People in the security industry have a lot of opinions, usually influenced by their employment, experience and background.  Some of these can be however dangerous for a variety of reasons.  Some of these opinions manifest themselves as such:

  • APT is a bullshit term.

Correction: It was coined by the Air Force after a massive series of information attacks against the US government that were highly successful back in the 2004-6 timeframe and have been continuing ever since.  it was only repurposed by every security company under the sun AFTER the fact.

  • APT attacks financial banks for money so its cybercrime.

Correction: APT is NOT cybercrime.  People who are CLUELESS and have never had briefings or worked on combating APT typically say such things.

  • APT is so “ghostly” and “amorphous” we will never be able to prove it was XXX.  Attribution is impossible.

Correction: Attribution is absolutely possibly.  If you really want to stop this problem you need to put your resources towards attribution and bring these actors into the light, expose their shoddy tradecraft, embarrass their countries, and make them incur consequences for their actions.

Consequences: Cyber/Economic/Financial

If your not willing to combat the APT threat aggressively, investigate it thoroughly, and go beyond the bits and bytes to identify the actors, units, shot callers, and address the geopolitical aspects of it then you might was well just pack up and go home.  If your not willing to recognize that this is Serious fucking business with massive long term negative impacts on our nations future then you need to change occupations.  Major new developments have occurred and it only will get progressively worse.  It is almost preferable to have an all out nation to nation cyber street fight and incur the damage now then to continue to bleed as much as we are.

Market leading security vendor RSA (who hosts the largest security conference in the world) and sells the primary 2-factor authentication token hardware software that secures our nations defensive systems specifically defense contractors, as well as significant parts of the commercial sector and Federal government was just values that are the basis for the two factor authentication process.  This is simply a progression of attacks cyber defense pillars used in the defense of our nations secrets.  Mandiant briefed in their latests M-Trends 2011 that they have already circumvented the DoD CAC smart card software through smart card proxy attacks.  This is the next step.   MAD PROPS to RSA for actually Google style.  This problem will not get better if things like this stay in the dark.


However more highly technical information with the community on the malware, the IP telemetry, the Tactics, Techniques, and Procedures of this threat.  The more the public knows, the better collective defense we will have towards this ravenous threat.  What WAS shared was bullshit with regard to specifics and simply added up to a security best practices list.  Boo on that.   (based on the reading of their guidance I would say it is safe to say that a full compromise of RSA and the dumping of their active directory (Happens on Day 1 of the attack people) is going to put a and relationships in a world of lateral hurt.

THIS is BIG.  This is not GOOGLE pwnage to surveil political activists.  .

The vectors into these highly damaging attacks are nothing that can be defended against.  With large technical teams of vulnerability researchers implementing large scale highly intelligent distributed fuzzing attacks at highly popular file formats and software applications, along with code thefts from Adobe and other vendors in the Aurora attacks last year, along with Microsoft providing their governments with source code to the entire Microsoft OS and office product line it should be no wonder that the adversaries have a that they have weaponized and attack targets in serial fashion one after another.

What is incredulous is that the security industry and AV companies cannot put the pieces together and realize that the past 20 or so highly damaging 0-days that have been revealed to target highly popular information products such as MS Office, IE, Adobe Reader and Flash, as well as Firefox are DIRECTLY generated and used by Chinese Computer Network Exploitation CNE Operators as digital first strikes against US and western targets in a non stop campaign of smash and grab.  These exploits bleed into the cybercrime space, making them directly responsible for the collatoral damage effects that enable billions of dollars in loss when they are integrated into exploit kits.

Analyze the data on the 0-days, how long were they in active circulation prior to discovery, analyze the malware that was used in original attacks.  Coorelate the malware and you will find many customized back doors used by chinese CNE operators.  You will find the same thing over and over.  Quit fucking reporting on FakeAv and other crap and do some real analysis and start serving your customers again, instead of just giving weak ass detection rates and only pick stuff up after the crown jewel have left the building.

Which gets me to the subject of the day.  ATTRIBUTION:  GOOD ATTRIBUTION SHOULD LEAD TO KINETIC RETRIBUTION.

You see  this latest 0day attack was targeted against the US Air Force, US State Department, and other victims, and what would most likely be revealed RSA.  The Adobe Flash in an Excel Spearfish attack using a 0-day exploit that uses Heapspray attacks leading to root level compromise gave us a WONDERFUL gift in the way of linking the Known (and verified by multiple sources) hostile threat actor Linxder (aka a member of Byzantine Candor CNE Group as related to being tied with the operational use of malicious backdoor malware that implements < and Modified BASE64 encoded strings) living in as verified by multiple open source web postings.

Send him a love letter and let him know how you feel:  Track his ass down, identify his real name, Phone number, QQ identifier, home and work location.  Identify the location of the Technical/Tactical Reconnaissance Bureau Located in Shanghai Military Region. Identify his unit. Identify the other operators in his unit.  Post it online and the let world rip it apart.

  • linxder@163.net
  • blog.myspace.cn/linxder
  • Here is the the Virus total of the clean .XLS he edited and saved and then launched in an attack.  You can see his user named in the Excel Last Saved by metadata.  (What a rookie OPSEC mistake)

AND it gets even BETTER.

So the (self proclaimed BEST China hacker yuange1975) who coincidentally is ALSO a known Chinese Cyber threat actor.  He links himself in multiple ways to this attack by actually acknowledging not only did he know Linxder, but he was his friend, and in addition to that, Linxder the idiot operator coded his BIRTHDAY into the egg hunting shellcode search string to find the offset drop drop the payload.

Additionally also put in a nice patriotic Tienanmen Square data reference as well.

https://twitter.com/#!/yuange1975

http://hi.baidu.com/yuange1975

So who is yuange1975?  Well he is extremely proficient at vulnerability research, has authored many zero day exploits, and as a good friend.

Here is the Timeline of his Twitter posts in case its taken down.

Yuange
ps. any one execpt the owner, AKA a snob and motherfxxker, of thedarkvisitor.com.
Yuange
So anyone wanna have his words in the coming 0day? Just leave me a message within 16 bytes. I’d like to choose some and put them in. :)
Yuange 

@
@ 19820424 is the birthday of my friend. btw, shellcode contains a error where jnz should be jmp after free-ing a heap.
Yuange
in memory of deceased people in japan earthquake, I will use 0×20110311 as the label in next flash 0day. R.I.P. Yui Hatano
egyp7 

by yuange1975
Skylined’s chrome poc is really awesome. If you’ve never dove into a mem corruption bug definitely take a look
Yuange
interesting. @, so you are the night dragon?
Yuange
@ Is flash10o available now?
Yuange
Oops, my flash 0day is going to be patched? How about the IE one? Not got caught or M$ does NOT want to disclose it now?
Yuange
Writing 4 bytes to somewhere you cannot control in IE9? You have 66% chance to get code executed. bed time :)
Yuange
Another flash bug was confirmed affecting flash10m/10n, yet prior versions are not exploitable. Hmm, interesting.
Yuange 

@
@ lol, claim? just let you know.
Yuange
zdi you buy, you sell, you pub anonymous reported bug with no detail, spamming the whole planet.
Yuange 

@
@ well, actually I mean metasploit and coreimpact guys would be ready to add new exploits for that on the way means used in the wild
Yuange
ready? new flash 0day is on the way.
Yuange 

@
@ not that excited, hmm?
Yuange
Hmmm, should I switch to mobile devices? It’s kind of interesting to own your phone by a single MMS.
Yuange 

@
@ I’d prefer get one from google. But I’m not sure if they could sent it to China for they need a 0day to bypass the iron curtain
Yuange 

@
@ These bugs can be reproduced and exploited reliably in windows. It’s likely chrome in different OS are all vulnerable.
Yuange
Couple of days ago I found a sort of bugs that can pwn Chrome. The funny thing is, I have no CR-48. I tried apply one. I’m still waiting…
Yuange
Happy Chinese new year!
Yuange
AdobeReader X = 9.4+ring3 hook.= full of bugs and easy to exploit.
Yuange 

@
@ hmm, I’m serious. btw, how about the salary in metasploit? :)
Yuange 

@
@ lo siento, no puedo hablar espanol
Yuange
PoC from bin-diff, gotta sleep now. {\rtf1{\shp{\sp{\sn pGuides}{\sv ;;yuang1975}}}}
Yuange
Patches are released 1 hour later than expected, what happened? And…who could be my 100th follower?
Yuange
No more found in iis7 but some bugs exist ever since iis5. Hmm, perhaps I should switch to client bugs hunting?
Yuange 

@
@ @ A (best?) bug can verify if a certain addr contains a certain value, making all browser based exploit universal.
Yuange
What would be the next client side 0day found in-the-wild? Glyph in pdf? EMF in ie? or the doABC in flash?
Yuange 

@
@ FYI.
Yuange
Sorry I mixed up table/clip and another IE 0day. Calling an uncontrollable address is exploitable but, unfortunately, not this case.
Yuange
Table/Clip bug can be easily exploited for xp+ie8 using a traditional ret2lib shellcode by spraying to 0x4xxxxxxx. Metasploit, any update?
Yuange 

@
@ exploitable, not exploited. so, never mind, just keep using.
Yuange 

@
@ Any suggestions on where to post codez? I think yinz may consider about adding a (free?) as3 compiler to your product.
Yuange 

@
@ I don’t think you got the point. And, I’m pretty sure you will see something rather than spamming MSRC and 1-byte-fuzzing swf.
Yuange 

@
@ Fixed in one version of flash10. I mean, heap spray in AS3 code. You wanna some samples?
Yuange 

@
@ Tiananmen square. 1989.6.4. In fact, 1 time is enough to trigger it.
Yuange
No, this is not the IE 0day I talked about before. This 0day (original fuzzing result) is “<table style=position:absolute;clip:rect(0)>”.
Yuange
Another version of cve-2010-3654 could be found in the wild? I think it should be the time!
Yuange 

@
@ why not just embedded the spraying part into a new swf?You professonal guys should write professional exploits!
Yuange
ASLR works? No. At least not in IE, Adobe Pro/Reader and 95% system daemons running in Windows. Hmm, MS guys are smart, but not that wise.
Yuange
A better way is embedded spraying code in the AS. So disabling js in adobe reader would become useless.
Yuange 

@
@ Hopefully one day yinz can develop your own exploits rather than modify existing ones.
Yuange
I’m not going to talk about cve-2010-3654 again. very soon you’ll see another heap overflow ie bugs in the wild if your honeypot works well.
Yuange 

@
@ yes, but sometime you have to read the disassemble. fuzzing works, but it is not everything.
Yuange 

@
@ I doubt yinz made it runs like reptiles intentionally. Why not just make this program running little faster?
Yuange
In fact, there’re two different samples for the same bug. One for call [5xxxxxxx], another for call [2xxxxxxx]. Latter one is used for win7.
Yuange 

@
@ yes,DoABC/Button buggy .swf embedded in another swf. JS spraying r2l shellcode. Another version of this exploit is for win7.
Yuange
I’m not interested in stocks, but I’m 95% sure the index of Shanghai Stock Market would get to 6000 before 2015.
Yuange 

@
@ This is really a traditional shellcode I’ve written. Pretty much the same way you may find in my privous pdf exploits.
Yuange
Found an IE9 bug and successfully exploit it on 64bit win7. This also affect ie6/7/8. A prior blog was posted at .
Yuange
Wrote the firefox 0day. You may see “for(inx=0;inx<0×8964;inx++)”. You should know why 0×8964 here.
As you can clearly see, the further you pull back this onion you find that the Chinese hacker community operates with impunity and is in constant, (albeight) sucky development of its espionage cyber activities.

A public large scale research project should be conducted to tie the various actors together, attribute them to past attacks and make it available to the general public.  New avenues will be brought to light and the full accounting for how CONNECTED this actors are by their official employment to military units and their physical locations to known military SIGINT facilities and their UNITs.
This is a resource pulled down from a link discovered in one such Chinese Forum attempting to identify the Best hackers.  I would bet that a small subset of these are highly linked into State sponsored cyber espionage activities.

Reprinted: 2010, New China’s top circle of people hacking information and QQ, microblogging and the blog

2010-10-18 21:53

Which as many as me! I said a lot of pressure! Alas!  

Start reproduced below:

New top Chinese hacker circles 2010 characters of information and QQ, and the blog microblogging Detailed

First, is the most marked: in no particular order

Listed in the first part of the list are the real hackers who have the skills and talents. Most people do not usually see on TV or the invasion of those hacking sites “hackers”, those who reported on TV just the bottom one of the most hackers. For example, Panda’s author, in fact, technology is not high, most people in the hacker circles are just the virus as a toy. The superb technical content of the virus that are similar to the 29A release.

The authors introduce myself. He graduated from Harbin Institute of Technology, hacking ring debut in 2001, has more than hacking forum diving in the country for many years. Participated in the 2004 national top-level hacker conference XCON (Safety Focus Summit) (PS: nonsense.) Inauguration in 2003 over the international top search engine companies GOOGLE, after leaving for personal reasons. Have a certain popularity in the hacker community foundation. Therefore, this article has some authority. As for who I am, to avoid being hunted down, or unknown to say. Start the following text:
The first part of the list veteran hacker. Chinese hackers earlier technology is cattle industry people. Are the real masters. Now most of the technology or a century ago, one of the best, ordinary people can not.

In the following hand these people a lot of people against a great many unpublished vulnerabilities. Is a circle called 0day. 0day such great harm can be sold on the black market usually hundreds of thousands of yuan.
This original publishing address:
All blog original content subject to the above Note: The following list is only part of the hacker, of course, there are also a lot of senior-level hackers. Only now are basically a farewell technology industry. Most of the characters in the following areas is also related activity, priority lists.

sunwear
QQ: 47347
Microblogging:
Blog: the Japanese do not seem to baby brother. Core members of EST. Hand many of his circle have not publicly known vulnerabilities. Vulnerability aspects of invasion and infiltration expert, who was programming the kernel cattle. Has invaded the world’s top hackers Metasploit, University of Cambridge and many other high-end institutions. A few years ago the world’s top two defcon and blackhat hackers have the General Assembly has been reported to him.

Barbed QQ: 32750912
Microblogging:
Blog:
Thorn brother, brother wind. Tall thin. Is a purely technical hackers hacking circles Phantom Brigade founder. One of China’s top hackers. Taobao is currently working for the company as network security sector. Is holding a lot of people did not open holes. 0day lot of great influence are from Phantom Brigade. WebZine promoter. And develop over WIKI system. Has also traveled to the United States Conference of the World’s top hackers, blackhat. .

dm
QQ: unknown micro-Bo:
Blog:
China’s top underground hacker organizations, 0 × 557 core members. Is a loophole mining, use of a master. Needless to say, the vulnerability is much hands can wholesale the. Currently working world-renowned anti-virus anti-virus software company McAfee (intel has just been acquired.) Now writes in the iphone, ipad under the security software. Appears to be a versatile player.

flashsky
QQ: 38062 & 16202253
Blog:
Microblogging:
Xing Fang. Brother empty flash. Famous hackers core members of the Security Focus. WINDOWS 2003, the history of the most serious security flaws are global launch details, hundreds of high-risk level security vulnerability discoverer, served as Venus, the United States EEYE, Chair of the U.S. Microsoft security experts, U.S. Microsoft BLUEHAT the first Chinese speakers, members of the Security Focus, Source Information Technology Co., Ltd. Nanjing Hanhai founder and CEO. On the vulnerability of research is quite profound. I wish the company well.

tombkeeper
QQ: 644909
Blog:
Microblogging:
Certain. Tk legendary leader. Famous hackers core members of the Security Focus. Worked NSFOCUS, commonly known as gynecological Kathrine. On the windows operating system and other aspects of vulnerability can be said to be very proficient. The focus in the security forum, in recent years has been regarded as a leader of TK. For other areas of science also has a unique perspective. Writing is thinking of is also very unique.

glacier
QQ: 1973435
Microblogging:
Huang Xin. Columbia Glacier. Huang total. With the well-known hacker organization for domestic security focus of the core members. Shenzhen Dacheng world is one of the founders. Remote Control is the first Trojan horse “ice,” the author of the well known security scanning tools to “x-scan” of the author. Master hacker programming for network protocols, encryption security, and have a deep understanding of software engineering. Female hackers wollf husband. A humorous person. From the micro-Bo can be seen on the. Has a father, of course, the child is not Trojan, is a handsome guy. And then look for this blessing.

swan
QQ: unknown micro-Bo:
0 × 557 (SST) core members, for linux, windows operating system vulnerabilities can be described as well known.

goodwell
QQ: 19558287
Microblogging:
Gong Wei. Security To Information Technology. Green Corps early hackers in China, founder of the legendary godfather of Chinese hackers. Have received the visit CCTV. World of Warcraft is that the senior players.

xundi
QQ: 518860
Microblogging:
Di Zhang Xun. Early organization of domestic security focus of the famous founder of hackers. Introduced not too specific, because they do not know, ha ha.

lion
QQ: 21509
Microblogging:
Yong Lin. Honker Union of China founder. With the most Internet users are aware of the Internet Alliance, China Honker different. This is the real Honker Union of China. As for the so-called sharpwinner, I can only use one word to describe the term civilization sensitive “SB” “mud horse.” Now as the year for the technology, and has had a farewell from technology.

isno
QQ: 1070681
Microblogging:
Core member of the security focus. Currently working in Beijing HuntKey letter to the company. Overflow vulnerability has written many aspects of use of the article (WEBDAV, IDQ, IDA, etc.). exploit also wrote a lot. Now more low-key.

Sky
QQ: 911189
Microblogging: like do not use one of the first generation of hackers. Was launched in 1999 with attacks on foreign websites. Network assassin, network guards are representative works. His exploits on the overflow and also has studied, such as RPC exploits. And he wrote back door is very good.

quack
Microblogging:
Wu Lujia. Founder of Shenzhen reached the world. Trojan China Xin Huang a good relationship with the father. Security the focus of early active person, ID: quack.

icbm
QQ: Unknown
basic no Zhao Wei. Chong Yu know that one of the founders. Information security has worked for the company famous Venus of active defense laboratories. Of the operating system and third-party software vulnerabilities have a deep understanding, a lot of men’s vulnerability is not public. Including some of the unique aspects of web-based vulnerabilities.

sowhat
QQ: Unknown

Xue. Worked for a security unit. Went to the United States participated in international top-level hacker conference blackhat. Hand many unpublished vulnerabilities. This year, China’s top hacker event seems to still draw in a xcon a PS3.

vxk
QQ: 86879759
Microblogging:
A few years ago the virus active in the famous forum for CVC. Is the leading virus experts. And programming of the operating system kernel, reverse, break very proficient. Procedure can be described as all-around experts.

refdom
Microblogging:
Core member of the security focus. Honker Union of China was once a member.

watercloud
Microblogging:
Chong Yu know that one of the founders. Very good relationship with the icbm. Core member of the security focus. Of vulnerability, such as encryption and decryption have those years of research experience, trends and developments in network security has a unique perspective. The most important thing on the vulnerabilities, 0day regard, 0day hand the number of very objective.

alert7
QQ: 415451
Blog:
Core member of the security focus. Who took office with the well-known anti-virus software MCAFEE. Currently working in Nanjing Hanhai source (Flashsky the company). Of research experience on linux for 10 years. For linux and other open source systems overflow vulnerability analysis using fingertips.

Yuan Gebo off:
Yuan Colombian legend. Yes, China’s top hackers of all circles who all admire. To only NSFOCUS. Yuan brother in mathematics, programming, vulnerability, and many other aspects of accomplishments that no one can match. Many other loopholes to the number of years earlier had been discovered and the perfect use. Called the vulnerabilities of the people. Hacker community’s top experts.

sunx
QQ: 239670
Sun Wah. China is very famous hacker programming expert and overflow with the use of loopholes and research, wrote EXPLOIT. For example, IDA loopholes and printer. 9X’s written in virus assembly. And composed the operating system backdoors.

funnywei
QQ: 25044885
Wei Qiang. Dr. F. Core member of the security focus. Mining vulnerability exploits aspects of the master, in the previous XCON on the country’s top hacker event could be seen his shadow. XXX reportedly worked for the Ministry of People’s Liberation Army. People’s Liberation Army provides many unpublished vulnerabilities.

Yung-known hacker in China in early small software “streamer” “reverse snow”, “chaos knife” “hacker dictionary Builder” “ARPSNIFFER” “command line into the tool” of such hacking software. Vulnerabilities in current technologies such as for more than a few people. However, the contribution of the Chinese hacker community is not to be underestimated.

xikug
QQ: 53564797
Famous kernel vulnerability research station debugman webmaster program. Reverse, cracking, encryption, decryption, and other aspects of the kernel expert.

baoz
Microblogging:
Fang Yong. Buns. fatb. Active in China years ago, hacker community. Level of activity and popularity is good. Currently the company office and the Thunder. Daniel said there is a bespectacled fat. Kindness and darker skin.

wzt
QQ: 71579912
Microblogging:
Honker Union of China was a core member. For the linux kernel, and linux has studied the vulnerabilities.

czy
QQ: 484323
Sichuan, a well-known hacker, more low-key, but the frequent exchanges between the circle of underground communication. Many 0day master hand.

zzzevazzz
QQ: 49322630
Blog:
Famous hackers Phantom Brigade core members. Were removed early in the gray track. Who do all in cmdshell famous author. Had knowledge of the security focus of universal ntsd, smash hit. For the windows kernel and has a deep understanding of vulnerability and experience. Conducive to the general public who has written many articles, a lot of valuable experience to share.

vessial
QQ: unknown micro-Bo:
Worked with dm as the top international security firm McAfee anti-virus software company. Also a lot of the loopholes have experience of the master.

bkbll
qq: 78384349
dumplogon. BK brother. Honker Union of China one of the core members. During the 2001 Sino-US hackers, technology is still the primary battle, but also considered the earlier. Later on the overflow, vulnerability, and has studied the reverse analysis, technology is good. Is the lion friend.

killer
Microblogging:
Blog:
Dong Zhiqiang. Core member of the security focus. The company had to only Venus. The virus and anti-virus, reverse engineering and cracking so many years of research experience. Super-known security products currently patrol the BOSS.

coolq
qq: 49462335
Linux NSFOCUS worked side master. Journals in the Green League has issued a book. For the open-source system has many years of application development experience. linux, unix, bsd core areas and loopholes in mining, the use also has many years of experience.

pjf
qq: 85863144
Blog:
Antirootkit tools icesword famous author. Is the kernel experts. Security software company famous 360 odd tiger’s core developers.

lcx
Length of the top marine sites, is a master of infiltration of the invasion area, the invasion has many years experience. The Godfather is one of net horse. Safety Manual consultants.

Village head
QQ: 6021240
China’s top hackers 0 × 557 (SST) founder. Is the famous Venus of information security company active defense laboratory BOSS. On windows, linux is very understanding, have many years of loopholes in mining, the use of the experience.

casper
QQ: 843525
Yongxing An BOSS. China’s top hackers Assembly xcon the organizers of the security focus is one of the founders. The doyen of Chinese hacking community. Now out of technology, developed to the boss.

e4gle
QQ: 1949479
Famous hackers WSS core members. Older generation of hackers. On linux, unix overflow under analysis and the use of many years of research experience, and the virus is also very understanding.
——– ——- Gorgeous dividing line

The following will list some new force, although new, but at least 3-6 years ago are the people to become active, it still is a Mesozoic hackers.

mj0011
QQ: confidentiality, to avoid the curse him too much.
Blog:
Famous security company worked odd tiger 360. As the core of engineers. Circle countless enemies, because loose-tongued, the disadvantages caused ugly. On the Rising, Jinshan and other companies have often verbally ironic, the other with the top international security company Symantec also spared. Can be described as poisonous tongue lady, even I have been scolded several times. Having said that, for programming, kernel, trojans, remote control of technical or non-negative.

baiyuanfan
QQ: 51449276
Once famous backdoor BYSHELL the author. Safety was the focus of the summit in a community have had lectures on the issues, technology is good.

zwell
QQ: 27592430
Website:
White distance. NB Union was a core member. Now Northey technology leader. Northey technology products now also widely known as the circle, such as pangolins, JSKY and other tools. WEB aspects of programming and into what is very good at.

sudami
qq: 527463097
Microblogging:
Blog:
Currently working for a famous anti-virus software security software vendors Qihoo 360 companies. Is a newcomer to windows programming, the kernel of the show. Against penetration attacks, intrusions and Technology Basic zero. Octal in evil, DEBUGMAN other forum has published several original articles. Very pursuit of technology has made rapid progress as a cow.

oldjun
Microblogging:
Blog:
QQ: 34680304
t00ls core members. asp, php scripts and other aspects of WEB master, for the penetration of the invasion, WEB penetrate quite proficient.

9xiao
Blog: &
Microblogging:
t00ls core members of the original Firefox Union man.

aono
QQ: 13335589
Microblogging:
t00ls core members. Wireless security expert. In wireless network security technology has its unique ideas and experience.

Yunshu
QQ: 21287305
Microblogging:
Phantom Brigade is one of the core members, currently working in conjunction with the axis Taobao company. Counted on the fact there is a relatively old man qualifications. Should be ranked at the top. Written synflood side code.

Ming boy
QQ: 830540
Website:
Hackers who animated it. Marginalia tool known domain of the next of kid. Many have compared novice and enjoyed the benefits of this tool. In fact, technology can only be general. But also near the entry. Into the script and easy programming is good.

Ghost
QQ: 359421
Blog:
Currently working SINA Corporation. WEB application security expert.

lake2
QQ:
Microblogging:
Scripts, databases, penetration of the master. Tencent QQ is currently working for the company.

neeao
QQ: 35789112
WEB application security and scripting aspects of the master.

u # 0h4x0r
Blog:
QQ: 645041992
Have some understanding of JAVA, there are some studies on the permeability. Invasion had a lot of innocent sites.

hmily
qq: 68857640
Microblogging:
Blog:
My love to break BOSS. Is the program crack, software crack, and encryption, reverse engineering expert. We break a lot of common tools, such as pangolins.

xi4oyu
Blog: &
Microblogging:
qq: 909473606
linux aspects of the master.

Pig
QQ: 82648 & 100298
Alliance Webmaster years. Entry also has a few years. Have participated in the patriotic counter-hacker warfare. Has invaded many peer circle website. On ASP, into little more understanding.

rayh4c
qq: 30039780
Blog:
Microblogging:
Eggplant treasure. 80SEC core members. On xss, CSRF and other vulnerabilities are very proficient in the script. Experience.

superhei
QQ: 123230273
Microblogging:
Phantom Brigade core members. Once wrote a famous tool for php injection exploits. Found in many domestic programs popular php vulnerabilities. Is the WEB scripts, database experts.

ring04h
QQ: 153520368
Blog:
Core members of EST. Relations with the country’s top hackers sunwear very good. With the invasion had been the most famous two PHP forum. This person php, database, etc. quite proficient.

Ice cover conditions of blood
QQ: 310926
Blog:
EST founder. China’s fourth generation of the legendary hacker. According to the legend has to start his own company, for a long time do not do technology.

The origin of the ice
QQ: 519249638
Blog:
Microblogging:
Hackers Handbook common people. Is the entry-level hacking books “hacker infiltration notes,” the original author. For beginners, there are some learning value.

friddy
Blog:
QQ: 568623
Specifically engaged in mining vulnerability, although technically those with top-level hacker Daniel worse than some, but relatively good. There is also some research on intrusion detection.

Cosine
qq: 331861985
Microblogging:
xeye members. Currently working icbm to know Chuangyu company, is the web, scripts and other aspects of a master.

Leader
QQ: 130138438
Website: www.jiaozhu.org
Fairly large circle known, mainly because of his brush library to make money a lot. And also faster compensable. Ha ha. Technology not very good, but it can buy it to sell.

Kenshin
QQ: 369458956
Microblogging:
Side small Dayton. 80sec owners. Baidu is currently working for the company, who together with Robin Li, Baidu’s boss attended mango entertainment units, a famous. Not long ago because of the vulnerabilities released another famous nginx is WEB security, application security expert.

Lu Yu
QQ: 170093007
Microblogging:
Blog:
t00ls core members, who write a lot into, marginal areas of the secondary invasion of tools, such as t00ls tools within the marginalia, GETWEBSHELL and so on. Is currently working odd tiger 360 companies.

Silent Love
QQ: 348450419
Core members of EST. For the vulnerability mining, overflow exploit, network security has many years experience in the script. Famous hacker in the line hacker magazine has published hundreds of articles.

Sakura prodigal son
QQ: 305446947
Blog:
SQL injection, WEB application penetration technology has lines. In some hacker magazine had some technical articles.

h4k_b4n
QQ: 616222
Microblogging:
BCT core members. Is WEB security, scripting, database security expert, has found that many well-known program vulnerabilities.

pt007
QQ: 7491805
Peng Tao. Worked in information security company famous, Venus. Is the founder of ISTO. Of the oracle, mysql and other database has been very proficient in php and other scripts. Development and maintenance many years of experience in testing security. Cloning of the famous xp/2k/2k3 user’s program is a perfect his masterpiece.

majun
QQ: 45539511
Jun Ma. It can hold is said to be a man. But still a little technology, in addition to the legend he is sunwear apprentice. The true mass may be a number of 0day. That the invasion site to look like a duck out.

shadow
QQ: 26727179
Blog:
Shadow. Infiltration expert. perl scripts and other aspects of the master.

xiaomi
QQ: 5980740
Millet. T00ls one of the founders. Karma is good.

cnbird
QQ: 441303228
Blog:
Microblogging:
If we often see domestic hacker magazine certainly no stranger to this. linux, windows master all aspects of infiltration. Invasion of a certain experience.

hackest
QQ: 297521327
Blog:
Microblogging:
Infiltration is also engaged in the invasion. Not long ago been sold LMHASH, MD5 rainbow tables.

Wang Ran blog:
Engage in infiltration

4ngel
Blog:
sablog author. Well-known security chief Angel, now widely popular is he wrote a few WEBSHELL, and some code from his great reform. On WEBSHELL industry have made indelible contributions, but also a lot of PHP bugs early discoverers.

xhacker
QQ: 66680800
Tinker Bell. Green League have said that when the invasion is removed from the hacker circles for a long time people. Do penetrate well.

Indifferent
QQ: 386817
Blog: fhod
Red Wolf Coalition founder. Present work seems to follow a senior hackers.

fhod
QQ: 1988415
Blog:
Currently working as the boss along with EST. In terms of penetration of the invasion also have some experience, who has written some articles. Later, also because of the black stations were arrested.

Ice sugar
Blog:
Zhu Juyuan. Entry-level written article. X-files have been contributors. Also written a book “Introduction to hackers offensive and defensive combat.” The penetration of technology in general have a certain understanding.

Insect
QQ: 712663200
Blog:
The total insect invasion had a lot of the game is said to be the official website. Seems to be making some money. This person is still a lot of intrusion know.

amxking
Blog:
QQ: 5711277
Red Wolf’s core members, but also Tianyang management.

Seven Swords
QQ: 7259561
Blog:
Microblogging:
WEB script out the database, penetration attacks.

Ah D
QQ: 9269563
Website:
To join a long way, and has written some of the more well-known tools, such as the network early, ah D ah kit and D into the tool later. It can be seen on the injection of these, there is a certain understanding of programming. More experienced, tools, although there are BUG but fairly stable.

Rainy night
QQ: 9148357
Blog:
All are several years removed from hackers. Technology improvise. Hackers have also been offered sites.

redbin
QQ: 35475
Website:
Red Sea. Hacker Union campus webmaster.

Be the first to like this post.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>