Hacking Studio

Guest


Recent Posts

Pages: [1] 2 3 4
1
News & announcements / Account Security
« Last post by Fitz on August 30, 2016, 08:19:19 PM »
Below you can find some basic tips that most of you probably know already.
However it's our responsibility to stress this more than necessary, just in case someone doesn't.

  • Use secure passwords/passphrases
  • Don't reuse your passwords on other sites
  • Confirm SSL
  • Don't share your account
  • Be careful on public networks
  • Note on e-mail:
  • Think about what you're using
  • Think about what you're sharing

Use secure passwords/passphrases
A very basic principle that many seem to forget for accessibility purposes. In the 2010-something LinkedIn dump, over 60% of sha1 hashes was very easily cracked. (http://www.computerworld.com/article/2504078/cybercrime-hacking/hackers-crack-more-than-60--of-breached-linkedin-passwords.html)
Now we can discuss that this is due to the "weakness" of the sha1 algorithm, but if your password is "admin06", there's nothing ANY algorithm can do for you.
Please take this into consideration.

We at Hacking Studio do our very best to protect you on our side, however, as vulnerabilities and exploits are globally discovered every day, there's a chance that one day, we too will fall victim (although we count on our wonderful community to help us find these bugs before "the bad guys" do  ;) ).

There's plenty of password managers out there to make it easier for you to log in with difficult/unguessable passwords, please use them as it will most definitely add a layer of security to your account!

Don't reuse your passwords on other sites
A lot of people do this or have done this, and even use the same password for every account online.
It's a very simple equation, if one account gets hacked, there's a very good chance all your others are lost as well.
Again, while we do what we can to protect you, there are others who do not care to invest their time into protecting their members and will spray your info and weakly hashed passwords into the open.

Confirm SSL
HackingStudio makes use of LetsEncrypt to secure your traffic from and to our server.
If at any point you receive Certificate Errors or other weird messages, please do not proceed to login, but verify where these messages are coming from.
If something seems off, contact an administrator on our IRC network. You do not need to be authenticated or have ssl enabled on our #help channel, so you can use it securely without exposing any details.
Don't feel bad for asking a "stupid" question, we prefer our members to be secured and will happily verify the issue for you.
In case of a real problem, it might also help identify attacks against our members or bugs, so basically you're helping us by letting us help you ! :)

Sidenote on confirming SSL:
Users might embed pictures in post that come from http sources rather than https.
This can trigger certain browsers (like firefox) into warning you about mixed content.
Should you get such a warning, feel free to verify that it is really the user's post that's causing this issue.
You can simply hit F12 in FireFox to open the developer console and confirm that this is the case.
Should it be something that's on our side, feel free to contact us so we can get it fixed!

Don't share your account:
It's just a bad idea to do this. Get in a fight with your buddy? Your buddy has bad security? Aliens abduct him and reset all his passwords?
It's not hard to make an account here, if someone asks you to share accounts, it is good practice to deny this oh so humble request.

Be careful on public networks:
If you verify SSL like told above, this should be less of an issue, however, never say it can't happen.
Anyone at any time might be intercepting your traffic on a public network.
In your work place for example, your employer might have installed an SSL Cert in your browsers that allows him to decrypt your data, and you wouldn't notice a damn thing.
We can not or will not enforce policies to lock you into an IP-address. Because we give you that liberty, it's your responsibility to check the network you're logging in from.

Note on E-mail:
It's considered good practice to use dedicated mail accounts in order to monitor where your mail address is going once it has been stored on a server after completing a registration procedure.
As you might have noticed, me and Simmons are fans of Protonmail, as it provides default PGP encryption between it's members.
It's free, but paid plans are available which are most certainly worth a look at.

You can of course use any mail provider but of course you should take privacy and security into consideration as needed.

Another thing is that people involved with Hacking Studio will NEVER ask for your password. Period.
If anyone asks you for your password, report them to us on IRC or in a forum post, with screenshots / mails / flying unicorns as evidence.
It's not cool to "hack" other members, even if you have differences. Consequences will be taken if this should happen and should be proven.

Think about what you're using:
Again, we do our best on our side, but the tools you are using and how you are using them can also cause security problems.
If you use an online password manager and it get's hacked, you're f*cked.
If you use untrusted software and get rootkits, you're f*cked.
If you use a proxy, your traffic might be going through it unencrypted and basically, you're f*cked.

Think about the services you're using and how you're using them.

It's all about trust, and you do well not to trust everything blindly.
Feel free to search for discussions about software and setups, or open a new post if the tool you want to talk about hasn't been discussed yet!

Think about what you're sharing
Sometimes you can post screenshots, share links, share stories that give away information that can help hacking, tracking or making you look like a fool (remember that American official that had his porn tabs open in a screenshot of his browser?  ;D).
All hilarity aside, it's a good idea to check you have censored out any data you don't want publicized!

Conclusion
These are not rules, these are tips we want to share with you.
It's up to you to decide how far you wanna go with your security and privacy and how much of those you need.
As a hacking community, we of course want to stimulate you to keep it up as high as possible, this is 2016, people hack things.

If you have any tips for us, or found some things we need to work on, again, do not hesitate to contact us!

Happy Hacking! :)
2
News & announcements / IRC Server
« Last post by Simmons on August 28, 2016, 10:12:38 PM »
IRC Server details:

Server: irc.hacking.studio
SSL-Port: 6697
Non-SSL-Port: 6667
3
News & announcements / Rules
« Last post by Simmons on August 28, 2016, 01:48:13 AM »
If you're going to read anything on this forum, read this.

First of I'd like to say that I do not like setting rules. if the human race could just for one moment show some decency towards each other, rules would be obsolete and we all would be happier.
We don't like wearing the admin / moderator badge, and we hate being obligated to put our extra permissions to use.
This is a totally unappreciated waste of time for everyone, while we all really have better things to do!

Below are some basic principles that are very clearly explained about what is okay and what not.

These rules / principles apply to the entire community, which includes the IRC network, forums, private messages, and any other potential future location where we decide to wander off to!
These rules apply to every single individual, including any admins, ops and mods. We are all equal here.

Extended mods and ops rules can be found in the respective boards, but they do not grant the privilege of neglecting the rules below, these are the rules we advise everyone to abide by, I don't think they are unreasonable.

Like literally everything on this entire platform, the rules are open for discussion, but only BEFORE breaking one.
If you do not agree, talk to an admin or mod about it BEFORE you break the rule and be ready to defend your idea when challenged.
This way, if you can convince us of your point of view, there will be no reason for you to break the rules as we will modify them appropriately.

Social and content

The Hacking Studio is an online hackerspace. We meet here to relax, chill, and do the two things we all love; hacking and learning.
Keep the posts in the correct boards, someone who picks locks might not want to see political opinions.

Quote
We exist without skin color, without nationality, without religious bias...
The Mentor - A Hacker's Manifesto - 1986

Racism:
There is no room for racism and discrimination here. It is a childish and retarded mindset to hate someone based on what genes they have, what they believe in or what's between their legs.
EVERYTHING is open for discussion, and we will not disallow posts and comments about sensitive topics like religion or politics as long as you keep them in the correct section.
The only rule is that you have to respect each other. We understand not everyone agrees with each other, and that sometimes in the heat of the moment you can get frustrated and start raging, which is no problem at all.
But when that happens, you will remain respectful or you will be addressed about it.

Oversensitivity:
This is the opposite side of a discussion, do not victimize yourself over criticizm.
Tech people can be harsh towards one another because we're logic thinkers, someone telling you to "RTFM", or asking you if "you even know how to use a search engine?", can be experienced as offensive, but chances are very likely this is actually good advice.
Just because someone responds to you in a way that you perceive as "mean", does not mean they're personally attacking you.

Illegal stuff
Posting illegal stuff results in a direct ban from all our servers, including IRC.
There's other places on the internet that will appreciate this kind of content, as you wont be able to come back here, I'm sure they'll gladly see you coming there.
Everything you post is YOUR responsibility, there is a border everyone knows, and the moment you cross that you are out of here.

Reposts
There is a search box for a reason. Use it.

Hacking
Because we're a hacking community, I want to elaborate a bit on this. We encourage you to be curious and to poke a stick into anything that looks like it might move.
There's some guidelines we would like give you to make sure this stays fun for everyone.

Challenges:
Challenges might be well documented, or hints might be hidden in the challenge to help you look in the right direction.
If you are stuck, don't proceed to unorthodox method (like bruteforcing where it's the challenge to perform an SQL Injection).
This generates unnecessary traffic and is very much frowned upon by the people who maintain the server, for obvious reasons.

There's no shame in asking for help on IRC or in the forums, don't expect a fully prepped and pre-chewed answer.

Solutions and writeups
Posts about challenges are currently not allowed as they might invoke someone sharing a flag or giving too much information. Sharing flags is STRICTLY forbidden and will result in a ban.
The challenges are designed in a way that with some research and some reading, the subtle tips that are in there should be enough.
If you solve them like this without using other people's writeups, you will develop a better analytical skill when it comes to computers, you'll actually learn something.

Points are a fun measurement, but if you haven't earned them yourself, this will become very obvious to a lot of people, very fast.

We can never stop you from posting writeups on other platforms, we can only ask you nicely to appreciate the hard work we've put in writing vulnerable applications in order to keep things fun for you!

The platform
Even when it comes to the platform, we encourage you to try and find security holes that we've missed.
Should you find one we only ask you to notify us.
Non-compromising bugs can be freely reported in the respective forum board.
For bugs that might involve data leaks, please contact Fitz or Simmons in a private conversation on IRC.
If you do not have permission to start a private conversation, you can request it or send an e-mail.

You will be given credit for any type of bug you find, and we will contact you to see if you are interested in joining us in the place where the hamsters run the wheels to keep things going.

TL;DR
No seriously, read these.
Use some common sense and there will be no problem.

These rules can change, some might be added, modified or removed based on the communities input or problems we encounter.
Should this be a change people might feel through the community, we will ask your opinion before implementing the rule.

Again, these rules are open for discussion.

And the most important rule of all
Happy hacking! :)
Pages: [1] 2 3 4