Keeping Track of the Bad Guys

Modified 03 September 2005

When I took some Russian classes at Purdue, I was one of the few non-ROTC students in the room. In that same spirit of "know your enemy"....

Classic Hackers

• Two magazines and web sites catering to the community of bad guys:
  • http://www.2600.com/
  • http://www.phrack.com/.
• Hacker hangouts, groups providing information exchange and tools:
  • http://www.berlin.ccc.de/ -- The German "Chaos Computer Club" (and shouldn't it be "kkk", not "ccc", if they're really German??)

"Hacker" Meetings

Not entirely made up of bad guys in the literal sense, but meetings that bill themselves as "hacker conferences":

• http://www.defcon.org/
• http://www.blackhat.com/

Hacker Technology

• Lots and lots of ready-to-compile programs for testing your systems with the same weapons the hackers will use:
  • http://www.packetstormsecurity.com/
  • http://www.anticode.com/
• Stack smashing — a great paper on how to exploit poor coding via buffer overflow and related attacks was in Phrack volume 49.
  • The original paper:
    • http://www.phrack.com/search.phtml?view&article=p49-14
    • http://www.packetstormsecurity.com/docs/infosec/buffer-overflows/p49-14.txt
    • Pick "Forums", then "Library", then "Buffer Overflows", at the URL: http://www.securityforum.com/
  • A nice follow-up paper:
    • http://www.packetstormsecurity.com/papers/unix/adv.overflow.paper.txt
• The CERIAS group at Purdue has a large list -- continue looking there: http://www.cerias.purdue.edu/coast/hotlist/
• A great 3-part paper on the methods of the bad guys:
  • http://www.enteract.com/~lspitz/enemy.html
  • http://www.enteract.com/~lspitz/enemy2.html
  • http://www.enteract.com/~lspitz/enemy3.html

Software keys, serial numbers, patches

Keys and other bits needed to unlock "warez", pirated copies of Cisco certification exams, etc:

• Very large searchable database, points to other sites hosting the cracks: http://crackspider.net/
• http://www.crackway.com/
• Microsoft-specific: http://mscracks.com/

Archives of Hacked Websites

• http://www.zone-h.org/en
• http://www.pakcert.org/defaced/ (just Pakistani sites)

Remember that Trojan Horse construction hasn't changed since ancient Greece — make it look innocent, simultaneously doing the expected thing and some bad thing. When someone tries to get the system administrator to run some program, remember Virgil's Aenid, "Timeo Danaos et dona ferentis," or "I am wary of Greeks, even bearing gifts."

Security Page

© Bob Cromwell Jul 2008. Created with /bin/vi, hosted on OpenBSD with Apache.    Root password available here