The YEHG was established in September 2007 by a small group of young but mature people. The initiatives broke out in the hope of united force that can beat any obstacles and accomplish any goals we desire. We are NOT BLACK Hats. We are not concerned with or employed by Myanmar Government or any organizations.

Mission

To become one of the best, respectable, powerful groups in the world who’re ever dedicating their lives in ethical hacking and countermeasures.

Objectives

1. To share each other in learning new skills, researches and developments
2. To help each other’s desired goal all together

Check out our Home page.

Our presentations about our thoughts of security.

• Advanced Network Forensics
• Heap Spraying
• Win32 Exploit Development

We cannot guarantee our tools work for you. Use them at your own risk. We provide source code whenever possible.

• IOS Surface Security Checker
  A very light scanner that replaces some features of MobSF framework
  
  
• CRL Revocation Checker where other scanners fail.
  supports HTTP, SMTP at this moment, 2016-11
  
  
• DLL Hijack Helper
  A manual DLL Hijacking tool
  
  
• Mallory GUI
  Ready-to-run Mallory GUI Vmware edition. You can get the original Mallory Minimal version to save time in getting it from its author's sometimes-unstable torrent URL.
  Platform: VMware
  
  
• firewalkx
  Pre-compiled ready-to-run Firewalk for BackTrack Distro. Fixed version for the famous Firewalk tool (http://packetstormsecurity.org/UNIX/audit/firewalk/.) that couldn't be compiled on modern nix boxes due to compilation errors. Modified fixed source code included.
  Platform: BackTrack 5+ Distro
  Language: C
  SHA1: 1cbbfee94befda4935dfa8f3ea3320142ef429da
  
  
• bin_find.py
  Find your desired strings in Windows. It's similar to the *inux equivalent tool, strings. Using this tool, you can identify sensitive information disclosure in thickclient applications as stated in CWE-316.
  Platform: Windows
  Language: Python
  SHA1: 190ff643d4019946dedd332dfab2d9a6dff4c078
  
  
• Fuzzing > DLLHijackAuditKitx
  By default, DLLHijackAuditKit scans all associated file extensions with all installed applications in default timer of 3 seconds. DLLHijackAuditor from SecurityXploded is great for targetting only one application. However, according to our testing, it sometimes misses flaws. So, we tried to save time by adding timer support and regex support to our favorite HDM's DLLHijackAuditKit. Note that dll files in DLLHijackAuditKit will be detected as virus/trojan as they are generated using Metasploit. We protected it with password - yehg.net
  Platform: Windows 2K3/XP
  Language: VBScript
  SHA1: 7db4ffb33db06e712f8cef5d4adaec76972157f4
  
  
• Security > DropItsRights
  DropItsRights is a wrapper implementation of DropMyRights program by Michael Howard featured at MSDN. The DropMyRights program puts burden to us because it supports only command line. So, I tweaked it as parameter support and shell extension tweak that allow you to right-click on desired executable or its shortcut that is to be executed with DropMyRights. The original DropMyRights was recompiled and insecure functions such as wcsncat were replaced with their secure versions. Source code included.
  Platform: Windows 2K/2K3/XP
  Language: MS Visual C++.Net, AutoIt
  SHA1: 157bb3891992639cafc78f558302234cc996ed6b
  
  

We don't intentionally hunt for vulnerabilities. The following ones are some of what we came across. Surely enough, we are not the only ones who found such holes. Many security researchers may have found the same holes at the same time or so.
Concerning with our disclosure policy, if a vulnerability is critical, we wait for vendor's released fix within an aceptable time frame before disclosure. If a vulnerability is not critical, we disclosure it to inform users and force vendors of affected applications to fix because vendors do not usually have the willingness to fix minor security flaws.

• Huawei Mobile Partner | Permission Weakness Local Privilege Escalation
  
  
• Multiple Windows Applications | Unencrypted Sensitive Information Storage in Memory
  
  
• zFtp Server <= 2011-04-13 | "STAT,CWD" Remote Denial of Service Vulnerability
  
  
• smallftpd <= 1.0.3-fix | Connection Saturation Remote Denial of Service Vulnerability
  
  
• Dll Hijacking Archive
  Our DLL Hijacking findings in various applications (PDF reader, media player, office wares, secure wares like PGP, ...etc) with proof-of-concept dlls and demo videos.
  
  

This is our ongoing project to maintain the most live ever-updated comprehensive links repository. We take pains to make the HWD sure for quality links resources. Click the logo below to enter into hwd:

Our videos illustrations of various hacking/security processes and tools were tested on our hacking lab environments and intended only for security hardening purpose. Please don't complain if those don't work for you. Watch and forget'em! Submit your desired training requests via the contact form.
Requirement: No more than a web browser with Flash player plugin.

• Thick-client Application Security Testing Series 
  Description: Security in thick-client application has been considered as "not necessary or not required" . This misconception has been rooted in developers' mind and it has shaped the way they develop critical applications. Thus, we've started our first release of Thick-client application security testing training series using trivial consumer-based applications. We'll be adding more videos as and when we have free time.
  
  
• KNet Web Server Buffer Overflow Exploit Demo 
  Description: This demo shows exploiting KNet web server buffer overflow vulnerability and gaining SHELL access on target host.
  
  
• Mallory | Up and Running  [View Online  |  Download]
  Description: This demo shows how to set up Mallory to sniff network traffic and redirect these traffic into Burp/Zap proxy. Mallory GUI Vmware can be downloaded from our Virtual Hacking Lab.
  
  

               Navigate

• Switch to Web Lab
• Home
• Advisories
• Directory
• Training
• FAQs
• Blog
• Books

Subscribe for Updates -