As part of our official support of Grsecurity, we've sent another $100 to spender of Grsecurity for 3 new features and a game changing ARM port (for people using armv6+). The new features are "Insert random gaps between thread stacks", "Eliminate stat/notify-based device sidechannels", and "Disable TCP Simultaneous Connect". More information is located (for the time being) at http://grsecurity.net/~spender/new_features.txt. As mentioned on twitter (https://twitter.com/grsecurity/status/289714445746307074), the Grsecurity project has not been getting many donations. If you use their systems (or care about security in general), you should toss some money to them! More information on sending donations can be found at http://grsecurity.net/donations.php
While this isn't quite worthy of the news, we do like to shame wannabe hackers when they attempt to take down our site. Such is the story of basement dwelling vb/vb2/vb.2. I'm guessing he read the news article about our server change, and decided to use a rarely used (and lame) POST DoS attack. We quickly noticed and updated our apache config, so thanks for that vb. Also, I hope he feels skilled since he took soldierx.com down for an entire 3 minutes. Sadly enough, he attacked from the IP 188.8.131.52 - which is tied to his soldierx.com account. You would think as a user of the site, he would have read the old news and masked his IP. Will a real hacker with 0day please stand up?
I just released a new script called quicksnap and it can be found here: https://www.soldierx.com/sxlabs/quicksnap-Customized-Automatic-Scanner-Nmap !
quicksnap is a simple python script to make your scanning easier by automating some of the scanning options for Nmap like ping scan, intense scan, normal scan, quick traceroute, etc. without needing to type the options . This script is based on Zenmap and 3 Common Firewall Detection / Evasion Techniques. As a side note, I coded quicksnap out of boredom and to automate the task of my new hobby - scanning Huawei bm622 routers and get their MAC addresses (but seriously I just use the ping scan option for this).
 Intense Scan
 Intense Scan + UDP
 Intense Scan - all TCP ports
 Intense Scan w/out ping
 Ping Scan
 Quickie Scan
 Quick Traceroute
 Normal Scan
 Send Bad Checksums
 Generate Random Mac Adress Spoofing for Evasion
 Fragment Packets
 Check for Possible Vulnerabilities
We are moving the physical location of the server tonight at approximately 10pm CST. The site will most likely only be down for around 30 minutes, but it may be down for 1-2 hours. This is the last planned change for our server, and should result in a slightly more reliable site due to better networking, colder temperature, and more reliable power. Thank you for your understanding.
Unless if you've been hiding under a rock the past week, you've noticed that our HDB has been getting quite a bit of attention on news sites, twitter, IRC, and mailing lists. As a result, our site is under heavy load (right after I downgraded the server, FML). I wanted to make a news post to clear up a few things about the HDB - as there has been quite a bit of confusion and even some bitching about it.
The HDB's main purpose is to preserve hacker history and give a list of hackers and their public exploits. With that being said, we've had various crew members add entries since 2008. As a result, some of the details are somewhat out of date and many people have yet to be added. We are doing the best that we can, but we have very limited resources. We are not the FBI, we do not have stacks of government money and a network of snitches to provide information to us. If you know of somebody that should be added, or details that should be added - please contact scryptz0 (email@example.com). You will know that the HDB is complete when I am in it. To set the example and not media whore, I have instructed the crew that I cannot be added until everybody else has been. I hope this post shines some additional light on the current state and purpose of the HDB.
jip has released his first tutorial, entitled "Stack Smashing On A Modern Linux System". It's a modern look (and spin) on exploitation that was very popular in the early days of SX. Please take a look at the tutorial, located at https://www.soldierx.com/tutorials/Stack-Smashing-Modern-Linux-System. Happy holidays!
Would you like VIP access and a SOLDIERX T-Shirt but don't have the cash? SOLDIERX proudly presents the official 2012 SX Wallpaper Contest. The contest begins now and lasts until 01-31-2013. This year we are using the same two part voting system as last year. 1st Place wins a SOLDIERX T-Shirt and VIP access. Please see the contest page for more details.
It is with great honor that I would like to announce the High Council's decision to promote both jip and scryptz0 to the status of full crew members of SOLDIERX. jip is now the Tutorials Curator and scryptz0 is now the HDB Curator. As with all members promoted to the status of full crew, we hope that jip and scryptz0 will continue their efforts and show the same enthusiasm and workmanship that they showed during their inductee status. Congratulations to both of you!