Archive | November, 2007

MPAA Hacker Robert Anderson Revealed

Don't let your data go over to the Dark Side!


This story reads like something from one of those glamourised Hollywood ‘hacker’ movies like Swordfish or Antitrust.

The legendary MPAA hacker has been revealed, and it looks like he himself got social engineered and dumped…he should have realised when you are playing with unscrupulous people you are setting yourself up to get screwed.

Promises of Hollywood fame and fortune persuaded a young hacker to betray former associates in the BitTorrent scene to Tinseltown’s anti-piracy lobby, according to the hacker.

In an exclusive interview with Wired News, gun-for-hire hacker Robert Anderson tells for the first time how the Motion Picture Association of America promised him money and power if he provided confidential information on TorrentSpy, a popular BitTorrent search site.

According to Anderson, the MPAA told him: “We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed…. if you save Hollywood for us you can become rich and powerful.”

Promised him everything he’d dreamed of eh? Then in the end…fascinating read anyway.

But once Anderson turned over the data and cashed the MPAA’s check, he quickly realized that Garfield had no further use for him. “He lost interest in me,” he says. Anderson felt abandoned: During negotiations with Garfield, the hacker had become convinced he was starting a long-term, lucrative relationship with the motion picture industry. “He was stringing me along personally.”

Hollywood’s cold shoulder put Anderson’s allegiance back up for grabs, and about a year later he came clean with TorrentSpy’s Bunnell in an online chat. “‘I sold you out to the MPAA,'” Anderson says he told Bunnell. “I felt guilty (for) what happened and I kinda also thought at that point the MPAA wasn’t going to do anything.”

Some pretty tricky business..so if you are a hacker for hire, you’d better be careful who you are dealing with.

Source: Wired


Posted in: Legal Issues, Privacy

Tags: , , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,681 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,586 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,593 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


GFI End of Year Offer – Up to 50% Off

Don't let your data go over to the Dark Side!


Just a quick note as I know many of you guys are in corporate security positions and might be looking for some of the solutions GFI offers.

They are having a Q4 promotion with up to 50% off on some of their products/services.


  • GFI MailEssentials – 25%
  • GFI MailEssentials & GFI MailSecurity Suite – 25%
  • GFI MailSecurity – 50%
  • GFI FAXmaker – 15%

You can read more here:

GFI Q4 promotional offers


Posted in: Advertorial, Countermeasures, Security Software

Tags: , , , , , ,

Posted in: Advertorial, Countermeasures, Security Software | Add a Comment
Recent in Advertorial:
- 13 WordPress Security Tips From Acunetix
- Acunetix WVS 10 Released – Keeping Your Website Secure just got Easier
- Double For Your Money With Acunetix Vulnerability Scanner

Related Posts:

Most Read in Advertorial:
- eLearnSecurity – Online Penetration Testing Training - 41,155 views
- Acunetix Web Vulnerability Scanner 6 Review - 15,215 views
- Acunetix WVS (Web Vulnerability Scanner) 7 Review – Engine & Scanning Improvements - 15,026 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Pass-The-Hash Toolkit v1.1 Available for Download

Don't let your data go over to the Dark Side!


The concept of passing the hash on Windows came about a while ago, now there’s a tool for it in it’s second revision (which fixed some problems with foreign language Windows versions and Windows 2003).

The Pass-The-Hash Toolkit contains utilities to manipulate the Windows Logon Sessions mantained by the LSA (Local Security Authority) component. These tools allow you to list the current logon sessions with its corresponding NTLM credentials (e.g.: users remotely logged in thru Remote Desktop/Terminal Services), and also change in runtime the current username, domain name, and NTLM hashes (YES, PASS-THE-HASH on Windows!).

Utilities in the toolkit:

IAM.EXE: Pass-The-Hash for Windows. This tool allows you to change your current NTLM credentials withouth having the cleartext password but the hashes of the password. The program receives a username, domain name and the LM and NT hashes of the password; using this it will change in memory the NTLM credentials associated with the current windows logon session.

WHOSTHERE.EXE: This tool will list logon sessions with NTLM credentials (username,domain name, LM and NT hashes). Logon sessions are created by windows services that log in using specific users, remote desktop connections, etc.

GENHASH.EXE: This is a small utility that generates LM and NT hashes using some ‘undocumented’ functions of the Windows API. This is a small tool to aid testing of IAM.EXE.

You can download Pass-The-Hash Toolkit v1.1 here:

Source:

pshtoolkit_src_v1.1.tgz

Binaries:

pshtoolkit_v1.1.tgz

Or you can read more here.


Posted in: Hacking Tools, Password Cracking, Windows Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Password Cracking, Windows Hacking | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,378 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,387,450 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,140 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework

Don't let your data go over to the Dark Side!


If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon.

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.

Someone was kind enough to write a short paper on how to use fuzzled to write a simple fuzzer. The paper includes some techniques used to dismantle protocols including documentation, observation and static analysis.

To quote the author:

The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers.

You can download the paper here:

WAFUTFF [PDF]


Posted in: Hacking Tools, Programming

Tags: , , , , , , , ,

Posted in: Hacking Tools, Programming | Add a Comment
Recent in Hacking Tools:
- Recon-ng – Web Reconnaissance Framework
- INURLBR – Advanced Search Engine Tool
- DNSRecon – DNS Enumeration Script

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,969,378 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,387,450 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 674,140 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95