Search the Community

Showing results for tags 'security'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Community Projects
    • USB Rubber Ducky
    • Lan Turtle
    • SDR - Software Defined Radio
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 11 results

  1. VPN

    is there any relatively decent cheap VPNs you'd recommend??
  2. I have to travel a lot for work, so I am looking for a travel router that will be able to act as an OpenVPN client. I have considered purchasing a WIFI Pineapple nano for this application, but it seems to be a bit of an overkill for what I need. What would you suggest I get?
  3. Hey guys, I know most of the post here are about attacks for the rubberducky, but I wanted to share something different with you today: a script to prevent rubberducky attacks. DuckHunt: https://github.com/pmsosa/duckhunt For now it is a project intended to protect users against Rubberducky attacks (or other automated key injection attacks). I made sure to document as much as I could in the github page so that others can keep adding and eventually it could lead to a larger discussion on how to protect users from these types of attacks. I read the previous Defense Against Ducky posts, and it seems that people had lots of ideas surrounding how to defend against these guys. I was just curious to see what would be other legitimate things one could add to protect against these :) Cheers, - Konuko II
  4. Hello. I am new to this forum so if this thread needs to be moved somewhere else, please let me know. Sorry in advance. I have built a hacking lab for testing purposes. I have a target router which leads to a MitM device and a switch. The switch connects two target machines and a hacking machine. I want to supply internet access to the two target machines by connecting the router to my main router, thus giving it internet access (currently the router is not supplying internet). I have heard it is a bad idea to give labs internet access (for obvious reasons). Is there a safe and secure way of doing this that doesn't raise a high/moderate change of comprising the network outside of my hacking lab? I have heard of people using VPNs to secure their network. I just haven't really seen it done in this aspect. Any advice in doing this would be super great! Thanks.
  5. So now there these SOCs which seem to be really the top thing in cybersec these days. My idea of them is just guys sipping coffee and checking whatsapp and sending arcsight automated excel generated reports to people who also have no idea on what to do with them. Ec-council has also come with the incident handling cert now which i think is geared towards this. I want to know what the whole deal is with these SOCs, anybody working in one, please share. Right now all i know is the fuckers are expensive.
  6. Hi all, As the title suggests, I was wondering why WPA should be easier to crack than WPA2, and yet the process to crack them appears to be the same? The hash mode in Hashcat is exactly the same for WPA and WPA2, so surely they would take the exact same amount of time to break? Is there a quicker way to break WPA? I found http://www.aircrack-ng.org/doku.php?id=tkiptun-ng, but this appears to only be for WPA-TKIP, and doesn't look like a finished product. At the moment, are we doomed to cracking WPA using the same methods as WPA2? Thanks.
  7. Are Google URLs truly vulnerable to Open Redirection like explained here https://www.indusface.com/blog/?p=1646 Can it happen to anyone's website?
  8. What are you reading right now? What's on your reading list? Hacking and security related or not, doesn't matter.
  9. I just read the "leaked" draft of the senate encryption bill. It looks awful and contradictory in addition to the adjectives the wired article gave it. My senator's office is across the street from where I work. So I plan on stopping by over lunch on Monday to irritate her staff, by listing off the ways that that bill could break the internet while failing to solve the problems it is aimed at fixing. Wired article here http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-nightmare/ vice article here http://motherboard.vice.com/read/leaked-burr-feinstein-encryption-bill-is-a-threat-to-american-privacy draft here https://www.scribd.com/doc/307378123/Burr-Encryption-Bill-Discussion-Draft Anyway, I'm a bit annoyed right now that someone thought what they have so far was worth writing down.
  10. Hi all, Just a quick post about certs. Im new to Security so thinking about doing Offensive Security course but need to save up ha ha. I am currently a sys admin/devops and want to move into pen testing as thats where I have wanted to be for a long time. Anyone else here done any similar certs? if so what was your experience, was it useful to do etc?
  11. Hello Hak5 enthusiasts- I'll start with the question and end with more information about myself. I just recently accepted a new job as an IT Security Analyst. The job is somewhat entry level, but I am being asked some high-level questions and for the most part, I am getting through them with just a little bit of research. So, my question is, what do I do first? Is there a list of "Must haves" that anyone has that can help point me in the right direction for locking down my business? About myself and the company. I have Security+ certification through COMPTIA (the lifetime cert back I got back in 2010). I am currently enrolled in University of Phoenix and taking the Information System Security bachelors degree. My knowledge/skill level could be considered Entry to Intermediate. I am a 25U in the US Army and I work side by side with out network admins, but my network skills are most definitely entry level. I have no problem learning new things related to IT, I learn very fast, but I feel like I am a bit lost and overwhelmed. My company has about 450 users, we are using cloud based services along with our own local physical servers/firewalls. We use Barracuda and we have had some issues, but for the most part it works pretty well. I've already created an AUP (Acceptable User Policy), SRP (Security Response Plan), BCP/DR (Business Continuity Plan and Data Recovery Plan), Removable Media Policy, Password Requirement Policy, and I just finished our TT&E guide which I referenced NIST 800-84 for a lot. Oh.. and I am the ONLY Security guy. I work closely with our Sr. IT Analyst as he is our "network" guy and we also have an SCCM guy that builds our images and pushes updates. I would really appreciate any input you guys have to help me secure my network. -L