Ethical Hacking eBook - Hacking For Dummies 3rd Edition

Looking for an easy way to start learning about ethical hacking ?
Then Hacking For Dummies (3rd Edition) is a must read. Containing about 411 pages, this ebook has been used by thousands of hackers around the globe to sharpen their penetration testing skills.

The Book adopts more the white hat way of hacking so that effective counter measures can be implemented agaisnt black hat hackers.After reading this, you will learn about the latest ethical hacking methods and how to protect your system against hacking attempts. The book is divided into seven main parts:
Part I - Building the Foundation of Ethical Hacking
Part II - Putting Ethical Hacking in Motion
Part III - Hacking The Network
Part IV - Hacking Operating Systems
Part V - Hacking Applications
Part VI - Ethical Hacking Aftermath
Part VII - The Part of Tens
Priced at about $15, the black hat hacker blog provides a link to download the eBook version for free. Enjoy ;)

Download Hacking For Dummies 3rd Edition
 

Black Hat Hacker Group - LulzSec

The phenomenon of black hat hackers working on groups is well know. The most well known group must surely be Anonymous. This group gets all kind of media attention and hence causes other smaller groups but which merit significantly more showtime is the black hat hacker group "LulzSec"

LulSec is short for Lulz Security. This group consists of 6 core black hat hacker members, their goal seem to be have fun hacking and exposing the several security threats on the net. They d things apparently for the 'lulz' part of doing it, for the entertainment.

Operation Anti-Security
Operation Antisec, #Antisec or whatever you want to call it is perhaps one of the most mediated hacking operation ever. The two most famous: Anonymous and LulzSec teamed up to bring down and hack targets like Serious Organised Crime Agency (SOCA), Arizona Department of Public Safety and newspapers like The Post and The Times.

LulzSec and the FBI
After hacking Fox.com and leaking X-Factors contestants personal info, they hacked onto The American PBS system and even Sonny Pictures was not sparred. Now they are going big - FBI Affiliated Organisations. You can get more info on all their attacks on Wikipedia. I came across a video relating some interesting info about the group and FBI, you are welcome to take a look.

I hope you have as much fun as i did when finding more about the group.

Their Tweeter page: :http://twitter.com/#!/LulzSec
Download all their leaked/published documents: http://thepiratebay.org/user/LulzSec/
Their Last Release: http://pastebin.com/

Google Chrome and Firefox Crash Exploit


Once in a while you come across people who just won't stop wasting your time on Facebook.
They just do not have anything else to do than to piss you off. In those time, you wish you could just disable that person's internet connection ! While this post won't show you how to do this, it will surely show you how you can piss off your friends by crashing their browsers.

I came across this exploit on the net devised by some hacker by the name of t3rm!n4t0r. The exploit can be found on the Exploit Database Website under the section DoS/PoC and with the name "Google Chrome Denial Of Service (DoS)".
The reason why the author call this a DoS is above my comprehension xD. It is just some javascipt code that crash the browser because the javascript code messes up with the memory of the browser. Still IT DOES CRASH THE BROWSER.


Download the exploit code here: Exploit Database 


Affected Platforms: Windows and Unix

Affected Browsers: Chrome and Firefox

Tested on: Chrome v15 and Firefox v7



How to make it work ?
This exploit can be handy, so you may want it to be ready and and ur disposal.
I recommend uploading the code on a free web host.
(You have to save the code as an html file first)
Shorten the url of your free web host using goo.gl service or any other.
Just send them the url and watch them dissapear xD
Total Fun and they don't even know what hit them.
Happy Crashing.

Department of Defence, NASA, Pentagon and NSA have been hacked by hacker named Sl1nk

The United States of America, Department of Defence (DoD).
Department of the Navy, the Pentagon, NASA and the National Security Agency(NSA)



All these security agencies are thought to have the best ever security put into place against hacker attacks...yet one claims to have hacked into them !!!


Hacker Pseudoname: Sl1nk
Organisation: Unknown
Reputation: Unknown

This guys claims to have done some quite interesting and unbelievable things..things that would mean that the security holes in these above mentioned agencies are countless..
Is that because they wanted to adopt cloud computing, we'll see that later.

Maybe what this hacker 'sl1nk' is claiming to have done is completely false..but the information he provided seems so precise that it becomes difficult to ignore them. There is a set of documents he presented as proof and which are available to view at the end of this post. For now take a look at the tricks he says he managed to pull:
  1. SSH access to a Network of 140 machine's layer 1 to 3 in the Pentagon
  2. Access to APACS (automated personell air clearance system) 
  3. Thousand's of documents ranging from seizure of a vehicle up to private encryption key request forms.
  4. Database of all usernames/passwords of Webmail of Nasa.
  5. Access to ASSIST (Database for Military Specifications and Military Standards)
  6. Data Transformation Corporation's FAA Sponsored DUAT Service
  7. Access to Government Gateway at http://www.gateway.gov.uk/
  8. Access to applicationmanager.gov
  9. Login access to HM Revenue & Customs (HMRC)
  10. Login to Central Data Exchange | US EPA
As you can see, he (sl1nk) claims to have SSH access to many boxes, a list is given below :-

Pentagon, Nasa, Navy, NSA Area 54 Department of the Navy, Space and Naval Warfare System Command
64.224.0.11 207.60.16.0 - 207.60.16.255 205.0.0.0 - 205.117.255.0 
IP=64.224.0.5





64.70.0.2,





64.70.1.15





64.70.2.53





64.70.2.95





131.182.3.72





153.31.1.195





64.70.2.16





128.149.2.1





64.224.0.9 and lots more







 He also presented some account credentials that suppozedly THN Team verified and documents originating from the Department of Defence (DoD).

https://assist.daps.dla.mil/ 
User: COM502571
Pass: C*************g@@
--------------------------------------------
http://www.duat.com 
system access code: 0016***9
password: F*****1
--------------------------------------------
http://www.gateway.gov.uk/ 
Agent Name: Corie Lee
User ID: 1152****652
Pass: **************
--------------------------------------------
https://online.hmrc.gov.uk/account 
Your User ID is: 437067167597
Password: cl**********3d
--------------------------------------------
https://applicationmanager.gov/
User: administratorbackup
Pass: fu********l@
--------------------------------------------
https://cdxnode64.epa.gov 
User: JCrimson
Pass: M*********0n
--------------------------------------------
https://pecos.cms.hhs.gov/pecos/login.do 
User: Adminbackup
Pass: g*********7
 














Nice proofs and for sure would make people believe that these agencies have security flaws..but to what extent is it true ?

Was it because they moved to cloud computing...but why our defense and intelligence agencies are moving so quickly to adopt cloud computing ?
The answer is cost savings and higher efficiency but the most important aspect is is grounded squarely in our DoD's need exploit information faster than its adversaries.
Cloud computing is unique in its ability to address critical defense and intelligence mission needs.  That’s why cloud computing is critical to national defense.
The main concerns surrounding Cloud Computing Security are:
Data security, privacy and integrity
Intrusion detection and prevention

Security concerns about Cloud Computing are nothing new
Security experts find flaws in cloud computing
Demonstrations of new ways to attack corporate data stored with the increasingly popular “cloud” services have added to concerns about the technology.
Security researchers at the Black Hat USA security conference in Las Vegas showed how users of Amazon’s Elastic Compute Cloud (EC2) services were tricked into using virtual machines that could have included “back doors” for snooping.