Latest News

A Brief Introduction On SOPA & PIPA - PART 1 - Chintan Gurjar

What is SOPA and PIPA ?
SOPA is known as Stop Online Piracy Act. Its house bill number is 3261.Also known as H.R 3261.
PIPA is known as Protect IP act. Its Senate bill number is 968. Also known as s.968.

Why Some People Hate It?
The main reason behind hatins SOPA and PIPA is this. This bill has an ability to make the owners responsible and punishable for his/her clients who are interacting with their websites. It is very easy to manipulate and abuse the language of these bills. The result of this is very simple. Many websites will be served limited or might be blocked by government.

When these bills came out there were some minor corrections has been done in the document of these bills. Some of are there mentioned here. First change is like this. Government can't censor most things before their publication. It can be censored by government only after the publication. Secondly, The major change which is also applicable to the you tube is like this. The internet is already in compliance with doctrine. To understand this lets take an example. You tube cant be pre-censor absolutely all copyright material,but it can remove the vidoes which exploits the laws of SOPA one by one after they are posted. This change was done by the request of DMCA (Digital Millenium Copyright Act).

As per the bill sponsors's view This legislation primarily targets the foreign websites. How ever PIPA and SOPA separate sites by domain name themselves. Domestic domain names are like .COM .ORG .US and foreign names are like .IT .LY etc. But as per this definition it may possible that many websites will be mis labeled. Exmple - Actual Domestic Sites - redd.it, bit.ly Actual foreign sites - wikileaks.org thepiratebay.org

This is one type of problematic system. No one can do within it. Even many high level websites such as image hosting and server distribution websites have their non-domestic as well as domestic names within it.


Major Difference Between The SOPA & PIPA.
SOPA : - website is U.S directed. Rule: The owner or the operator of his or her website committing or the facilatinig the commission of criminal violations.That criminal violations comes under the act 2318, 2319, 2319A, 2319B, 2320. The most of the sections primary deals with the copyright . In short you copy, you are blocked.

PIPA :-  The site is used or designed by its operator, which is facilating the activities of copyright act that, disregards an agreement or a right.

Who Has The Real Powers ?
Most of the power comes under the Attorney General. He or she has an ability and authority to influence the court to take an action against the website which is breaking the laws of SOPA and PIPA.


Who are the real players of in this ?
Payment network provider such as paypal. The service that handles the payment transactions. Search Engine. A service of providing the links of a user query or selection. In this reddit,digg,live blogs, and link shortners comes under this definition. The service provider which host a non authorized DNS server.

To Be Continued ...

Author : Chintan Gurjar


Local File Inclusion Exploiter Version 1.2 Download Free


Local File Inclusion Exploiter Version 1.2 Download Free by Valentin

Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Known issues- I know there is more about LFI than it is covered in this tool. But this is the first release,
and more features will be implemented in future versions.
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones. For example: Some LFI vulnerabilities consist of two URL parameters or require to find a way around filters. In those cases, this tool unfortunately does not work.
- Like most other LFI exploiter / scanner, this tool here also has problems with handling certain server responses. So this tool does not work with every website.

Some notes- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Do not use this tool in an illegal way. Know and respect your local laws.
- Only use this tool for legal purposes, such as pentesting your own website
- I am not responsible if you cause any damage or break the law.
- Power to teh c0ws!

What is Pen-Testing? | Pen-Testing vs.Vulnerability Assessment | How Vulnerabilities Are Identified?

What is Pen-Testing?

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access. If the focus is on computer resources, then examples of a successful penetration would be obtaining or subverting confidential documents, price lists, databases and other protected information.

The main thing that separates a penetration tester from an attacker is permission. The penetration tester will have permission from the owner of the computing resources that are being tested and will be responsible to provide a report. The goal of a penetration test is to increase the security of the computing resources being tested.

In many cases, a penetration tester will be given user-level access and in those cases, the goal would be to elevate the status of the account or user other means to gain access to additional information that a user of that level should not have access to.

Some penetration testers are contracted to find one hole, but in many cases, they are expected to keep looking past the first hole so that additional vulnerabilities can be identified and fixed. It is important for the pen-tester to keep detailed notes about how the tests were done so that the results can be verified and so that any issues that were uncovered can be resolved.

It’s important to understand that it is very unlikely that a pen-tester will find all the security issues. As an example, if a penetration test was done yesterday, the organization may pass the test. However, today is Microsoft’s “patch Tuesday” and now there’s a brand new vulnerability in some Exchange mail servers that were previously considered secure, and next month it will be something else. Maintaining a secure network requires constant vigilance.

Pen-Testing vs.Vulnerability Assessment

There is often some confusion between penetration testing and vulnerability assessment. The two terms are related but penetration testing has more of an emphasis on gaining as much access as possible while vulnerability testing places the emphasis on identifying areas that are vulnerable to a computer attack.

An automated vulnerability scanner will often identify possible vulnerabilities based on service banners or other network responses that are not in fact what they seem. A vulnerability assessor will stop just before compromising a system, whereas a penetration tester will go as far as they can within the scope of the contract.

It is important to keep in mind that you are dealing with a ‘Test.’ A penetration test is like any other test in the sense that it is a sampling of all possible systems and configurations. Unless the contractor is hired to test only a single system, they will be unable to identify and penetrate all possible systems using all possible vulnerabilities. As such, any Penetration Test is a sampling of the environment. Furthermore, most testers will go after the easiest targets first.

How Vulnerabilities Are Identified?

Vulnerabilities need to be identified by both the penetration tester and the vulnerability scanner. The steps are similar for the security tester and an unauthorized attacker. The attacker may choose to proceed more slowly to avoid detection, but some penetration testers will also start slowly so that the target company can learn where their detection threshold is and make improvements.

The first step in either a penetration test or a vulnerability scan is reconnaissance. This is where the tester attempts to learn as much as possible about the target network as possible. This normally starts with identifying publicly accessible services such as mail and web servers from their service banners.

Many servers will report the Operating System they are running on, the version of software they are running,patches and modules that have been enabled, the current time, and perhaps even some internal information like aninternal server name or IP address.

Once the tester has an idea what software might be running on the target computers, that information needs to be verified. The tester really doesn’t KNOW what is running but he may have a pretty good idea. The information that the tester has can be combined and then compared with known vulnerabilities, and then those vulnerabilities can be tested to see if the results support or contradict the prior information.

In a stealthy penetration test, these first steps may be repeated for some time before the tester decides to launch a specific attack. In the case of a strict vulnerability assessment, the attack may never be launched so the owners of the target computer would never really know if this was an exploitable vulnerability or not.

Top Hacking Magazine List with Review: Download Magazine For Hackers

Best Hacker Magazine: Top Hacking Magazine List with Review

Download Magazine For Hackers

Hi folks, consider this article the follow-up of the original series, this time I will be blogging about some really good magazines and zines where you can learn about computer and IT security. If you want to go through the previous articles in the series, you are welcome to give them a read -
Anyways, on to the topic, here

Phrack
Phrack - for hackers, By Hackers
Its so obvious that I dont think I need to repeat it again, and again. Phrack is an ezine written by and for hackers first published November 17, 1985. Described by Fyodor as
"the best, and by far the longest running hacker zine,"
the magazine is open for contributions by anyone who desires to publish remarkable works or express original ideas on the topics of interest. It has a wide circulation which includes both hackers and computer security professionals. The zine includes interviews of Blackhats and celebrates the most advanced security articles of the time. Stephen Wyatt or The_ut once commented that he was proud of -
“ Reading the last 5 issues of Phrack without learning anything new“
its that good :) If you are that good, I salute you teh_hax0r…for the lesser mortals, Phrack remains the wet dream of the security minded.
What you can learn here : Hacking in Pure Sense
Price : Free
you can visit phrack here
2600 & Cult of the Dead Cow
2600 & Cult of the Dead Cow - the best old school hactivists

Again, two of the old school crews which are still highly active ,specializes in publishing technical information on a variety of subjects including telephone switching systems, Internet protocols and services, as well as general news concerning the computer "underground" and left wing, and sometimes (but not recently), anarchist issues. The content is focused on DIY projects for a more motivated approach.
2600 is the more sober of the two and is a must read for anyone into pure pleasure of security, Cult of the Dead Cow is more devoted to the hactivism and anarchist issues, but nevertheless, are a must read for any budding hacker or expert alike :)
What you can learn here : Hactivism, hacking at hardware level in the form of DIY projects
Price : Free
you can Visit 2600 here
you can Visit CDC zine here
Free Software Magazine (FSM), Also known as The Open Voice

Free Software Magazine (FSM), Also known as The Open Voice
Relatively new on the scene, FSM devotes itself to the FOSS, GNU, technical code and features regular technical columns. Also the magazine runs its own webcomic “the Bizzare Cathedral” which is a satire on Linux, open source and technology in particular. The magazine is the only magazine worldwide that is dedicated to the promotion of free software as a whole and has 2 primary goals -
  • to promote free software and its use; and
  • to educate the global community in the use of free software.
the Bizzare Cathedral
What you can learn here : Code, Linux , FOSS and Open Source in general
Price : Free
you can visit FSM here
Linux Journal/ Linux Format / Linux Magazine

Linux Journal/ Linux Format / Linux Magazine Now we have some hardcore Linux Magazines which are highly targeted to the professional Linux User. When it comes to computer security and hacking, Linux is the heart and soul of hacking and hackerdom in general. These magazines focus on Linux on a whole and explore the OS with respect to articles on all levels of developing and using Linux and the software that runs on it, including everything from how to write device drivers to how to edit photos with GIMP.
What you can learn here : Linux Linux and More Linux
Price :
  • Linux Journal : 8$ (approx 354 INR)
  • Linux Format : 6.49£ (approx 477 INR)
  • Linux Magazine: 12.99$ (approx 576 INR)
you can visit
HITB Magazine
HITB Magazine
One of the best security magazines around, the HITB magazine aims to deliver their goal of giving researchers further recognition for their hard work, and to provide the security community with beneficial technical material . Born as the side project of Hack-In-The-Box community, the magazine covers exploits , loopholes, latest security insights and technical papers for the determined.
What you can learn here : Exploits, vulnerabilities, Technical articles, code and insights in the latest of
Price : Free
you can visit HITB here

Hakin9
Hakin9 is a free, online, monthly publication on IT Security
The famed Hakin9 is a free, online, monthly publication on IT Security. The magazine is published in English and is available in the Internet as a free download.
Hakin9 is a source of advanced, practical guidelines regarding the latest hacking methods as well as the ways of securing systems, networks and applications.
What you can learn here : Securing systems, exploits, at par with HITB mag
Price : Free
you can visit hakin9 here
InfoSecurity/Chmag (India)
these two magazines are doing a very good job in demystifying the “security” buzzword for the new As a special nod to Indian security scene, these two magazines are doing a very good job in demystifying the “security” buzzword for the new and discusses corporate security and security in general . Clubhack Magazine is the venture of Clubhack which focuses on making hacking and information security a common sense for a common man. InfoSecurity is more targeted at security at corporate level and focuses on latest security trends.
What you can learn here : Beginning with security to the corporate level
Price : Free
you can visit :
I guess you will be more than happy to feast on the knowledge these fabulous sources above.

Top Indian Hackers List: Indian Hackers Facts | Real Truth Revealed

Top Indian Hackers List: Indian Hackers Facts | Real Truth Revealed

There has been a lot of commotion in the Indian Hacking scene lately, and I expressed some pretty strong views regarding that. Long Live Indian HackersWhen it comes to hacking, every other guy tends to tape the "hacker" word with his name/codename without even realizing its significance. Then there is Facebook ...Have a look at it -
X hacker , Y hacker, big hacker, small hacker , cat hacker, mouse hacker, black hacker, white hacker. Seriously man..What were they thinking ?
Seriously guys..what were they thinking ?! I am still counting the number of Indian Cyber Army India has and the number of groups tend to increase recycling all the content, same VIP forums, same deface techniques, zero original research. Then there is Ankit Fadiya...dont let me even get started

In the end tired of all the bullshit around, I decided to cover an article on the REAL INDIAN HACKERS (or Hackers of Indian Origin), folks who are actually dedicated to security and are hackers in real sense. Lets start, shall we ?


& also @ Ethical Hacker Ankit Fadia Hacking Seminar Truth Reveled: Pure waste of Time

Pranav Mistry
Pranav Mistry - The famed 6th sense developer
The famed 6th sense developer,Pranav Mistry is a research assistant and a PhD candidate at MIT Media Lab. SixthSense has recently attracted global attention. Among some of his previous work, Pranav has invented Mouseless - an invisible computer mouse; intelligent sticky notes that can be searched, located and can send reminders and messages; a pen that can draw in 3D; and a public map that can act as Google of physical world. Pranav has commercialized his invention, the sixth sense and SixthSense is now being actively used at NASA.

It is rumored that Facebook tried to acquire the technology from Pranav for a reportedly $2 billion and 5% ownership of Facebook, but Pranav decided to open source it instead.

Facebook tried to acquire the technology from Pranav for a reportedly $2 billion and 5% ownership of Facebook, but Pranav decided to open source it instead.
Thats what any real hacker do. Hats Off to him.

Here you can read more about him at Amarjit’s Blog

Koushik Dutta or “Koush”
Koushik Dutta - UnrEVOked Forever :)
“Set Your Phone Free..”
Rings a bell ? Koushik Dutta or “Koush” is responsible for Clockworkmod recovery and Rom Manager for Android rooting and the core member of famed UnrEVOked team. He has been a .net developer from heart and had his internship initially at Microsoft and is a former MVP. He decided to leave Microsoft and hack Android cellphones like there was no tomorrow. Sony approached him after geohot humped them like anything but he politely declined .
Sony approached him after geohot humped them like anything but he politely declined
Bravo for his efforts, we are able to root painlessly using UnREVOked.
Now only if UnrEVOked can release UnrEVOked 3.33 soon :)

Vivek Ramchandran

He was among the Top 10 Indian finalists in the Microsoft shootout competition among the list of 65000 participants.
Vivek Ramachandran has been working in the computer and network security domain, in some form or the other, for the past 7 years and has worked with Industry giants like Reliance, Cisco, Microsoft. He was among the Top 10 Indian finalists in the Microsoft shootout competition among the list of 65000 participants. Then he decided to join Airtight Networks and there discovered Caffe Latte attack attack along with his colleague MD Sohail Ahmad from Airtight Networks ,the wifi hacking technique that doesn't required you to be in active vicinity of the wifi zone.

That said, he is one of the researcher to lookout.

Almost everybody at NULL Security Community & Garage4hackers

I said it before and I will say it again, the Only active Indian hacking community is NULL community, and the best Indian Hacking Forum where real hackers meet is garage4hackers.com hands on.
Only active Indian hacking community is NULL community
Shoutz to garage crew :)

Folks at Indian Honeynet Chapter

Now we are talking..Indian Honeynet chapter is the collaborative effort of the best geeks and hackers .The focus of honeypot is on Worms and Botnets and developing an Open Source tool to study and counter brute force attacks/ phishing through wifi. Its also being setup as potential web-app honeypot,and aims on improving detection and forensic techniques. Heading the ship are L Shriram, K K Mookhey, Amit Chugh, Asim Jakhar and a lot of professionals who are dedicated in the field of computer security.

Hari Prasad

The famed security researcher Hari Prasad is the winner of EFF Pioneer award
The famed security researcher Hari Prasad is the winner of EFF Pioneer award, as he along with Alex Halderman, and Rop Gonggrijp were able to study an electronic voting machine (EVM) and found significant vulnerabilities that would not be difficult to execute. For his troubles, Prasad was arrested and jailed in August, held without bail in Mumbai for a week. Though he is now out on bail and in the United States, he still faces criminal prosecution for alleged theft of the EVM and other charges.

The genius of the Indian system is that instead of making machines tamper proof and more efficient, they arrested him.
According to the Indian news agency PTI, the magistrate who released Prasad on bail noted that "no offence was disclosed with Hari Prasad's arrest and even if it was assumed that [the electronic voting machine] was stolen it appears that there was no dishonest intention on his part...he was trying to show how [electronic voting] machines can be tampered with."
Jayant Krishnamurthy

Jayant Krishnamurthy
Jayant Krishnamurthy is a Ph.D. candidate in Computer Science, CMU and his interests include are machine learning, machine reading, common sense reasoning, information extraction, knowledge representation, and their applications in AI and NLP (shamelessly taken from his website). He is one of the researchers who are behind designing MD6 algorithm (yeah you heard it right, the evolution of MD5). He is a top level computer theorist and researcher and is a real life hacker. He teaches computer and network security and you must ahve a look at the problems and solutions at the given link.

For the lighter side,you can have a look at the funny flash movie based on his real life experiences at high school.

I guess, you now have an actual idea of the Indian hackers now :) These guys are real and are deemed worthy of having the hacker emblem with them.
Long Live Indian Hackers

Top Black Hat Hackers List: Blackhat Hackers & Underground of Cyber World

Top Black Hat Hackers List: Blackhat Hackers & Underground of Cyber World

As all readers aware that these days we in our #infosec research work. Continuing to that today here another article & for this special thanks goes to SEM. Well before moving further, I also recommend you to have a look on few of our latest research work as cited below.


Russia 5th-Dimension Cyber Army

Estimated Personel: 7,500
Description: Founded in 2007. This was Project 25SX or SOLDIERX version 2.5 as it has become known as. This project was to take SOLDIERX back to its roots – information insemination. This idea removed much of the secrecy behind SX and the difficulty to get involved. Anybody who wanted to help with the site was able to. If a piece of work met criteria, it was posted onto the site by one of the admins. This was kind of like an early version of wikipedia for hackers if you think about it. It was all part of a dream RaT had of a site filled with programs and information which people frequented without incurring a charge. Those people learned from the site, and in turn gave back to it. The site would never be the same. If you look at the current site, all people are welcome to contribute to it. It is increasingly apparent that the wheels of Project 25SX are still in motion.

Relationship Designation: Potential Ally

Notes:

Cyber Warfare Budget:
$127 Million USD Offensive Cyber Capabilities: 4.1 (1 = Low, 3 = Moderate and 5 = Significant)

Cyber Weapons Arsenal in Order of Threat:
Large, advanced BotNet for DDoS and espionage
Electromagnetic pulse weapons (non-nuclear)
Compromised counterfeit computer software
Advanced dynamic exploitation capabilities
Wireless data communications jammers
Cyber Logic Bombs Computer viruses and worms
Cyber data collection exploits Computer and networks reconnaissance tools
Embedded Trojan time bombs (suspected)

Cyber Weapons Capabilities Rating: Advanced

Cyber force Size: 7,300 +

Reserves and Militia: None

Broadband Connections: 23.8 Million +

Close ties with Russian Business Network (RBN), who is thought to own and operate the second
largest BotNet in the world. Intelligence suggests there are organized groups of hackers tied to the Federal Security Bureau (FSB).

The FSB is the internal counter intelligence agency of the Russian Federation and successor to the Soviet KGB. Russia is often overlooked as a significant player in the global software industry. Russia produces 200,000 scientific and technology graduates each year. This is as many as India, which has five times the population. This is hard to believe since their software industry can be traced back to the 1950s.

A study by the World Bank stated that more than one million people are involved in software
research and development. Russia has the potential to become one of the largest IT markets in
Europe. The Russian hacker attack on Estonia in 2007 rang the alarm bell. Nations around the world can no longer ignore the advanced threat that Russia’s cyber warfare capabilities have today and the ones they aspire to have in the near future.

From this information, one can only conclude that Russia has advanced capabilities and the intent and technological capabilities necessary to carry out a cyber attack anywhere in the world at any time.

PLA Cyber Command



Estimated Personel: 5000

Description: Founded in 2010. The development of China’s cyber warfare program has captured worldwide attention in recent years. While evolving doctrines and incidents of cyber intrusions with alleged links to the Chinese government have helped China watchers glean the development of China’s growing cyber warfare capabilities, far less certainty surrounds the command and control side of this enigmatic operation.

Relationship Designation: Potential Enemy

Notes: Professor Meng Xiangqing from the PLA’s National Defense University Institute for Strategic Studies stated: “It is really hard to distinguish attacks and defenses in Internet war. In traditional wars, there was a definite boundary between attacks and defenses. However, in the war of internet, it was hard to define whether your action was an attack or a defense. If you claim to fight against hacker attack, it is hard to say that you are just defending yourself.“ Meng added, „To fight against a hacker attack, you might attack other Internet nodes, which leads to the Internet paralysis in other countries and regions. Moreover, the Internet is a virtual world. It is hard to say that acquiring information from other countries is a defense”

Revolution Guard Cyber Defense Command


Web Site: http://www.gerdab.ir/fa/content/3

Estimated Personel: 1000

Description: Founded in 2010. This is the Cyber Defense Command of the Revolution Gaurd Corp of Iran. One of the first acts of this Command was to declare war on Anonymous. A potent force not averse to the use of offensive tactics that other Commands would flinch from employing.

Relationship Designation: Enemy

Notes: After the protests in 2009, the Islamic Revolutionary Guards Corps established a cyber
defense command to counter online political activism, making Facebook and Twitter inaccessible to those without filter proxies bought in the West.

USA Cyber Command

Web Site: http://www.stratcom.mil/factsheets/Cyber_Command

Estimated Personel: 5000

Description: Founded in 2010. United States Cyber Command (USCYBERCOM) is an armed forces sub-unified command subordinate to United States Strategic Command. The command is located in Fort Meade, Maryland and led by General Keith B. Alexander. USCYBERCOM centralizes command of cyberspace operations, organizes existing cyber resources and synchronizes defense of U.S. military networks.

USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the
operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Relationship Designation: Neutral

Notes: The text „9ec4c12949a4f31474f299058ce2b22a“, which is located in the command’s emblem - is the MD5 hash of their mission statement. The command is charged with pulling together existing cyberspace resources, creating synergy and synchronizing war-fighting effects to defend the information security environment. USCYBERCOM is tasked with centralizing command of cyberspace operations, strengthening DoD cyberspace capabilities, and integrating and bolstering DoD’s cyber expertise.

Some military leaders claim that the existing cultures of the Army, Navy and Air Force are
fundamentally incompatible with that of cyber warfare, and have suggested a fourth branch of the military, a cyber-warfare branch. LTC Gregory Conti and COL John „Buck“ Surdu (chief of staff of the United States Army Research, Development and Engineering Command) stated that the three major services are „properly positioned to fight kinetic wars, and they value skills such as marksmanship, physical strength, the ability to leap out of airplanes and lead combat units under enemy fire. „Unfortunately,“ the two officers write, „these skills are irrelevant in cyber warfare. Technical expertise isn’t highly valued in the three services. Just look at military uniforms: no decorations or badges honoring technical expertise“, the officers point out. These officers suggest that „Ultimately, the role of fighting and winning in cyberspace is a military mission, which demands a military organization – one that can recruit, train and retain highly qualified cyber-warfare combatants.“

LulzSec

Web Site: http://twitter.com/#!/LulzSec

Estimated Membership: 500

Description: Founded in 2011. This group splintered off from Anonymous in spring 2011 in order to form a group which concentrated less on geo-politics and more on taking on adversaries that were a little more humorous.

Relationship Designation: Neutral

Notes: This group I still finding it’s way, but has already launched some impressive and well
publicized attacks. Some of the leaked data stolen in these attacks can be found here
http://thepiratebay.org/user/LulzSec/

Cult of the Dead Cow


Web Site: http://www.cultdeadcow.com

Estimated Membership: 500

Description: Founded in 1984. Based in Lubbock, Texas, CULT OF THE DEAD COW (cDc) is one of the most accomplished and oldest hacker groups in the computer underground. Widely considered (by themselves) to be the most elite people to ever walk the face of the earth, this think tank has been referred to as both „a bunch of sickos“ (Geraldo Rivera) and „the sexiest group of computer hackers there ever was“ (Jane Pratt, _Sassy_ and _Jane_ magazines). The cDc is a leading developer of Internet privacy and security tools, which are all free to the public. In addition, the cDc created the first electronic publication, which is still going strong.

Relationship Designation: Ally

Notes: The cDc Grand Imperial Dynasty includes a former Presidential Advisor on computer security, a Harvard researcher, a former U.N. official, an assistant district attorney, a professor of logic, an award-winning filmmaker, several published authors, a video game developer, an Eagle Scout, programmers of every sort, graphic artists, musicians, currency traders, and a Merovingian. And these are just the members who have chosen to make their association with the cDc known to the public.

For over twenty years, the cDc has proven itself as an innovative force in the computer
underground. In 1984, the cDc invented the electronic publication. In 1990, the cDc’s HoHoCon
defined the modern computer underground convention. In every U.S. Presidential Election since
1992, the cDc has run a candidate. In 1994, the cDc became the first computer undergound group to have its own Usenet newsgroup. In 1996, the cDc coined the term „hacktivism.“ Also in 1996, the Ninja Strike Force (cDc’s elite cadre of cheerleader-assassins) was founded. In 1997, years before everyone and their dog had jumped on the file sharing bandwagon, it was distributing original mp3-format music on its website. In 1998 and 1999, the cDc’s „Back Orifice“ series was launched to open the eyes of consumers regarding the security of their computer operating systems. To this day, Back Orifice and BO2k are among the most popular remote system administration tools among both hackers and IT professionals. Since 1999, Hacktivismo (a special projects group within the cDc) has been at the forefront of the ongoing struggle for human rights in and out of cyberspace. In 2002, the cDc and Hacktivismo drafted their own human rights-friendly software license and earned further distinction as the only underground computer groups to ever receive U.S. Department of Commerce approval to export strong encryption in software. In 2004, the cDc and the NSF launched the Bovine Dawn Dojo Forum, the greatest on-line community of all time.

Crewl Underground Madness


Web Site: http://www.blackhat.be

Estimated Membership: 500

Description: Founded in 1996. With four fulltime founding leaders and hundreds of supporting
members, Crewl Underground Madness (cum) is a belgian blackhat group specialized in network in security, hacking, coding and phreaking.

Relationship Designation: Potential Ally

Notes: This group has been quiet lately, although they have gotten some press for some impressive work they did helping people in Africa. Generally this is a small and dedicated group of very highly skilled hackers and their supporters. We have reached out to this group several times over the years but have received no response. I still feel however that they would make excellent allies.

Chaos Computer Club


Web Site: http://www.CCC.de

Estimated Membership: 10,000

Description: Founded in 1981. Chaos Computer Club is the oldest and largest hacker group in the world. The CCC describes itself as „a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information….“ In general, the CCC advocates more transparency in government, freedom of information, and human right to communication. Supporting the principles of the hacker ethic, the club also fights for free access to computers and technological infrastructure for everybody.

Relationship Designation: Ally

Notes: The CCC hosts the annual Chaos Communication Congress, Europe’s biggest hacker congress, with up to 4,500 participants. Every four years, the Chaos Communication Camp is the outdoor alternative for hackers worldwide. The CCC started a new yearly conference called SIGINT in May 2009 in Cologne, Germany. Members of the CCC also participate in various technological and political conferences around the planet.

The CCC publishes the quarterly magazine Datenschleuder (data catapult), and the CCC in Berlin also produces a monthly radio show called Chaosradio which picks up various technical and political topics in a two-hour talk radio show. The program is aired on a local radio station named Fritz. There is also a podcast spin-off named Chaosradio Express, an international podcast called Chaosradio International (which has been inactive for a couple of years now), and other radio programs offered by some regional Chaos Groups.

Soldier X

Web Site: http://www.SoldierX.com

Estimated Membership: 2000

Description: Founded in 1997. This was Project 25SX or SOLDIERX version 2.5 as it has become known as. This project was to take SOLDIERX back to its roots – information insemination. This idea removed much of the secrecy behind SX and the difficulty to get involved. Anybody who wanted to help with the site was able to. If a piece of work met criteria, it was posted onto the site by one of the admins. This was kind of like an early version of wikipedia for hackers if you think about it. It was all part of a dream RaT had of a site filled with programs and information which people frequented without incurring a charge. Those people learned from the site, and in turn gave back to it. The site would never be the same. If you look at the current site, all people are welcome to contribute to it. It is increasingly apparent that the wheels of Project 25SX are still in motion.

Relationship Designation: Ally

Notes: This group began as a group of game hackers, and evolved over time into the full fledged
Cyber Militia it is today. SOLDIER X was founded by Clinton H. Weir (Kefka/Ordune/Shto) in 1997 as a RPG group known as „SOLDIER“. RaT was appointed as the leader of the group. Other notable members included Blake and RPGMaster. „SOLDIER“ quickly became the largest group as RaT started to get into programming. He got into programming with the help of „MaGuS“, the the infamous creator of the „Fate X“ program series. SOLDIER wanted to make the whole AOL RPG’ing scene completely automated. He decided that they would do this with a test game application he created dubbed „RaT Fighter 1.0 Beta“. The program was a huge success and „RaT Fighter 1.0″ was eventually created. After his creation was finished, he was pleased that the games in the RPG scene now had the option to be automated – so he worked with his fellow programmers to decide what should be done next.

Anonymous


Web Site: http://www.AnonServ.org

Estimated Membership: 10,000

Description: Anonymous is the second largest hacker group of this kind in the world, and they have been responsible for some of the most historical cyber actions and battles ever. Anonymous is a trans-national and global organization with members in over 100 countries around the world.

Relationship Designation: Allied Group

Notes: While I have listed Anonymous as a Cyber Militia, it is a concensus building co-op. The leaders as much as they exist are primarily the people who run the network platforms upon which Anonymous acts. That said, Anonymous does have many Cyber Militia’s with a more martial organization who do fight under their banner, and their operations are vast and well organized attacks. By offering dozens of different groups and tens of thousands of individuals the unprecedented opportunity to wage cyberwar in a co-ordinated fashion, they meet the criteria of being a Cyber Militia.

Estonian Cyber Defence League

Web Site: http://www.dw-world.de/dw/article/0,,14968102,00.html

Estimated Membership: 1000

Description: In 2007, when Estonia’s government, financial and media computer networks were attacked by unknown Russian hackers following the government’s decision of relocating a Soviet war memorial, it must have been hard to believe that something good would come from it at the end. With that attack, Estonia became the first country ever to actually be engaged in a cyberwar, but that didn’t make them despair. If anything, that incident was what spurred them to institute their own Cyber Defense League – an organization that gathers computer scientists, programmers, software engineers and cybersecurity specialists and would, in time of war, be under the direct command of the military.

Relationship Designation: Neutral

Notes: Estonia, often referred to as „E-stonia,“ is one of the most connected nations of the planet - it’s a place where three quarters of the population use the Internet and nearly all of the 1.3 million people pay their taxes online. The tiny Baltic country was not only the first in the world to enable its citizens to vote online – and as of earlier this year, it now it has its own wired troops too. The new Cyber Defense League was created in response to massive cyberattacks that Estonia sustained four years ago this month. In April 2007, dozens of Estonian financial, media and government websites were rendered unusable for nearly two weeks.

This particular Cyber Militia is unique in that it is now commanded by approximately 100 full time cyber soldiers in the Estonian military. Therefore there is no question of government invovement with this group. My sense is this group will be primarily concerned with defensive measures and in any case it’s most natural enemies will probably come from Russia. However this group could conceivably become a true and potent adversary if there is ever an „Op Estonia“.

Albanian Cyber Army


Web Site: http://www.facebook.com/Albanian.CyberWar

Estimated Membership: 500

Description: What can you say, rabidly nationalistic, pro-Kosovo – and extremely anti-Serbian.

Relationship Designation: Neutral

Notes: This group is small and sort of shadowy. There is a known roster of leaders, and many member followers. Their political motivations are crystal clear, they love Kosovo Independence and hate Serbia, Greece and Macedonia with a passion. They have been responsible for a handful of high profile hacks, and I think they bear watching as a possible future force. I see no possible attack vector between our groups.

Peoples Liberation Front


Web Site: http://www.PeoplesLiberationFront.org

Estimated Membership: 1000

Description: Formed in 1985. A highly organized militant group of hackers who use the original American Militia form of organization. While members are free to come and go and sign up for any Op they want, once signed on to an action there is a tight command and control structure based around commissioned officers known as Commanders. Politically motivated, this dedicated group primarily fights for freedom of information, speech – and expression. This group is transnational and global, with members in over 50 countries. Founded in 1985 this one of the oldest Cyber Militias in the world.

Relationship Designation: N/A

Notes: This small but incredibly potent group contains some of the best hackers in the western world, and is most famous for small and surgical, yet incredibly effective actions around the world on behalf of freedom and justice. The group is diversified into various units dedicated to intelligence, penetration – DDoS attacks and more. This group has a particular expertise in counter intelligence, cyber warefare – and mass media dissemination. The PLF played an important role in the 2011 world wide uprisings which have been termed the Transnational Global Cyber Insurgency; that saw major operations in Tunisia, Algeria, Egypt, Libya, Syria, Ivory Coast – and Yemen just to name a few. This group comes at it’s enemies from every direction at once, and is known for eviscerating entire government networks litteraly over night.

Honker Union of China


Web Site: http://www.ChinaHonker.com

Estimated Membership: 25,000

Description: Formed in 1999 in response to the United States bombing of the Chinese embassy in Belgrade, Yugoslavia. HUC is a group known for hacktivism, mainly present in Mainland China. Literally the name means „Red Guest“, as compared to the usual Chinese transliteration of hacker (hēikè, literally Black Guest as in black hat). The The Honker Union of China is a nationalistic group bent on defending the Government of China from all enmeis both perceived and actual. They are also the largest known Cyber Militia in the world.
Although there is no evidence of Chinese government oversights of the group, with the official
government stance against cyber crime of any kind, the Honker Union and other freelance Chinese hackers have a complex relationship with the Chinese government. Greg Walton noted in his studies that Chinese government has been able to use the Honker Union as a „proxy force“ when Beijing’s political goals converge with the group’s nationalist sentiment. He also noted instances of members profited off the Chinese government for their skills and the Chinese government recruited members into security and military forces. Finally, Greg Walton pointed out that there are some calls within the group to be officially recognized and integrated into the Chinese government.

Relationship Designation: Potential Adversary

Notes: The HUC is the driving force of nationalistic hacking in China today. An amalgamation of
several earlier groups, they continue to grow and add members and absorb rival groups at an
astonishing rate. I personally rate this group as the single most powerful cyber warfare force on the planet. This cyber militia is listed as a potential adversary because of the PLF’s Dark Operations Snow Lion and Red Dragon, both of which will pit us directly against the Chinese Government and the PLA.

Members have launched a series of attacks on websites in the United States, mostly government-related sites. They also routinely target pro-Tibetan Freedom groups and individual activists. The name also suggests that a hacker in red, the color of the Communist party, is in combat with hackers in the dark. The HUC recently joined together with the Red Hacker Alliance to become the single largest hacker force on the planet.

Iranian Cyber Army


Web Site: http://iraniancyberarmy.tumblr.com

Estimated Membership: 5000

Description: Ultra Nationalist hackers who support the current Iranian regime. They have conducted dozens of high profile and very destructive cyber raids in the last few years.

Relationship Designation: Enemy

Notes: A Google search will reveal the details of the most recent high profile attacks by this group. The PLF became aware of this group shortly after we joined with Anonymous in Operation Iran. I sent them a personal appeal to leave off and join us instead, their reply was received a half hour later in the form of massive attacks upon the web assets of the PLF and Anon Ops. It is believed that the IRC receives considerable assistance from the Revolutionary Gaurd Cyber Defense Command. The Iranian Cyber Army is a potent and effective enemy and should be treated with a high level of respect and caution. The IRC is known to make use of huge bot-nets to launch devestating DDoS attacks.

What is Hacker Emblem? A Universal Hacker Emblem: The Glider Emblem

hacker emblem

What is Hacker Emblem? A Universal Hacker Emblem: The Glider Emblem

Emblem that represents the entire hacker community

The Linux folks have their penguin and the BSDers their daemon. Perl's got a camel, FSF fans have their gnu and OSI's got an open-source logo. But there is no emblem that represents the entire hacker community. This is a proposal that we adopt one — the glider pattern from the Game of Life.

What will I be saying if I display it?

When you put the glider emblem on your web page, or wear it on clothing, or display it in some other way, you are visibly associating yourself with the hacker culture. This is not quite the same thing as claiming to be a hacker yourself — that is a title of honor that generally has to be conferred by others rather than self-assumed. But by using this emblem, you express sympathy with hackers' goals, hackers' values, and the hacker way of living. See the FAQs page for further discussion.

Who should not use this emblem?

If you think hacking is about breaking into other peoples' computers, those of us the emblem was invented for do not want you displaying it. Go invent your own emblem, cracker. We'll find some way to shame and reject you publicly if you mess with ours.

I used to have a prohibition against commercial use here. A number of people have argued convincingly that this is impractical and perhaps unfair. But keep it tasteful, or you will be flamed.


How can I use it?


The glider is not copyrighted or trademarked. The recommended way to use it is on a web page, with an image and a link back to either this page or direct to How To Become A Hacker. Here is a snippet of XHTML you can paste into a page.
[a href='http://www.catb.org/hacker-emblem/']
[img src='http://www.catb.org/hacker-emblem/glider.png' alt='hacker emblem' /][/a]
NOTE: Replace [ & ] with greater & smaller sign
It will look as below:

hacker emblem

Variants:

Before composing your own variant, please read the FAQs page. Here are some of the ones I've been sent:
.O.
..O
OOO

|_|0|_|
|_|_|0|
|0|0|0|
.
..:


But what if the wrong people start using it?


A lot of people think this emblem will become worse than useless because script kiddies, crackers and wannabes will be the predominant ones to use it. Yes, that is a risk — but other emblems, like the peace sign or the A-for-anarchy, that have similar risks have retained a lot of utility. If it helps, I've gotten a lot of email from people picking up on it that I know to be hard-core hackers, and I've seen almost no abuse of it.

Why from you?

Because I maintain the How To Become A Hacker document, A Brief History of Hackerdom, the Jargon File, and am more or less the hackers' resident historian/anthropologist. It's my job to think of these things, if it's anybody's.

A MESSAGE FROM WWW.AMARJIT.INFO ADMIN's TO EVERYONE

Special Thanks to www.theprohack.com

The below variant of Hacker Emblem has been created by us. This is purely dedicated to all real hackers from India. We have also try our level best to compile the Top Indian Hackers List. We are dedicating the below Hacker Emblem to guys, names mentioned here @ Top Indian hackers list.

Related Article:




.



Website Defacement Proves You are Impotent

Website Defacement Proves You are Impotent

By Rishabh "xero" Dangwal from http://www.theprohack.com

Yep..I do get angry. More angry than anything often now and then.

5 rules I abide -
  1. I don't respect anyone at all who cant code and say they are hackers. They taint the word.
  2. I respect anyone who has the guts to confess he is a skid but is willing to learn and code and contribute to the scene. Everybody was a skid once.
  3. I am against anything related to defacements and exploitation if done using stolen/borrowed/any one else's code/shell/exploit/kernel patch. If its not your own, the defacement proves you are a skid and impotent.
  4. Complimenting the 3rd point, if you don't know what an exploit does at core/you cant read its code and cant comprehend it to the lowest level, and you are still using it to your whims and fancy, again, you disgust me.
  5. I hate anyone who ceases to pass any knowledge, the fool tries to hide his knowledge cuz he is afraid that it will create competition, the honest will reflect it to the fullest as he knows, the more he knows, the more he spreads, the greater the opportunities to create more creative code and thinking process.

Consider it my anger that NO knowledge sharing is done in any of the prominent Indian hacking forums out there, be it andhrahackers , indishell, hackers5, or anywhere. Same old stuff…leached from every possible where… The rest are not willing to share what they know due to their egos the size of Texas. At best you can go to garage4hackers , security xploded and can get your daily fix, or log into efnet/freenode and bitchx your daily fix of code and security.

When guys like (content suppressed) can start their own community and start commercializing the security scene for their own fucking profits, you know its time to back out. The real community n|u (null) stands out and is the only place where you can interact with some true hacker souls

The rest are fakes and I am glad I am not in touch with them. The real scene and some really good guys died 3 years ago


As all readers aware that these days we in our #infosec research work. Continuing to that here are the links. Special thanks goes to XERO. Well before moving further, I also recommend you to have a look on few of our articles as cited below.

Yersinia: How to analyzing and testing Network Protocols

Yersinia: How to analyzing and testing Network Protocols


System: Linux/Solaris/All BSD Platforms
License: GNU General Public License (GPL)
Purpose: Framework for analyzing and testing networks and systems
Homepage: http://www.yersinia.net/


Brief Summary:
Yersinia is a free open source utility written entirely in C which is great for security professionals, pen testers and hacker enthusiasts alike. Yersinia is a solid framework for analyzing and testing network protocols, and it is a great network tool designed to take advantage of some weaknesses in different network protocols. Yersinia allows you to send raw VTP (VLAN Trunking Protocol) packets and also allows you add and delete VLAN’s from a centralized point of origin.

Other Useful Features:
One of the useful features I like using with Yersinia is the DHCP (Dynamic Host Configuration Protocol) attack. In this scenario a DHCP starvation attack works by broadcasting DHCP requests with spoofed MAC addresses. This is easily accomplished with Yersinia, if enough requests are sent; the network attacker can exhaust the address space available to the DHCP provider for a period of time. I have used this attack on my Netgear router WGT624 v2 and every machine, regardless of whether it is connected via a wired or wireless looses its network connection. Once the attack is stopped the DHCP clients can reconnect and are able to use the network again.

Yersinia also runs as a network daemon (#yersinia –D) and allows you to setup a server in each network segment so that network administrators can access their networks. Yersinia listens to port 12000/tcp by default and allows you to analyze the network packets traversing the network. This is very useful because you can determine the mis-configurations on you network segment and correct them before an attacker takes advantage of them. With Yersinia you can also launch HSRP (Hot Standby Router Protocol) attacks. The first option with sending raw HSRP packets is simply sending custom HSRP packets; you can then test HSRP implementations on the local network segment. Another option is becoming the active router with a fake IP which results in a Denial of Service (DOS). You can also can launch a MITM (Man in the Middle) attack by becoming an active router by editing the HSRP packets fields in the attacked routers, by enabling IP forwarding on the attackers machine and providing a valid static route to the legitimate gateway the traffic from the victim’s machine will go through the attacker’s platform and will be subject to analysis and/or tampering.

You can configure a CDP (Cisco Discovery Protocol) virtual device that is fully automated by selecting the correct parameters frames in CDP. My favorite attack vector is using the flooding CDP table attack. It also allows for capturing editing and manipulating the frames in the Yersinia GUI interface.

Disadvantages:
Only two disadvantages within Yersinia are worthy of mention. The first is that it was created solely for the *nix community and is not available for the Windows Platform. The Yersina team has requested that the community contribute to the Windows platform, so all the Windows enthusiasts cross you fingers and let’s hope it will be available on Windows in the near future. Secondly, the Yersinia output log is written in Spanish words so have your translator of choice at the ready!

ATTACKS:

Spanning Tree Protocol
Sending RAW Configuration BPDU
Sending RAW TCN BPDU
DoS sending RAW Configuration BPDU
DoS sending RAW TCN BPDU
Claiming Root Role
Claiming Other Role
Claiming Root Role dual home (MITM)

Cisco Discovery ProtocolSending RAW CDP packet
DoS flooding CDP neighbors table
Setting up a virtual device

Dynamic Host Configuration ProtocolSending RAW DHCP packet
DoS sending DISCOVER packet (exhausting ip pool)
Setting up rogue DHCP server
DoS sending RELEASE packet (releasing assigned ip)

Hot Standby Router ProtocolSending RAW HSRP packet
Becoming active router
Becoming active router (MITM)



Dynamic Trunking ProtocolSending RAW DTP packet
Enabling trunking

802.1QSending RAW 802.1Q packet
Sending double encapsulated 802.1Q packet
Sending 802.1Q ARP Poisoning

802.1XSending RAW 802.1X packet
Mitm 802.1X with 2 interfaces

VLAN Trunking ProtocolSending RAW VTP packet
Deleting ALL VLANs
Deleting selected VLAN
Adding one VLAN
Catalyst crash

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com , ,manoj960000@gmial.com.
skype: greeenchip

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code