Sceptive is looking for Jedi Knights.

Sceptive is respected, international company based on Istanbul which works only with underground talents. What we actually do is just hacking big corporations for good. That's all. After we hack a company, we do not give any harm but notice officials to fix the vulnerabilities. We create trusted relationships and work hard to protect them against Sith Lords.

Sadly to say that the term "hacker" has been ruined away by phishers, imitators, journalists, holywood and script-kiddies.

Our call is for real ones.

What you will be doing?


Just hacking highly secure systems all the time.

What you need for this position?


  • NOT having an academic degree is a PLUS.
  • NOT having CEH, OSCP, GIAC (GPEN) or other information security certifications is a PLUS.
  • We do not have an office so you need your own computer, working environment and internet.
  • At least 5 years of programming experience is REQUIRED.
  • Experience on IOS and Android is a PLUS.
  • Reverse engineering and binary patching experience is REQUIRED.
  • We do not have working hours. So reachability at any time is REQUIRED.
  • Ability to travel world-wide is a PLUS.
  • Applicant should be aware of Jedi Order
  • Speak and read in German or Arabic or Dutch or French or X86 Assembly is a PLUS.


Sceptive considers all applicants without regard to race, CPU, color, creed, religion, national origin, laptop model, sex, age, bandwith, gender identity, marital status, sexual orientation, use of a guide dog or service animal, fanaticism to/against Apple and/or Microsoft and/or Linux, physical and mental disability, military/veteran status or any other group protected by human rights.

If you are interested please post your CV to root {at} sceptive {dot} com or just get in touch with us by mail if you do not like CVs at all.

read more

CVE-2014-3518 JBoss EAP/AS 5: Remote code execution

Overview

JBoss Application Server (JBoss AS) is an open-source, cross-platform Java application server developed by JBoss, a division of Red Hat Inc. JBoss AS is an open-source implementation of Java 2 Enterprise Edition (J2EE) that is used for implementing Java applications and other Web-based applications and software.

JBoss AS is released through Lesser General Public License. The JBoss.org community provides free support for this application server.

We have discovered that default installations of JBoss AS 5.x products prone to remote code execution attacks.

read more

Kyle: A password manager for paranoids.

Overview

For a password manager kyle differs with the others in two points;

  • It doesn't store any password so there is no file to steal and crack for attackers
  • So you can't store any given password from 3rd parties but demand your own

And kyle differs with password generators with;

  • Generated passwords are not random but a brute-force method can take trillions of years to crack just one

    For example on the test vectors Bill Gates' password tooks 12.11 secs on a MacBook Pro Early 2013 with 2,4 GHZ Intel Core i7. So even for a lazy master-key with 8 chars includes small-case-letters and numbers 36^8+36^7+36^5+36^4+36^3+36^2+36 equals 2901713047668 combination with 12.11 secs per combination try leads to 1,114,274 years to try all combinations.

  • It doesn't use any specific hash or encryption algorithm although it uses mixture of them by an algorithm to choose which generated from info and master-key.

read more