Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, July 01, 2015
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Members Online
Total Online: 19
Guests Online: 16
TeamSpeak Online : 5 Members Online: 3

Registered Members: 88973
Newest Member: Nickvasilias
Latest Articles
Welcome to HellBound Hackers

Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.

Latest Features:

Latest Challenges:

Stegano 27 by Euforia33.
Stegano 26 by Euforia33.
Stegano 25 by Euforia33.
Application 17 by 4rm4g3dd0n.


: : Website News : :

Forward Secrecy & Strict Transport Security

Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled.

You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs

Also we have updated PHP so a few page may be offline, if you find any please report them here.

We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects.

Also we have updated the Change Log to reflect these changes.

Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.

Ranking System Changes

Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles.

On another note Real 15 IS up and running fine.

UPDATE: Real 9 an 10 are also now back up.


Changes to HBH

All Members Read This!

There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why:

We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year.

We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years!

We also have improved the forum and replaced some old code which should make things faster.


HBH Staff

PHP Upgrade and New Challenges

Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded.

Realistic 17 is back up and running.

On the other hand, The Application page is completely redone to make it easier to submit your answers.

I\'m going to upload a few new challenges to keep everyone occupied while I work on the site.

Any bugs you see please submit them, Any Vulnerabilities Pm me them directly.

UPDATE: Application 17 by 4rm4g3dd0n released today.

UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also!

UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert.

UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active.


New Challenge Released Today

New Stegano challenge released today! Stegano 24 by shadowls.
This is a tough one, Took a while to figure it.
So have fun. More on the way.

Also bugs fixed in Javascript 5, Real 5 and Tracking 2.
Update: Pentest Challenges are back online. Real 7 & 9 are down till further notice Along with Real 17. All other challenges are fixed.

If you have any problems submit them as a bug.

Exclusive Membership is working again.


: : Computer News : :

VPNs will not protect you from state spooks or cyber crooks

Fresh research has cast further doubt on the ability of virtual private networks (VPNs) to protect users privacy from intelligence agencies and criminal hackers.
VPNs are secure lines of communication that set up a private network between devices across public networks. They protect users privacy by setting up an encrypted tunnel between the device being used and the VPN providers servers when accessing online services, in theory making it more difficult for hackers to siphon or steal data mid-transit. You can download a VPN as a browser extension if you want to make it harder for others to see what youre looking at on the web.

The research was published by Queen Mary University in London, in a paper titled A Glance Through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN Clients.

The scientists examined the Hide My Ass, IPVanish, Astrill, ExpressVPN, StrongVPN, PureVPN, TorGuard, AirVPN, PrivateInternetAccess, VyprVPN, Tunnelbear, proXPN, Mullvad, and Hotspot Shield Elite services security.

Samsung Will Stop Disabling Windows Update In A Few Days

A couple of days ago it was discovered that Samsung laptops were disabling Windows Update. For those unfamiliar with Windows Update, it is a tool included on every copy of Windows that basically helps search for the latest updates to help keep your computer patched and updated to the latest Windows software.

Instead Samsung decided to disable it and use their own SW Update tool in its place. Naturally many users weren’t too pleased with this and the good news is that Samsung has agreed to stop doing it. In a statement provided to VentureBeat, Samsung has promised that they will be issuing a patch to its software in which it will stop disabling Windows Update.

According to Samsung, “We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days.” For those wondering why this is a big deal, it is because while there is no issue with Samsung’s own software, the fact that it ignores the user’s commands is disturbing.

Basically if you were to re-enable Windows Update, upon reboot the SW Update tool will disable it again. The only way to ensure your Windows Update settings are not being messed with is by uninstalling SW Update. In any case if you’re a Samsung laptop owner, this is an update you’ll want to keep an eye out for.

Duqu 2 The most advanced cyber-espionage tool ever discovered

Detecting pieces of malware and powerful cyberweapons of all types is what cybersecurity companies do, therefore it is clear the creators of Duqu 2 were so confident that it would never be discovered they decided to attack one of the worlds best-known cybersecurity companies directly.

Kaspersky Lab has revealed how it uncovered the Duqu 2 attack against its own network and believes it is a generation ahead of anything wed seen earlier in terms of its thinking and the techniques it uses to remain undetectable.

So, what is Duqu 2, where did it come from and how was it detected

An evolution of Duqu

Duqu was a sophisticated piece of malware discovered in 2011 having been used in a number of intelligence-gathering attacks against a range of industrial targets. Duqu had a number of similarities to the infamous Stuxnet worm, leading many to believe it was also developed by the US and Israel.

Duqu was detected after being deployed in Hungary, Austria, Indonesia, the UK, Sudan and Iran, and there are clues that the cyberweapon was used to spy on the Iran nuclear programme and also to compromise certificate authorities to hijack digital certificates.

How was it discovered

Duqu was discovered because it attacked the one group which could have possibly recognised it was under attack - Kaspersky Lab.

The Russian security company was testing a very early version of its Anti-APT solution - a piece of software designed to detect advanced state-sponsored cyberattacks such as Stuxnet, Gauss, Flame, Red October, The Mask... and of course Duqu.

Kaspersky said it detected the exceptional attack in early spring this year after the attackers had been inside their system for a number of months thanks to the expertise of our researchers and our technologies.

How powerful is Duqu 2

This is how Kaspersky Lab founder Eugene Kaspersky put it:

We found something really big here. Indeed, the cost of developing and maintaining such a malicious framework is colossal. The thinking behind it is a generation ahead of anything wed seen earlier – it uses a number of tricks that make it really difficult to detect and neutralise. It looks like the people behind Duqu 2.0 were fully confident it would be impossible to have their clandestine activity exposed.