"Several years ago, information security analysts at a large U.S. firm noticed a huge amount of corporate network traffic headed to external servers. The data was destined for computers located in the U.S. and in foreign countries.
Reacting quickly, the analysts stanched the traffic flows but not before large amounts of corporate data had been stolen by unknown attackers.
Other large companies were also targeted during the same period. The attackers were able to process huge volumes of data, but they did so very selectively. They did not "take what they could get". They selected only specific files, a characteristic of highly professional attacks.
In addition, the attackers did not bother to view the files to verify their contents before "exfiltrating" them. This suggests that prior reconaissance missions had been conducted in which directory listings had been scrutinized beforehand and used to build a list of targets."
More Here....
Security in a Wide Open Environment
- Ryan Harp
- Father, Husband, aspiring hacker and .edu InfoSec Practitioner
Posts
Twitter Updates
Search This Blog
Links
SecTools
- Backtrack
- BeEF - Browser Exploitation Framework
- BotHunter
- Burp Suite
- Cain & Abel
- Command Line Kung-Fu
- Darik's Boot and Nuke - Drive Wipe
- Defcon Tools
- Domain Tools
- Edge Security
- Emerging Threats
- Ettercap
- Exploit Me
- Firewall Builder
- Foundstone Free Security Tools
- Free Rainbow Table - Distributed Rainbow Table Project
- Google Sets
- IP Blocks by Country
- IP Tools
- IPv6 Tunnel Broker
- IronKey - Secure USB Key
- KonBoot - Password Recovery
- l0phtcrack
- Layer Four Traceroute
- MACShift - Change your MAC
- Mandiant Software - IR and Forensics
- MX Toolbox
- Nemesis - Packet Crafting and Injection
- NetDude - Packet Manipulation
- Nikto
- NMap - A Must Have
- OffSec Exploit Archive
- Packetlife.net Cheat Sheets
- Pass-the-Hash Toolkit
- PIPL - People Search
- PortableApps
- Rainbow Crack
- Recuva - Data Recovery
- SAMInside
- Scapy - Packet Manipulation
- SQL Cheat Sheets - PenTestMonkey.net
- SSLStrip
- sTerm
- SysInternals
- TCPRelay
- TCPxtract
- TextPad
- The Metasploit Framework
- The Volatility Framework
- Top 100 Network Security Tools
- TwiGuard - Twitter Threat Tracker
- voIP Hopper
- WarVOX
- WEPBuster
- Who is Hosting This??
- Yersinia - Test the Security of Deployed Networks
G33k Humor
Blog Archive
-
▼
2009
(26)
-
▼
November
(18)
- New Exploit Masquerades As Flash Player Upgrade
- Mossad installs a trojan horse on a high ranking S...
- Facebook worm spreads with a lurid lure
- Doh!
- Choose a $%^&$#$*! Strong Password!
- New iPhone worm steals online banking codes, build...
- Microsoft confirms IE6, IE7 zero-day bug
- Metasploit Framework 3.3 Released!
- Anatomy of a Cyber-Espionage Attack
- Wireless Keylogger
- Facebook's (In)security Tested Again
- Dutch Hacker Holds Jailbroken iPhones Hostage For ...
- LOL ;)
- Workers Trade Password Security For Starbucks
- Facebook users hit by massive botnet attack - 'Bre...
- Conficker worm has infected more than 7 million ho...
- Lost Laptops: More Expensive than you Think
- Penetration Testing: Hacking for a Cause.
-
▼
November
(18)