payback's a stitch
w00d
browsable mirror of komodia.com: http://komodia.fishy.website/
join irc://irc.ringoflightning.net/#kekmodia for Komodia related discussion
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/KomodiaAhoCorasick.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/KomodiaRelay.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/KomodiaSSLSnifferV2.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/PCProxyDLL.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/RedirectorAPI.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/packet_crafter.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/tcpip_lib4.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/tcpip_lib51.zip
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/clients/ocx.zip
- https://github.com/cryptostorm/komodia/tree/master/www.komodia.com/winsock-lsp
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/Anonymizer.pps
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/ParentalControl.pps
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/AhoCorasick.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/DevelopDiff.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/KRDR_DLL_manual.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/KomodiaLSPTypes.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/TCPIP51_usage.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/quotes/InterceptorQ.pdf
- https://github.com/cryptostorm/komodia/raw/master/www.komodia.com/quotes/RedirectorQ.pdf
- Anti AV module - https://archive.today/AHvz4
- DNS hijack - https://archive.today/fePdu
- Kernel SDK protection watchdog - https://archive.today/7ZnwY
- Parental control SDKAPI - https://archive.today/0pMQR
- https://www.ssllabs.com/ssltest/analyze.html?d=komodia.com (no SSL, smart move)
- https://www.ssllabs.com/ssltest/analyze.html?d=superfish.com (vulnerable to Heartbleed, OpenSSL CSS, etc)
- Weichselbaum on Packetstorm: http://packetstormsecurity.com/files/author/1608/
- Weichselbaum on MSDN:https://social.msdn.microsoft.com/Profile/barak%20weichselbaum/activity
- Weichselbaum on EzineArticles: http://ezinearticles.com/?expert=Barak_Weichselbaum
- Weichselbaum on Linkedin: https://www.linkedin.com/in/barakweichselbaum
- Komodia on Facebook: https://www.facebook.com/pages/Komodia/129677207087283
- Komodia Youtube channel: https://www.youtube.com/user/komodiaDOTcom/videos
- komodia.com whois: https://archive.today/lhomp
- Superfish Twitter - https://twitter.com/SuperfishTeam
- Superfish Founder Twitter - https://twitter.com/_adip_
- tcpip_lib33 | WinSock-NDIS - http://www.pudn.com/downloads/sourcecode/windows/network/detail2561.html
- Komodia rootkit: https://gist.github.com/Wack0/f865ef369eb8c23ee028
- Komodia certs: https://gist.github.com/Wack0/17c56b77a90073be81d3
- Proof-of-concept attack: https://twitter.com/ErrataRob/status/568556702234050560/photo/1
- General info collection: https://github.com/hannob/superfishy
- https://bugzilla.mozilla.org/show_bug.cgi?id=1134506
- https://filippo.io/Badfish/
- https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken/
- https://lastpass.com/superfish/
- http://www.kb.cert.org/vuls/id/529496
- http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
- http://blog.erratasec.com/2015/02/some-notes-on-superfish.html
- https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops
- https://plus.google.com/+KristianK%C3%B6hntopp/posts/FE3sRsFnqe6
- http://marcrogers.org/2015/02/19/will-the-madness-never-end-komodia-ssl-certificates-are-everywhere/
- http://www.forbes.com/sites/thomasbrewster/2015/02/19/superfish-history-of-malware-and-surveillance/
- http://www.forbes.com/sites/thomasbrewster/2015/02/20/komodia-lenovo-superfish-ddos/
- http://arstechnica.com/security/2015/02/superfish-doubles-down-says-https-busting-adware-poses-no-security-risk/
- http://www.csoonline.com/article/2887235/application-security/spin-and-fud-superfish-ceo-says-software-presents-no-security-risk.html#tk.rss_dataprotection
Here's the sha1 fingerprints provided by facebook's security team, to verify komodia packages:
0cf1ed0e88761ddb001495cd2316e7388a5e396e
473d991245716230f7c45aec8ce8583eab89900b
fe2824a41dc206078754cc3f8b51904b27e7f725
70a56ae19cc61dd0a9f8951490db37f68c71ad66
ede269e495845b824738b21e97e34ed8552b838e
b8b6fc2b942190422c10c0255218e017f039a166
42f98890f3d5171401004f2fd85267f6694200db
1ffebcb1b245c9a65402c382001413d373e657ad
0a9f994a54eaae64aba4dd391cb0efe4abcac227
e89c586019e259a4796c26ff672e3fe5d56870da