Jump to content
Hak5 Forums


Dedicated Members
  • Content count

  • Joined

  • Last visited

  • Days Won


About cooper

  • Rank
    Re-born-again Hak5er
  • Birthday 09/11/1976

Profile Information

  • Gender
  • Location
    Veenendaal, The Netherlands
  • Interests
    Pretty much anything with an electicity plug.

Recent Profile Visitors

28,932 profile views
  1. cooper

    Hacker EDC? defcon EDC? every day carry?

    I'm going to slightly hijack this thread, sorry. What's the maximum acceptable weight (by which I mean the bag and its contents combined) for an EDC? As you see here, people generally say bag X can carry everything I put in, but once you cross, say, 10 pounds your EDC becomes a millstone to drag around as opposed to the nimble toolbox people often claim it to be. Also, with a given weight you need a certain quality bag for it to last a while. This is why any good quality bag tends to have a significant price tag. My regular laptop is too huge (and, at 6 pounds, *WAY* too heavy) to get involved in any EDC discussion. My Chromebook interestingly enough tends to be too small for most bags. These days I rely on a mostly cheap shoulder bag I got for being a HitB crew member. It's great because by the time the thing would become too heavy to hang over your shoulder, it's just full. I can fit my Chromebook, an A4-sized writing pad, some pens, MP3 player and 2 books. The things I do are such that all my kit goes into a trolley case (Pelican 1510 - it's *great*!). If my Chromebook won't cut it, I'll bring my beast of a laptop in its backpack which means I try as much as I can to limit everything else since it weighs me down so much.
  2. cooper

    Best Password Manager?

    Unless your 'devices' include a phone, I'd say have a look at qtpass. It's a Qt front-end over the 'pass' program, which uses gpg for encryption and git for syncing (optional - you can just put the files on a usb stick or whatever). It uses the pinentry command for receiving your passphrase, which can be made to (also) do 2FA with, say, a YubiKey. All open source, all free.
  3. cooper

    Hacking: Where to begin

    Someone on twitter referenced this very nice beginners' guide to creating shellcode: http://paraschetal.in/writing-your-own-shellcode/
  4. You are the guy with all the answers.  This is weird or sad I know.  I helped with a pc move project and day one support.  What we were doing is moving pc's for users moving to a new area in the building.  This is the issue we had some tech's that I don't know how they got on this project.  How do you talk to them.  I say this is where techs have trouble try to do this or why dont you do this.  Rather than do it this way or don't do this.  We have forms we have to fill out when we do the moves so the user does not come back after us for missing items.  None of my help filled them out plus they would do things like plug the vga cable from one monitor to another. I wish I knew which tech this was so I could toss him out.  I had already worked 7 days in a row on various projects this is my eighth day working.  People wonder why I am insane.  How do people deal with this we had 20 people to move 300 users put pc's in a bracket under the desk.  The monitors were put on adjustable built in stands.  There phones and some people had printers.  It took three days We got the job done. 

  5. cooper

    Hacking: Where to begin

    There's a metric shit-ton worth of videos out there. Made at cons, made by people at home... It's too much to list. Maybe you should rephrase your question to be slightly more specific?
  6. You should be using the version referenced here.
  7. This is from memory, but I believe the -i parameter to reaver should've been followed by the interface name to use, which should be something like mon0
  8. About 60% down the script (well, the old one at least. Just search for it) there's a chunk responsible for invoking wash with the appropriate parameters. Just search for "wash" and I'm sure it'll pop up.
  9. cooper

    Introduce yourself

    What's 'domaining'?
  10. I find the SD card sticking out the side to be far too fragile, so I went with Gentoo on a USB stick. My issue with ArchLinux was that their kernel was built without the option that allowed it to assume the USB drive stayed put across a resume (on sleep the USB bus is effectively cleared of devices and on resume it gets rescanned and devices are added accordingly - without that kernel config option the kernel would assume that USB disk to not be the one that was there at the moment of sleep). Do you know how Kali fares in that regard? I realize you're booting off of SD, but could you run this: zcat /proc/config.gz | grep CONFIG_USB_DEFAULT_PERSIST I'm hoping that it will say that config option was 'y', otherwise using a USB stick won't work with Kali either.
  11. cooper

    Hacking: Where to begin

    Today someone mentioned to me this free malware analysis course up on github. You'll likely need to get a book to really come to grips with it all, but on the whole this looks pretty awesome.
  12. cooper

    HSTS bypass and SSL stripping

    You should remember that HSTS isn't "broken". It's circumvented by having the user go to something that looks eerily similar, like wvvw.facebook.com or something. Since what you're connecting to will be a new domain (from your browser's perspective) that you never visited before in, HSTS isn't a factor and thus allows the regular MitM process to occur.
  13. cooper

    HSTS bypass and SSL stripping

    Nice article that explains the process and execution: https://www.bettercap.org/blog/sslstripping-and-hsts-bypass
  14. cooper

    Setting up Yard Stick one

    Which errors for which commands...
  15. cooper

    Reverse VPN Gateway

    You... run it? I don't understand what you're asking. Does it miss the 'ip' program? It's part of iproute2 I think.