The Dyn DNS DDoS That Killed Half The Internet

Find your website's Achilles' Heel

Last week the Dyn DNS DDoS took out most of the East coast US websites including monsters like Spotify, Twitter, Netflix, Github, Heroku and many more.

The Dyn DNS DDoS That Killed Half The Internet

Hopefully it wasn’t because I shared the Mirai source code and some script kiddies got hold of it and decided to talk half of the US websites out.

A denial of service attack against managed DNS provider Dyn restricted access to many US-based websites on Friday.

The ongoing attack is affecting Dyn’s managed DNS customers on the US East Coast, according to the provider, which adds on its status page that its “engineers are continuing to work on mitigating this issue”.

Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time.

The strength of the attack, as well as its source, remains unclear. Sites experiencing issues as a result of the attack include Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. SoundCloud, Spotify and Shopify have also been affected. The sites themselves are fine but DNS lookups may be slow, leading to problems.

It’s estimated 50,000-100,000 bots (mostly IoT devices) took part in the attack, which with pretty much everyone on highspeed broadband now is a LOT of bandwidth with some people speculating in the 1.2 Tbps range.

People are also speculating that it seems to be another attack directed at the PlayStation Netowork (PSN) which uses the same DNS service and the outages could have been a byproduct of an attack aimed at Sony.

DDoS attacks on PSN and Xbox Live are not super uncommon as they are basically skiddie breeding/trolling/flame grounds with lots of bored teenagers, many of which would be technically savvy.

Richard Meeus, VP technology EMEA at NSFOCUS, a DDoS mitigation company, commented: ”DNS has often been neglected in terms of its security and availability from an enterprise perspective – it is treated as if it will always be there in the same way that water comes out of the tap and electricity is there when you switch it on.

“This attack highlights how critical DNS is to maintaining a stable and secure internet presence, and that the DDOS mitigation processes businesses have in place are just as relevant to their DNS service as it is to the web servers and data centres,” he added.

You can see the official Dyn statement here: DDoS Attack Against Dyn Managed DNS

And their analysis: Dyn Analysis Summary Of Friday October 21 Attack

I suspect there is more of this to come, and at some point someone is probably going to manage to break the entire Internet.

Source: The Register

Tags: , , , , , , , ,

Posted in: General Hacking, Network Hacking | Add a Comment

Infernal Twin Updated 2.6.11 – Automated Wireless Hacking Suite

Your website & network are Hackable

Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks.

Infernal Twin - Automated Wireless Hacking Suite

Originally created to automate the Evil Twin attack, it has grown much beyond that into a comprehensive suite including various wireless attack vectors.

An evil twin attack is when a hacker sets its service identifier (SSID) to be the same as an access point at the local hotspot or corporate wireless network. The hacker disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating RF interference around it.

Users lose their connections to the legitimate AP and re-connect to the “evil twin,” allowing the hacker to intercept all the traffic to that device.


  • WPA2 hacking
  • WEP Hacking
  • WPA2 Enterprise hacking
  • Wireless Social Engineering
  • SSL Strip
  • Report Generation
    • PDF Report
    • HTML Report
  • Note Taking
  • Data saved in Database
  • Network mapping
  • MiTM
  • Probe Request

Latest Changes

  • Added Log retrieval button for various attack results.
  • Added BeeF XSS framework Integration
  • Added HTTP Traffic View within tool
  • Improved Infenral Wireless Attack
  • Visual View of some of the panel improved
  • Improved Basic Authentication during Social engineering assessment over wireless network

You can download Infernal Twin here:

Or read more here.

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Wireless Hacking | Add a Comment

Zenmap – Official Cross-Platform Nmap GUI

Your website & network are Hackable

Zenmap is the official Nmap GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.

Zenmap - Official Cross-Platform Nmap GUI

No frontend can replace good old command-line Nmap. The nature of a frontend is that it depends on another tool to do its job. Therefore the purpose of Zenmap is not to replace Nmap, but to make Nmap more useful. Here are some of the advantages Zenmap offers over plain Nmap.


  • Interactive and graphical results viewing – In addition to showing Nmap’s normal output, Zenmap can arrange its display to show all ports on a host or all hosts running a particular service. It summarizes details about a single host or a complete scan in a convenient display. Zenmap can even draw a topology map of discovered networks. The results of several scans may be combined together and viewed at once.
  • Comparison – Zenmap has the ability to show the differences between two scans. You can see what changed between the same scan run on different days, between scans of two different hosts, between scans of the same hosts with different options, or any other combination. This allows administrators to easily track new hosts or services appearing on their networks, or existing ones going down.
  • Convenience – Zenmap keeps track of your scan results until you choose to throw them away. That means you can run a scan, see the results, and then decide whether to save them to a file. There is no need to think of a file name in advance.
  • Repeatability – Zenmap’s command profiles make it easy to run the exact same scan more than once. There’s no need to set up a shell script to do a common scan.
  • Discoverability – Nmap has literally hundreds of options, which can be daunting for beginners. Zenmap’s interface is designed to always show the command that will be run, whether it comes from a profile or was built up by choosing options from a menu. This helps beginners learn and understand what they are doing. It also helps experts double-check exactly what will be run before they press “Scan”.


  • Frequently used scans can be saved as profiles to make them easy to run repeatedly.
  • A command creator allows interactive creation of Nmap command lines.
  • Scan results can be saved and viewed later.
  • Saved scan results can be compared with one another to see how they differ.
  • The results of recent scans are stored in a searchable database.

Zenmap is already included in the Windows and Mac installer and the source, so you can download it using that:

– Windows: nmap-7.31-setup.exe
– Mac OSX: nmap-7.31.dmg
– Source: nmap-7.31.tar.bz2

Or read more here.

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment

SHA-256 and SHA3-256 Are Safe For the Foreseeable Future

Your website & network are Hackable

Hashing, it’s always a contentious issue – used to be md5, then sha-1, then bcrypt and now it looks like SHA-256 or SHA3-256 might the future with quantum science boffins predicting it’s not feasable to crack.

SHA-256 and SHA3-256 Are Safe For the Foreseeable Future

You can read more about the algorithm and design (using sponge construction) on Wikipedia here: SHA-3

While it’s reasonable to assume that a world with real quantum computers will ruin traditional asymmetric encryption, perhaps surprisingly hash functions might survive.

That’s the conclusion of a group of boffins led by Matthew Amy of Canada’s University of Waterloo, in a paper at the International Association of Cryptologic Research.

The researchers – which included contributions from the Perimeter Institute for Theoretical Physics and the Canadian Institute for Advanced Research – looked at attacks on SHA-2 and SHA-3 using Grover’s algorithm (a quantum algorithm to search “black boxes” – Wikipedia).

They reckon both SHA-256 and SHA3-256 need around 2166 “logical qubit cycles” to crack.

Perhaps counter-intuitively, the paper says the problem isn’t in the quantum computers, but the classical processors needed to manage them.

The paper notes: “The main difficulty is that the coherence time of physical qubits is finite. Noise in the physical system will eventually corrupt the state of any long computation.”

The sad part is, a lot of people are still using crappy old badly implemented hash algorithms like md5 and thinking that’s ok.

On the other hand with the predominance of people using frameworks like Rails, Laravel, Django etc those problems are minimised.

“Preserving the state of a logical qubit is an active process that requires periodic evaluation of an error detection and correction routine.”

If the quantum correction is handled by ASICs running at a few million hashes per second (and if Vulture South’s spreadsheet is right), Grover’s algorithm would need about 1032 years to crack SHA-256 or SHA3-256.

That’s considerably longer than the mere 14 billion years the universe has existed, although less than the estimated 10100 years until the heat death of the universe. Even if you didn’t care about the circuit footprint and used a billion-hash-per-second Bitcoin-mining ASIC, the calculation still seems to be in the order of 1029 years.

That’s a lot of years, the limitation seems to be the physical processors used to manage quantum computing – which may be resolved at some point but would take some time (according to even an accelerated Moore’s law).

Source: The Register

Tags: , , , , , , ,

Posted in: Countermeasures, Cryptography | Add a Comment
nishang - PowerShell For Penetration Testing

nishang – PowerShell For Penetration Testing

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for penetration testing, offensive security and red teaming. Nishang is useful during all phases of penetration testing. Usage Import all the scripts in the current PowerShell session (PowerShell v3 onwards).

Use the individual scripts with dot sourcing.

To […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment
DyMerge - Bruteforce Dictionary Merging Tool

DyMerge – Bruteforce Dictionary Merging Tool

DyMerge is a simple, yet powerful bruteforce dictionary merging tool – written purely in python – which takes given wordlists and merges them into one dynamic dictionary that can then be used as ammunition for a successful dictionary based (or bruteforce) attack. One day the author was making his way through a ctf challenge, and […]

Tags: , , , , , , ,

Posted in: Hacking Tools, Password Cracking | Add a Comment
SQL Injection on MySQL

Securing MySQL Installation on Ubuntu 16.04 LTS

Today let’s talk about securing MySQL installation on Ubuntu, in this case specifically Ubuntu 16.04 LTS which was released not too long ago. So I love Ubuntu and I use it for everything, especially the LTS (Long Term Support) releases for servers. MySQL is not my best buddy, but a necessary evil many times – […]

Tags: , , , , , , , , ,

Posted in: Advertorial, Countermeasures, Database Hacking | Add a Comment
mitmproxy - Intercepting HTTP Proxy Tool aka MITM

mitmproxy – Intercepting HTTP Proxy Tool aka MITM

mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. It’s a console tool that allows interactive examination and modification of HTTP traffic. It differs from mitmdump in that all flows are kept in memory, which means that it’s intended for taking and manipulating small-ish samples. The command-line companion called mitmdump […]

Tags: , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Scirius - Suricata Ruleset Management Web Application

Scirius – Suricata Ruleset Management Web Application

Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and update associated files. A Ruleset is made of components selected in different Sources. A Source is a set of files providing information to Suricata. For example, this can EmergingThreats ruleset. To create a ruleset, you thus must […]

Tags: , , , , , , ,

Posted in: Countermeasures, Security Software | Add a Comment
Mirai DDoS Malware Source Code Leaked

Mirai DDoS Malware Source Code Leaked

So there’s been some HUGE DDoS attacks going on lately, up to 620Gbps and the Mirai DDoS Malware has been fingered – with the source code also being leaked. It’s spreading like wildfire too, and the scariest thought? All that was really needed to construct it was a telnet scanner and a list of default […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Network Hacking | Add a Comment