Global SMS Bomber is another nice program which can bom victims mobile phone with totally hundreds! os tons of SMS. It uses your Gmail account to do that and incorporates over 100 networks all around the world.

Download here

Super Bluetooth hack is a Program which lets you mess with someones phone
Once connected to a another phone via bluetooth you can:
- read his messages
- read his contacts
- change profile
- play his ringtone even if phone is on silent
- play his songs(in his phone)
- restart the phone
- switch off the phone
- restore factory settings
- change ringing volume
- And here comes the best
"Call from his phone" it includes all call functions like hold etc.

 

 

 

 

 

 

 

 

 

 

 

There are many ways to hack facebook account.

1: Phishing:- Phishing or fake page hacking is the most widely used hacking trick for any type of accounts of website. It can also be implemented as in this case too.  Read my previous post onphishing to learn it and download facebook phishing page from below. That post was specially for Gmail. The same process will be applied in the case of faceook too. you only need to save facebook login page to your system and make changes to form element of action as per in my that post.
you can also use Tabnapping . This is also a type of phishing but it will make it easier to send your fake page to the victim. Download Tabnapping script from this link:TabNapping Script . Read more about Tabnapping here 


IMPORTANT: sending fake page in case of simple case is not so easy. I am suggesting you an effective way of doing that. You get facebook notification emails. Use the format of that email address but replacing the URL with your fake URL ;)


Download facebook phishing page here:


http://www.ziddu.com/download/13242001/fb_phisher.rar.html 


2: Keylogger:- Keylogger is another useful tool to hack someone's facebook account. If you do not know about keyloggers read here . download some keyloggers from this link.

 href="http://www.win-spy.com/?hop=dpnkr70" target="_blank" style="outline-style: none; color: #1c6fb1; text-decoration: underline;">Kelogger download . Now it's up to you.. how you are using this tool. If you have physical access to victims system, you can manually install this tool and it will effectively work.


3: Firesheep:- If your victim uses unsecure wireless network then you can hack him easily by using mozilla firefox and a simple firefox plugin. Firesheep. read this post to know about firesheep and dowload it from that post. Firesheep use this tool to hack.


4: Hack facebook's primary email address:- Hacking someone's email account also need above described methods (phishing, keylogger, firesheep) but you can also hack it by using forgot password and then by guessing his security question. Many times people use simple security questions.


5: facebook's can't access account option:- there is an recovery option in facebook account. You can mention that your primary email address is also hacked. Then they will ask you many questions regarding that account. as some name of friends, account holder's some personal information etc. If you know about victim well, you can be able to answer all those question. then facebook will ask you for new email address for password recovery. Give any email address which you can access. 


These are some ways of hacking facebook account. There may be more but this time only these are in my mind. :P
if i will remember any other method i will update this post..


All these methods are tested and applied* *( THESE ARE JUST TRICKS LEARN MORE BEFORE APPLYING )

 THIS POST FOR EDUCATIONAL PURPOSE ONLY

These 7 computer freaks are a security breach we'd totally let happen. To us. As men. Hacker chicks have got to be the internet's greatest product. Their mix of intelligence, geekiness and sex appeal is a code nobody wants to crack, and the fact that they play with fire makes them that much hotter. So here are the hottest hacker chicks in internet history along with their stories, what they're good at and a few pics of what they look like.

Adeanna Cooke

Adeanna Cooke is one former Playboy model you don't want to mess with. That's right, a former Playmate is on this list. Boo yah!

Sure she's taken some naked pictures, but the woman has her dignity intact. A former friend of hers decided to post on the internet as her and also decided to take money for doing so. This did not sit well with her. If anyone was going to be making money off her slamming body, it was going to be her.

When she came across an unauthorized website with her face (and body) on it, she took matters into her own hands and hacked into the account herself to take them down. Bad. Ass.

After finding success in her attempts, Cooke also used her hacking gift to help out others in similar situations, becoming known as the "Hacker Fairy" to other troubled women being taken advantage of on the Internet. See a video of Cooke in action below.

She really sets the example for female hackers because she, like a lot of them, are something called "Hactivists", kind of like in the movie The Girl with the Dragon Tattoo: they're out to be almost cyber vigilantes -- fighting against internet evil at every turn. Worst part about cyber vigilantes in this case is that we don't get the whole spandex treatment.

Click the picture for the video about Adeanna and why she can teach you things you've never even dreamed (about hacking.)

Ying Cracker

Ying Cracker is an educator from Shanghai that offends white people every time she says her full name if they think she's correcting them.

She teaches people the basics of how to start hacking; things like changing your IP address or wiping Office passwords. So it's really hacking 101, but the fact that she's awesome enough to teach it is awesome. And who doesn't want to learn how to hack from a crazy hot girl?

Although her last name is anything but inconspicuous (it's like a bank vault robber naming himself John Lock-Combination) she's a well-known name in female hacking and has the legs of a model in a flight attendant brochure.

How was she noticed? It was in a "Chinese Hottie Hackers" forum posting that got Cracker noticed by gawkers on the internet and created a huge fan base for her. Her work is impressive as well. She's an expert in hacker software writing and charges good money for courses on simple hacking tools. She also charges between RMB 500-5000 in helping other people crack software and usually makes about RMB 15,000 per month in the hacking business and for that, she deserves your respect.

Kristina Svechinskaya

Before these chicks THIS was the hottest hacker we all knew and loved.

Kristina Svechinskaya is a New York University student who was arrested on November 2, 2010 for defrauding US and British banks out of millions of dollars -- and you thought your ex was insane.

Along with eight other people, Svechinskaya hacked into thousands of bank accounts and skimmed $3 million in total. That's right. The bra you see her wearing in this picture could possibly be made of diamonds.

The group had plans to steal a total of $220 million, you know, just enough to get by. Acting as a "money mule," the Russian beauty was charged with opening at least five bank accounts which received $35,000 of the stolen money.

It's no surprise why Svechinskaya is being dubbed the "world's sexiest computer hacker." Her seductive gaze and revealing outfits can melt the firewalls off any server (that's how you say that, right?)

The New York hacker was released on $25,000 bail, though her sentence is still being pushed through the system (which means that hey, $10k in profit.)

If convicted on the plot charges and false passports charges, Svechinskaya can serve up to 40 years in prison, which would really amount to a huge h**l of a waste -- but hey, if Mila Kunis gets her Russian accent working, then she may have another Black Swan level movie to star in.

Xiao Tian

Move over male Asian nerdy computer geeks, female Asian nerdy computer geeks are here to stay.

There's a new tech group in town and God bless them, they're female and smoking hot. Oh, and dangerous.

No, "Cn (China) Girl Security Team" isn't the original name for the latest iteration of Power Rangers, it is a Chinese female hacker group that currently has 2,217 members and counting. It's headed by Xiao Tian (pictured in all her awesomely hot glory to your left), who's only 19 years old and from the looks of it, has something else going for her besides extremely good hacking skills (great fashion sense, duh.)

This kind of brings in a whole new level of suspension of disbelief in the world's events. Apparently, I was wrong my entire life because yes, they exist: super geniuses who are also dream girl status.

After this I'm going to get started on my long, thorough and sincere apology letter to Michael Bay.

Xiao Tian created the now-infamous hacking team because she felt that there was no other outlet for teenage girls like herself in the male-dominated world of hacking.

Girl power, indeed.

Ada Lovelace

No hot hackers can be saluted today without paying tribute to the original female hacker in history, Ada Lovelace. The only legitimate child of poet Lord Byron, Lovelace was known as "The Enchantress of Numbers" for her exquisite skill in mathematics. She's credited for creating the world's first computer algorithm after coming up with a method for calculating a sequence of Bernoulli numbers with the Analytic Engine (the earliest form of a computer).

Put THAT in your pipe and smoke it. This girl could probably make your typewriter EXPLODE.

Here's a hot picture from her Maxim spread:

Raven Adler

One look at Raven Adler and you know she's got some edge. Sure, she's not a Playboy Playmate, but we've all learned from drunken nights and from "growing up" that any really cute goth-looking chicks are not only usually cooler than your run-of-the-mill blonde, but a LOT more exciting where it counts: on the internet.

Raven was the first woman to ever present at the DefCon's hacker conference, but she doesn't plan on using her sex to her advantage any time soon. In fact, she has expressed on many occasions her utter dislike of being cast as a "chick hacker."

She's just a "hacker." The world isn't all about looks guys. Oh wait, this list is... oh, alright. Moving on then...

Today, she continues to design, test and audit hacking detector systems for large federal agencies. She's also trained in the Shorin Ryu Matsumura discipline of martial arts. Just in case you're still not convinced she could literally destroy your entire life. Your. Entire. Life.

Here is a picture of her with a dude who looks just like Uncle Rico.

Joanna Rutkowska

Joanna Rutkowska may be referred to as a sellout in the hacker world, but she's one really hot sellout and still a completely awesome hacker to boot, so you've got to give her that.

Rutkowska is a Polish babe who specializes in developing software and tools to counter hackers in the webiverse. So she's kind of a protector of the common man against machines, Terminator style.

She's, of course, an elite hacker herself and has launched her own security services startup called Invisible Things Labs (which as far as software goes, actually isn't a bad name.) Even teaming up with the "good guys" at Microsoft, Rutkowska advised vice president of Microsoft's Security Technology Unit on tightening the security on Windows Vista (so yes, we all have something we need to forgive her for.)

But how could you say no to that face!

 

We present another list of the must hacking tools every hacker must have. These toolsmake the life of a hacker much easier and every n00b must first learn how to use these tools first.


AIRCRACK

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. It implements the standard FMS attack along with some optimizations like KoreK attacks, as well as the all-new PTW attack, thus making the attack much faster compared to other WEP cracking tools. In fact, Aircrack-ng is a set of tools for auditing wireless networks.


Site URL:
http://www.aircrack-ng.org/


BackTrack

BackTrack is a A Linux Distribution focused on penetration testing.


Site URL:

http://www.bactrack-linux.org


BarsWF

BarsWF is the worlds fastest md5 bruteforcing password cracker, just in case you didn't already know.
It combines using your computers processor with you graphics cards GPU for computing the largest amount of hashes as quickly as possible. It is not unheard of to get 100's of millions of hashes per second when using this application.

Prerequisites which really dont need to be mentioned are a processor with SSE2 instruction set, and any nvidia geforce 8 and up graphics card with CUDA support if you want the really fast one, otherwise most decently new nvidia graphics cards bought in the past 2 years should be able to work with this.


Site URL:

http://3.14.by/en/md5


BLOODSHED IDE

Bloodshed IDE is an Integrated Development Environment (IDE) for the C/C++ programming language.


Site URL:

http://www.bloodshed.net/devcpp.html



CAIN AND ABEL

Cain and Abel is a Windows password cracker, capable of cracking a variety of hashes, as well as arp poisoning, sniffing the network, etc.. to obtain those password hashes in the first place.

Site URL:

http://www.oxid.it/cain.html



CANVAS

Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide. To see CANVAS in action please see the movies at immunitysec.com

Supported Platforms and Installations
# Windows (requires Python & PyGTK)
# Linux
# MacOSX (requires PyGTK)
# All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)

Exploits
# currently over 400 exploits, an average of 4 exploits added every monthly release
# Immunity carefully selects vulnerabilities for inclusion as CANVAS exploits. Top priorities are high-value vulnerabilities such as remote, pre-authentication, and new vulnerabilities in mainstream software.
# Exploits span all common platforms and applications

Payload Options
# to provide maximum reliability, exploits always attempt to reuse socket
# if socket reuse is not suitable, connect-back is used
# subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
# bouncing and split-bouncing automatically available via MOSDEF
# adjustable covertness level

Ability to make Custom Exploits
# unique MOSDEF development environment allows rapid exploit development

Development
# CANVAS is a platform that is designed to allow easy development of other security products. Examples include Gleg, Ltd's VulnDisco and the Argeniss Ultimate 0day Exploits Pack.

Site URL:

http://www.immunitysec.com/products-canvas.shtml



CYGWIN

Cygwin is the next best thing to using Linux.
I personally do not use a windows box period, work, school, or other, unless I have Cygwin installed.
It's a large download, but once you get use to using it there's no turning back.
I have actually created a condensed copy that I carry around on my flash drive.
It comes complete with most Unix/Linux commands, to include the ability to compile things on the fly with gcc, perl, etc..
It has many useful things about it, but the only way to really see the extent of them is to use it yourself unless you like reading pages of technical data to help put you to sleep at night.

FYI...Last I checked it was currently managed by RedHat.

Site URL:

http://www.cygwin.com/



DBAN

DBAN- Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes if very difficult if not impossible to recover using forensics.

Site URL:

http://www.dban.org/about



FARONICS DEEP FREEZE

Faronics Deep Freeze helps eliminate workstation damage and downtime by making computer configurations indestructible. Once Deep Freeze is installed on a workstation, any changes made to the computer—regardless of whether they are accidental or malicious—are never permanent. Deep Freeze provides immediate immunity from many of the problems that "He-Who-Must-Not-Be-Named." computers today—inevitable configuration drift, accidental system misconfiguration, malicious software activity, and incidental system degradation.

Deep Freeze ensures computers are absolutely bulletproof, even when users have full access to system software and settings. Users get to enjoy a pristine and unrestricted computing experience, while IT personnel are freed from tedious helpdesk requests, constant system maintenance, and continuous configuration drift.

Site URL:
http://www.faronics.com/html/deepfreeze.asp




NEMESIS

Nemesis is a packet injector utility that is command line based and supports linux and windows.

Site URL:

http://www.packetfactory.net/projects/nemesis/



GEEKSQUAD MRI

GeekSquad MRI is the the Best Buy geek squad repair disc - Code Name MRI - for internal use only, confidential, and a trade secret. This is version 5.0.1.0 - the latest version. The disc has tools to help fix computers - it has AntiVirus, AntiSpyware, Disk Cleaner, Process List, Winsock Fix, etc, all in an attractive and quite usable interface!


Site URL:

At piratebay or google it.



SCAPY

Scapy is a packet manipulator used for crafting packets, sending packets, sniffing them etc. Also runs on Linux and Windows.

Site URL:

http://www.secdev.org/projects/scapy/



TRUECRYPT

TrueCrypt- Free open-source disk encryption software.


Site URL:

http://www.truecrypt.org



SKYPELOGVIEW

SkypeLogView reads the log files created by Skype application, and displays the details of incoming/outgoing calls, chat messages, and file transfers made by the specified Skype account. You can select one or more items from the logs list, and then copy them to the clipboard, or export them into text/html/csv/xml file.This utility works on any version of Windows starting from Windows 2000 and up to Windows 2008. You don't have to install Skype in order to use this utility. You only need the original log files created by skype, even if they are on an external drive.

Site URL:

http://www.nirsoft.net/utils/skype_log_view.html



PASSWORD FOX

PasswordFox is a small password recovery tool that allows you to view the user names and passwords stored by Mozilla Firefox Web browser. By default, PasswordFox displays the passwords stored in your current profile, but you can easily select to watch the passwords of any other Firefox profile. For each password entry, the following information is displayed: Record Index, Web Site, User Name, Password, User Name Field, Password Field, and the Signons filename. This utility works under Windows 2000, Windows XP, Windows Server 2003, and Windows Vista. Firefox should also be installed on your system in order to use this utility.

Site URL:

http://www.nirsoft.net/utils/passwordfox.html



NESSUS

Nessus has been around for a little more than a little while now and has gone from free to almost free to it's gonna cost ya.
I'm not really sure regarding the newest updates as I haven't used it since it lost it's freedom, but I will say it has plugins for everything under the sun!
It is mainly used for network and server scanning and has the ability to test and create a client/server connection between yourself and the host you're testing with.

Site URL:

http://www.nessus.org/nessus/



RAINBOW CRACK

RainbowCrack is a general propose implementation of Philippe Oechslin's faster time-memory trade-off technique.
In short, the RainbowCrack tool is a hash cracker. A traditional brute force cracker try all possible plaintexts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time mabait in advance and store the result in files so called "rainbow table". It does take a long time to precompute the tables. But once the one time mabait is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables.


Site URL:

http://www.antsight.com/zsl/rainbowcrack/



UNETBOOTIN

UNetbootin - An application to install an operating system to a flash drive or to a hard disk by either using the pre-downloaded iso file or by downloading the operating system through the application.

Site URL:


http://unetbootin.sourceforge.net/



VISUAL STUDIO 2010

Visual Studio 2010- A development environment, and programmers best friend when it comes to designing windows applications. A little pricey, but free for academic use under the MSDNAA.

Site URL:

http://www.microsoft.com/visualstudio/en-us



WINHEX

Winhex is a hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. Also a advanced tool for everyday and emergency use.

Code: [Check Download Links]
http://www.x-ways.net/winhex/



WPE PRO

Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.


Site URL:

http://wpepro.net/



IDP

Interactive Disassembler Pro (IDP) . Supports 80x86 binaries and FLIRT, a unique Fast Library Identification and Recognition Technology that automagically recognizes standard compiler library calls. Widely used in COTS validation and hostile code analysis.
In short it's what we like to call the "Reverse Engineer's Wet Dream".

Site URL:

http://www.hex-rays.com/idapro/



HPING

Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.

also works on Unix systems, Windows, Sun and MacOS's.

Site URL:

http://www.hping.org/



JOHN THE RIPPER

John the Ripper- free open-source software (if you want to buy you can always get the pro version)
John has been, and continues to still be, the most famous and most widely used password cracker for linux/unix systems.
Things everyone likes about it:
It's fast, it has support for cracking a lot of different but commonly used hash types, and it's able to run on just about anything.

Site URL:

http://www.openwall.com/john/

Anonymous-OS Live is an ubuntu-based distribution and created under Ubuntu 11.10 and uses Mate desktop.
Created for educational purposes,
to checking the security of web pages.
Please don’t use any tool to destroy any web page :)
If you attack to any web page,
might end up in jail because is a crime in most countries!
*** The user has total responsibility for any illegal act. ***









Thanks to all author tools!


 

———————————————————————————————
Here some of preinstalled apps on Anonymous-OS:

- ParolaPass Password Generator
- Find Host IP
- Anonymous HOIC
- Ddosim
- Pyloris
- Slowloris
- TorsHammer
- Sqlmap
- Havij
- Sql Poison
- Admin Finder
- John the Ripper
- Hash Identifier
- Tor
- XChat IRC
- Pidgin
- Vidalia
- Polipo
- JonDo
- i2p
- Wireshark
- Zenmap
…and more

Including Broadcom BCM43xx wireless driver.
——————————————————————————————

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.

Expect Us!



 ----------------------------------------------------------------------------------------------------------------------


At present you can not install Anonymous-OS.
Please use it as a LiveCD or LiveUSB.
You can create the LiveUSB with Unetbootin
User Passowrd: 2ae66f90b7788ab8950e8f81b829c947 (md5 HASH)

 Download AnonymousOS.iso here

 

 Known Issues
first version Anonymous-OS 0.1 doesn’t run Tor-browser from menu. For users where want to fix that, open terminal and run the command:

cd && rm -rf ~/.tor-browser ; wget https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.35-7.2-dev-en-US.tar.gz -O tor-browser.tar.gz ; tar -zxvf tor-browser.tar.gz ; mv ~/tor-browser_en-US ~/.tor-browser ; rm -rf tor-browser.tar.gz

then just open Tor-browser from menu and must be works!


ContactAnonymous-OS <anonymousos at yahoo dot com>

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility. 

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative link-structure. Simply open a page of the "mirrored" website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.
WinHTTrack is the Windows 2000/XP/Vista/Seven release of HTTrack, and WebHTTrack the Linux/Unix/BSD release. See the download page.

 

Without further delay, here is exactly how DonJuan successfully cloned his SIM chip:

Buy simcard reader/writer.

Buy blank 3g simcard

Download Magicsim at http://www.magicsim.com/en/multi-sim.asp?new_id=6

Download http://www.filecart.com/Windows/System-Utilities/Backup-Restore/USB-SIM-Card-Reader-Software_1711_1.html

Install programs.

Go in phone tools, select sim card, then select unlock sim, it will promt for a code.
Call AT&T, they will ask for your phone number, your account info, name and security code, then they will ask why you want to unlock your simcard, just tell them you need to unlock your sim to get it to work with your overseas phone or something.

Once they give you the sim unlock code, enter it, and it will say sim unlocked.

Remove the sim from your phone, place it in the cardreader, click read from card in magic sim program.

Once it says connected, select crack sim in the toolbar. click strong ki and clink all of the other find options and then click start.

Once your ki is found and the crack is finished, click file, save as and save your cracked sim info to a dt file.

IMPORTANT!!! you must click disconnect from the file menu or you will ruin your simcard. once it says disconnected, remove the sim. put it in your phone and see if it still works, it should. if not, you either did not unlock your sim, or you tried to copy it instead of crack and save.

Insert black 3g card Use other program, not magic sim at this point.

Click connect

It will say no info found if it is truly blank.

Select write to sim, it will promt you to select a dat file, select the one you saved before, now click start, it will take about 10 minutes to write it, once it is complete, it will ask for a security code, enter the security code AT&T gave you, then click finish.

Your card is cloned. if you try to make 2 calls at the same time, one will go through, the other will say call failed, and both phones will get the same messages, text and voice, and both will recieve the same calls, but only one can talk at a time.

Caveats and warnings about cloning your SIM card

As of yet, I have NOT attempted to follow DonJuan’s instructions so I cannot confirm whether or not this process works. I did download both of the required applications in preparation for my future attempt. Therefore I should point out that I uploaded one of those applications to Virus Total to have it scanned for viruses. I was disappointed to see that F-Secure found one piece of questionable code in the Sim Card reader software listed in step 4. On the other hand F-Secure only represents 1 out of 36 scanners on Virus Total therefore it’s up to you to decide whether or not to install this application.
The MagicSim software unfortunately was too large for Virus Total so I have no idea whether this application is virus free or not. I recommend that if you decide to follow DonJuan’s instructions you do so on an extra computer (one you’re willing to infect with viruses if it comes to that) or install something like VMWare and install these applications in a virtual computer running inside of your current computer. This way, if these applications do have viruses, you can simply kill the infection by deleting the virtual computer.
All that being said, clone your SIM chip with this process at your own risk. As I already mentioned, I have NOT validated these instructions with my own test. I simply put them in a dedicated article on this site because I said I would do something like this if someone provided a detailed list of instructions. If you follow DonJuan’s instructions, and have success, please post a comment here and share your experience with the rest of the TechTraction readers.
Please Note: Keep in mind that blatant SPAM urls added to comments will be removed.

 

The article explained why such action wasn’t possible with a SIM card reader and basic software. Since that article, the reader comments have been consistently flowing in and the article remains one of my most frequently read items. Despite my explanation, some readers have claimed that they have succeeded at what I said was impossible. Unfortunately, when pressed for details, responses where either nonexistent or lacking critical details. Fortunately, all that changed on 9/26/2008 when reader DonJuan posted a detailed response that might just do what many of us want to do with our SIM cards.

The 2011 Black Hat security conference in Las Vegas is promising a smorgasbord of (in)security fun. From vulnerabilities in PLCs (programmable logic controllers) to the security design of Apple’s iOS and potential hacker attacks on medical implant devices, the range of presentations this year could be the best ever.


1. Hacking Androids for Profit

The growing popularity of smart phones has generated a predictable surge in security research around mobile platforms and this year’s Black Hat agenda contains quite a few good presentations.

This talk, by Riley Hassell and Shane Macaulay, puts Android under the microscope with a promise to reveal new threats to Android Apps and discuss known and unknown weaknesses in the Android OS and Android Market.

The researchers will discuss the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace.

2. Exploiting the iOS Kernel

Stefan Esser is best known for his epic work around PHP security but if you’ve been following his Twitter stream lately, you’d notice the German researcher has taken a liking to Apple’s iOS platform.

In this Black Hat session, Esser is promising a deep-dive discussion of kernel level exploitation of iPhones. It will include details on previously disclosed kernel vulnerabilities, the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows.

Esser also plans to look closely at the kernel patches applied by iPhone jailbreaks to provide an understanding of how certain security features are deactivated. He also plans to release a tool that allows the selectively de-activation some of certain kernel patches for more realistic exploit tests.



3. Apple iOS Security Evaluation: Vulnerability Analysis and Data Encryption

When Dino Dai Zovi speaks about Apple and security, you stop and listen.

Best known for his successful hijack of a MacBook at the CanSecWest hacker conference, Dai Zovi has now turned his attention to Apple’s iOS, the smartphone platform that powers iPhones and iPads.

Dai Zovi performed a detailed audit of the security mechanisms and features of iOS 4 and will share his findings on things like Trusted Boot, Mandatory Code Signing, Code Signing Enforcement, Sandboxing, Device Encryption, Data Protection, and (as of iOS 4.3) Address Space Layout Randomization.

The security assessment focused on the concerns of an enterprise considering a deployment of iOS-based devices or allowing employees to store sensitive business data on their personal devices so we can expect to hear about the real-world implications of using iPhones and iPads in the enterprise.

Dai Zovi is promising to document the risks of a lost device or a remote iOS compromise through a malicious web page or e-mail and, based on the strengths and weaknesses identified, make concrete recommendations on what compensating measures an organization can and should take when deploying iOS-based devices for business use.




4. Hacking Google Chrome OS

Google + the cloud + web applications is a recipe for a fun security cocktail.

In the last few months, two members of the WhiteHat Security’s Threat Research Center — Matt Johansen and Kyle Osborn — hacked away at Google’s Cr-48 prototype laptops and discovered a slew of serious and fundamental security design flaws.

Now, they are sharing their findings with the Black Hat audience, promising to discuss security holes that could expose users to the following types of attacks:

• Exposing of all user email, contacts, and saved documents.
• Conduct high speed scans their intranet work and revealing active host IP addresses.
• Spoofing messaging in their Google Voice account.
• Taking over their Google account by stealing session cookies, and in some case do the same on other visited domains.

Johansen and Osborn said Google was informed of the findings and has already fixed some vulnerabilities they plan to discuss many of the underlying Google Chrome OS weaknesses that remain — including for evil extensions to be easily made available in the WebStore, the ability for payloads to go viral, and javascript malware survive reboot.

5. Exploiting Siemens Simatic S7 PLCs

Dillon Beresford (right), a security researcher at NSS Labs, has already courted controversy with this topic. The talk was originally scheduled for the TakeDownCon security conference in May but was withdrawn after some bigwigs (including the Department of Homeland Security) got nervous about the pre-patch disclosure ramifications.

At Black Hat, Beresford is promising to cover newly discovered Siemens Simatic S7-1200 PLC vulnerabilities and to demonstrate how an attacker could impersonate the Siemens Step 7 PLC communication protocol using some PROFINET-FU over ISO-TSAP and take control.

Beresford is a brand-name security researcher in the SCADA world. Earlier this year, he developed an exploit for one of the most popular high performance production SCADA/HMI software applications in China which is widely used in power, water conservancy, coal mine, environmental protection, defense and aerospace.

Because security holes in Siemens’ PLCs played a key role in the success of the mysterious Stuxnet worm, Beresfords’s Black Hat disclosures is sure to raise eyebrows.

6. SSL And The Future Of Authenticity

Moxie Marlinspike has generated a reputation as privacy and anonymity advocate who goes beyond mere talk. He has many free tools and utilities for both the Web and mobile systems and spends his time warning anyone who would listen about the dangers of web tracking software.

Widely considered a security research expert on protocols, cryptography, privacy, and anonymity, Marlinspike will focus on SSL (Secure Socket Layer) encryption at this year’s Black Hat conference.

He is promising to provide an in-depth examination of the current problems with authenticity in SSL, discuss some of the recent high-profile SSL infrastructure attacks in detail, and cover some potential strategies for the future. Marlinspike’s talk conclude with a software release that aims to definitively fix the disintegrating trust relationships at the core of this fundamental protocol.

As a side note, Marlinspike will be speaking at BSidesLV, providing “thoughts on LulzSec through the historical lens of Russian Nihilism and Motiveless Terrorism.” That’s another good one to put on the schedule. The BSidesLV talk has since been withdrawn. Bummer.

7. Vulnerabilities in Wireless Water Meter Networks

What if a hacker could tamper with your water meter to do dangerous things? It may sound far-fetched but, after Stuxnet, no one should doubt the ramifications of designer malware planted on critical systems.

This Black Hat talk is particularly interesting because the speaker, John McNabb of South Shore PC Services, spent 13 years managing a small water system and claims to have deep knowledge of how these things work.

McNabb says research into wireless water meters is crucial because they are a potential security hole in a critical infrastructure and can pose a wide range of problems.

In this talk, McNabb promises to present an overview of drinking water security, review reported water system security incidents and the state of drinking water security over the past year. He will also provide a deep dive into the hardware, software, topology, and vulnerabilities of wireless water meter networks and how to sniff wireless water meter signals.

8. Battery Firmware Hacking

Clearly not satisfied with hacking into MacBooks and iPhones, Charlie Miller has his eyes on the chip that control your computer’s battery.

Miller, a brand-name hacker who now works as Principal Research Consultant at Accuvant Labs, will use the Black Hat stage to discuss the embedded controller used in Lithium Ion and Lithium Polymer batteries. In his research, he found that the controller is used in a large number of MacBook, MacBook Pro, and MacBook Air laptop computers.

Miller explains:

“In this talk, I will demonstrate how the embedded controller works. I will reverse engineer the firmware and the firmware flashing process for a particular smart battery controller. In particular, I will show how to completely reprogram the smart battery by modifying the firmware on it. Also, I will show how to disable the firmware checksum so you can make changes. I present a simple API that can be used to read values from the smart battery as well as reprogram the firmware. Being able to control the working smart battery and smart battery host may be enough to cause safety issues, such as overcharging or fire.”

As reported by Andy Greenberg at Forbes.com, Miller found that the batteries’ chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips’ firmware can potentially hijack them to do anything the hacker wants




9. Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System

Theoretical research into the hacking of medical devices is nothing new but this talk by Jerome Radcliffe stands out because of the wide usage of the target — insulin pumps to treat diabetes.

Radcliffe, who wears an insulin pump and continuous glucose monitor, said the devices can be considered a “Human SCADA system.”

After attending a DefCon presentation on hardware hacking of proprietary systems and wireless communication methods, Radcliffe said he was inspired to hack into the devices to see if the communication methods could be reverse engineered or whether a device can be created to perform injection attacks.

“Manipulation of a diabetic’s insulin, directly or indirectly, could result in significant health risks and even death,” he explained. In this talk, Radcliffe plans to explain his discoveries around the propriety protocols and the hardware interfacing.



10. Playing In The Adobe Reader X Sandbox

Adobe’s addition of a sandbox called ‘Protected Mode’ into Reader X has put a significant roadblock for malicious hackers. However, it has set up a perfect cat-and-mouse game where attackers are working overtime to bypass the mitigations.

In this talk by Paul Sabanal and Mark Yason from IBM ISS’s X-Force Advanced Research Team, Black Hat attendees will get a deep technical explanation of the implementation details of the Adobe Reader Protected Mode sandbox and the the results of reversing efforts to understand the mechanisms and data structures that make up the sandbox.

The researchers also plan to discuss the limitations and weaknesses of the sandbox and offer possible avenues to achieve privilege escalation. “We will demonstrate how an attacker could leverage the limitations and weaknesses of the Adobe Reader Protected Mode sandbox to carry out information theft or corporate espionage. We will be demonstrating a proof-of-concept information stealing exploit payload bootstrapped by exploiting a publicly known Adobe Reader X vulnerability,” the researchers explained.