Wednesday, 27 May 2015

Hack In Paris 2015 Invites All Hackers .

Namaste! Good Morning,

Woahh!!! Hold on hackers !!! Hack In Paris is here and this is the 5th time Hack In Paris is ready to Rock Paris .

Intrusion attempts are more and more frequent and sophisticated, regardless of their targets (states or corporations).It's in this context that international hacking events are multiplying. A few events take place in France, but until now, no one had covered hacking practices with a technical approach including both professional training and information aspects.It is this gap that Hack In Paris aims to fill. 

After the success of last year, with more than 400 attendees, this 5 days corporate event will be held at the Academie Fratellini Paris. 

Hack In Paris will let its attendees discovering the concrete reality of hacking, and its consequences for companies. The program includes the state of the art of IT security, industrial espionage, penetration testing, physical security, forensics, malware analysis and countermeasures.

Hack In Paris will be held from June 15th to 19th, 2015 and livened up exclusively in English :

  • Training : June 15 to 17, three days of trainings by 12 security officers (CISOs, CIOs) and technical experts  
  • Talks : June 18 to 19, two days of talks given by a variety of international speakers and highly technical experts
  • NEW ! : A gala-evening is organized by Sysdream on Thursday 7 P.M., June 18th, 2015 at the Academy Fratellini. More information :
You can register into the training session you like to know and learn and later research about . You will get chance to clear your concepts.

Grab your seats as soon as possible, the event will be houseful in no time.

Wednesday, 18 March 2015

Now Unlock Apple iPhone By Brute Forcing Using IP Box

Namaste! Good Morning,

Apple iPhone has many ways to Unlock the screen which includes Fingerprint scanning, Pattern, and Secret PIN. One thing common in this is that all such methods require human interaction .

But now there is no need of human interaction to unlock the screen of iOS devices with secret PIN. 
with some of the tools like IP Box which is connected via USB, a Sensor to check the status of the screen in case of entering the correct password and change the image.

Actually, that brute force PIN-code is only effective if the device is disabled Erase Data in the settings ( Touch ID & Passcode screen ), which has been deleted from the device after ten attempts to enter the wrong.

Researcher's initial analysis indicates that the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory. As such, each PIN entry takes approximately 40 seconds, meaning that it would take up to ~111 hours (that is, four and a half days) to bruteforce a 4 digit PIN.
  • 5 digits - 1.5 months
  • 6 digits - 1.25 years
  • 7 digits - 12.5 years
  • 8 digits - 125 years
Researcher's have tested the attack on an iPhone 5s running iOS 8.1

Further research suggests this could be the issue detailed in CVE-2014-4451 but this has yet to be confirmed.

It turns out that the most efficient algorithm cracker action will be: 

  1. Try to find out the real PIN-code by analyzing the state of the coating of the screen. 
  2. Manually enter the 9 most popular of PIN-codes from the list of the most popular of PIN-codes. 
  3. Restart the phone. 
  4. Start automatic brute force for the other passwords. There is also better to use the dictionary the most popular combinations, introducing them in the first place.

Saturday, 14 February 2015

Windows Security Bypass 10 With One Bit

Namaste! Good Morning,

In the last set of patches from Microsoft for February 2015 was closed not only notorious JASBUG , but also the vulnerability CVE-2015-0057 with the same maximum risk rating (total in the February set three critical bug). 

The vulnerability allows for escalation of privileges to gain complete control over a victim's computer and bypass all security mechanisms Windows. The bug is in the GUI-component core - module Win32k.sys. Namely, in the structure information about the scroll bars in windows on the screen.

There is a function xxxEnableWndSBArrows , which determines whether to display a scroll bar or show the scroll bar. This is where the hidden "bug", which is found by static code analysis. At some point freed memory bits, where he kept the flags of states scrollbars. These bits we use (Use After Free). 

At first glance it seems a minor vulnerability. But if it is right unleash a chain, it's in your hands full control of any system from Redmond. Exploit reliably works in all versions of Windows, from Windows XP and up to 10, with all the included security mechanisms. 

The author believes that the attackers will be successfully exploit this vulnerability for a long time.

Thursday, 22 January 2015

Annomymous Hacker Sentenced for 5 years by Federal Judge in Dallas

Namaste! Good Morning,

Barret Brown is sentenced to 63 Months in prison by a federal judge in Dallas, including the 31 months he has already served.

Brown, 33, was pleaded guilty in April to being an accessory after the fact for attempting to assist a hacker, hiding two computers from FBI agents who were executing a search warrant and threatening an FBI agent in a video.

The accessory after the fact charge relates to an incident in December 2011 when someone Brown knew as "o" hacked the computer network of Austin, Texas-based private intelligence firm Stratfor and obtained confidential information, including credit card details, according to court papers.

Brown knew that the incident harmed Statfor's website and removed confidential data, according to court documents.

He also attempted to communicate with Stratfor's top official on behalf of the hacker to minimize damage, the papers said.

In a statement read in court on Thursday, Brown said his role was to post a link which had already been made public.

He said the government "exposed me to decades of prison time for copying and pasting a link to a publicly available file that other journalists were also linking to without being prosecuted."

Brown expressed regret for some of some of his actions, including threats made in online videos.

"The videos were idiotic, and although I made them in a manic state brought on by sudden withdrawal from Paxil and Suboxone, and while distraught over the threats to prosecute my mother, that's still me in those YouTube clips talking nonsense about how the FBI would never take me alive," he said.

Attempts to reach Brown's attorneys were unsuccessful.

 Listen Barrett Brown  in Youtube

Hacker Arrested for Leaking Songs From Madonna's New Album Rebel Heart

Namaste! Good Morning,

Police in Israel have arrested a 39 year old man on suspicion of hacking into Madonna's compute and leaking songs from her new album "Rebel Heart".

The hacker was detained by members of the country's crime-fighting unit.

Officers are investigating allegations the suspect "broke into the personal computers of several international artists over the past few months and stole promotional final-cut singles which have yet to be released and traded them online for a fee". 

The Investigation by a security firm traced the breach of Madonna's computer to Israel. Her songs are leaked before its release date. 

"I'm profoundly grateful to the FBI, the Israeli Police investigators and anyone else who helped lead to the arrest of this hacker," Madonna, above, said in a statement.  

"Like any citizen, I have the right to privacy. This invasion into my life - creatively, professionally, and personally - remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime."

Hacking into Stars Personal Computers and into getting into their Account and stealing important data is getting easier these days. Seeing the rate of hacking into this personalities it seems that either the stars are not that good with protecting their own stuff of the hackers are becoming smarter day by day. 

Friday, 17 October 2014

Nullcon Goa 2015 is Here Pirates! | Time to Set Sail Toward Goa

Namaste! Good Morning,

"Nullcon 2015" sets green flag to Call For Papers. This is the sixth year of Nullcon . Nullcon was founded in 2010 with the idea of providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. 

Motto of Nullcon is "The neXt security thing!" drives the objective of the conference i.e. to discuss and showcase the future of information security and the next-generation of offensive and defensive security technology.

nullcon goa 2015

The idea started as a gathering for researchers and organizations to brain storm and demonstrate why the current technology is not sufficient and what should be the focus for the coming years pertaining to information security.

In addition to security, one of the section of the conference called Desi Jugaad (Hindi for "Local Hack") is dedicated to hacking where we invite researchers who come up with innovative security/tech/non-tech solutions for solving real life challenges or taking up new initiatives.

 Nullcon is managed and marketed by Payatu Technologies. The idea of nullcon emerged out of null - The open security community, a registered not-for-profit society and the largest active security community in India with over 8 chapters in major cities - Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi.

As a tribute to the community nullcon funds null to further null's cause and supports all of its initiatives.

While submitting the research paper remember that it's yours on research work . Also the abstract must be detailed and it must not just contain the mere introduction to the research/hacks. And any Paper/research that is more of marketing based and promoting its company may be rejected.

Important Dates:
  • CFP Opens: 6th Aug 2014
  • 1st round of Speaker list Online: 6th Sept 2014
  • CFP Closing Date: 1st Nov 2014
  • Final speakers List online: 6th Nov 2014
  • Detailed Paper submission by selected speakers: 6th Jan 2015
  • Training Dates: 4th-5th Feb 2015
  • Conference Dates: 6th-7th Feb 2015
More details related to CFP of Nullcon 2015 can be read from here.

The Venue Details

Venue: The Bogmallo Beach Resort, Goa, India
Contact: +91 - 99229 00657
For Inquiries:
For Sponsorship:
Registrations Open: Sep '14

This is the rare chance to meet your old friend and make new friends. You get to meet like minded peoples and an environment you would love to work in. Good luck for the event

Tuesday, 7 October 2014

Poorly Configured Oracle Reports Database Server Leads to Huge Data Leak at MBIA Inc.

Namaste! Good Morning,

KrebsOnSecurity notified to MBIA Inc. about the huge data leak this Monday. Kreb reported that due to the misconfiguration in a company Web server, countless customer account numbers, balances and other sensitive data were exposed. This leaked sensitive data is also indexed on many popular search engines.

MBIA Inc. is a financial services company. It was founded in 1973 as the Municipal Bond Insurance Association. It is headquartered in Armonk, New York, and has approximately 400 employees. MBIA is the largest bond insurer. MBIA Inc., is based in Purchase, N.Y., is a public holding company that offers municipal bond insurance and investment management products.

After getting notification, the company disabled the vulnerable website This Website contained customer data from Cutwater Asset Management, a fixed-income unit of MBIA that is slated to be acquired by BNY Mellon Corp.

MBIA spokesman Kevin Brown said,"We have been notified that certain information related to clients of MBIA’s asset management subsidiary, Cutwater Asset Management, may have been illegally accessed,. We are conducting a thorough investigation and will take all measures necessary to protect our customers’ data, secure our systems, and preserve evidence for law enforcement." He also added that the customers are also notified about this leak.

Documents indexed by search engines featured detailed instructions on how to authorise new bank accounts for deposits, including the forms and fax numbers needed to submit the account information.

Bryan Seely, an independent security expert with Seely Security, discovered the exposed data using a search engine. Seely said the data was exposed thanks to a poorly configured Oracle Reports database server. Another researcher Dana Taylor @miss_sudo documented the misconfigured server.

One of San Diego FBI’s Most Wanted Cyber Fugitives John Gordon Baden Worth $5000

Namaste! Good Morning,

The Federal Bureau of Investigation (FBI) is offering a reward up to $5,000 for any information that leads to the arrest of John Gordon Baden who's 38. He is considered to be one of San Diego FBI’s Most Wanted Cyber Fugitives.

Baden is allegedly responsible for stealing the identities of 40K people and then using the stolen information to siphon funds from their brokerage or bank accounts and purchasing expensive electronic items with their credit. It is estimated that the losses caused by this fugitive are in the millions of dollars.

In July 2014, Baden along with his two co-conspirators, Jason Ray Bailey and Victor Alejandro Fernandez were indicted by a federal grand jury seated in the Southern District of California, San Diego, California, on a number of federal charges which includes, conspiracy to commit wire fraud, computer hacking, aggravated identity theft, and wire fraud. Baden was accused specifically on federal charges of conspiracy to commit wire fraud, wire fraud, and computer hacking. The charges were the result of an FBI investigation into Baden and his two co-conspirators who operated a criminal enterprise that exploited vulnerabilities in computer servers of a U.S. mortgage broker.

According to the accusation, Baden and his co-conspirators obtained mortgage applications containing customers personal identification information such as names, dates of birth, Social Security numbers, addresses, assets, tax information, and driver’s licenses by hacking into the company’s computer servers. While the criminal enterprise was based in Tijuana, Mexico, their victims stretched from California to Florida and states in between.

According to the accusation, during the period July 2011 to August 2013, Bailey, Fernandez, and Baden knowingly and intentionally engaged in a scheme whereby they would obtain and share log-in credentials that enabled them to gain unauthorized access to a U.S. mortgage broker company’s electronic customer records and the BlitzDocs computer application that the company used to manage these records.

Baden and his co-conspirators would then use log-in credentials without authorization to access BlitzDocs and the company’s electronic records and thereby steal customer’s personal identifiable information ((PII). Baden and his co-conspirators would then use this stolen PII, along with PII stolen from other victims and businesses, to defraud merchants and financial institutions, for their private financial gain.

FBI agents arrested Jason Ray Bailey and Victor Alejandro Fernandez in February 2014, on federal charges emanating from this same investigation. Those charges were superseded by a federal grand jury indictment in July 2014. Both Bailey and Fernandez remain in federal custody.

It is assumed that Baden maybe in Tijuana, Mexico, specifically the Zona Norte or Zona Centro area. Also, Baden enjoys gambling and likes to play bingo.

John Gordon Baden is described as follows: 
  • Sex: Male
  • Race: White
  • Height: 5’8” tall
  • Weight: 195 pounds
  • DOB: August 19, 1976
  • Hair: Light brown
  • Eyes: Hazel

Sunday, 5 October 2014

New Mac OS X Botnet Discovered By Researcher's of Dr. Web Which Infected More Than 17000 Machines

Namaste! Good Morning,

Apple Mac OS X users are infected by a malware named Mac.BackDoor.iWorm . This is considered to be complex multi purpose backdoor. Criminals can issue commands that get this program to carry out a wide range of instructions on the infected machines. It is analysed  and recorded that the machines infected by Mac.BackDoor.iWorm is near about 17000 .

This malware was developed using C++ and Lua. It should also be noted that the malware makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the malware is launched automatically.

Doctor Web's researchers statistics show that as of September 26, 2014, 17,658 IP addresses of infected devices were involved in the botnet/malware created by Criminals using Mac.BackDoor.iWorm. Most of them—4,610 (representing 26.1% of the total)—reside in the United States. Canada ranks second with 1,235 addresses (7%), and the United Kingdom ranks third with 1,227 IP addresses of infected computers (6.9% of the total). The late September 2014 geographical distribution of the botnet/malware created with Mac.BackDoor.iWorm is shown in the following illustration:

In order to acquire a control server address list, this malware uses the search service at, and—as a search query—specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.

The bot picks a random server from the first 29 addresses on the list and sends queries to each of them. Search requests to acquire the list are sent to in five-minute intervals.

This malware has Lua Script which is capable to perform many actions like Get the OS  Type, Get the value from the configuration file, get Botnet uptime, Send a GET Query , Download a file, Execute a system instruction and many more .

It is said by Dr Web's Researchers that the signature of this malware has been added to the virus database, so Mac.BackDoor.iWorm poses no danger to Macs protected with Dr.Web Anti-virus for Mac OS X.

Saturday, 2 August 2014

c0c0n | International Cyber Security And Policing Conference

Namaste! Good Morning,

About c0c0n

c0c0n, also known as the CyOps Con, is an annual event organized as part of the International Information Security Day. c0c0n is a two day International Information Security Conference which is organised and hosted by Kerala (India) State Police, along with the society for the Policing of Cyberspace (i.e. POLCYB) which is a not-for-profit society based in British Columbia incorporated with their goal to prevent and combat crimes in cyberspace and ISRA(i.e. Information Security Research Association ).


c0c0n is aimed at providing a platform to discuss, showcase, educate, understand and spread awareness on the latest trends in information / cyber security and hi-tech attacks and crimes. It also aims to provide a hand-shaking platform for various corporate, government organizations including the various investigation agencies, academia, research organizations and other industry leaders and players for better co-ordination in making the cyber world a better and safe place to be. The conference is split into two tracks, Track 1 dedicated for Law Enforcement's, Cyber Governance, Digital Forensics and investigative aspects of Cyber Space with this year’s major themes being:
  • Cyber Terror
  • Counter Terror in the Cyber World
  • Free Software for Cyber Crime Investigation
  • Digital strategies for prevention and detection of crimes against women
Track 2 concentrates on the Technical, research and management aspects of Information & Cyber Security and Critical Information National Infrastructure.

c0c0n Conference related Information

  • Date of Conference ( DoC ) : 
    • Pre Conference : 21 Aug 2014
    • Conference : 22-23 Aug 2014
  • Location : Kochi, India
  • Speakers List
  • Keynote Speaker : Dr. A. P. J. Abdul Kalam & Mr. Eric Filiol
  • Workshop Details 
  • Registration E-mail:  
c0c0n is doing great in spreading awareness about cyber crimes and there workshops are worth to attend. Every time they come up with something new, so lets what what they are going to come up with this time Thumps up for the effort of c0c0n Team.

Monday, 28 July 2014

List of All Bug Bounty Programs

Namaste! Good Morning,

In present time, "H4ck3rs" word brings a lot of negative taught and the general public have now started getting scared of the term "H4ck3rs". And now a days novice hackers who gets Ethical Hackers so called training feel that now they have only one path to move on and that is the wrong path where they can become black path. But, there is very bright future for the H4ckers.

One path for the present generation to show there skills is Bug Bounties Programs, instead of defacing innocent people's website whose whole family relies on that particular website, just for fun.

Many novices hackers find it hard that where to find the bugs and where they can report the bugs they found and also they don't know how to submit the website.

Today we are going to tell you  every thing about bug bounties and all the bug bounty programs that are there in WWW.

Some of the bounty programs gives rewards & Hall of Fame, some give only reward, some include the bounty hunters into there Hall of Fame and give Swags too, some gives space in there Hall of Fame only and some just give away swag and no hall of Fame.



Active Campaign

Active Prospect




  Amazon Web Services










Constant Contact


And many more will be updated soon....