 |
 |
|
|
| |
| |
| |
|
|
| PRO HACK |
| A leading computer security and technology blog offers hacks,security and technology news,hacking tools,tutorials and gaming reviews.Be a Pro,Visit PROHACK |
| Language: English |
| RSS Feeds for this Blog |
|
Statistics |
| Unique Visitors: 0 |
| Total Unique Visitors: 19850692 |
| Visitors Out: 15281 |
| Total Visitors Out: 74102 |
|
|
|
| |
|
|
| |
|
| IP Subnetting – The easy way |
| 2012-01-29 11:53:00 |
Is network subnetting driving you crazy ? Does binary math gives you headaches ? well..fear not, since the time i have delved into networks, i have gone through all the oohs and aaahs and the NAH’s of the logical crescendo , and I present you the easiest way to do subnetting. Generally,3 questions are being addressed when subnetting an IP- No of subnets No of valid hosts and Host range/block size We will tackle them one by one. First you need to know about IP addresses and their classes. Class A includes 0-127 where 0 and 127 are reserved, the default subnet mask for this class is /8 . Class B includes 128-191 in their first octet, and the default subnet mask for this class is /16 Class C deals with 192-224 in their first octet and the default subnet mask for t...
|
| |
|
| Chinese Hackers Trojan-ize US Access Card - The curious case of Sykipot Trojan |
| 2012-01-14 10:57:00 |
Researchers at AlientVault have uncovered a new strain of Sykipot Trojan which has been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, the Trojan has been adapted by Chinese hackers in order to lift credentials from compromised systems in order to access classified military networks. The Trojan inadvertently targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what's been described as a 'smart card proxy' attack. Read the full Story at the Register Thanks for your readership.
Be a Pro,Visit Prohack.
RD
...
|
| |
|
| WiFi Protected Standard vulnerability – Cracked, Bruteforced and Documented |
| 2012-01-03 04:35:00 |
A new critical flaw in Wi-Fi Protected Standard (WPS) has recently been uncovered by Security researcher Stefan Viehböck that leaves wireless routers open to attack. The inherent vulnerability lies in the design protocol that splits the 8 digit PIN in two halves which reduces its complexity and henceforth the time required to crack it. Simple permutations and combinations deduce that an 8 digit pin will create 100 million possible combinations and during his testing Stefan found it takes 2 seconds to test each combination, so bruteforcing was not a feasible option. Unfortunately, after entering the first 4 digits of a pin, the protocol used by WPS confirms if they are correct or not, which means the pairs can be attacked separately. Also, the remaining 4 digits is just a checksum, so if ...
|
| |
|
| Happy New Year 2012 |
| 2011-12-31 04:55:00 |
Okay folks :) Its that time of the year again when you can get high (me on red bull) and celebrate like there is no tomorrow (literally..2012 anyone ? ). Happy New Year everyone..I have taken a lot of resolutions for 2012, and I will make them true .. that's one more resolution for me.
As a roundup of 2011, I got hired at Tulip Telecom and now oversee the good, the bad and the nerdy side of security there along with network operations,ranted about the current security scene,wrote about Top Indian Hackers, I got my HTC wildfire (rooted and still kicking ass), got myself a new laptop , got interested into networking, hacked routers and did a lot of research on exotic fields if you have been following the Prohack FB page lately. I am sorry for absence of posts though, which can be attributed to me getting busy on a lot of side projects and on my Job. One of resolutions for 2012 includes giving more time to Prohack and I will see it through .
Nevertheless, st...
|
| |
|
| Diwali Celebrations and Answers to common questions (which people have been asking me) |
| 2011-10-26 12:37:00 |
First of all..Happy Diwali to everyone :) The festival of light , may it brings the best out of you .
Happy Diwali Everyone :)
In the mean time, there have been a lot of commotion going behind the scenes .. lots of emails asking whether I have gone into some kind of digital hibernation .. So, I will be answering the most common questions here ..
Question : What are you doing these days ?
Answer : Networks..Networks..Networks..and lots of exotic research on some exotic devices..plus some thing related to android,android service codes,gns,cisco,juniper and random stuff about explosives.
Question : Explosives ?
Answer : No typo :) i am into it actually for quite a long time. Home made stuff rocks if you ask me. (and if you are careful)
Question : Okay..so, why no updates ?
Answer : Call it , lack of time (dedicated internet included) .. I am sooo busy in company work that I am not able to post some wonderful findings I have dug u...
|
| |
|
| I too Intended to join a Security NGO (period) and I was proved wrong. |
| 2011-09-21 14:26:00 |
I came to know about HANS when one of my friends joined it,and eventually I was interested. Hence I thought some research shall suffice before joining one.
PS : bear with me, I am on my android and my thumbs hurt :| Also, in some places, the formatting might not be correct, android blogging issues .
I actually visited their site http://www.indianhans.org had a look at it and found that it had -
A non working Facebook login api system which actually logs you out when you do try to log in, tested it on chrome 14.0.835.163 m / Windows 7 (office PC after hours). Also, a flawed login system that allows you to login inside the side without email confirmation, also PHP code is vulnerable.
Some outdated references to outdated CVE's and nothing of particular interest.
Some 0days which have been patched up long time ago
Whitepapers that on google hacking and mobiles which have been published like wildfire in late 2000's, again nothing of particular interest here
The "Team" that comprises le...
|
| |
|
| Training on Unified Threat Management and Corporate Security |
| 2011-09-09 04:53:00 |
A while back I gave training on UTM devices and Security Issues with Amarjit Singh at Tulip Telecom , here are the slides of the session. It was an enjoyable session with emphasis on security awareness and discussing network security as a whole, and how we can protect them by deploying UTM devices and configuring them for maximum security. You can also read my previous posts on Unified Threat management Systems if you haven't read them already -
Unified Threat Management Systems Explained
Unified Threat Management Systems - Single User vs Multi User
Comparison of Unified Threat Management Products
Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN
As usual , the presentation is uploaded at Slideshare and Scribd...Hope you enjoy it.
Thanks for your readership.
Be a Pro,Visit Prohack.
RD
...
|
| |
|
| Sorry for Blog downtime - Stupid Android experiments lead to it |
| 2011-07-21 01:55:00 |
Hi Friends
Last night I had some stupid stupid experiments with my Android, the blogger client for it and Blogger Draft. Which led to the blog open for invitations only. In the morning I found my mistake and I am sorry for the inconvenience it caused to you.
Truely sorry for that :((
It wont happen again (and next time I am going to test apps and changes on temporary blog first. Point jotted and duly taken).
Cheers and stay gold
Rishabh Dangwal
"Always outnumbered, never outgunned :P "
Thanks for your readership.
Be a Pro,Visit Prohack.
RD
...
|
| |
|
| Angry Hacker Rant version 2.0 - Dear Corporate Infosec, You are getting Pathetic Day by Day! |
| 2011-07-19 04:43:00 |
It didn't took me too long to realise the actual scenario at infosec, at all leading MNC's. And here I am ranting about it and mind it, everything is appropriately correct.It all started with me applying for a job at a leading MNC, and those guys instead of heeding what I had done (with some powerful references) asked me if I had my CISSP/CISA/CEH/ECSA-LPT/BULLSHIT. Read on..as I conclude these points -
Any respectably responsible guy who has passion for Infosec has no chances at doing well at corporate unless he sells his soul to Satan of commercialization of security. Those guys (the management and HR) need guys who have certifications which are purely theoretical in nature and has no or little affilitation with hands on security. Worse, once you get in,be prepared to lie, a lot.
The running gag among my security circle (dedicated guys who care about their network and do their best to save your assess) was that you can never be the security guy by res...
|
| |
|
| Jugaad Se Ukhaad : The Hacking Challange 2011 Results |
| 2011-06-28 00:53:00 |
We announced Jugaad se Ukhaad challange 1.5 Months ago and it was a good deal of joy to see the attacks come in. The server was running on a modified version of Linux patched with gresec and some custom patches. It was out in the wild, with server signature changed to Optinet, one of the UTM products we were testing at the time. So, here are our attack statistics on IP 110.235.1.130 IP are : 10 Measured attacks
2 LOIC DDos (small scale)
ZERO Success Rate
So, all in all, we havent got anyone who has successfully exploited the server. We will be back with more challanges in future with some pretty cool prizes next time.
Till Then
Stay gold..
Rishabh Dangwal & Amarjit SinghThanks for your readership.
Be a Pro,Visit Prohack.
RD
...
|
| |
|
| |
 |
|
| |
| |
|
 |
