used as a gun by cyber criminals.
Somone starts to speak about "cyber warfare".

2007: Cyber attacks against Estonia
2008: Cyber attacks against Georgia
2009: Attacks against UltraDNS, The Pirate Bay, Register.com
2009: Attacks against: South Korea, USA, Washington Post, New York Stock Exchange
2009: Attack against Iran
2009: Attacks against: Facebook, Twitter, Google

The Anonymous era
Hacktivism become popular, no one is safe. First attacks against critical infrastructures.

2010: Anonymous - Operation Payback
2011/2012: Operation Tunisia, Sony, Syria, MegaUpload, Russia, India, Japan, etc
2012/2013: Operation Ababil
2014: Operation HackingCup
2014: Attack against Feedly
2014: Bear malware targets US and Canadian critical infrastructure providers

Wednesday, July 22, 2015

Bug bounty programs

Bug bounty programs are procedures established by companies that pay for bugs.
Basically if you are able to find a bug in a software and write an exploit for it, it's very probable that giving out the details to this companies you will get money in exchange.

This is a brief list of bug bounty programs:

Monday, July 20, 2015

List of mirror of defaced websites archives


A defaced website is a website that has been hacked and one of its pages has been modified to host a malware, phishing or just a message.

Here it is a list of mirrors of defaced websites:

Friday, July 17, 2015

List of encoder, decoder, packer and unpacker


Encoder and packer are used to obfuscate a malware and confuse malware detector (like antivirus, anti-APT, or similar) without affecting the functionalities of the malware/script. So, decoder and unpacker are used to deobfuscate code in a way to make it readable.

Here is a brief list of encoders, decoders, packers and unpackers.



Wednesday, July 15, 2015

The 8 skills of a manager

During my everyday work, I thought many times about the skills needed by a manager, skills that I use to measure myself and that I try to improve everyday.

Here is a short list of the (main) skills, I think a manager should have and should be measured, they are divided in 2 sets: business and people.

Business skills:

Execute strategy
Being able to understand the company strategy and execute it in every aspect

Take decision
Being able to act after thinking and take a decision (not too late, not too early)

Simplify
Simplify processes, simplify work, procedures, make your work and the work of the people around you easier to be executed

Lead performance
Lead the performance, establish KPI, check and reward

People skills:

Open to change
Be open to changes, try to understand, execute and improve them.

Develop people
Try to make people around you develop. Training are incredibly inportants, mentoring is essential.
Don't be scared by people trained to go away, I always remember that famous quote "CFO asks CEO “What happens if we invest in developing our people & then they leave us?” CEO: 'What happens if we don't, and they stay?"

Listen to people
Don't pretend you know the work better than others. Listen to people around you, your boss, your peers, your team. Everyone has a different (and interesting) prospective. This doesn't mean you have to follow what they say without thinking, but try to have a different points of view

Be a team player
Don't be a solo player. The manager is part of team, he is the leader but at the same time he needs the energies (brain, power, time, etc) of other people to be successful. Don't play alone, on the mid-long term you will loose

Monday, July 13, 2015

Free malware analysis sandboxes and services


This is an updated list of malware analysis sandboxes and services I use during my everyday work. They are very useful in case you don't have resources to build up your own sandbox or you just don't feel like doing it. I hope you enjoy and I invite you to suggest other links.

Joe Sandbox Document Analyzer (MS Office files, PDF and RTF)
VisualThreat (Android and Apple iOS files)
XecScan (PDF and MS Office files)

Wednesday, July 8, 2015

Deepweb: what is it what does it contain?

The slides of my presentation at e-privacy about the Deepweb, AHMIA, Tor, etc are available here.
There is also a video available here.

Tuesday, July 7, 2015

If you really care about privacy you should not spread personal info of the Hacking Team employees

In any way you see the story and any side you decide to stand, if you really care about privacy, you should not search, download or spread personal information of the Hacking Team employees. This is what I really think about the whole history.

The only acceptable way to spread the documents would have been sending them to professional investigative journalists that would have prepared a reportage about it with the important info.

Even if I don't ethically agree with the way they are doing business, I don't see the point of publishing online personal documentation, photos, ID, etc. really, this is just cyber bulling.

Monday, July 6, 2015

Davide Del Vecchio speaker at e-privacy 2015

I have recently been speaking at e-privacy 2015 summer edition which was in Rome hosted at Camera dei Deputati (Italian parliament). I have been speaking about the deepweb, ahmia and Tor hidden services. You can have a look at the presentation here.