Year: 2017

Hackers for hire to secure your website from criminals

Author wefightforsecurityPosted on April 22, 2017April 27, 2017Categories cyber security, web securityTags , , , , , ,

We are cyber security professionals, information security professionals, but when it boils down to it we are hackers for hire that are easy to find and easy to  contact. or hire by one of our hacker for hire subscription plans. When we are hired by the private sector we help secure your websites, servers, applications and any IoT device under the sun. Our plans currently only support websites, however we are professionals at IoT security, also known as internet of things security and server security.  Companies hire us to stop criminal hacking before it happens or if it’s already started we put a stop to it and provide an analysis of the criminals behavior and information we have on them, along with if they are known elsewhere, since many criminals want to be known, they just don’t want to be caught.

  What type of hacking will you not do? Since you’re easy to find hackers for hire will you do unethical hacking?

We are ethical hackers for hire that are easy to find, so we will not do illegal hacking.   We will end up putting a FAQ together about the most common requests for illegal hacking, but a few off the top of our head of requests are to hack another users facebook account for you, instagram, or any other service.  We don’t care if you tell us the person you want hacked is a cheating slimeball, that doesn’t make it legal to hack them. Since we’re ethical hackers for hire, we stick by our code and won’t hack cheating slimeballs for you.

What can you do as hackers for hire?

As hackers for hire we can do a lot, like secure your website, server, IOT products, etc. Working as hackers for hire we have recovered stolen laptops, We identified a hacker who claimed to be a woman in San Diego, who ended up being an Indian in India living in a flea hotel, who took a trove of unreleased music from a studio.

We’ve identified employees who have destroyed their companies systems making them inoperable. We’ve worked for fortune 100’s, we’ve had GoDaddy as a client showing them security flaws in their servers and we found a lot of issues.

We identify malware in companies infecting their users, we’ve helped make it so companies don’t have to pay ransomware by securing their systems and offer anti-phishing training.

What can we not do as hackers for hire? Whatever the law prohibits, which is becoming less and less. We can show you how insecure your internet connected devices are, also called internet of things devices, among other things.  It’s even legal to hack a car or anything else you own to show how insecure it is.

Remotely Disconnecting Bebop Drone pilot exploit As seen on ZDF

Author wefightforsecurityPosted on April 17, 2017April 17, 2017Categories cyber security
  1. Last year we ran into an issue when recording Smarter Living for ZDF when they gave us a drone we hadn’t hacked before which was the bebop 1. It took half an hour to find a vulnerability and exploit the bebop drone. while it isn’t a  fancy exploit it got the job done. Parrot had tried to put a patch in place for the bebop drone to stop people from accessing telnet, however you could still send request to telnet. We sent a bunch of telnet requests to the drone while it was flying and remotely disconnected the user from being able to control the drone. Instead of the drone crashing no one had control of the drone and it was doing whatever it wanted requiring the director and I to grab it out of the sky.

While we have a ton more of drone vulnerabilities that we spoke about at bsides LA, we won’t be releasing them today.  We went all the way down to a binary analysis, which was quite interesting and may make publicly available.

Chrome Vuln Denied By Google Then Patched Bug Without Payment

Author wefightforsecurityPosted on April 5, 2017Categories cyber security

Google Chrome is the browser by Google. We found a chrome bug that is so simple that every browser should’ve already been protected from it, but neither Firefox nor Chrome were. We also attacked other platforms and used the attack to crash our peer reviewers phone. We found a way to crash the chrome and Firefox browser by putting 500 thousand lines of urls that would remotely crash the other users system, wipe all the sites they were on from restoring, etc. An example would be https://planetzuda.com/test/http://planetzuda.com/test/ and repeat. The bug was far harder to exploit on chrome, then it was on Firefox since to Google’s credit or Chromiums they had better protection then Firefox had against this attack.

The way it worked was taking the URL above and then manually copying it or using a python script to automatically copy it thousands of times and then sending it to the browser. We contacted Our peer reviewer and tested it against him.

We were in the process of seeing if we could get leaked memory and go to RCE, but Google likes reports as soon as you know of an issue, so we reported to Google Chrome per their bounty program. The bug quickly got marked won’t fix, but another member marked it needs more feedback afterwards, but once you mark a bug won’t fix, you have no interest in engaging with the submitter. Never underestimate the person submitting the bug. If you don’t get the bug, that’s fine but don’t assume what it is, which is exactly what they did. So if the bug was no big deal, which is the way they acted on January 16th why is it patched? Also, how did Firefox get the patch when we didn’t submit it to them? These are questions we want answers to. We are asking Google to pay for the bug, since they found it to be of value to quickly patch it and it appears they also passed the info along to Firefox without our permission, which is problematic as we were never credited for the bug by Firefox.

We will update this if Google responds to our requests, but from now on we are going public disclosure on bugs here on out.

A Guide explaining Why 43-50% Of Small Businesses Are Hacked

Author wefightforsecurityPosted on April 3, 2017April 3, 2017Categories cyber security

Many articles have come out stating that between 43 to 50 percent of small businesses are hacked. This makes sense and we will explain why in our guide that gives you a tiny bit of insight on how to think like this particular type of hacker.

Most small businesses use insecure software, they use anything that is free or cheap, and they never have a security audit no matter how much they want it due to how expensive it is.

Free and cheap software generally has no security to very little security, however paying more does not mean in anyway that you are more secure,  but they have a bigger budget to at least focus on security.

Before using a piece of software look up that software with the word exploit and see if there are any recent articles about exploits not being fixed in it. Also, update your software as much as possible and always do backups. We can’t stress those two the most, so we will repeat it. updating your software is critical  and having backups are critical for when you are hacked. Backups have saved some of our clients businesses when they were hit with ransomware, because instead of paying the ransom they simply restored from the backup and then had us make it more secure.

 

Our goal is to provide true security audits and malware removal at an affordable price, that is a true security audit, not the untrue security audits provided by other companies at affordable prices. A security audit is finding vulnerabilities before you’re hacked and we do that for as low as $29.99 a month, but enough about us let’s focus on what you can do for free to keep yourself secure. Of course, the ransomware sometimes does damage the perception of how secure you are if it also holds the entire site ransom, thus people may not trust your site as much. However, there are ways to mitigate this issue, by being very open and transparent about the entire process. While we know some companies want things to be hidden and not talked about, hackers find them anyways, so it’s better to be open about something then closed off.

 

We hope this very small and not even remotely close to extensive guide has helped you.

 

 

 

The Importance of Cyber Security and Compartmentalization

Author wefightforsecurityPosted on April 2, 2017April 2, 2017Categories Uncategorized

Cyber security is very important, but so is compartmentalization as an article in The Register makes very clear. A Texas based company fired an employee, because they hadn’t properly compartmentalized access to passwords for the company.

This one employee was able to access all the passwords on his own and emailed them to himself, thus allowing him to get revenge on his work and commit criminal hacking, which lead to losing over $100,000 of customer orders, not to mention the third party companies they had to pull in to audit the systems to recover from the damage the disgruntled employee had caused.

 

The employee was arrested by the FBI for violating the computer fraud and abuse act and exceeding authorization. If the company had properly compartmentalized access to each password, so one employee wouldn’t have had access to all of them, this wouldn’t have happened. Unfortunately, this didn’t take place nor did they reset passwords the employee had access to, which is standard procedure with companies who hire us.