FEDIDEVS

38C3 2024

Dive into 18 insightful Mastodon posts from 38C3 2024 by Jared Naude on Day 3 featuring key discussions, trending topics, and highlights from the conference.

Add your voice to the conversation by posting with the #38C3 hashtag on Mastodon.

About 38C3 2024

The 38th Chaos Communication Congress (38C3) takes place in Hamburg on 27–30 Dec 2024, and is the 2024 edition of the annual four-day conference on technology, society and utopia organized by the Chaos Computer Club (CCC) and volunteers.

Filter by most active accounts

Filter by conference day

Info

Day 3 (3573)

Jared Naude (140)

Jared Naude @[email protected]

Dec. 29, 2024

You can get involved by using the data which is available on GitHub, deploying or own attack pod or joining the team to fight against these groups. #38c3

7 1 1

Jared Naude @[email protected]

Dec. 29, 2024

Does any of this work? Looking at the statistics, from 264 000 cases:
1) Average take down time is 5 days.
2) China Telecom does not accept abuse reports.
3) Digital Ocean supports XARF and average takedown is 28 Hours.
4) Tencent does not care about abuse notification unless it comes from government or law enforcement.

#38c3

6 4 1

Jared Naude @[email protected]

Dec. 29, 2024

This still has a big problem as it requires a human to look at. XARF is a common format to create these reports which parsers can be built to parse these reports. XARF reports have several attributes that can be included such as date, time and logs that can be attached to an abuse report. #38c3

1 0 1

Jared Naude @[email protected]

Dec. 29, 2024

The speaker has automated this process by monitoring IP addresses, identifying the ISP contact, send abuse notification and then monitors for replies which goes to a LLM which will respond with any additional information as needed. #38c3

2 1 1

Jared Naude @[email protected]

Dec. 29, 2024

Working with law enforcement is tricky as end users wouldn't know what to do if they receive a notification. Sending letters to ISPs may be helpful but is not scalable to thousands or even millions of reports. #38c3

2 0 1

Jared Naude @[email protected]

Dec. 29, 2024

The speaker went through a forensic process to understand how the Pi was compromised and found a number of IP addresses which looks like a Tor exit node however that doesn't make sense as traffic did not go through the Tor network. #38c3

1 0 1

Jared Naude @[email protected]

Dec. 29, 2024

The speaker investigated these passwords and found devices that were being targeted. One example was a Raspberry Pi in South Korea. The speaker was able to get access to the instance and was able to investigate further by using netstat -apn and pstree -a. #38c3

2 0 1

Jared Naude @[email protected]

Dec. 29, 2024

When these IPs are looked up in Shodan, they are residential IP addresses which shows either infected home or IOT devices. The speakers dives into a specific example of an adversary trying a set of specific passwords over and over again. #38c3

1 1 1

Jared Naude @[email protected]

Dec. 29, 2024

The graph shows a subset that was investigated. This shows 238 unique IPs between Feb - Dec. Each IP scan contains 169 username and password combination. #38c3

3 1 1

Jared Naude @[email protected]

Dec. 29, 2024

By combing several attributes, this data can be visualized in a multi-dimensional environment. By reducing the dimensions, a graph can be created to visualize this better. #38c3

2 0 1