Have you ever thought of becoming a good hacker when you learned about online knowledge? "Hacker" is a mysterious, dangerous but oozing charm of identity, they are almost omnipotent on the internet, the perpetrators of evil, the punishment of the good people have, Ching also have. a country's Ministry of Defense is black, an official website is often the news of the Black press, this is their symbol of strength and victory of the Totem, in exchange for our hearts faint worship. But the news that hackers and hackers pinch each other seems extremely rare.
According to ZD Net, the hacker group that once claimed to have hacked into the NATO database inj3ct0r on Facebook that it had successfully hacked off another well-known hacker group,--exploithub.
The INJ3CT0R team is a major seller of 0 (0day) vulnerabilities, and Exploithub is a vulnerability center established by NSS Labs. The two teams are independent hacker organizations, looking for loopholes and selling hacker software for profit, and at first glance appear to be typical "gang infighting".
But if you delve into the exploithub of the story, you will find that there will be a catch.
NSS Labs is the world's most well-known network security research and evaluation agency, they conduct product evaluation and data analysis by simulating user's real application scenarios. The intrusion detection/protection system evaluation standard pioneered by NSS Labs in 1999 has become the "touchstone" of the industry's recognized intrusion prevention system (IPS), and its Real-world test solution is the only way the industry can truly evaluate IPS defenses.
So Exploithub is strictly not a "hacker organization", more like a market where the attacker can sell malware and vulnerabilities directly to security experts for practical testing.
While announcing the "War situation", INJ3CT0R claimed that the attack had stolen a total of $242333 worth of private vulnerabilities. The following figure shows the PHPinfo provided by INJ3CT0R to prove their invasion:
Subsequently, Exploithub issued a statement acknowledging the intrusion and said that the hacked server did not delete the "install script" after installing the program so that it could be accessed. The Black Database "contains only Web applications and related product information, such as the name of the Vulnerability (sold), the price, the author, and so on, excluding any useful information, such as exploit code." ”
Shortly thereafter, the INJ3CT0R team posted a bulletin on Facebook, including the name of the vulnerability, price, date of creation, author ID, author username, and a range of vulnerabilities, most of which were Inj3ct0r's hack Mario. And promised that if "like" times exceed 30000 they will release more information on these vulnerabilities by 16th this month. At present, the number of "like" has reached 15,500, while the growth rate has slowed down markedly.
Currently Exploithub's website has been closed.
The NSS lab introduced their novelty detection patterns to the world, as its President Rick Moy explained:
"If you can't think from the bad guy's point of view, what about ' detection '?" Therefore, we choose to go out of the laboratory, to the real network environment to face the threat to find the source of those evils. "
This seems to be the rhythm of "while, outsmart".