Thursday, 24 October 2013

RDP Auditing Tool

Tired of testing or brute forcing using individual credential? Fear not, xTSCrack is here to make it automatic! 


You can download the tool from : http://www.4shared.com/get/HTJog7YJ/xtscrack-09.html

This tool has the following cool features:
---> Test for weak password automatically;
---> Test for weak/user passwords;
---> Wordlist option;
---> Userlist option;
---> Configurable port;
---> Range IP Address audit and more.


The main window

Inputting the Userlist and Wordlist

 Password Found!!!



Tuesday, 22 October 2013

Black Hat Conference is coming to Town!!! (Singapore)

Just as i thought i have to save thousands of $$$$$ to attend a Black Hat Conference in Las Vegas, i saw this news that they are coming to town!!! Man, i am so happy and can't wait to attend to such a world class security conference alongside the likes of DefCon, Hacker Halted and HITB! 



As of now, not much information about it except for its CFP (Call for Papers). I've always wanted to speak at such a quality conference and i've just submitted a paper to them. I will be crossing my fingers and hopefully they will find my paper interesting to present in the conference.

So save your dates: March 25th - 28th 2014!!!

You can visit: http://www.blackhat.com/asia-14/ to find out more about it.

Friday, 18 October 2013

HITB (Hack In The Box) Security Conference in KL 2013

Went to the Hack in the Box Security Conference held in Kuala Lumpur on the 16th -17th October 2013. Hosted in Intercontinental KL hotel, the conference was great. This is my third time in three years attending this conference and i have grown to love them. The tracks were good, the booths were awesome, the competitions such as Catch the Flag and HackWeekday were superb. Check out some of the photos of the conference.

Good Points: I will not deny that the topics of the presentations were great. They covered almost every aspects of hacking but focuses more on in depth hackings such as:
> OS/Software
> Exploitation
> Hardware

Some of the cool talks presented were the Facebook Hacking, Aviation Hacking and both Keynotes. For the HITB crew, i have to compliment them all the way. They were very friendly and approachable willing to assist and help anytime when approached. The food was superb and a 5 star class! I cant complain anything at all about the food and no one had to stand to eat (like some of the other conference i've been). The theme of the CTF was also eye catching! 'War of the Worlds: WMD'!! I mean like, seriously?!!! Even if i participated and didnt win, i still would feel good bragging to my friends that i participated in such a cool theme CTF event! The HackWeekday or should i say coding of applications competitions were superb and it had a number of categories giving each competitors to join in their respective specialized field. I've participated in several CTF competition but have yet to join one in HITB, and maybe one day i shall join. However i do like to put it out there that upon talking to the organizers of the HITB CTF, i can say that it is not those kind of straight forward network/web hacking competitions. One of crew shared that it involves more than just network/web hacking skills. One needs to have a fundamental knowledge on cryptography, steganography, reverse engineering, source code understanding, exploit engineering and binary analysis.. i was like..say what!!! damn..that is one tough CTF and whoever wins it should be respected for knowing and having the knowledge of all the mentioned aspects of computer security. Kudos to the Vietnam team for winning this.

Room for Improvement Points: While the topics were great, some of the deliveries were not. One example is the inability of some of the speakers to convey it in proper English (as some of them were from Europe and South America). One of the speakers were speaking out of a word document all the way with little interactions with the audience. Another were speaking without knowing the full stop. It was cute actually.

What i hope to see: Local Speakers at least! While the conference were attended by many locals, unfortunately none of the speakers/presenters were. Although im not a Malaysian, i would love to see some locals presenting their research in the conference. And of course, more ladies please! I've been to these conferences and sadly i rarely see any women hackers speaking. However there were a handful and countable women attending the conference. I also would hope to see topics in regards to penetration testing such as advanced network/web recon/exploitation, bypassing firewall and Anti Virus techniques which could attract more ethical hackers in these fields to attend. While there were booths that were very interesting especially when there's a mini 'challenge' or 'competition' to attract people, some were quite dull (there was even an empty booth with a single person sitting at it). I was impressed by Mozilla booth, because twice i was there, twice they had mini challenges. Such mini challenges can be seen in world class conferences such as Def Con and Black Hat and HITB booth representatives could take some tips from them. The Lock Picking by Toools were also a force to be reckoned with. Unlike Facebook booth where they were packed with people for free gifts and tshirts, the lock picking booth managed to attract more people with its complex challenges and outgoing reps.

Overall: I enjoyed myself. Its much much better than some of the conferences i've been to such as Hacker Halted hosted in Singapore. What i enjoyed most is making new friends, network and exchanging name cards and knowledge. The in between breaks were designed for that (i think) and i ended up making new friends! Great hotel, great food, awesome conference....what more could you ask? I've been to many conferences over the years and i have to say that HITB is one of the top 3 conferences that is in my list of MUST GO!!! Congrats HITB and Thanks for the great conference!

HITB Security Conference main logo banner

Tracks and Speakers displayed digitally



3 Different Tracks in 3 Different rooms

An interesting funny slide

The OWASP Booth


The Ship Captain Hackers!


The hardware used during the hack



CTF event in progress


Microsoft Wizards

Taking a pic with an Anonymous attendee

Winning a Mozilla Firefox Mug

Taking a pic with the winner of Best Windows 8 Application Competition

Stickers souvenirs from the Conference

For more information of future HITB events/conferences, visit http://conference.hitb.org/

Monday, 7 October 2013

The Hacker Manifesto

The Hacker Manifesto

by
+++The Mentor+++
Written January 8, 1986


Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...

Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?

I am a hacker, enter my world...

Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...

Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..."

Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me.. Or thinks I'm a smart ass.. Or doesn't like teaching and shouldn't be here...

Damn kid. All he does is play games. They're all alike.

And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. "This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all...

Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.

Tuesday, 1 October 2013

Gwapo's Professional DDOS Service

Found this video on Youtube. Even DDOS has a professional service!!! Those who are curious, check out their website: http://ddossite.com/