GoSecure Blog

Drugs, Guns, Fake documents, Hitmen... What I expected and much more!

This is the continuity of my first blog post How I Indexed the Darknet and Pastebin During My First University Internship. The GoSecure Torscraper was developed about 1 year ago. Due to a few issues, the entirety of the project was dockerized to simplify the installation procedure (~4-8 lines instead of 4 pages of documentation) and to automate the whole scraping process. With this upgrade, it makes the tool easier to use by everyone. Once the project was dockerized, I started analyzing the collected data and it goes without saying that it was the most interesting part of this project.

Read More

Topics: Research, darknet, threat-intelligence

RDP Man-in-the-Middle - Smile! You're on Camera

As part of our four-month internship at GoSecure, we chose to work on creating a Remote Desktop Protocol (RDP) honeypot. To achieve this, we used a Linux server with an RDP man-in-the-middle (MITM) program that redirects traffic to a real Windows Server.

When searching for tools, we found RDPY, a Python RDP library with a MITM implementation. However, RDPY had several limitations both in features and design choices for our use case. This led us to create our own library, which reuses some parts and concepts from RDPY.

In this blog post, we will showcase our newly release open-source project, PyRDP, which is usable both as a MITM and as a library to experiment with the protocol. We will demonstrate both use cases by describing an incident we had with a malicious user that compromised our honeypot.

Read More

Topics: malware, Research, Honeypot, RDP, tool, man-in-the-middle

How I Indexed the Darknet and Pastebin During My First University Internship

[Ed: And all I got is this lousy t-shirt]

This blog is the outcome of my 4 months of internship at GoSecure. This research internship was goal oriented and I had to pick out of 5 different research projects. I selected a topic I knew little about in order to challenge myself: crawling and indexing data. Here, I will describe two internal projects that we have developed to gather all kinds of interesting and valuable data. The first project aimed at gathering data on .onion sites—known as the Darknet—while the second one focused at gathering data on sites like Pastebin, GitHub’s gists and Dumpz. Besides this blog, I will present with Olivier Bilodeau these two projects at an academic law enforcement conference later in June.

Read More

Topics: Research, darknet, tool, leaks, pentest

Exposing the EGO MARKET: the cybercrime performed by the Linux/Moose botnet

Cybercrime is an evolving phenomenon and offenders are continuously adapting to find new techniques to monetize their illicit activities. Our research paper and upcoming BlackHat Europe presentation - EGO MARKET: When People’s Greed for Fame Benefits Large-Scale Botnets - is about Linux/Moose, a botnet that conducts social media fraud. This blog post is a summary of our paper.

Read More

Topics: malware, Research, botnet, criminal market, paper

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all