Scribd
Upload
365 views

Hunting and Detecting APT Attack

This document summarizes a presentation given by Tom Ueltschi at BotConf 2018 about hunting and detecting advanced persistent threats (APTs) using Sysmon and PowerShell logging. The presentation outlines techniques for detecting APT behaviors related to WMI event subscription, logon scripts, and PowerShell process hollowing. It discusses using Sysmon and PowerShell logging event data along with Sigma rules to detect these techniques in an environment of around 25,000 hosts. Examples of detections for each technique are provided.

Uploaded by

deepesh badgujar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
365 views

Hunting and Detecting APT Attack

This document summarizes a presentation given by Tom Ueltschi at BotConf 2018 about hunting and detecting advanced persistent threats (APTs) using Sysmon and PowerShell logging. The presentation outlines techniques for detecting APT behaviors related to WMI event subscription, logon scripts, and PowerShell process hollowing. It discusses using Sysmon and PowerShell logging event data along with Sigma rules to detect these techniques in an environment of around 25,000 hosts. Examples of detections for each technique are provided.

Uploaded by

deepesh badgujar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 115

Hunting and detecting APTs using

Sysmon and PowerShell logging


TOM UELTSCHI BOTCONF 2018
C:> whoami /all
• Tom Ueltschi
• Swiss Post CERT / SOC / CSIRT since 2007 (over 11 years!)
• Focus & Interests: Malware Analysis, Threat Intel, Threat Hunting,
Red / Purple Teaming
• Member of many trust groups & infosec communities
• FIRST SIG member (malware analysis, red teaming, CTI)
• Twitter: @c_APT_ure

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 2
BotConf Speaker history
• 2013 - My Name is Hunter, Ponmocup Hunter
• 2014 - Ponmocup Hunter 2.0 – The Sequel
• 2015 - LT: Creating your own CTI (in 3 minutes.. or 5 )
• 2016 - Advanced Incident Detection and Threat Hunting using
Sysmon (and Splunk)
• 2017 - LT: Sysmon FTW! 
• 2018 - Hunting and detecting APTs using Sysmon and PowerShell
logging

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 3
Outline (remember, it’s a short 30min fast 40min talk)
• Introduction
• 3 techniques from MITRE ATT&CK

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 4
Motivation – why yet another talk?
• Positive feedback is always nice and encouraging 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 5
Motivation – why yet another talk?
• Positive feedback is always nice and encouraging 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 6
Motivation
the real one

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 7
Motivation
the real one

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 8
Motivation -- the real one

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 9
Motivation -- the real one

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 10
Motivation -- the real one

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 11
SIGMA… say what?

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 12
SIGMA… say what?

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 13
Are you ready for a change?

Source: https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-
Detection-And%20Evasion-Using-Science.pdf
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 14
Are you ready for a change?

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 15
Our setup

• ~25’000 hosts
• ~150 GB/day
• Event logs
• Windows
• Sysmon
• Powershell

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 16
ATT&CK is the new {APT,Cyber,AI,ML,blockchain,etc}

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 17
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 18
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 19
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 20
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 21
ATT&CKcon 2018

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 22
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 23
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 24
Data Sources & Event Logs
• Sysmon Sysmon
• PowerShell ScriptBlock Logging PS-SB
• PowerShell Transcript Logging PS-TR

 SIGMA rule available SIGMA

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 25
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 26
Outline
• Introduction
• 1st of 3 techniques from MITRE ATT&CK

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 27
WMI Event Subscription (Persistence)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 28
APT group named “Atomic Kittens” 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 29
WMI Event Subscription

Source: https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/sans-dfir-2015.pdf
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 30
WMI Event Subscription

Source:
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 31
WMI Event Subscription

Source:
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 32
WMI Event Subscription

• Generating test events using “PowerLurk” Github project


• Likely won’t catch many APTs searching for
Register-MaliciousWmiEvent ;-)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 33
How noisy is the Sysmon WmiEvent?

> 90 days
> 270 EP’s
< 600 events
4 diff types
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 34
SIGMA

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 35
SIGMA

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 36
Outline
• Introduction
• 2nd of 3 techniques from MITRE ATT&CK

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 37
Logon Scripts (Persistence, Lateral Movement)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 38
APT group named “Cuddly Panda Bears” 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 39
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 40
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 41
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 42
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 43
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 44
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 45
Idea for detection
• Search for child processes of “userinit.exe”
• Exclude “explorer.exe” (normal)
• Exclude logon scripts (after baselining & vetting)
• Possibly a small number of other legitimate executables, but
feasible to enumerate and filter out

• Search for ProcessCreate or RegistryEvents with the registry key


name “UserInitMprLogonScript”

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 46
SIGMA

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 47
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 48
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 49
Outline
• Introduction
• 3rd of 3 techniques from MITRE ATT&CK

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 50
PowerShell (execution)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 51
PowerShell (execution)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 52
APT group named “Magic Hound”

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 53
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 54
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 55
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 56
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 57
Here’s that list of strings…

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 58
SIGMA rule: Malicious PS keywords

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 59
“Low FP/high TP” vs. “noisy” events (90 days)
> > > YMMV !!! < < < not all strings are created equal 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 60
Renaming PS.exe
(evasion technique?)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 61
RETEFE Malware sample

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 62
DOC/macro copy/rename PS.exe to %TEMP%\rnd.exe

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 63
ProcessCreate Event from PS-renamed

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 64
Search for Description: Windows PowerShell

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 65
Idea for detection
• Search for processes with “Description: Windows PowerShell”
• Exclude “powershell.exe” (the legitimate one)
• Also exclude PowerShell ISE

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 66
Search for Description: PS without powershell.exe SIGMA

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 67
Search for Description: PS without powershell.exe SIGMA

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 68
Hello, world! My name is NOT powershell.exe 

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 69
PowerShell Empire Stager

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 70
PS-SB

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 71
Idea for detection
• Search for any of 3 strings that are not obfuscated (performance reason)
 $PSVERSionTaBle.PSVErSIOn.MAjoR
 System.Management.Automation.Utils
 System.Management.Automation.AmsiUtils

• Remove obfuscation characters (simple de-obfuscation)


• Search for any of 5 strings (unique, de-obfuscated)
 EnableScriptBlockLogging
 EnableScriptBlockInvocationLogging
 cachedGroupPolicySettings
 ServerCertificateValidationCallback
 Expect100Continue

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 72
PS-SB

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 73
PS-Empire functions executed PS-TR

• Pen-tester was having “fun” with Empire


• PS-Empire functions with parameters found in PS transcript file

• Searched for “… | Out-String | %{…”

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 74
PS-Empire functions executed (top 60 funct’s) PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 75
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 76
Discovery > User enumeration – how many? PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 77
Unmanaged PowerShell

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 78
Get-TimedScreenshots

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 79
Get-TimedScreenshots

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 80
Using powershell.exe vs. unmanaged PS (PowerPick)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 81
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 82
Re-test after enabling FileCreate for rundll32.exe

Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 83
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 84
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 85
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 86
Idea for detection
• Search PowerShell Transcript Files for “Host Application:”
which is NOT any of
• powershell.exe
• powershell_ise.exe
• wsmprovhost.exe
• and possibly very few others

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 87
SIGMA

PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 88
Unmanaged PowerShell

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 89
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 90
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 91
Start-ClipboardMonitor

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 92
PowerShell

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 93
Idea for detection
• Search for PowerShell EncodedCommands in command-lines
• Base64 decode EncodedCommand on the fly
• Search for known malicious strings / cmdlets in decoded commands

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 94
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 95
Sysmon

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 96
PowerPick

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 97
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 98
Idea for detection
• Search for known malicious strings (code snippets, even comments)
in PowerShell ScriptBlock Logs and Transcript Files

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 99
SIGMA

PS-SB

PS-TR
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 100
PS-TR

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 101
Detecting known bad vs. hunting unknown

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 102
Obfuscate-Mimikatz.sh  only random strings

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 103
Detection vs. Hunting
• So far we looked at known malicious strings or behaviors
• Now let’s hunt for the unknowns
• Enumerate legitimate PS script files and function names
 Build a whitelist to filter out legitimate functions
• Search for rarest function names in PS logs (apply whitelist filtering)
• Use stacking, long tail analysis, LFO to find interesting stuff

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 104
Enumerate PS script files and function names

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 105
Enumerate PS script files and function names

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 106
Search for rarest PS script files

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 107
Search for rarest PS function names

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 108
Create whitelist lookup with known good

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 109
Create blacklist lookup with known bad

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 110
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 111
SIGMA rules (contributions coming soon…)

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 112
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 113
BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 114
Thanks for your attention!!

Time left for questions?

• Twitter: @c_APT_ure
• Blog: http://c-apt-ure.blogspot.com/2017/12/is-this-blog-still-alive.html

 many resources about Sysmon linked in one place

BotConf 2018 | Tom Ueltschi | Hunting and Detecting APTs using Sysmon and PowerShell Logging | TLP-WHITE 115

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy