Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Thursday, October 20, 2016
 Need Help?
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 96125
Newest Member: phlegathetic
Latest Articles
Welcome to HellBound Hackers

Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.

Latest Features:

Latest Challenges:

Stegano 27 by Euforia33.
Stegano 26 by Euforia33.
Stegano 25 by Euforia33.
Application 17 by 4rm4g3dd0n.


: : Website News : :

A few HBH Updates

We have pushed some fixes out to some of the broken challenges.

Real7 is now back online!

Please check the status page before asking if a challenge is down.

We will have some big news about HBH coming soon, If you want to help out with beta testing this big news please let rex_mundi know so we can add you to the list.

Any EM members are already on the list :)

If you have questions about this big news feel free to post them in the following thread.

~ Mordak

Forward Secrecy & Strict Transport Security

Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled.

You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs

Also we have updated PHP so a few page may be offline, if you find any please report them here.

We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects.

Also we have updated the Change Log to reflect these changes.

Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.

Ranking System Changes

Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles.

On another note Real 15 IS up and running fine.

UPDATE: Real 9 an 10 are also now back up.


Changes to HBH

All Members Read This!

There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why:

We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year.

We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years!

We also have improved the forum and replaced some old code which should make things faster.


HBH Staff

PHP Upgrade and New Challenges

Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded.

Realistic 17 is back up and running.

On the other hand, The Application page is completely redone to make it easier to submit your answers.

I\'m going to upload a few new challenges to keep everyone occupied while I work on the site.

Any bugs you see please submit them, Any Vulnerabilities Pm me them directly.

UPDATE: Application 17 by 4rm4g3dd0n released today.

UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also!

UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert.

UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active.


: : Computer News : :

Hacking Back

Is it wrong to hack back - to counter-cyber-attack when you have become a victim?

The presumed answer is yes. In the US alone, the Department of Justice calls hacking back “likely illegal”; the Federal Bureau of Investigation “cautions” victims against it; and White House officials call it “a terrible idea.”

But none has clearly declared it illegal. The law has not caught up with technology here - whether in the US or other geographies - and we do not have a test-case in court yet. In the meantime, we can look toward ethics for guidance, which surprisingly might permit hacking back.

If cyber-attacks are a law enforcement issue, the usual solution is to let the authorities handle it. They would work to capture the suspects, put them on trial, and punish them if found guilty. To circumvent this process seems to be vigilantism, which threatens the rule of law and therefore civil societys foundation.

But when cyber-attackers continue to elude identification - forget about capture and prosecution - does it still make sense to defer to the authorities? Help is not on the way. For instance, the FBI said this about ransomware, or malicious software that locks down a users system until money is extorted. “To be honest, we often advise people to just pay the ransom," they said.

If the wheels of justice are systematically stuck, then it may not be vigilantism to take action against your attacker. Part of our social contract to create and abide by government is to give up our natural powers to take justice into our own hands, in exchange for a more reliable and fair legal system. Arguably, our obligation to defer to law enforcement is suspended, on this particular issue of cyber-attacks, if they can not uphold their end of the bargain.

Capcom bundles backdoor with Street Fighter V update

Capcom has apologised to Street Fighter V players after it was caught installing a backdoor on Windows systems as part of its most recent title update.

As with many PC games, Street Fighter V suffers from piracy and cheaters - the platforms perennial problems. Unlike most, however, the latest attempt to fix the problem came in the form of a title update bundling a Windows driver - capcom.sys - which disables selected system security features and provides publisher Capcom with administrator-level privileges to the entire operating system and all its files.

The problems began with a security update released on September 22nd containing what Capcom described as an "updated anti-crack solution." In its announcement, the company claimed that that software was not DRM, but was designed such that it "prevents certain users from hacking the executable. The solution also prevents memory address hack [sic] that are commonly used for cheating and illicitly obtaining in-game currency and other entitlements that haven’t been purchased yet."

Sadly, the update did significantly more than Capcom promised. In a thread on social networking site reddit, users tore down the code included with a kernel-level Windows driver file bundled with the software and discovered that it disabled the Supervisor Mode Execution Protection (SMEP) functionality of affected systems, forced the game to elevate its privileges and run at administrator level, and provided Capcom with complete and unrestricted access to the entire host system. In short: its a backdoor, and one which actively harms the overall security of players systems.

Although the code in the driver disables SMEP only long enough to run a chunk of its own code and then re-enables the functionality, the damage is severe: using the driver, any unprivileged process on the system - including malware - can have its code executed at kernel level without question. Capcom, for its part, has apologised and promised to undo the damage caused. "We are in the process of rolling back the security measures added to the PC version of Street Fighter V," the company claimed in a statement on the matter. "After the rollback process to the PC version, all new content from the September update will still be available to players. We apologise for the inconvenience."

Those who wish to ensure their systems security are advised to check for the driver "capcom.sys" even after the update which should remove it is installed.

Worlds largest internet exchange sues Germany over mass surveillance.

DE-CIX questions legality of government tapping its system.

The worlds largest internet exchange point is suing the German government for tapping its communications systems.

DE-CIX runs a number of critical exchange points – most of them in Germany, but with others in France, Spain and the United States – and has sued the German interior ministry over orders from the German security services to allow them to tap its exchange centers.

The goal of the lawsuit, filed in federal court in Leipzig, is to reach a "judicial clarification" over whether the German governments actions are legal, the company said (in German), and "in particular, legal certainty for our customers and our company."