Some thoughts

[limdis]

I've spent a few days now surfing around some various "black hat" friendly communities doing some personal research on new techniques and developing attack methods. I had some thoughts and questions I wanted to share with you all:

Firstly, I have no interest in wreaking unnecessary havoc. I think it's childish and will eventually get you arrested. My interests are purely for defensive purposes. So when I see stuff like this (below) I tend to get a little overly... uhm yeah.

<flame>
Courtesy of Dark Spec from hackforums: (I edited the names out myself)

What we have here is a classic example of a dumbass. Those that might be new and seeing this. Stay away from hackforums... Also I'm not going to troll on that site but if Dark Spec is active here - (on second thought I'll keep that bit to myself) GTFO you piece of shit.


Moving on with my point.
We are all familiar with the term "script kiddie" but I was thinking about just how hazardous and dangerous they can really be. Any member here if they looked in the right spot, could easily get their hands on some serious software and commit crimes in a matter of minutes. Dark Spec here claims to have control of a significantly sized botnet and is continuously asking about how to implement various tools (like blackshades) for more advanced attacks. This kid is 15 and represents all that is negative about a hacker, and in the eyes of someone who is inexperienced (ie the general innocent public) he is a serious serious threat.
</flame>
OK, really now with my point. I feel that it is highly important to stay up to date on the script kiddie techniques. I think we should share, be aware, and perform some digital surgery on these tools/techniques to learn what they are capable of, how easily they can be manipulated, and how to defend against them. That being said, I wanted to throw this out there because I do not want to cross over into breaking HTS rules here. But I think we should be willing and able to share enough about the black hat side of hacking to be considered dangerous if used inappropriately. I do not wish to encourage illegal activity, but I would like to be able to discuss these items in a professional and adult manner. This would obviously not allow stupid questions like, "How can I hack facebook... er because I want to know for security reasons lolz."

Anyone else have any opinions on this? I just think that as a community we have enough shared knowledge and talent to really push into the latest well of information.

[acevic]

Wow, that is a lot of enthusiasm for buttsex. Tells us a lot about the common sexual orientation of Hackforum members. I have been listening in on HF and can confirm what I said about them is true.

I do agree that black hat tools and tactics are easily available on the internet. And yes, I do agree that they are very interesting. I'd love to see some in-depth research on black hat tools and their prevention but I think that would possibly mean a breach of Hackthissite's disclaimer. Also, HF strongly relies on malware to do anything, something HTS will not allow.

This is a common HF member's mentality.

1) Ask how to hax
2) Get a R.A.T/Keylogger
3) Ask people how to use it
4) Implement it
5) Take screenshots
6) Publish screenshots
7) Buy lube
8) Have buttsex with their fellow HF members

EDIT: Also, I have noticed that HF teaches its members on a Q/A basis where they simply provide easy instructions for every specific situation. That is not the way to learn...ever. What we can do on HTS is possibly write articles on how these malware work and how they can be prevented from breaching systems. This would land us on the safe and legal side of things. I doubt that anyone downloads malware without the intent of harming someone else or spying.

[limdis]

^ hahahaha

Also, I have noticed that HF teaches its members on a Q/A basis where they simply provide easy instructions for every specific situation. That is not the way to learn...ever. What we can do on HTS is possibly write articles on how these malware work and how they can be prevented from breaching systems. This would land us on the safe and legal side of things. I doubt that anyone downloads malware without the intent of harming someone else or spying.

Agreed, this is no way to learn. I'm picturing open discussion in a manner that could eventually be compiled into an article. Take for example a topic on a specific keylogger. A breakdown of how the program operates, posting of source code, or snippets of the important parts, and an in-depth look at what and how it works. Not so much a, hey I have keylogger now how I do make this thing work its magic? I'm willing to open up a topic encouraging this type of discussion but again I want to make sure that I won't be crossing the line and for whoever participates to feel like they will be saying too much. It will all have to be for educational purposes and presented and discussed as such.

Articles are outstanding! I would love to see more! I'm am working on one now that deals with wireless network security that goes beyond just breaking the encryption, but I won't be releasing it until I have examined ever angle that I can think of and get more practice with rainbow tables. I want it to be solid before I go spreading what I think I know about the subject lol. (I chose this specifically because there are just too many tuts out there that simply say how to do something, with no explanation of what is actually being done.)

I read through the the HTS legal disclaimer, privacy statements and forum rules and regs to make sure I wasn't crossing the line. I would like someone on the staff to comment on this.

[acevic]

Agreed, this is no way to learn. I'm picturing open discussion in a manner that could eventually be compiled into an article. Take for example a topic on a specific keylogger. A breakdown of how the program operates, posting of source code, or snippets of the important parts, and an in-depth look at what and how it works. Not so much a, hey I have keylogger now how I do make this thing work its magic? I'm willing to open up a topic encouraging this type of discussion but again I want to make sure that I won't be crossing the line and for whoever participates to feel like they will be saying too much. It will all have to be for educational purposes and presented and discussed as such.

I guess it could work out that way though I suggest that you still confirm with the staff as to the possibility of doing so on HTS.

Articles are outstanding! I would love to see more! I'm am working on one now that deals with wireless network security that goes beyond just breaking the encryption, but I won't be releasing it until I have examined ever angle that I can think of and get more practice with rainbow tables. I want it to be solid before I go spreading what I think I know about the subject lol. (I chose this specifically because there are just too many tuts out there that simply say how to do something, with no explanation of what is actually being done.)

I'm looking forward to your article then. I wrote a bunch of notes on Social Engineering for my lecture, Social Engineering 101, but could not deliver the lecture due to problems on my side and lack of participants. I will be delivering that lecture soon, hopefully, after I talk it out with mShred. I think I'll also use those notes to write a mini-e-book on Social Engineering and submit it to HTS.

I read through the the HTS legal disclaimer, privacy statements and forum rules and regs to make sure I wasn't crossing the line. I would like someone on the staff to comment on this.

You could hop on IRC and ask mShred, Sanddy or Kage. They would be able to answer this. Also, since I have not been able to talk to any of them because of our huge time difference, I would like to know if I can distribute articles on HTS under a CC license.