If you like any Car and Want to Buy please Call us 24/7

0344-2668711

Want to sale a Car: CLICK HERE

$$$ Bug Bounty $$$

Posted by Bilal Khan on Wednesday, May 31, 2023
Comments: (0)
What is Bug Bounty ?



A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization's vulnerability management strategy.




Many software vendors and websites run bug bounty programs, paying out cash rewards to software security researchers and white hat hackers who report software vulnerabilities that have the potential to be exploited. Bug reports must document enough information for for the organization offering the bounty to be able to reproduce the vulnerability. Typically, payment amounts are commensurate with the size of the organization, the difficulty in hacking the system and how much impact on users a bug might have.


Mozilla paid out a $3,000 flat rate bounty for bugs that fit its criteria, while Facebook has given out as much as $20,000 for a single bug report. Google paid Chrome operating system bug reporters a combined $700,000 in 2012 and Microsoft paid UK researcher James Forshaw $100,000 for an attack vulnerability in Windows 8.1.  In 2016, Apple announced rewards that max out at $200,000 for a flaw in the iOS secure boot firmware components and up to $50,000 for execution of arbitrary code with kernel privileges or unauthorized iCloud access.


While the use of ethical hackers to find bugs can be very effective, such programs can also be controversial. To limit potential risk, some organizations are offering closed bug bounty programs that require an invitation. Apple, for example, has limited bug bounty participation to few dozen researchers.
Related articles

Read more

Hashdb-Ida - HashDB API Hash Lookup Plugin For IDA Pro

Posted by Bilal Khan
Comments: (0)


HashDB IDA Plugin

Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service.


Adding New Hash Algorithms

The hash algorithm database is open source and new algorithms can be added on GitHub here. Pull requests are mostly automated and as long as our automated tests pass the new algorithm will be usable on HashDB within minutes.


Using HashDB

HashDB can be used to look up strings that have been hashed in malware by right-clicking on the hash constant in the IDA disassembly view and launching the HashDB Lookup client.


Settings

Before the plugin can be used to look up hashes the HashDB settings must be configured. The settings window can be launched from the plugins menu Edit->Plugins->HashDB.


 

Hash Algorithms

Click Refresh Algorithms to pull a list of supported hash algorithms from the HashDB API, then select the algorithm used in the malware you are analyzing.


Optional XOR

There is also an option to enable XOR with each hash value as this is a common technique used by malware authors to further obfuscate hashes.


API URL

The default API URL for the HashDB Lookup Service is https://hashdb.openanalysis.net/. If you are using your own internal server this URL can be changed to point to your server.


Enum Name

When a new hash is identified by HashDB the hash and its associated string are added to an enum in IDA. This enum can then be used to convert hash constants in IDA to their corresponding enum name. The enum name is configurable from the settings in the event that there is a conflict with an existing enum.


Hash Lookup

Once the plugin settings have been configured you can right-click on any constant in the IDA disassembly window and look up the constant as a hash. The right-click also provides a quick way to set the XOR value if needed.



Bulk Import

If a hash is part of a module a prompt will ask if you want to import all the hashes from that module. This is a quick way to pull hashes in bulk. For example, if one of the hashes identified is Sleep from the kernel32 module, HashDB can then pull all the hashed exports from kernel32.


 

Algorithm Search

HashDB also includes a basic algorithm search that will attempt to identify the hash algorithm based on a hash value. The search will return all algorithms that contain the hash value, it is up to the analyst to decide which (if any) algorithm is correct. To use this functionality right-click on the hash constant and select HashDB Hunt Algorithm.


 

All algorithms that contain this hash will be displayed in a chooser box. The chooser box can be used to directly select the algorithm for HashDB to use. If Cancel is selected no algorithm will be selected.



Dynamic Import Address Table Hash Scanning

Instead of resolving API hashes individually (inline in code) some malware developers will create a block of import hashes in memory. These hashes are then all resolved within a single function creating a dynamic import address table which is later referenced in the code. In these scenarios the HashDB Scan IAT function can be used.


 

Simply select the import hash block, right-click and choose HashDB Scan IAT. HashDB will attempt to resolve each individual integer type (DWORD/QWORD) in the selected range.


Installing HashDB

Before using the plugin you must install the python requests module in your IDA environment. The simplest way to do this is to use pip from a shell outside of IDA.
pip install requests

Once you have the requests module installed simply copy the latest release of hashdb.py into your IDA plugins directory and you are ready to start looking up hashes!


Compatibility Issues

The HashDB plugin has been developed for use with the IDA 7+ and Python 3 it is not backwards compatible.

Related posts


  1. Hacker Tools For Windows
  2. Pentest Tools Find Subdomains
  3. Hacking Tools And Software
  4. Hacker Tools Linux
  5. Tools 4 Hack
  6. Ethical Hacker Tools
  7. Pentest Tools Download
  8. Pentest Tools Open Source
  9. Hacker Tools Free
  10. Growth Hacker Tools
  11. Hacker Tools Software
  12. Beginner Hacker Tools
  13. Hacking Tools For Games
  14. Hack Apps
  15. What Are Hacking Tools
  16. Hacker Search Tools
  17. Pentest Tools For Android
  18. Hack App
  19. Hack Tool Apk
  20. Hacker Tools Hardware
  21. Hack Tool Apk No Root
  22. Hacking Tools Github
  23. Easy Hack Tools
  24. Hacking Tools For Windows 7
  25. Hacking Tools Windows
  26. Kik Hack Tools
  27. Nsa Hack Tools Download
  28. Hacker Tools Free Download
  29. Hackers Toolbox
  30. Pentest Tools Framework
  31. Hacking Tools Mac
  32. Computer Hacker
  33. Pentest Tools Android
  34. Pentest Tools Subdomain
  35. Hacker Tools For Ios
  36. Hack Rom Tools
  37. Hacker Tools Github
  38. Pentest Tools Alternative
  39. Pentest Tools Url Fuzzer
  40. Hacking Tools 2019
  41. Pentest Tools Framework
  42. Hacking Tools Name
  43. Hacking Tools And Software
  44. Hack Tool Apk
  45. Hacker Tools Online
  46. Ethical Hacker Tools
  47. Hack Tools For Games
  48. Hacking Tools
  49. Hacker Tools 2020
  50. Pentest Reporting Tools
  51. Easy Hack Tools
  52. Hacking Tools Pc
  53. What Is Hacking Tools
  54. Hackers Toolbox
  55. Pentest Tools Download
  56. Pentest Tools Subdomain
  57. Hack Tools
  58. Pentest Tools Windows
  59. Hacking Tools Download
  60. Pentest Tools Website Vulnerability
  61. Pentest Tools Subdomain
  62. Bluetooth Hacking Tools Kali
  63. Hacker Tools 2019
  64. Pentest Recon Tools
  65. Pentest Tools Nmap
  66. Pentest Tools Free
  67. Pentest Tools Kali Linux
  68. Hacker Tools Linux
  69. Hack Tools Download
  70. Install Pentest Tools Ubuntu
  71. How To Install Pentest Tools In Ubuntu
  72. Pentest Tools Nmap
  73. Hacker Security Tools
  74. Hacker Tools Online
  75. Pentest Tools For Mac
  76. Hacker Search Tools
  77. Pentest Tools Bluekeep
  78. Hacking App
  79. Hack Tools
  80. Hacker Tools Free
  81. Hacker Hardware Tools
  82. Hacker Tools List
  83. Hacker Tools Online
  84. Pentest Tools Free
  85. Hacks And Tools
  86. Beginner Hacker Tools
  87. Underground Hacker Sites
  88. Hacking Tools Windows
  89. Hacker Tools Github
  90. Hacking Tools For Windows
  91. Pentest Tools Github
  92. Hacking Tools Hardware
  93. How To Hack
  94. Pentest Tools Download
  95. Hacker Tools Software
  96. What Are Hacking Tools
  97. Hacking Tools Usb
  98. Free Pentest Tools For Windows
  99. Hacker Tools Free Download
  100. Pentest Tools Port Scanner
  101. Hacker
  102. World No 1 Hacker Software
  103. Pentest Tools Website
  104. How To Make Hacking Tools
  105. Hack Tool Apk No Root
  106. Hack Tool Apk No Root
  107. Hacking Tools For Beginners
  108. Blackhat Hacker Tools
  109. Hack Tool Apk No Root
  110. Pentest Tools Bluekeep
  111. Pentest Tools Download
  112. Hacker Tools Apk Download
  113. Pentest Tools For Android
  114. Hacking Apps
  115. Hacking Tools Usb
  116. Easy Hack Tools
  117. Hacking Tools Software
  118. Pentest Tools Windows
  119. Pentest Reporting Tools
  120. Top Pentest Tools
  121. Pentest Tools For Android
  122. Hack Tools For Windows
  123. Hacking Tools For Beginners
  124. Hacking Tools Name
  125. Hack Tools For Mac
  126. Hacker Tool Kit
  127. How To Hack
  128. Hacker Tools List
  129. Pentest Tools For Mac
  130. Hacking Tools Online
  131. Pentest Tools Website
  132. Hacking Tools Mac
  133. Hacking Tools Windows 10
  134. Pentest Tools Free
  135. Hacking Tools For Windows
  136. Hacker Tools Windows
  137. Hack App
  138. Hack Tool Apk No Root
  139. Hacking Tools For Pc
  140. Hacker Tools
  141. Pentest Tools Apk
  142. Best Hacking Tools 2019
  143. Hacker Security Tools
  144. Pentest Tools Website Vulnerability
  145. Hacker Tools Hardware
  146. Hacks And Tools
  147. Pentest Tools Subdomain
  148. Tools 4 Hack
  149. Pentest Recon Tools
  150. Pentest Tools Website Vulnerability
  151. Hacker Tools Apk
  152. Hacking Tools For Beginners
  153. Hacking Tools For Windows Free Download
  154. Hacking Tools For Windows 7
  155. Nsa Hack Tools
  156. New Hack Tools
  157. Tools 4 Hack
  158. Hack Tools For Pc
  159. Nsa Hacker Tools
  160. Pentest Reporting Tools
  161. Pentest Tools For Windows
  162. Pentest Tools Subdomain
  163. Pentest Tools Open Source
  164. How To Install Pentest Tools In Ubuntu
  165. Hacking Tools Online
  166. Pentest Box Tools Download
  167. Hack Tools For Games
  168. Hacker Tools List
  169. Pentest Tools Subdomain
  170. Hacks And Tools
  171. Hacker
Read more

TYPES OF HACKER

Posted by Bilal Khan
Comments: (0)
7 Types of hacker 

 1-Script Kiddies-They are  just download overused software & watch youtube video on how to use it. Script kiddies don't care about hacking.

 2-White Hat-They are the good guys of the hacker world. They also known as Ethical Hacker.

 3-Black Hat-They finds bank or other companies with weak security and steal money or credit card information. They also known as cracker. They are dangerous because they are illegal to gain unauthorized access.

 4-Gray Hat-They don't steal money or information sometimes they deface a website or they don't help people for good.

 5-Green Hat-These are the hacker "noobz" but unlike Script Kiddies.They care about Hacking  and strive to become full-blown hacker.

 6-Red Hat-These are the vigilantes of the hacker world. They are like White Hats in that they halt Black Hats but these folks are downright SCARY to those who have ever tried so much as penetrest.

 7-Blue Hat-If a Script Kiddy took revenge he/she might become a Blue Hat.Most Blue Hats are noobz.They have no desire to learn.

More info


Read more

PHASES OF HACKING

Posted by Bilal Khan on Tuesday, May 30, 2023
Comments: (0)
What is the process of hacking or phases of hacking?
Hacking is broken up into six phases:The more you get close to all phases,the more stealth will be your attack.

1-Reconnaissance-This is the primary phase of hacking where hacker tries to collect as much as information as possible about the target.It includes identifying the target,domain name registration records of the target, mail server records,DNS records.The tools that are widely used in the process is NMAP,Hping,Maltego, and Google Dorks.

2-Scanning-This makes up the base of hacking! This is where planning for attack actually begins! The tools used in this process are Nessus,Nexpose,and NMAP. After reconnaissance the attacker scans the target for services running,open ports,firewall detection,finding out vulnerabilities,operating system detection.

3-Gaining Access-In this process the attacker executes the attack based on vulnerabilities which were identified during scanning!  After the successful, he get access to the target network or enter in to the system.The primary tools that is used in this process is Metasploit.

4-Maintaining Access-It is the process where the hacker has already gained access in to a system. After gaining access the hacker, the hacker installs some backdoors in order to enter in to the system when he needs access in this owned system in future. Metasploit is the preffered toll in this process.

5-Clearning track or Covering track-To avoid getting traced and caught,hacker clears all the tracks by clearing all kinds of logs and deleted the uploaded backdoor and anything in this process related stuff which may later reflect his presence!

6-Reporting-Reporting is the last step of finishing the ethical hacking process.Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used,the success rate,vulnerabilities found,and the exploit process.

Read more


Read more