This post is meant to give the House of Hackers community, future sponsors and clients some ideas on how to make most of the system. I will discuss a few ideas around the social networking platform, its capabilities and use. I am also planning to give you clues about in what way 3rd-party organizations can tamper into the network and perform crowdsourcing, etc. At this very moment, we have 348 members. It’s worth having a read of this article. [...]
House of Hackers is an exclusive, hacker community network. The House of Hackers community is established to support the hacker culture, mindset, way of life, ideologies, political views, vision, etc.
Members of the community are able to exchange ideas with each other, communicate, form groups, elite circles and tiger/red teams, conglomerate around projects and participate in the independent, hacker recruitment market. [...]
A remote vulnerability exists in the QuickTime player for Windows XP and Vista (latest service packs). Other versions are believed to be affected as well. For now, no details will be released regarding the method of exploitation.
Because we are an information security think tank and because we encounter some very interesting vulnerabilities in our work, we often share our findings with the masses in order to give something back to the community. [...]
I am stuck at the Dubai International Airport and I have nothing else interesting to do. So, I though I might share a simple technique which will go into the Agile Hacking project. Here I will show you how to create a reverse command shell without using 3rd-party tools such as the all mighty netcat. Please read on!
When the pentester compromises a machine they often need to provide themselves with a user friendly access to the system. This is where command shells come into place. [...]
Here is the story. The other day I was messing with some crypto. After going through some pretty interesting stuff, I’ve suddenly realized something which is very, very obvious when you think about it. Indeed, obvious and simple things are harder to grasp. It is a paradox, I know.
It is again another case of using security technologies for criminal purposes. Let’s take HTTPs as an example. [...]
Both Ivan Ristic and Nathan McFeters has blogged about it so I wont waste your time with what they have already said. Go ahead and read their blogs. Instead, I would like to represent my view in this blog post.
Just as a background, I’ve already talked about the British Computer Misuse Act. Now, what really makes me worried is that this act wont fix anything. In fact, it will make the situation far worse. [...]
One of the things I like about the hacker/security community is how much ideas exchanging takes place. Most researchers soon realize that there is nothing like a good session of sharing ideas with other peers in order to come up with even more interesting thoughts!
We’re happy to say that GNUCITIZEN will be part of one of the events we were the most interested in: HITB Dubai 2008. [...]
A device that is vulnerable to this issue, only performs an authentication check (i.e.: is the password being submitted with a request via basic authentication?) when the request is performed using a certain HTTP method. For instance, most devices have a feature to backup the config file which contains all the configuration settings including admin credentials.
Finding authentication bypass bugs is an obvious choice for attackers, since such bugs allow administrative changes to be made without knowledge of the admin password. In other words, compromising the target device without requiring a password is of course something attackers are interested in! You bet! [...]