Ethical Hackers Must Protect Digital Human Rights

Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights (Threatpost)

When we talk about security, we have to ask, ‘security for who?'” said Galperin, speaking at a Black Hat session called “Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society.” “It’s usually for governments or corporations. We don’t talk about security for individuals, particularly individuals who don’t have a lot of spending money.”


AutoRecon – An Open Source Enumeration Tool by Shahzaib Ali Khan (Latest Hacking News)

AutoRecon is an enumeration tool that performs automated enumeration with multi-threaded capabilities. It is purposely built to be used for CTFs, exams (like OSCP) and other penetration testing environments for saving as much time as possible.

This tool works by performing port scans/service detection scans, and then as per the result of the scan, it launches further enumeration scans of those services using different tools.

Something new to try.

BGP hijackers made $29M

How 3ve’s BGP hijackers eluded the Internet—and made $29M by DAN GOODIN

Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a thousand servers hosted inside data centers to impersonate real human beings who purportedly "viewed" ads that were hosted on bogus pages run by the scammers themselves­ -- who then received a check from ad networks for these billions of fake ad impressions. Normally, a scam of this magnitude coming from such a small pool of server-hosted bots would have stuck out to defrauded advertisers. To camouflage the scam, 3ve operators funneled the servers' fraudulent page requests through millions of compromised IP addresses.

About one million of those IP addresses belonged to computers, primarily based in the US and the UK, that attackers had infected with botnet software strains known as Boaxxe and Kovter. But at the scale employed by 3ve, not even that number of IP addresses was enough. And that's where the BGP hijacking came in. The hijacking gave 3ve a nearly limitless supply of high-value IP addresses. Combined with the botnets, the ruse made it seem like millions of real people from some of the most affluent parts of the world were viewing the ads.

This is an interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol.