Donate to us!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Sunday, June 24, 2018
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 92
Guests Online: 90
Members Online: 2

Registered Members: 105569
Newest Member: ShivamChhapola
Latest Articles
Welcome to HellBound Hackers

Welcome to HellBound Hackers. The hands-on approach to computer security.
Learn how hackers break in, and how to keep them out.
Please register to benefit from extra features and our simulated security challenges.




Latest Features:

Latest Challenges:

Stegano 27 by Euforia33.
Stegano 26 by Euforia33.
Stegano 25 by Euforia33.
Application 17 by 4rm4g3dd0n.

Information:



: : Website News : :

A few HBH Updates

We have pushed some fixes out to some of the broken challenges.

Real7 is now back online!

Please check the status page before asking if a challenge is down.

We will have some big news about HBH coming soon, If you want to help out with beta testing this big news please let rex_mundi know so we can add you to the list.

Any EM members are already on the list :)


If you have questions about this big news feel free to post them in the following thread.

~ Mordak

Forward Secrecy & Strict Transport Security

Today we implemented Forward Secrecy in order to improve the security and privacy of HBH. Forward Secrecy "should" make it "impossible" to eavesdrop on data being transmitted from your browser to HBH's servers. We also have Strict Transport Security enabled.

You can check the report on our SSL here. The SSL report is provided by Qualys SSL Labs

Also we have updated PHP so a few page may be offline, if you find any please report them here.

We have also updated the Development page so you can all see what we are working on and things we would like to do. Feel free to post your thoughts on the current projects.

Also we have updated the Change Log to reflect these changes.

Points for Creating Challenges & Points for Hall of Fame entries have been returned to the accounts that lost them.

Ranking System Changes

Since the points reset, We have had a lot of complaints about administrators being in the top ten on the rankings page. The current Admin staff have been here for a while and had already completed the challenges BUT to keep everyone happy, Administrators will no longer be included in the points rankings and will be unranked in their profiles.

On another note Real 15 IS up and running fine.

UPDATE: Real 9 an 10 are also now back up.

korg

Changes to HBH

All Members Read This!

There has been a few changes to HBH over the past few weeks. Here are a list of changes and some reason why:

We have removed the old database tables and reset the points. This is due to old and corrupted accounts and no way for other members to get on the score board, Points cannot and will not be reinstated. We have also removed user accounts that haven\'t logged in in over a year.

We have two new staff members Euforia33 & rex_mundi they have been a great help to HBH over the years!

We also have improved the forum and replaced some old code which should make things faster.

Thanks

HBH Staff

PHP Upgrade and New Challenges

Due to the recent upgrade in the PHP on the server, Some pages may not display properly and a few challenges will be offline. Basic 26, Real 7, 9 Will be Offline till I get them recoded.

Realistic 17 is back up and running.

On the other hand, The Application page is completely redone to make it easier to submit your answers.

I\'m going to upload a few new challenges to keep everyone occupied while I work on the site.

Any bugs you see please submit them, Any Vulnerabilities Pm me them directly.

UPDATE: Application 17 by 4rm4g3dd0n released today.

UPDATED UPDATE: Stegano 25, 26 and 27 by Euforia33 released also!

UPDATED UPDATE UPDATE: Mordak has bought HBH a proper SSL Cert.

UPDATED UPDATED UPDATE UPDATE: HBH Change log is now active.

korg

: : Computer News : :

Hey Cortana, Help Me Hack this Laptop

Microsofts smart assistant Cortana will helpfully let hackers change a password on locked computers, access data on the device and execute malicious code, a security researcher at cybersecurity company McAfee has revealed.

The vulnerability, patched Tuesday by Microsoft, is the result of default settings that enable the Hey Cortana voice activation from the lock screen.

As senior principle engineer at McAfee, Cedric Cochin puts it: This led to some interesting behavior and ultimately vulnerabilities allowing arbitrary code execution.

The vulnerability was submitted to Microsoft as part of the McAfee Labs Advanced Threat Research teams responsible disclosure policy, on April 23.

VPNFilter Malware: List of Vulnerable Routers Just Got Bigger.

The VPNFilter router malware, a giant-sized IoT botnet revealed two weeks ago, just went from bad to somewhat worse.

Originally thought to affect 15-20 mostly home/Soho routers and NAS devices made by Linksys, MikroTik, Netgear, TP-Link, and QNAP, this has now been expanded to include at least another 56 from Asus, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE.

Talos gets this information by trying to determine the models on which VPNFilter has been detected but given the size of that job (affected devices number at least 500,000, probably more) the list is unlikely to be complete.

The updated alert confirms that VPNFilter has the ability to carry out man-in-the-middle interception of HTTP/S web traffic (something that SophosLabs own investigation of the malware concluded was highly likely), which means that it is not only able to monitor traffic and capture credentials but potentially deliver exploits to network devices too.

Home routers have become a big target but malware able to infect so many of them is relatively rare. The last home router scare of this multi-vendor magnitude was probably DNSChanger which took years for anyone to notice, having first emerged in 2007.

Security Minister Seeks to ID Net Users

The UK Governments Security Minister, Ben Wallace, has called for a new system of Digital IDs in order to end mob rule on the internet by preventing people from being able to hide behind anonymity online.

You know, like Russia, Syria and China have tried repeatedly to do. Should we be more like them?

People are flawed. Sometimes it can seem like for every polite, law abiding and well-mannered person there is another individual who seems intent upon highlighting the very worst of humanity. In our personal off-line lives we can often avoid such people, but in the online world you are bound to cross a few of them eventually or see their impact upon others and much of the time they do this anonymously.  But you can still avoid most of them, if you so choose.

Equally we can all have our off-moments, when we let down our guard and say something that we probably should not have. In keeping with that, some topics are more likely to divide and ignite argument than they are to unite and those tend to be the biggest sparks. This is one area where Politicians are perhaps more of a target than most due to the impact they can have upon our everyday lives (e.g. Brexit). Anger quickly turns into abuse.

In this context it is easier to understand Ben Wallaces otherwise odd claim of mob rule, since you would only see that if you were deliberately exposing yourself to it and that is something which politicians open the floodgates to (some of them thrive on the divisions they create). Sadly for them the easy option of simply avoiding social media altogether does not work, especially when so many of the electorate use it.

Admittedly Wallace does make a fair point about the level of trolling and abuse online, although attempting to solve that via compulsory Digital IDs and then applying it only in the UK (while excluding other countries) could be rather challenging and may even be impossible, without turning the entire internet into a walled garden. Totalitarian states also happen to love walled gardens that only they and the thought police control.

The logical progression of such an approach may also result in the banning of Virtual Private Networks (VPN), which are often legitimately used as a privacy or security tool and also for remote working or avoiding unfair geographic restrictions. Equally civil rights campaigners in non-democratic countries have been able to use such tools to campaign for freedom etc.