- GNUCITIZEN
Infobox computer underground
group_name = GNUCITIZEN Cutting-edge Think tank
caption = GNUCITIZEN Ethical Hacker Outfit
origin =London
country =United Kingdom
status = active
years_active = 2005–NOW
category = hackerthink tank
founders = pdp
products = various
affiliates = Hakiri, Spin Hunters, Hackers for Charity
website = [http://www.gnucitizen.org/ Main Site] |GNUCITIZEN is a recognized ethical hacker outfit based in
London ,United Kingdom andCologne ,Germany .About
GNUCITIZEN is a non-profit organization which is based around a
Blog network consisting of several popular information security related sites. The GNUCITIZEN group has made some interesting discoveries in the past related to technologies such asCITRIX ,GMail ,BT Home Hub ,UPnP ,SNMP , etc. Today, GNUCITIZEN is one of the still existing and active organizations among other groups such asCULT OF THE DEAD COW ,L0pht ,The Hacker's Choice , and others. Unlike old-school hacker groups, the GNUCITIZEN outfit goal is to create a healthy community of gifted individuals. The outfit is an active supporter of theHackers for Charity group,OWASP and other none-profit and charity entities, according to their about page.History
GNUCITIZEN is founded by
Petko D. Petkov , also known as pdp, in 2005. In 2006, the projects grows into a blog using the popularWordpress blogging platform. The blog quickly gets momentum due to its unique content and writing style. In the course of a year, the GNUCITIZEN blog becomes a major source ofcutting-edge information security research primarily based around browser, client-side,Web andWeb2.0 technologies. In 2007 GNUCITIZEN.ORG turns into an organization under the name of "GNUCITIZEN | Cutting-edge Think Tank | Ethical Hacker Outfit". At that time the GNUCITIZEN team consists of 5 members in total, representing hundreds of blog posts on various topics, several noteworthy papers, numerous publicly disclosed security vulnerabilities and two printed best-selling books. In 2008, due to popular demand, GNUCITIZEN.ORG grows into GNUCITIZEN.COM, the "Commercial, Unobtrusive Entity", and GNUCITIZEN.NET, the Network, also known as the Group. Today, GNUCITIZEN is recognized as one of the most influential opinion making/forming bodies in the spheres of information security, blackpublic relations (Black PR ), public relations security, and hacker culture, style and way of life.Fact|date=April 2008Organization
The group itself is split among several domains. The GNUCITIZEN organization (.ORG) is one of the most vivid and influential none-profit information security and hacker culture opinion-making/forming bodies in the world. The .COM domain is a commercial side-effect of the .ORG domain which works independently. The commercial entity was spawned due to the high demand of GNUCITIZEN branded services. The Network or the Group (.NET) combines and provides access to other GNUCITIZEN supported domains and projects such as Hakiri, the Hacker Lifestyle initiative, and Spin Hunters, Public Relations Security and
Black PR research house.The current GNUCITIZEN Network includes the following members:
* GNUCITIZEN.org | Cutting-edge Think tank | Ethical Hacker Outfit [http://gnucitizen.org]
* GNUCITIZEN.com | Commercial Unobtrusive Entity [http://gnucitizen.com]
* GNUCITIZEN.net | Network [http://gnucitizen.net]
* Spin Hunters | Social Hacking Research House | Black PR | PR Security [http://www.spinhunters.org/]
* Hakiri | Hacker Lifestyle [http://hakiri.org]Books written by Members of the GNUCITIZEN group
* [http://www.amazon.com/dp/1597491764 Google Hacking for Penetration Testers Second Edition] ( [http://www.gnucitizen.org/projects/google-hacking-for-penetration-testers-second-edition/ sample chapters] )
* [http://www.amazon.com/dp/1597491543 Cross Site Scripting Attacks: XSS Exploits and Defense] ( [http://www.gnucitizen.org/projects/xss-attacks-cross-site-scripting-exploits-and-defence/ sample chapters] )Events where GNUCITIZEN members have spoken
*
OWASP
*Black Hat
*Defcon
*Hack in the Box
*CONFidence
*ph-neutral GNUCITIZEN members have participated in many others local meetings and events. The outfit is most active in the
UK .Noteworthy Tools and Projects produced by GNUCITIZEN
Agile Hacking - The projects aims to use crowd-sourcing technique to aggregate the knowledge of the masses in order to produce the best hacking reference online.
Router Hacking Challenge - The results of the router hacking challenge are numerous vulnerabilities effective popular routers and embedded devices around the world.
Renaissance - The best Web2.0 hacking tools online.
For my next trick… hacking Web2.0 - Paper on Web2.0 hacking tricks and techniques.
PHPIDS Whitepaper - A white-paper about the PHPIDS open source software [http://docs.google.com/Doc?id=dd7x5smw_17g9cnx2cn] GHDB - The online
Google Hacking Database tools. [http://www.gnucitizen.org/ghdb/application.htm]Technika - Browser automation, hacker tool for firefox. The unix command line in the browser. [http://www.gnucitizen.org/projects/technika/]
AJAX Worm Database - Collection of various AJAX worms. [http://www.gnucitizen.org/projects/wormx/]
Carnaval - Bi-directional communication channel that works over HTTP. [http://www.gnucitizen.org/projects/carnaval/]
xssDB - The biggest Cross-site Scripting vector database up-to-date. [http://www.gnucitizen.org/xssdb/application.htm]
AttackAPI - Attack composition and construction framework. [http://www.gnucitizen.org/projects/attackapi/]
Jython Shell, The Python Shell in the Browser - Python shell that runs inside a browser. Suitable for dynamic penetration testing of devices, kiosks and foreign networks.
Massive Enumeration Toolset - Python based toolkit for discovering, processing and enumerating targeted networks or individuals.
For more GNUCITIZEN tools and projects visit the project GC's [http://www.gnucitizen.org/categories/projects/ page] .
References
* [http://updates.zdnet.com/tags/gnucitizen.html GNUCITIZEN resources on ZDNet]
* [http://www.bbc.co.uk/radio4/youandyours/items/01/2007_42_wed.shtml BBC | BT want customer help with new mobile wi-fi network]
* [http://crunchgear.com/2007/09/21/pdf-files-can-steal-all-your-base/ CrunchGear | PDF Files Can Steal All Your Base]
* [http://securitywatch.eweek.com/cisco/using_a_browser_hackers_can_hijack_wifi_routers_1.html eWEEK | Using a Browser, Hackers Can Hijack Wi-Fi Routers]
* [http://blogs.guardian.co.uk/technology/2007/09/26/googles_gmail_insecure_and_other_google_security_holes.html Guardian | Google's Gmail insecure, and other Google security holes]
* [http://www.informit.com/articles/article.aspx?p=787262 InformIT | Identity 2.0: How Attackers Break into Identity-centric Services]
* [http://www.informit.com/articles/article.aspx?p=1025309 InformIT | Information as a Weapon of Mass Destruction]
* [http://mashable.com/2007/09/18/firefox/ Mashable | Firefox 2.0.0.7 is Live; Eliminates QuickTime Security Flaw]
* [http://blogs.pcmag.com/securitywatch/2008/01/slipping_on_soap_into_your_rou.php PC Magazine | Slipping On SOAP Into Your Router]
* [http://www.pcworld.com/article/id,139758-page,1-c,browserbugs/article.html PC World | Firefox Exploit can Hack Gmail]
* [http://www.pcworld.com/article/id,137725-c,emailbugs/article.html PC World | Gmail's Zero-Day Flaw Allows Attackers to Steal Messages]
* [http://www.securityfocus.com/brief/592 SecurityFocus | Hacking group alleges attack via PDF]
* [http://it.slashdot.org/article.pl?sid=07/09/27/167249 Slashdot | Gmail Vulnerability May Expose User Information]
* [http://it.slashdot.org/it/08/01/14/1319256.shtml Slashdot | Most Home Routers Vulnerable to Flash UPnP Attack]
* [http://it.slashdot.org/article.pl?sid=07/09/22/1040225 Slashdot | Zero-day Exploit in PDF With Adobe Reade]
* [http://www.symantec.com/enterprise/security_response/weblog/2008/01/flashing_home_routers.html Symantec | Flashing Home Routers]
* [http://www.washingtonpost.com/wp-dyn/content/article/2007/11/15/AR2007111501350.html Washington Post | With Web 2.0, a new breed of malware evolves]
* [http://blog.wired.com/monkeybites/2007/09/hacker-discover.html Wired | Hacker Discovers Serious Vulnerability in PDF Files]
* [http://www.wired.com/politics/security/news/2007/10/camera_hack Wired | Sneaky White Hats Pull Surveillance Cam Switcheroo]External links
* [http://www.gnucitizen.org GNUCITIZEN | Cutting-edge Think tank | Ethical Hacker Outfit]
* [http://www.gnucitizen.com GNUCITIZEN | Commercial, Unobtrusive Entity]
* [http://www.gnucitizen.net GNUCITIZEN | Network]
* [http://www.spinhunters.org Spin Hunters | Social Hacking Research House | Black PR | PR Security]
* [http://www.hakiri.org Hakiri | Hacker Lifestyle]
* [http://www.gnucitizen.org/blog/0day-pdf-pwns-windows/ 0day: PDF pwns Windows]
* [http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/ Google GMail E-mail Hijack Technique]
* [http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox/ 0day: QuickTime pwns Firefox]
* [http://www.gnucitizen.org/blog/ie-pwns-secondlife/ IE pwns SecondLife]
* [http://www.gnucitizen.org/blog/hacking-the-interwebs/ Hacking The Interwebs]
* [http://www.gnucitizen.org/blog/citrix-owning-the-legitimate-backdoor/ CITRIX: Owning the Legitimate Backdoor]
* [http://www.gnucitizen.org/projects/total-surveillance-made-easy-with-voip-phones/ Total surveillance made easy with VoIP phones]
* [http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues/ Web Mayhem: Firefox’s JAR: Protocol issues]
* [http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-4/ BT Home Flub: Pwnin the BT Home Hub (4)]
* [http://www.gnucitizen.org/blog/0day-hacking-secured-citrix-from-outside/ 0day: Hacking secured CITRIX from outside]
* [http://www.gnucitizen.com/portfolio GNUCITIZEN Portfolio]
* [http://www.gnucitizen.org/blog/call-jacking/ Call Jacking: Phreaking the BT Home Hub]
* [http://php-ids.org/ PHPIDS Project]
* [http://www.gnucitizen.org/projects/for-my-next-trick-hacking-web20/ For my next trick… hacking Web2.0]
* [http://www.gnucitizen.org/projects/exegesis/ Exegesis of Virtual Hosts Hacking]
Wikimedia Foundation. 2010.