World of White-Hat Hackers from the eyes of a Black-Hat.

ratul

█████████████████
This isn't new, but i think it's worth sharing, a Black-hat sharing his views on how secure we are, and what our anti-viruses are capable of..
Quite scary and definitely gave me chills...
Read more: Interview With A Blackhat

Some excerpts that scared me:
Q: And how much do you think you made last year?

A: Off the top of my head? Around about 400-500k. Last year was kind of ****. People became wiser, patches became more frequent. This year we have 3/4 of that amount already.

Q: How easy is it for you to compromise a website and take control over it?

A: For beginners you can simply Google inurl:money.php?id= — go ahead try it. But most of them will be cancelled or dried up. So, now you target bigger websites. I like to watch the news; especially the financial side of it. Say if a target just started up and it suddenly sky rocketed in online sales that’ll become a target. Most of these websites have admins behind them who have no practical experience of being the bad guy and how the bad guys think. This leaves them hugely vulnerable. They patch SQL but choose a DNS that is vulnerable to DNS cache poisoning. You can break in and be gone within an hour.


Q: What is your favorite kind of website to compromise? Or are your hack attempts entirely untargeted? What are the easiest sites to monetize?

A: Most of the time un-targeted but once a company (which I won’t name) pissed me off for not giving me discount in a sale so we leaked every single credit card number online. One type of company I love to target is Internet security, i.e. anti virus companies.

There is nothing better than a clothing store at the summer sales (except porn websites). These are in my personal opinion the easiest and most successful targets to breach. I’ll talk about clothes stores first. Clothing websites are SO easy because of two main types of attacks.

1. The admins never ever have two-step authentication. I don’t know why, but I have never seen one admin have it (and I’ve done it thousands of times). 2. The ‘admin’ usually works there behind the tills or in the offices. They have no clue what they’re doing: they just employ someone to make the website then they run it. They never ever have HTTPS, [so they have] huge SQLi vulnerabilities (e.g.. inurl:product.php?id=). Once you have the SQLi vulnerability you can go two routes or both. Route one: steal the credit card info and leave. Route two: deface the website, keep the original HTML code but install an iframe that redirects to a drive by download of a banking Trojan.

Now to discuss my personal favourite: porn sites. One reason why this is so easy: The admins don’t check to see what the adverts redirect to. Upload an ad of a well-endowed girl typing on Facebook, someone clicks, it does a drive by download again. But this is where it’s different: if you want extra details (for extortion if they’re a business man) you can use SET to get the actual Facebook details which, again, can be used in social engineering.

Q: What is your favorite/most effective exploit against websites and why?

A: If it’s a 0-day, that obviously ranks at the top. But below that is XSS. It’s really well known but no one patches it. I suppose DDoS isn’t really classed as an exploit but that can bring in monthly ‘rent’ for our ‘protection’. But over all 0-days are the greatest exploits.

Q: Is there something that websites do to try to defend themselves from guys like you that they always get wrong?

A: I could re-write Shakespeare here. I’ll pick three things.

1. Hire stupid admins who have never been a bad guy, just fed with a silver spoon all their lives and went to Uni on mummy and daddies money. If I were the CEO of a company I’d much rather employ someone who has a criminal record for hacking than a Uni graduate any day of the week. The guy who has the criminal record has gained the knowledge of how a bad guy would go about getting in. and not just what a text book says. (This is sooo me.. :cry:)..

2. They allow untrained, young, dumb, Saturday workers to operate the phones.

3. Companies don’t purchase DDoS protection. Cloudflare for example offers incredibly strong DDoS protection for 200 dollars a month (also its harder to jack a cloudflare domain). If I extort you for 200-1000 dollars for 1 day why not make yourself immune for the minimal fee?

Q: Which types of browsers tend to be the most vulnerable? Why do you think that is?

A: if you asked me this a few years ago I’d've said almost 100% was IE. That is still hugely vulnerable but now people have taken to the better, faster browsers such as Chrome and Firefox. IE still dominates the market at about 52% but Chrome is the majority of the rest. I think IE is dominating the market because the vast majority of people feel comfortable with it. Unless you actually read into vulnerabilities etc., you don’t know how dangerous IE is, so why do you need to change? Chrome already forced it to be better. One thing that did hugely affect bot infection rates was the mass removal of Java. When news of a java 0-day gets published people panic (rightly so) and un-install it or patch but as we all know java never stays secure for long. (So firefox is still most secure of the three.. :doublethumb:).


Update: thought it'd be good if i merge it here rather than starting a new thread.. (WARNING: It's a very long read.. :p)

Another great read i found about how a man challenged a hacker, and how he showed that hacking is not just limited to your computers, they can track you down physically and do take measures like hiring detectives and all: I challenged hackers to investigate me and what they found out is chilling | PandoDaily

Guess never mess with a hacker.. :D
 
Last edited:

Mario

Ambassador of Buzz
This isn't new, but i think it's worth sharing, a Black-hat sharing his views on how secure we are, and what our anti-viruses are capable of..
Quite scary and definitely gave me chills...
Read more: Interview With A Blackhat

:lol: Kinda reminds me why I lost faith on AVs long time back! In fact, if you hunt around on the "darknet", you will come across even more instances/"interviews" that reveal exactly how useless/inefficient and (surprise) "deliberately-inefficient" an AV really is!! Sort of like, "here, use this sharpshooter to guard your house! oops! forgot to mention this sharpshooter is blind, deaf and mentally-retarded! ......... And his gun is empty!"

The only conclusion I can draw from my "experiences" is, your pc/website/network/what-have-you is only as secure as .......................................YOU!

So, watch that last statement of yours about the Fox! :p ;)
 

Mario

Ambassador of Buzz
This just makes me feel how incapable and noob I am. :( ,

You don't have to know about crawlers and roots to secure yourself (not that, that does not help ;) ) but yes, reading up a little and securing your browsing thru script blockers and secure http and enabling trackers that track trackers would go a long way than a lame-duck purchase-and-install of an "Internet Security Suite". And maybe a sandbox/virtual environment for stuff you aren't sure about on your local environment!

The sure-fire way to preserve sanity on the internet is to be paranoid about every url...
 

Hrishi

******************
You don't have to know about crawlers and roots to secure yourself (not that, that does not help ;) ) but yes, reading up a little and securing your browsing thru script blockers and secure http and enabling trackers that track trackers would go a long way than a lame-duck purchase-and-install of an "Internet Security Suite". And maybe a sandbox/virtual environment for stuff you aren't sure about on your local environment!

The sure-fire way to preserve sanity on the internet is to be paranoid about every url...

No , I meant the other way around. ( Being the Bad guy ).
 

Chetan1991

Youngling
I was just being jovial. Maybe not the exact illegal stuff.....but the fundamentals of it.
 
Last edited:

Mario

Ambassador of Buzz
Yes, its a romantic world from so far out....................till the Feds knock down the door! #sarcastic
 

Mario

Ambassador of Buzz
So there's no one in this forum who has dipped his toe in all that? Eager learner here.

No one who has got his hands dirty (and that includes the white-ies, (since you ain't a good white till you have put on some black ;) )) will EVER reply to that on here!! [But of course, that doesn't mean, there aren't any here, ;) (although not sure how many are active) ]

Eager learner, you say? Well, prove it.... Learn the basic stuff ON YOUR OWN! If you manage to do that, you will know where to find the black handles and how to pester them to get in the league!!

And basic stuff does not refer to Ion Cannon skid stuff! IMHO, trap a few hundred email passwords (social engineering??!!), inject a few dumb stores (not referring to shopping stores here, although, hmm... why not!! ;) ), maybe build a botpot! Reverse engineer a sniffer and try writing your own .............

And if you are looking for a "learn-in-21-days" course, well....

--------------------

Jeez, I will get arrested!!!!!
 
This read surely fires one up.But even if it looks so fancy from far out,it's bad as hell. Ex-Snowden,Julian Assange. And they didn't even do bad stuff. Just leaked some secrets.
 
Top Bottom