cooper
-
Posts
6,071 -
Joined
-
Last visited
-
Days Won
139
Posts posted by cooper
-
-
You'd need a keyboard that carries these symbols. I'm sure you can find a weird-language keyboard for, say, your phone to provide the sequence. You can probably copy-paste the characters from a Wikipedia article written in that language if you need to reproduce that sequence on a more limited platform.
-
There's a really cool talk currently being given by Michael Jack and Kyle Bowes under the moniker "ISIS Online" which goes into how terrorist groups use social media, crypto and security to both get their message out without exposing themselves such that a missile moves back in. The one image from their talk that stuck was that of a big hole in the ground with a lot of rubble around it and the caption "ISIS safe house".
Apparently guides exist for ISIS folk on how to do opsec and they basically massively suck at following it. An interesting item that's in the guide is that ISIS fighters are told to not use iPhones because they're easy to track and impossible to secure (apparently this fear is so great, it's illegal to own one within the caliphate). The presenters found no real evidence to prove this belief and they actually believe that the US planted this bit of misinformation within their organization specifically because Android phones are, in general, easier to crack.
My advice to you would be to just pick either an iPhone or a Nexus as you get vendor-supplied up-to-date OS software as it becomes available so your phone is effectively as current as it can be. If you go with some wonky vendor that rebrands Android to work on their phone you're restricted to that vendor's (in)ability *COUGH*Samsung*COUGH* to keep their mods current for that phone. Oh, and whatever you do, DO NOT SIDE-LOAD OR JAILBREAK YOUR PHONE. Interesting little fact from the ISIS talk again - some of their most popular software is loaded onto fighters' phones via side-loading a file they grabbed from some website. Guess how secure this is...
-
*cough*
[snip]
* opkg_install_pkg: Failed to download kmod-rt2800-usb. Perhaps you need to run 'opkg update'?
[snip] -
Some thoughts...
- What expected situations would cause the outage? What are you protecting against?
- How likely is this situation to occur, and how long does such a situation typically last?
- Are you sure those situations wouldn't kill the backup too?
- What does the backup cost to have around as a contingency, and what does it cost when you actually have to use it?
- What performance would the backup provide and is it worth the previously specified cost?
- Are you able to test the backup? Are you able to simulate the outage?
-
If that is your goal, simply activate the VPN option on your home router (90+% of them support that these days) and have your devices connect to the internet via that. This way your mobile devices only talk crypto in their unsafe locations while the unencrypted communication goes onto the internet from your home network. Added benefit is having the home network resources (fileserver and the like) at your disposal.
-
I'm kinda puzzled why you would want to make this. The guide shows a few very, VERY poor examples and since TOR exit nodes are publicly published and active blocked by many services, you either have a valid account (in which case you're not anonymous) or they won't let you access the service in the first place.
Seriously, TOR has no place on your router. Even if you run a hidden service such as a VPN. Watch this CCC talk from last december.
If you want to be anonymous, please read this post of mine from a while back and maybe the last paragraph of this post of mine. I think you'll find that what you want isn't to be anonymous. To solve any problem you must first correctly specify what it is. Start there.
-
I'd say be glad it was just a spot of bitcoin mining. Since the site was used for selling stuff, it could've been considerably worse.
Starting with a new VM set up from scratch is the correct approach. Instead of wiping it might've made more sense to quarantine and pluck apart in a controlled environment at your leisure.
Now they got in is a great question, and I'd say it depends on a lot of logging to work that one out. Just yesterday an RCE vuln was found in imagemagic...
One thing you could do (and I'm not a Windows person, so don't ask me how to do this) is to make an inventory of external websites this VM has a legitimate purpose of accessing and restricting outbound connections to only those services on those servers. I mean, I trust your GF wasn't using this VM as a place from where to do email and other browsing stuff so there really isn't any valid reason for the VM to initiate an outbound connection to anything but those whitelisted server/port combo's. Trigger an alert (which actually ends up with you in a timely fashion) when such attempts somehow do occur. Maybe incorporate a few more sanity checks like that max load thing. Have an automated alert of such situations so you'll be notified promptly when the excrement touches the propeller.
Go over all the parts and make sure there isn't maybe a newer version of anything. Can't really get into specifics without you doing so first, but I think you'll manage this just fine.
Yeah, this sucks, but it's kinda the cost of doing business/having something on the internet. As I said, it could've been worse and it sounds like you're nicely managing the situation.
-
SO thinks your test harness isn't consuming the fuzzing input
Maybe you should state the full error/warning.
-
My guess is something in the ophcrack 'suite' will be able to convert a word list into an appropriate rainbow table.
-
Crafting a packet from a GUI sounds really, really icky. It's the proverbial swatting a fly with a nuke.
You should use libpcap - it's what makes TCPDump amazing.
This describes how to sniff with it. To send, you use pcap_sendpacket and its associated methods.
-
You felt wrong since the best approach would've been to make a new topic. Regardless, did you check out Crunch? Here's a page describing its use.
-
QFE
My first guess is that the use of MD5 is deprecated pretty much everywhere by now. Chances are the Nano is rejecting the attempt due to insufficiently strong crypto. Look in the Nano logs for hints to that effect and maybe (re)start ssh there with more debugging enabled.
-
There's a metric shit-ton worth of videos out there. Made at cons, made by people at home... It's too much to list. Maybe you should rephrase your question to be slightly more specific?
-
My first guess is that the use of MD5 is deprecated pretty much everywhere by now. Chances are the Nano is rejecting the attempt due to insufficiently strong crypto. Look in the Nano logs for hints to that effect and maybe (re)start ssh there with more debugging enabled.
-
It's going to involve programming. If you're up to doing that this should give you a sufficiently viable starting point. If you're not up to doing that, I seriously doubt people will be doing it for you.
-
Someone already reported it twice back in october.
https://github.com/rapid7/metasploit-framework/issues/6154
https://github.com/rapid7/metasploit-framework/issues/6160No reactions to it as yet so I'm guessing the person in question had a botched install in some way and the Rapid7 crew are just ignoring him.
Try opening that hashdump.rb file and see what it's doing on line 44.
-
Maybe look at burp or ZAProxy since your interest now is to basically script a web request.
-
There's lots. Just google "Programmable garage fob".
-
If I didn't live 6 timezones away I'd seriously consider this. What a cool thing to do.
-
Amazon should show something other than a render pic. I'm fairly incredulous about the dimensions, about the screen resolution and about the idea/suggestion that this device has a touch-screen.
But tell me, do you like wearing a beanie?
Something that could be a starting point for your search might also be this Sonos device.
-
The process is that, after POST, the BIOS tries to start the bootloader that should be in/referenced from within (not certain which it is, but I think it's the latter) the MBR of the first disk in the system. If you're only using 1 OS, this is what you use.
If instead you're using multiple OSes on the same machine, you have the main bootloader - the one from the MBR of your first disk - allow you to select which OS you want, which will then jump to the appropriate partition (or even drive - if you have 2 disks you can install the secondary OS' bootloader in the MBR of the second disk) and run the bootloader that's present there. This process is called "chain-loading", because you can keep jumping around like this to your heart's content.
2. Grub is a number of things, which is probably where your confusion stems from. First, it's a set of command-line tools to let you set up the bootloader. People call the bootloader grub aswell. The bootloader has 2 stages, which is primarily due to its size. I believe there's only 1 disk sector reserved for bootloading, meaning 512 bytes. Grub is bitter than that, so when you install the bootloader the first, 512 byte part (=stage) is installed where it ought to. This stage will provide a bootloading program that's sufficiently capable to identify and load the second part/stage. This second stage knows about filesystems (the other stage only knows disk sectors). Once the second part is loaded the bootloader gains the capability to access files on disk and can provide you with the required functionality. Having the grub-related files on your system implies that you indeed use grub, but if you're using LILO you can have those files on your system and they will be completely ignored. It's like having both IE and Chrome on your system - either's presence or even the fact that it's the default the OS will pick when needed does NOT imply it's the one you typically use.
3. The Master Boot Record. When it's "in" the MBR it means its on-disk location is specified within the MBR.
4. Yes, but when you install grub into the MBR you tell it what disk contains these files. This is incorporated into the second stage that's written to the disk so GRUB knows where to find what.
-
The FBI apparently has a way.
Too soon?
-
Now it might just be my grasp of the english language that is lacking here, but isn't a matrix a 2-dimensional array rather than 1?
-
You should be using the version referenced here.
Micro USB to USB2.0 OTG Stubs
in Hacks & Mods
Posted
China is, in a way, just like any other place: You get what you pay for and people do end up making a profit on this shit so if it's dirt-cheap to you, imagine what the vendor is paying for it and, thus, how much actual value went into it.
The other thing about products from China is that if they think it'll make you purchase something, they'll lie through their teeth about it. So when you go and purchase something from there and their thing, while being mostly identical, is only a tenth the local price, either you're getting royally shafted locally, or something there isn't up to snuff. Wonky included power supply (or simply missing), the cheapest cable money can buy, connectors that only last for 10 insertions, flashlights whose on/off buttons break after 20 presses, flashlights whose cover breaks at the first drop because it never fit right anyway, those kinds of problems.
There are actual deals out there, but make sure you know what you're going to get and that the price you're paying for it still makes sense. I buy a *TON* of Chinese crap for my video rigs (I've got an A4 rating on AliExpress for instance) but I too fell for a few bad items. The trick is to hope you get something useful, but not be reliant on those products until you've actually used them for a while and they've proven themselves to be the quality you expect.