Dissecting RSA's 'Watering Hole' Traffic Snippet 69
rye writes "Even the tiniest snippets of network traffic reveal a lot — not just about viruses and botnets, but also about the malware research lab setup inside corporations like RSA. Watch as Sherri Davidoff of LMG Security tears apart a teeny tiny snippet of gh0st RAT traffic released by RSA during their investigation of the VOHO 'watering hole' attack. Quoting: 'From just a few bits and bytes, we've learned that RSA's investigator was probably using Windows XP on a VMWare guest, which was assigned the IP address 192.168.0.106. The local router had a network card likely manufactured by 2Wire. We've also seen firsthand that the C2 channel traffic, which was masquerading as "HTTPS," was running over port 80, and confirmed the gh0st RAT's destination.'"
So what (Score:3, Funny)
From just one bit of traffic snippet, I can predict that the machine has networking capabilities. Beat that!
Re:The machine exists (Score:5, Funny)
Being a VM, the machine both exists and doesn't exist.
Entanglement theory proven!
Beat that!
Priceless (Score:5, Funny)
Elementary my dear Watson (Score:5, Funny)