Hello, welcome to the Tuesday, June 27th, 2017 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Columbia, Maryland.

Big Torrent, of course, often plays a role in forensics investigation, as it is kind of a neat tool in order to exfiltrate data.

Now, today we have a nice guest diary by Ali Dekantana

about one particular implementation, BitTorrent Sync,

which also is now known as Resilio.

In his blog post, Ali is going over some of the artifacts that he discovered on systems that did run BitTorrent sync version 2.0.

Now, this is the first part of a multi-part post that he prepared that goes over different aspects of the forensic artifacts that you are finding

as residual evidence for BitTorrent Sync 2. The next blog actually hopefully will get to publish this

maybe later this week or early next week will cover some of the log files left behind.

I think it was last week that South Korean web hosting company Naya went public about

paying $1 million in order to avert DDoS attack.

Now, sadly and somewhat predictable, this has started a new wave of ransom

DDoS attacks against a number of banks in South Korea. Now, the name mentioned with these

ransom demands is the Armada Collective. Armada Collective was quite active in the

ransom DDoS scheme about two years ago or so. I considered the crew pretty much defunct. Since then,

there were a lot of fake ransom demands like the ones I talked about on Friday and yesterday.

So not sure if this is just a new group that sort of took over that name or if it's again

just fake ransom demands.

We'll find out, I guess, and see whether or not these banks will actually be attacked.

The group did demand in the order of $300,000 from these banks in order to avert the DDoS attack.

Banks, of course, typically have quite strong anti-DDoS defenses given past history, where banks were always kind of at the top

...