Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, November 26, 2015
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Members Online
Total Online: 25
Guests Online: 22
TeamSpeak Online : 5 Members Online: 3

Registered Members: 91180
Newest Member: suti
Latest Articles
Welcome to HellBound Hackers

Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.

Latest Features:

Latest Challenges:

Stegano 27 by Euforia33.
Stegano 26 by Euforia33.
Stegano 25 by Euforia33.
Application 17 by 4rm4g3dd0n.


: : Website News : :

Forward Secrecy & Strict Transport Security

Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled.

You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs

Also we have updated PHP so a few page may be offline, if you find any please report them here.

We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects.

Also we have updated the Change Log to reflect these changes.

Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.

Ranking System Changes

Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles.

On another note Real 15 IS up and running fine.

UPDATE: Real 9 an 10 are also now back up.


Changes to HBH

All Members Read This!

There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why:

We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year.

We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years!

We also have improved the forum and replaced some old code which should make things faster.


HBH Staff

PHP Upgrade and New Challenges

Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded.

Realistic 17 is back up and running.

On the other hand, The Application page is completely redone to make it easier to submit your answers.

I\'m going to upload a few new challenges to keep everyone occupied while I work on the site.

Any bugs you see please submit them, Any Vulnerabilities Pm me them directly.

UPDATE: Application 17 by 4rm4g3dd0n released today.

UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also!

UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert.

UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active.


New Challenge Released Today

New Stegano challenge released today! Stegano 24 by shadowls.
This is a tough one, Took a while to figure it.
So have fun. More on the way.

Also bugs fixed in Javascript 5, Real 5 and Tracking 2.
Update: Pentest Challenges are back online. Real 7 & 9 are down till further notice Along with Real 17. All other challenges are fixed.

If you have any problems submit them as a bug.

Exclusive Membership is working again.


: : Computer News : :

Li-Fi has just been tested in the real world, and its 100 times faster than Wi-Fi.

Expect to hear a whole lot more about Li-Fi - a wireless technology that transmits high-speed data using visible light communication (VLC) - in the coming months. With scientists achieving speeds of 224 gigabits per second in the lab using Li-Fi earlier this year, the potential for this technology to change everything about the way we use the Internet is huge.

And now, scientists have taken Li-Fi out of the lab for the first time, trialling it in offices and industrial environments in Tallinn, Estonia, reporting that they can achieve data transmission at 1 GB per second - that is 100 times faster than current average Wi-Fi speeds.

We are doing a few pilot projects within different industries where we can utilise the VLC (visible light communication) technology, Deepak Solanki, CEO of Estonian tech company, Velmenni, told IBTimes UK.

Currently we have designed a smart lighting solution for an industrial environment where the data communication is done through light. We are also doing a pilot project with a private client where we are setting up a Li-Fi network to access the Internet in their office space.

Researchers discover morphed RATs capable of DDOS, phone log manipulation

As quickly as researchers discover ways to remove and block Remote Access Trojans (RAT) used for spying on mobile devices and computers, hackers are creating new spyware strains from previously discovered malware – and they are developing more advanced capabilities from the original malware.

Most recently, Egyptian hackers used the njRAT spyware exploit kit to create KilerRat, a new remote access tool (RAT) that targets the Windows operating system and allows the attacker to take over control of Windows computers.

The attackers can remotely delete, edit, and rename files or folders; view the webcam of infected computers; monitor key logging on infected computers; and collect stored passwords in the computers browsers. The malware can also use the infected computers as a proxy for network traffic, enabling DDOS attacks, and convert .exe files to jpg, score, mp3, wav, txt mp4 or flv files. As a result, it is more difficult to identify computers that have been infected with the malware.

In a blog post, AlienVault researcher Peter Ewane wrote that many antivirus tools "had a difficult time" detecting the malware at the time of the release.

Security patches branded fundamentally flawed as experts call for change

Frequent security updates and a patch-as-you-go approach to software flaws have led a number of security experts to question whether the problem needs a fresh approach.

Microsoft, Adobe and Oracle unveiled over 200 updates in October alone, many marked critical, backing up the notion that security patches are now an inevitable reality for the industry.

Fraser Kyne, principal systems engineer at security firm Bromium, told V3 that the current approach is "akin to putting a sticking plaster over a gaping wound".

"Patching itself is fundamentally flawed. It is always reactive, you can only patch for known issues, it is expensive and it is time consuming. Many organisations even find themselves in the position where they cant patch as it would break their line of business apps," he said, noting how entrenched the problem has become.

"There are some unsolvable factors at play here: developers are fallible, users are gullible, and attackers are resourceful. More code simply means more vulnerabilities, and the rewards for exploiting these vulnerabilities are clear."

The commercial problem
As with every industry, commercial interests often collide with innovation. Richard Cassidy, EMEA technical director at Alert Logic, warned that this is a major problem facing the industry today.

"Vendors are locked into the innovation battle, with consumer demands for better, faster and more capable applications, seeing code releases at an astonishing rate," he told V3.

This pace of innovation has an "inevitable" outcome: software vulnerabilities.

"Historically, developers will work to best practice coding from a security perspective, but all too often project deadlines and production demands will mean that the focus needed in the area of security often suffers," he said.

Cassidy believes that patch management needs to evolve past its current "antiquated" state and that organisations must start thinking about other options.

"In addition to an updated, agile patch management process, organisations need to implement better tools to identify when their own infrastructure is being subject to an undiscovered vulnerability so that they can respond immediately and ultimately reduce the window of opportunity provided to attackers," he told V3.

Yet as fast as a business can respond it is well-known that the exploitation of security vulnerabilities is now a lucrative business for cyber criminals, meaning there is a huge community of vulnerability-sharing taking place.

Bharat Mistry, cyber security consultant at Trend Micro, told V3 this has become so big because the value of these exploits can be huge.

"One of the reasons why we are seeing so many patches is that there is a big underground community that trades in vulnerabilities and exploits, especially the new zero-days such as the recent Adobe flash vulnerabilities," he said.

"For the discovering party it is seen as potentially easy money with relatively low cost of entry. And when you do find a new zero-day it can be sold for a significant amount of money. This has attracted significant numbers of people to look into this marketplace."

These marketplaces, often underground and held on websites on the so-called dark web, act as a sort of eBay for hackers to buy and sell sophisticated zero-day vulnerabilities, malware and even denial-of-service tools.

It is not just the odd hacker doing this either. A breach at Italian surveillance firm Hacking Team led to the discovery of major security vulnerabilities in software such as Flash and Windows that the company used to make its tools work.