HackingTheUniverse

You are browsing the archives of Penetration.

When computer system vulnerabilities are discovered, patches are issued that have been designed to close the hole of vulnerability. The patches take some time to construct and deploy and even longer to get the community to accept them and install them. This always leaves a gap of some time between the discovery and when the […]

Hacking computers is a mysterious and dangerous world that most of us don’t really understand. This video shows some hackers at DEFCON demonstrating their techniques on a reporter who volunteered to be hacked. The video shows some basic “social engineering” which may use technical knowledge and experience, but involves classic “confidence” manipulation to gain credentials […]

While the main premise of the article linked below is correct, it understates a key part of password cracking methodology. There are two primary means of cracking passwords: using word lists, and brute force. There are also many hybrid combinations, which is an important focus of the article. In brute force cracking, every element of […]

If the NSA has managed to inject backdoor access into most U.S. produced technology, they can win a victory in the intelligence war, but we the citizens may find it necessary to abandon some of the use of American technology ourselves. If we can make our enemies afraid that we can access their computers and […]

The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare – [sans.org] 2. Background On December 30, 2010, a patriot hacker posted a message to an Internet Chat Relay (IRC) Server. Quoting Steve Jobs, the hacker typed: “A small team of A players can run circles round a giant team of B and C players” […]

Netragard’s Hacker Interface Device (HID) – [snosoft.com] We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email […]

Stuxnet appears to be one of the most sophisticated cyber attacks ever detected. The size and scope of the effort required to launch the attack leads analysts to suspect it came from a national security cyber team with tremendous resources. And the target may have been the SCADA control systems inside the Bushehr nuclear plant […]

An attack that can bypass Anti-Virus defenses has been detailed in a research paper by matousec.com. Matousec developed an engine called KHOBE (Kernel HOok Bypassing Engine) that uses an “argument switch” strategy, or SSDT hooking, to convince the AV scanner that everything is okay. KHOBE – 8.0 earthquake for Windows desktop security software – [matousec.com] […]

Here’s a roundup of recent metasploit techniques: Nessus Scanning through a Metasploit Meterpreter Session – [pauldotcom.com] Scenario: You are doing a penetration test. The client’s internet face is locked down pretty well. No services are exposed externally and only HTTP/HTTPS are allowed OUT of the corporate firewall. You email in a carefully crafted email with […]

A trojan horse backdoor called “Zeus” is being used by a botnet named “Kneber” by researchers. This botnet has been operational for over a year and has compromised many organizations and collected a vast amount of data that was intended to be confidential. Hackers Mount New Strike – [wsj.com] Hackers in Europe and China successfully […]