November 12, 2010 Leave a comment

ClubHack 2010


ClubHack has reached in its fourth year & we as a team are very happy as well as excited about it.

To add to our excitement, this year we have a very special guest who will add multiple stars on the shoulder of ClubHack

The fourth sequel event ClubHack2010 is scheduled on  4th, 5th and 6th December 2010 in Pune, India.

ClubHack 2010 will be organized in “The O Hotel”


Tickets for individual events of ClubHack2010 can be registered from link


ClubHack Day 1

On 4th of December

  • Keynote – By Bruce Schneier
  • Panel discussion on telecom security from national security perspective
  • Executive Lunch with Bruce Schneier.

ClubHack Day 2

On 5th of December

  • 9 Technical Briefings from ClubHack
  • 3 Presentations of Malcon

ClubHack Day 3

On 6th of December

  • 4 workshops

* this is tentative plan of the event. We might add a few more activities or change the schedule as per change of plans if any.

Capture The Flag

What’s a security conference without a grueling CTF?
But hang on, every time you attend an event in Indian you have a different CTF with no link to last partial efforts you put.
Well dear Sir, as you rightly guessed ….., tickle your very hacking bone Clubhack and null presents the Battle Underground Diwitiya (Version 2.0 continue)
Starting from ClubHack2010 this year, we’ll be having this CTF going from conferneces to conferences (ClubHack, NULLCon, c0c0n). An year long CTF?? Yes! year long. Keep playing the same CTF in each conference & start from where you left in last one.
The event promises to be filled with fun and exciting hacking challenges.
1. You can form teams(2 members) or play as an individual.
2. You have to bring your own laptop (bring your own inbuilt / addon wifi card to have some extra fun).
3. Live CD of popular security distro would help your cause but not all the time (Backtrack, Matriux).
4. You will get internet connectivity but to be on a safer side keep usb internet dongles handy.
It will be multi level hacking challenge. In each level you will find clues to the next level. The first team to finish the final level wins.
So if its an year long event, the prizes should also be in same way, right?
Moderation team will decide the percentage covered in each event & you’ll get same percentage discount in next event.
Say you cover up 30% in ClubHack, then you’ll get 30% discount on nullcon tickets & can continue to play from 30% in nullcon. If you reach 80% in nullcon, your c0c0n ticket will be discounted at 80%.
We know everyone would love t reach 100%, correct :)
And there would be some surprise prizes too.

Categories: General

Booting Process in windows :

September 15, 2010 3 comments
Booting Process in windows :

                        Hi , every one uses Desktops or laptops these days but some of us don’t know how the computer starts how it boot up the windows and what are the importance of some files which we delete accidentally when we see them as hidden, I hope this Post will help for the beginners and advanced user as a reference.

Firstly when we power on SMPS starts and generates Power good signal to the components and CPU started then CPU reads first instruction stored in BIOS (Error message is given if any error in RAM / CMOS).
BIOS performs the POST (Power On Self Test) operation – checks all the hardware components then
BIOS loads MBR and 
MBR (Master Boot Record) stores the booting record loads Boot sector from system
Boot sector Loads NTLDR
NTLDR reads BOOT.ini 
BOOT.ini file stores information regarding which operating system is to be booted if the system is of Dual operating system and the display time for the operating system selection.
**From this we can change name of the operating system shown at boot time and can change the display time.
BOOT.ini Loads and executes from system to perform BIOS Hardware detection then loads NTOSKRNL.exe, HAL.dll, BOOTTVID.dll, KDCOM.dll from the boot volume
Here NTOSKRNL is linked against the HAL (Hardware Abstraction layer), which is in turn linked against NTOSKRNL. (They both use functions in each other.) NTOSKRNL is also linked to the following binaries: 
Pshed.dll (Platform-Specific Hardware Error Driver). It provides an abstraction of the hardware error reporting facilities of the underlying platform by hiding the details of a platform’s error handling mechanisms from the operating system and exposing a consistent interface to the Windows operating system. 
Bootvid.dll (Boot Video Driver).It provides support for the VGA commands required to display boot text and the boot logo during startup. On x64 kernels, this library is built into the kernel to avoid conflicts with Kernel Patch Protection (KPP).
NTLDR loads windows\system32\system which is your system hive HKLM\system in regedit
NTLDR loads drivers flagged as “boot” in the system hive then passes control to NTOSKRNL.exe
NTOSKRNL.exe brings up the loading splash screen and initializes the kernel subsystem
then starts the boot-start drivers and then loads & starts the system-start drivers then creates the Session Manager process (SMSS.EXE
SMSS.exe runs any programs specified in Boot Execute like chkdsk, cleaning virus files by the antivirus.
Then processes any installations like update service packs.
 SMSS.exe then initializes the paging files and the remaining registry hives then starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS) and the user-mode portion of the Win32 subsystem (CSRSS.EXE) , starts WINLOGON.exe
WINLOGON.exe starts the Local Security Authority (LSASS.EXE) and loads the Graphical User Identification and Authentication DLL. and displays the logon window by user action it starts the services controller (SERVICES.EXE)

SERVICES.EXE: starts all services.
This process is same in windows XP, Windows vista and seven, but in windows vista and seven it has been updated and security is provided. My next post will discuss more about other system files.
Categories: cyberstack, Forensics

Nullcon Dwitiya

August 19, 2010 Leave a comment

CFP Open for “nullcon Dwitiya”

 Nullcon Dwitiya
The Jugaad Conference

Calling all Jugaadus(hackers)
It’s the time of the year when we welcome research done by the
community as paper submissions for nullcon.

Submission Topics:

1. One of the topics of interest to us is “Desi Jugaad”(Local Hack)
and has a separate track of it’s own. Submissions can be any kind of
local hacks that you have worked on (hints: electronic/mechanical
meters, automobile hacking, Hardware, mobile phones, lock-picking,
bypassing procedures and processes, etc, Be creative  :-D)
2. The topics pertaining to security and Hacking in the following
domains(but not limited to)
– Hardware (ex: RFID, Magnetic Strips, Card Readers, Mobile Devices,
Electronic Devices)
– Tools (non-commercial)
– Programming/Software Development
– Networks
– Information Warfare
– Botnets
– Web
– Mobile, VOIP and Telecom
– VM
– Cloud
– Critical Infrastructure
– Satellite
– Wireless
– Forensics

 Important Dates:
CFP End Date:         20th November 2010
Speakers List Online: 10th December 2010
Conference Dates:     25th – 26th February 2011

Goa, India
(Exact Venue TBD)

for more details please chk

Categories: General in cyber forensics

May 18, 2010 1 comment

hi everyone if anybody is interested in doing

M.Sc. Forensic Science

then please check for details for 2010-2012 academic year 

Last date is 25 June 2010

Categories: General

How To Test a software

Every  one uses many Software’s in our day to day life, a user have a chance to report the bugs and errors in the software to the manufacturer, then how can we test a software, there are many ways to test a software for example if we take a software which uses Microsoft operating system, mostly users use Windows operating systems as a interface as it is very user friendly, We can check in Performance, Usability, and Security perspectives.

Performance: We can check most of the performance details in our powerful tool “Windows Task Manager”. It includes application access time and how it performs for a single operation, what is the CPU usage and Processes usage when running the application, it depends on the application how much it uses but every application should be run with normal priority how much time taken to access the service, how much virtual memory used, what is the processor ID and how much page file size used all those stuff.

Usability: The usability of the application can be identified as we use it , stopping the services from services.msc,changing the users while running the applications, restarting the services while application is running, accessing the application at a same time i.e running the application and opening the same application again, observing the installations and UN-installations by canceling, going front and back while installing and more …

Security:Securing a product is the most interesting part of testing and working with the software.We can check this from Exact path of the file locations where it is installed and shortcuts created, what are the services it is using for running the applications which port numbers it is using for communication, is there any chance of deleting and replacing the running application files in installation folders replacing registry entries of the software and more ..

Categories: cyberstack, Forensics

solid state disks

February 2, 2010 Leave a comment

Solid state drives (SSDs), as compared to their spinning counterparts, have no moving parts, require less power, have a smaller footprint, produce a fraction of the heat, enjoy a longer life span and perform better in some systems. They currently range in price from two or three times for smaller drives (about 30GB) to more than 10 times that for drives in the 120GB to 250GB rangeSATA vs. SSD (Watts)

The table shows the average power consumption from a variety of different SATA and SCSI drives. The SSDs are Intel High Performance SSDs.

                       If you’ve heard of SSDs, you’ve also heard about their increased performance over conventional disk technology. Since SSDs don’t have moving parts, their seek times return numbers in the range of 75 microseconds to 1 millisecond. Standard disk technology runs in the 4 to 5 millisecond range.

SSD PRO’s &CON’s::
             Energy efficient
             Low Latency
             Control of Unstructured files
             Compatability with operating systems
             commoditized components
         LifeExpectancy ofSSD
         Not Ideal for all
         More Expensive..

Categories: General

Cyber criminals target online activities of Asians

January 26, 2010 Leave a comment

Social networking sites and online banking are very popular across the world but their users are now looking for better identity protection, according to the 2010 global online consumer security survey by RSA, the security division of EMC.

The global provider of security solutions for business acceleration surveyed about 4,500 people who voiced their concerns related to safety of personal information on the Internet. More than 1,000 respondents participated from China, India, Japan, Malaysia and Singapore. Today, Asian users want better identity protection while connecting to friends or conducting online banking transactions.
Increase of phishing attacks
China reported the highest number of casualties among the Asian countries surveyed (50 per cent) followed by Singapore at 27 per cent. Only six per cent of respondents in Japan have been victims of a phishing attack.

Cyber criminals are always on work but their constant activity has increased awareness about phishing among consumers. This awareness has significantly increased between 2007 and 2009, a period when the rate of attacks rose six times.
Each day, thousands of users join social networking sites but according to the survey, 65 per cent of them are reluctant to interact due to security concerns. These sites attract phishing activity because of their immense popularity and easy access to personal information.
Phishing activity is prevalent in the banking and health sectors also. Consumers know this and about 97 per cent of Asian respondents using such sites are concerned about the privacy of this information. About 77 per cent of Indians, 73 per cent of Singaporeans, 52 per cent of Malaysians and 32 per cent of Japanese said they were “very concerned” about phishing.
Need for better protection
Asian consumers now want better protection of their identities than simple username and passwords and look towards administrators of websites to offer a stronger form of security.
Christopher Young, senior vice president at RSA, noted that attackers are continuously sharpening their dangerous skills to infect computers with Trojans and malware. These criminals lure people to legitimate websites that are infected with malware.
The situation has worsened because of availability of more advanced communications applications and improved writing and Web design skills for the fraudsters. Figures are available to prove these points and the RSA anti-fraud command centre noted the highest-yet detected rates of phishing attacks between August and October 2009. The centre also reported a 17 per cent increase in the total number of attacks between 2008 and 2009.
“Consumer education and awareness is one of the first lines of defence in the ongoing battle against online crime. Organisations will continue to take advantage of the many benefits offered by the Internet and consumers will seek the convenience offered online — all despite the inherent risks,” said Young. “In order to maximise the full value of what the online world can offer, organisations need to take a layered approach to Internet security in order to best protect their customers’ information.”

Categories: General