Synful Knock questions...

• Previous message (by thread): Synful Knock questions...
• Next message (by thread): Synful Knock questions...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Looks like Cisco's Talos just released a tool to scan your network for
indications of the SYNful Knock malware. Details @
http://talosintel.com/scanner/ .



--
Regards,

Jake Mertel
Ubiquity Hosting



*Web: *https://www.ubiquityhosting.com
*Phone (direct): *1-480-478-1510
*Mail:* 5350 East High Street, Suite 300, Phoenix, AZ 85054


On Wed, Sep 16, 2015 at 7:33 AM, Stephen Fulton <sf at lists.esoteric.ca>
wrote:

> Follow-up to my own post, Fireeye has code on github:
>
> https://github.com/fireeye/synfulknock
>
>
> On 2015-09-16 10:27 AM, Stephen Fulton wrote:
>
>> Interesting, anyone have more details on how to construct the scan using
>> something like nmap?
>>
>> -- Stephen
>>
>> On 2015-09-16 9:20 AM, Royce Williams wrote:
>>
>>> HD Moore just posted the results of a full-Internet ZMap scan.  I didn't
>>> realize that it was remotely detectable.
>>>
>>> 79 hosts total in 19 countries.
>>>
>>> https://zmap.io/synful/
>>>
>>> Royce
>>>
>>>

• Previous message (by thread): Synful Knock questions...
• Next message (by thread): Synful Knock questions...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]