OffensiveCountermeasures

Hacking back in degrees

Latest Activity

Robert Townsend Jr is now a member of OffensiveCountermeasures
Jun 26
Jared D'Alessandro is now a member of OffensiveCountermeasures
Jun 22
Bernman commented on John Hoyt's blog post Honeyport - Powershell edition
"Good to know. Thank you for your quick response."
Jun 16
John Hoyt commented on John Hoyt's blog post Honeyport - Powershell edition
"Hey Bemman, There isn't any functionality built-in to just monitor unused ports.  You could probably pretty easily strip out the firewall portions, and add logging for connections to those though.  Not a bad idea.  -John"
Jun 16
Bernman commented on John Hoyt's blog post Honeyport - Powershell edition
"Is there are way within Honeyport to run without the blacklisting feature? Just looking for unused port monitoring to feed to the SIEM and collect the logs."
Jun 16
Bernman is now a member of OffensiveCountermeasures
Jun 16
John McCash is now a member of OffensiveCountermeasures
Jun 5
Chin B. is now a member of OffensiveCountermeasures
May 20
Paul A. Henry is now a member of OffensiveCountermeasures
May 15
Matt A is now a member of OffensiveCountermeasures
Apr 2
Ron Jenkins shared a profile on Facebook
Mar 21
Ron Jenkins shared a profile on Facebook
Mar 21
Ron Jenkins is now a member of OffensiveCountermeasures
Mar 21
nmcbride left a comment for nmcbride
"this screams spam"
Mar 12
Profile IconMichael Black and Knneth Dean Drennon joined OffensiveCountermeasures
Mar 10
abiola bawuah is now a member of OffensiveCountermeasures
Mar 2

Members

Forum

Pushpin 2 Replies

Attached is a python script that will identify every tweet, flicker pic and Youtube video within an area of a specific Geo address. Example Usage:python ./pushpin.py 42.3534688 -71.0611556 2Continue

Started by strandjs. Last reply by Chris Hood Jun 27, 2014.

Slides from Denver 3 Replies

As requested, the slides fromt he Denver Presentation are attached.Thanks!JohnContinue

Started by strandjs. Last reply by Wayne Dawson Jan 28, 2013.

Raw OCM Video 1 Reply

Attached is the raw video for the OCM class coming up at Black Hat Vegas on July 30-31.

Started by strandjs. Last reply by Jonny Linux Jul 11, 2012.

Cisco AnyConnect / Windows Scripting

I am interested in configuring my Cisco AnyConnect in the spirit of Offensive Coutermeasures.Has anyone already looking at implementing this?I've got the Cisco Dynamic Access Policies setup to make…Continue

Started by Andy J Jul 3, 2012.

 

Welcome to Offensive Countermeasures!!

Before we get into this too much please check out the following:
http://en.wikipedia.org/wiki/OODA_loop

The main issue with computer security and Cyber-Warfare today is that there is very little that most organizations on our side are willing to do when
it comes to hacking back against the attackers. There are a number of
good reasons for this, one being legal issues and collateral damage to
intermediary systems. However, it is an aspect of computer security that
needs to be addressed, especially for our customers.

Long story short, if we have overly stringent rules and our opponents do not, whom is going to win?

We have to get inside an attacker’s OODA loop and change the dynamics in such a way they did not expect.

Hence, offensive countermeasures should be considered.

This is quite a bit different than seeing an attack from an IP address, then attacking that IP address. Rather it requires some subtle
techniques that we can utilize on the inside of a network after an attacker has
comprised the perimeter. And trust me, they will get in.

So this site is dedicated to finding ways to hack back. It is also dedicated to finding ways to get attribution on who the attackers are and where they are coming from.

Please, understand that we are also about options. We want to provide ways to find out as much as possible about an attacker, all the way to getting access to an attacker's system.

Finally, we want to illuminate the legal issues surrounding this topic. Time to fight FUD with fact. There is case law. Hacking back has been done. It just requires a bit of research and finesse.

-strandjs
PaulDotCom

Videos

 
 
 

Blog Posts

Honeyport - Powershell edition

I created a powershell version of the Windows honeyport that John presented on PaulDotCom episode 203.  

This version is nice because it doesn't require netcat.  Any feedback is appreciated.  

https://github.com/Pwdrkeg/honeyport

Thanks,

John

Posted by John Hoyt on September 20, 2012 at 9:33am — 8 Comments

Presentation

Is there somewhere we can pick up the slides from the Denver presentation? Thanks!

Regards,

bberger

Posted by bberger on July 20, 2010 at 5:09am — 1 Comment

Welcome to Offensive Countermeasures!

Before we get into this too much please check out the following:

http://en.wikipedia.org/wiki/OODA_loop…

Continue

Posted by strandjs on July 17, 2010 at 11:30pm — 2 Comments

© 2015   Created by strandjs.   Powered by

Badges  |  Report an Issue  |  Terms of Service