Vote for us in Top 100 Security Sites
|
|
|
Written by hevnsnt
|
|
Monday, 25 January 2010 |
|
ShmooCon for Hope For Haiti Ticket
ALL PROCEEDS TO GO TO RED CROSS FOR HAITI
DONATIONS
For sale: 1 ShmooCon 2010 Entry
Barcode. (via ebay) Please bid it up, because I will donate 100% of all proceeds
of this action to help the unfortunate victims of the earthquake in
Haiti via Red Cross. Do the right thing, bid often and please help
spread the word via Twitter using hashtag #IhackedHaiti
What
you will Receive: - 1 Unused Shmoocon 2010 Barcode which
will allow you entry to one of the best security conferences in the
world. You will receive this via email within one day of the auctions
completion.
- FREE access to the exclusive Shmoocon party
(featuring free drinks of course). Get to meet all the security celebs
you have heard of!
- Free back-rub and lapdance from the DNS
man himself, Dan Kaminsky!*
Product Information
Title:
ShmooCon
Event Type: Security Conferece
Venue Name: Wardman Park
Marriott
Date: Feb 5 - 7 2010
Event Name: ShmooCon
City:
Washington D.C.
State: D.C.
*Note: Dan pretty much
does this to everyone,
so chances are you will get it -- but I am
not promising anything.
|
|
Last Updated ( Monday, 25 January 2010 )
|
|
|
Written by hevnsnt
|
|
Sunday, 24 January 2010 |
For those who don't know, TOR stands for the The Onion Router. TOR provides anonymous (FYI this differs from secure) access to the internet by bouncing your communications around a distributed
network of relays run by volunteers all around the world: it prevents
somebody watching your Internet connection from learning what sites you
visit, and it prevents the sites you visit from learning your physical
location. Tor works with many of your existing applications, including
web browsers, instant messaging
clients, remote login, and other applications based on the TCP protocol. (src) Think of it like every movie which has an evil hacker "He is untraceable, he is bouncing from USA to Africa to France etc..)
I have been an off-and-on again user of TOR for several years, however I really never found the "killer purpose" for using it -- After all I no longer pretend to be that bad guy hacker in a poorly written movie. However this weekend, @Surbo brought up an interesting situation: He noticed that a malicious site (which happened to be actively targeting our company) disappeared and changed tactics as soon as he started investigating it. He was concerned that the bad guys were watching THEIR logs, and took action when they saw him knocking on their door. That got me thinking, it would be nice if we had a centralized TOR server that my team could use every time we wanted to "investigate" a foreign site.
The following tutorial will walk you through setting up this centralized TOR proxy, which allows for multiple computers to easily connect and disconnect with a simple click of the mouse (and very little software to install).
|
|
Last Updated ( Monday, 25 January 2010 )
|
|
Read more...
|
|
|
Written by Notlist3d
|
|
Tuesday, 04 August 2009 |
By now, pretty much everyone has heard that it is easy to hack into WEP protected networks.
As we have seen in our Cracking WEP article, it is terribly easy. (There have been advances in cracking WEP since that article was published, it is even easier now) Yeah, WiFi is inherently insecure, but we need it... Right? Well if you ask your local security guy how you can protect your home WiFi network, surely they will come back and say: "WPA or WPA2 cannot be cracked, use it". They are wrong.
By simply installing a patch to your existing hardware, WPA came in as the "Saving Grace" for wireless networking. It corrected almost every security problem either created or ignored by WEP. However, WPA was not perfect. The method in which WPA initializes its encryption scheme is subject to capture and offline brute force attacks. Consequently, it's actually easier to crack WPA which uses a weak password than it is to crack WEP. This article will walk you through the process of retreiving and cracking a WPA network key.
|
|
Last Updated ( Tuesday, 04 August 2009 )
|
|
Read more...
|
|
|
Written by hevnsnt
|
|
Monday, 27 July 2009 |
Yes, it is that time again -- Defcon17 is quickly approaching. If you have been following my twitter stream you already know that I have been down in the CCCKC hackerspace Caves working feverishly to finish some toys/gadgets/hackerstuffs before we leave.
 If you plan on being at Defcon this year, try to find either myself
(hevnsnt) or Surbo.. We will be posting out locations via twitter, so make sure you are following ihacked on twitter because "Good things come to those who follow i-hacked". :)
Also this year our very favorite DJ, DJ Great Scott, has somehow managed to finagle his way to being in charge of the music this year, if you have not already checked out the set-list, it is looking SICK.
I look forward to seeing you all in Vegas!
-Bill (hevnsnt)
|
|
Last Updated ( Tuesday, 28 July 2009 )
|
|
Read more...
|
|
|
Written by hevnsnt
|
|
Thursday, 23 July 2009 |
People go crazy for free stuff. When you shoot it at them they love it even more.
After a couple trips to the local "Home Improvement Store" you too can build this DIY Compressed Air T-shirt Cannon and launch t-shirts, hot dogs, or really any else you can fit it the 3" wide barrel at your friends and neighbors.
Or take it with you the next time you go to "The Big Game" and shoot the T-Shirts BACK at the cheerleaders! Now that's Team Spirit! (Don't blame me if you spend the entire game in the Police station explaining exactly what your intentions where)
Features of this model:
- Interchangeable Barrels!
- Multi-Sources for compressed air (CO2 or Bike Pump)
- Lots of safety features! (Multiple ball valves, and a safety release valve)
Oh, yeah please be responsible -- dont hurt anyone
 |
|
Last Updated ( Saturday, 25 July 2009 )
|
|
Read more...
|
|
|
Written by Larry "haxorthematrix" Pesce
|
|
Tuesday, 07 July 2009 |
 The guys at PaulDotCom Security Weekly have this thing for wireless of all kinds. Wireless cards, cables, antennas, 802.11, RFID...the list goes on. Always on the lookout for something neat and useful they found the Asus EEE line of netbooks. They are small, usually feature Atheros wireless cards, and have a huge modding community. The small form factor is also something that works well for wireless assessments, whether covert or sanctioned. The size is conducive to easy transport in a small space or as a second laptop while traveling.
To those aims, the Asus 4G Surf (amongst others in the EEE family) works well, however the small internal wireless antennas don't offer much flexibility or range. We need to take some cues from the EEE modding community and extend the hardware to support a better antenna. So, here's how to add an external RP-TNC antenna connector to the Asus EEE 4G Surf. |
|
Last Updated ( Tuesday, 07 July 2009 )
|
|
Read more...
|
|
|
Written by Donny Hubener
|
|
Friday, 03 July 2009 |
 This paper is written to introduce you to the design and theory of how a Structured Exception Handler (SEH) exploit can be written to target a Windows host. We use the buffer overflow vulnerability in the ESF EasyChat Server software as a detailed example of this exploit type.
While the paper attempts to cover the topics for those new to writing exploits, it still makes some assumptions about the reader's related experience. For instance, the paper does not go into detail about how to write assembly code and how it is used for shellcode as the exploit payload. It also does not talk about the difference between hexadecimal and decimal number systems which is required to understand many of the numeric values used throughout the document. Here is a list of topics you should be familiar with before continuing to read this paper:
➢ Hexadecimal number system
➢ Basic understanding of how Assembly language is used
➢ Basic understanding of Assembly Opcode Mnemomics
➢ Understanding of memory pointers
➢ General idea of memory registers and their use
➢ Some experience with writing program functions of any language
Likewise there are some requirements that you will need should you want to complete the exercise. I highly suggest that you finish the exercise, as this will solidify a lot of the concepts that are discussed. You will need: ➢ A WindowsXP SP1 machine (Virtual Machine is Ok) (Victim)
➢ Ollydbg installed on XP SP1 box
➢ OllySSEH Ollydbg Plugin installed on XP SP1 box
➢ ESF EasyChat Server 2.2 (Free)
➢ Another machine with Python installed. (can be any os) (Attacker)
One of the most important concepts to understand when writing functional exploits is that they are the result of a software bug. If all programs were perfectly written such that there were no flaws, there would be no vulnerabilities to exploit. In many cases, an attacker may be able to cause a program to crash due to insufficient error checking within the program. Causing the program to crash would be considered a Denial of Service (DOS) attack. However, causing a DOS condition in a program does not mean it can be fully exploited, but it does indicate that it could be possible. While there are several different types of attack vectors available to create a fully functional exploit, there are many cases where the conditions of the program or environment do not provide a viable exploit using any of the known vectors. This article is written with the assumption that an SEH attack vector is possible in the target software, and it is important to understand that this vector may not always be present in other vulnerable software.
Before we get started, take note that we will be mostly discussing the operation of two different software routines that are running simultaneously. One routine will be the vulnerable software program and it's supporting function libraries that we are attempting to corrupt. For us, this first routine will be the EasyChat server software. The second routine is the Windows system exception dispatcher which constantly runs waiting for an error condition to occur. The dispatcher routine attempts to handle any exceptions (errors) that may occur in the first routine (EasyChat). As we go through this paper, try to keep these two routines separate in your mind.
|
|
Last Updated ( Tuesday, 07 July 2009 )
|
|
Read more...
|
|
| | << Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
| | Results 1 - 8 of 203 |
|
|
2006 I-Hacked T-Shirts |
I-Hacked T-Shirts Have been released, Now with 3 versions! Check them out here 
|
|
