Everything Else
The Null Byte Call to Arms: A Special Message to the Community
The community here on Null Byte has always been great and helpful in sharing their know-how, even before I took up admin duties in this World. I jumped at the chance of leading Null Byte because I enjoy teaching and informing people on all of the important need-to-know things out there, but more so than that—there is a deeper reason.
News: 8 Wireshark Filters Every Wiretapper Uses to Spy on Web Conversations and Surfing Habits
In my Wireshark article, we talked a little bit about packet sniffing, but we focused more on the underlying protocols and models. Now, I'd like to dive right back into Wireshark and start stealing packets.
News: Want a Career in IT Security? Our IT Recruiter Shares the Top Qualifications in Demand Right Now
People sometimes ask me about the IT industry here in the states. These folks are usually either trying to get into a certain field, or looking to switch or move into another one. Right now, you may currently be a Computer Science major that will be graduating shortly and are interested in the current state of IT security.
News: Network Admin? You Might Become a Criminal Soon
It seems like the EU is currently in the works of making "the production or sale of devices such as computer programs designed for cyber-attacks" illegal. So, if you're a network admin that uses WireShark or Metasploit, you better watch out!
News: Anonymous Hackers Replace Police Supplier Website With ‘Tribute to Jeremy Hamm
Anonymous hacktivists announced via Twitter that they had successfully hacked the website of New York Iron Works, a police-equipment supplier, and replaced the homepage with a tribute of love to arrested hacker and Chicagoan Jeremy Hammond.
News: Stop CISPA NOW!!!
The US government is trying to push another anti-piracy bill through without anyone knowing so please click the link and sign it to tell Congress that they can't get away with this.
News: Gathering Data for Fun and Profit
Oh Data, You so Awesome! We are going to use Node.JS to gather us some data. Given nodes plethora of well abstracted network abilities and it's deep evened nature, it will make quick work of plugging into various data sources and gathering / making good use of said data.
News: Half a Million Macs Affected by Flashback Trojan! Eradicate It Before It's Too Late
Watch out Macs. Flashback is back. Variations of the trojan have reportedly infected 600,000 Mac computers around the globe, with about 57 percent in the U.S. and another 20 percent in Canada.
News: 1.5 Million Credit Cards Hacked in the Global Payments Breach: Was Yours One of Them?
As hard as you try to protect your valuable information with strong passwords and anti-doxing measures, there's nothing you can really do when someone else gives up your goods. And that is the case with the recent Global Payments breach.
News: Secure Your Wireless Network from Pillage and Plunder in 8 Easy Steps
Wireless networks. Nowadays, everyone uses 'em, but most don't secure 'em. On average, I can drive up and down any block in my city and find at least one or two open or semi-open networks on any given day. With some changed MAC addresses for good measure, an attacker can use your network as a spring board for who knows what. When the police come a few days after, they are coming to your door—and not to talk about how nice your lawn is. Don't be that guy.
Hack Logs and Linux Commands: What's Going On Here?
This morning, I received a message from a friend who was reading a hack log, and she had some questions about the commands used. This got me thinking, as Linux has a ton of commands and some can be archaic, yet useful. We are going to go over everything you need to know to read a hack log and hopefully implant the steps in your head for future use.
News: Anonymity Networks. Don't use one, use all of them!
Introduction The 3 major anonymity networks on the Internet are Tor/Onionland, I2P and Freenet. If you feel confused on which one is the "best" one to use the answer is simple. Use all three!
IPsec Tools of the Trade: Don't Bring a Knife to a Gunfight
Pull up outside any construction site and you'll see tools scattered about—hammers, jigsaws, nail guns, hydraulic pipe benders—these are the tools of the trade. You would be hard-pressed to build a home or office building with just your hands! On that same page, security professionals also have their own go-to tools that they use on the job site, only their job site is your server.
News: Backtrack 5 R2, 3.2.6 Linux Kernal
Backtrack 5 R2 was recently released and added over 40 new tools and updates to their old tools. Along with a new Linux 3.2.6 Kernel and better networking support.
Lock Down Your Web Server: 10 Easy Steps to Stop Hackers from Attacking
You want to put out a live web server, but you don't want to be owned in the process. An expert eye for security is not needed if you take a few basic steps in locking down the hatches. Most successful attacks today are not the complex, time-consuming tasks you might think, but simple lapses in policy that a hacker can take advantage of to compromise your server.
News: The Federal Laws Every Hacker Needs to Know to Stay Out of Prison
If you're a frequenter of Null Byte, I bet you have at least some interest in information security. Furthermore, you have a hobby that if applied in certain ways, will get you arrested. I've received quite a few messages from the community here about federal cybercrime law and how it applies to them, so I decided to get together with my lawyer to come up with some answers.
News: Finding Hidden Metadata in Images (Oh, the Possibilities)
Did you know there is hidden data in your digital pictures? Well, there is, and that data might be a security risk to you. Think back at all of those pictures you're in and are connected with. I'm sure some of those you'd like to distance yourself from. And surely you wouldn't mind checking out the metadata in a few of those images. In this article, we'll be going over how to do just that.
News: Massive Leak! Wikileaks publishes Stratfor emails.
Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered "global intelligence" company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agenc...
News: New Variant of Zeus Trojan Loses Reliance On C&C Server
This week, researchers from Symantec shared information on the recent discovery of a new variant of the Zeus Trojan. This new variant of the popular and ever-changing banking Trojan makes use of P2P communication exclusively, making the botnet have no single point of failure and ensuring it can be kept alive and gathering data that the cybercriminal can profit from. In other words, this new variant requires no central Command-and-Control server to control the bots.
News: Learn to Code in Python, Part One: Variables, Input and Output
In this article, I'll be exploring the basics of Python, i.e. variables, input and output. You'll need Python (2.7+), a computer, and some free time.
News: Bugzilla Cross Site Request Forgery
Summary =======
News: The Right Linux Distro
As many of you Null Byters may know, I was planning on writing this article a week or two ago. Better late than never! So, let's get right to it then—choosing the right Linux distro for your needs.
Uncrackable File Sharing: Securely Transfer Your Secrets with 4096-Bit Encryption
Do you need to email your wife your Social Security number? Send confidential business plans to your partner in Thailand? Send your hacker buddies the recovered hashes from last night's breach? Try using GPG, a valuable and easy to use open-source encryption program.
Uncrackable: Secure Your Secrets with 4096-Bit Encryption
As you progress in the world of information security, you'll find yourself in situations where data protection is paramount. No doubt you will have files to hide and secrets to share, so I'm going to show you how to use the GNU Privacy Guard (GnuPG or GPG for short) to encrypt and decrypt as you need. GPG is a great open-source version of Pretty Good Privacy (PGP), a similar application used for encryption, but licensing and patent problems led to the development of GPG in its wake.
Farewell Byte: Goodbye Alex, Welcome Allen
Hello, fellow Null Byters. Today, with mixed feelings, I want to let you know that this is my last official post as the admin of Null Byte. I've come to the decision that I need to spend more time focusing on my studies. Over the past 5 months, I have enjoyed building this community and teaching people unorthodox methods of doing things, creating things, and hacking them. But I'm also excited to be delving deeper into the studies that brought me here in the first place.
News: Art Meets Information Liberation with the Transparency Grenade
Julian Oliver created the Transparency Grenade in January 2012 for the Studio Weise7 exhibition at Labor 8. It's a transparent device with a "payload" built from an ARM Chip, an Arduino Nano, a mic, and a strong Wi-Fi antenna. It taps into wireless networks and logs emails, webpages, images, and voice to a publicly available online map showing its "detonation" location. Apparently, development for an Android version (sans the pretty plastic shell) is under way thanks to interested donors. See...
News: FBI holds teleconference regarding Anonymous - but they were listening!
The FBI decided to have a large internal teleconference on ideas and plans to wrangle in Anonymous 'members' - need less to say this ended in a rather unexpected way...
Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations
Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.
News: Fend Off Attackers Using This Scary Hot DIY Pepper Spray
Let's face it, the world we live in is far from the fairy-tale land we want it to be, where violence doesn't exist and weapons are not needed. Our foremost goal in life out there in the scary world is simply to survive. And if we need a few tools to accomplish this, we should use them, right?
News: Combinedsystems.com Defaced and RM'd by Antisec!
A major attack went down more early then expected, read the pastebin for the lulzy details!
Community Byte: HackThisSite, Realistic 5 - Real Hacking Simulations
Eventually, we plan on doing some root the box competitions here at Null Byte, but we're still looking for a server to play on. Anyone want to donate one? You won't regret it. Root the box is like 'king of the hill', except you have to hack a server and maintain access. Each server will have numerous known security holes, but until then, let's get back to the regular weekly coding sessions and realistic hacking missions on HackThisSite.
Goodnight Byte: HackThisSite, Realistic 4 - Real Hacking Simulations
Last Friday's mission was to accomplish solving HackThisSite, realistic 4. The fourth in a series of realistic simulation missions was designed to be exactly like a situation you may encounter in the real world. This time, we are told "Fischer's Animal Products is a company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list."
News: Catch Creeps and Thieves in Action: Set Up a Motion-Activated Webcam DVR in Linux
When it comes to webcams these days, most people are using their laptops over desktops. The cameras are centered, integrated, and require no configuring. They're a cinch and usually have great resolution. So, then what do we do with all of those old wired desktop webcams that we've accrued over the years? Even if you still use an external USB one, chances are you're not using it daily, so why not come up with a better use for it?
Community Contest: Code the Best Hacking Tool, Win Bragging Rights
Here's something fun for the Null Byte community to do—a coding competition! This week, I wanted to get everyone involved by offering you all a nice library of possible program types to choose from and try to code. At the end of this competition, all of the submitted programs will be reviewed by the community and myself. The coder that receives the most votes will be dubbed THE BEST.
News: Symantec Source Code Released by Anon After Failed Negotiations
A hacker from Anonymous broke off communication with an FBI agent posing as a Symanec employee after being offered $50,000 to not publish the Symantec pcAnywhere code online. And in a not surprising turn of events... the code was released today on peer-to-peer networks.
News: Awesome Trick with Prepaid "GoPhones" Nabs You Free Text Messaging for Life
You might be sitting there thinking that I'm crazy, but the truth is you're only partially right. You can get free text messaging for life, all for a cheap, one-time fee. But, how can that be possible? An exploit in AT&T's prepaid GoPhones is the culprit behind this sweet, oh-so rare opportunity for exploitation. The exploit grants a lifetime of free texting, assuming that the company stays afloat from now until the end of time.
Community Byte: HackThisSite, Realistic 4 - Real Hacking Simulations
We'd like this to be one of the last HTS mission announcements, at least for now. As soon as Null Byte finds a server to play with (anyone want to donate one?), we are going to start doing root the box competitions, which is like king of the hill, except you have to hack a server and maintain access. Each server will have numerous known security holes. But for now, back to the normal flow of things...
Goodnight Byte: HackThisSite, Realistic 3 - Real Hacking Simulations
Last Friday's mission was to accomplish solving HackThisSite, realistic 3. The third mission in a series of realistic simulation missions was designed to be exactly like situations you may encounter in the real world, requesting we help a friend restore a defaced website about posting peaceful poetry.
Root Exploit: Memodipper Gets You Root Access to Systems Running Linux Kernel 2.6.39+
Here's a delicious Byte of information for you. A proof of concept program on Linux was coded to exploit a known bug in how the Linux Kernel (versions 2.6.39+) handles permissions for the