[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] stuxnet DATA decoder

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] stuxnet DATA decoder
From: Mohammad Hosein <mhtajik@xxxxxxxxx>
Date: Fri, 10 Sep 2010 23:01:47 +0430

i have a couple of network intercepts from a large WAN that i am tasked to
monitored . they show Stuxnet infections . i have extracted the DATA that
stuxnet sends to C&C , the ones that are all start with : 66a96e28
we know that this Data sent over http is encrypted ( XOR ) with a 31-byte
Key . is there a decoder available somewhere ? if not , is there more
detailed document on this other than Symentec's so i can develop
a brute-forcer based on the knowledge of what info is located at which point
of this data stream ? i think a simple known plain text style brute forcer
can do this , i wanted to know if anybody did that before ?
Regards

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
Next by Date: Re: [Full-disclosure] Nmap NOT VULNERABLE to Windows DLL Hijacking Vulnerability
Previous by thread: [Full-disclosure] Adobe Flash Player IE version 10.1.x Insecure DLL Hijacking Vulnerability (dwmapi.dll)
Next by thread: [Full-disclosure] NMAP Vulnerable to attack
Index(es):
- Date
- Thread