metatron
-
Posts
2,146 -
Joined
-
Days Won
5
Posts posted by metatron
-
-
8 hours ago, zoro25 said:
I think you guys are missing the R&D costs,
If you look at Seytonic he pushes (or sells) Malduino but the Malduino uses DuckyScript as it's language.
Who invented DuckyScript . Hak5 ,
OKay so it's not massively hard to come up with a new simple scripting language or even using the Malduino for USB automation, but no one else did it in a small easy to use package.
That's what Hak5 brings, ease of use and some resemblance of support (I say resemblance as most of the support is from the community so it's hit or miss) . Sure you can do a lot of the pineapple stuff via a Linux OS with your network cards in Promiscuous mode but the Pineapples just give you a nice small package which to carry out your engagement.
Seytonic is great and his guides are awesome for those with less cash, but lots of Hak5 customers are businesses/Govt agencies or just people with a passion for security who don't mind paying a little extra for the community.
Hak5 if anything has been a bit of victim of its success and its customer base grew massively over the last few years (pineapple5 onwards) and it seems only now the dev team is beginning to catch up to cope with that larger customer expectation. Bringing Seb was a good start back at the start of Pineapple5, but he and Darren have always been swamped. For example almost 2 weeks after the source for Kracked was leaked (openly available) which is the biggest thing to happen to WIFI in about 10 years , The pineapples still haven't got modules/new firmware (in fact while I'm on it the firmware is over a year old)
Lets hope with the larger Dev team things get better.
I don't really pay much attention to their products, but if the Ducky is the USB hid thing, then it was not invented by the team. The modified USB stick that predates it was largely developed by a very active community, when there was still one here. Sure the idea has been turned into a more professional product, also if you want small in the case of network related tools, there are a wide array of OpenWRT supported devices or use a rPi.
I'm not pissing on their achievements, they have grown a company out of a low budget podcast/webtv show, thats hard work. Their prices aren't even bad, as traditionally this type of stuff reflects the value it adds and being many more times expensive.
I tend to think of Hak5 as a company pushing products with their shows simply advertising.
-
Sure, no real need for any of their tools, all that stuff is easy enough to do with low cost off the shelf kit, but for people with the cash, may as well save the time and keep people in employment.
-
I just carry a ThinkPad x230 running CoreBoot/Debian, a OnePlus 3T running LineageOS, charging/data cable, Leatherman Wave, modded TYT MD380, a pair of cheapo mini USB wifi dongles (these are rarely used but useful for when I want multiple interfaces).
I don't need anything else really, any laptop can do what I need. I've got a set of Sparrows picks on me and a few padlocks (which get swapped out), but that's only to keep my hands busy.
-
I was working in Tokyo for about a year and a half. Got to travel about and see the country over that time.
It really depends what you're into, the food is fantastic, hit a temple or two, ect. The torrist spots are torrist sports for a reason.
Tech wise, it's nothing special, it's just as if they took a tech site and dumped all the goods in a multistory shop. The prices aren't as good as web prices, but if you show your passport, you don't pay tax. This is useful when buying machanical keyboards, it's still the cheapest place to buy HHKB, but they still aren't cheap.
Best things I can say is go to a jpop gig, as it's very unique, even if you don't like the music and hit the sex shops and laugh your arse off at the range of crazy shit and thousands of porn games and the heeps of VR porn.
Retro gaming is quite good too, loads of stores.
-
I've been here a while. Had an account on the old forums, probably been here since ep1 or 2. I watch the show every so often nowadays, check the forum once every month or two, it does not really feel like a community any more, more a user support forum, but times change and its good the Hak5 team are making a living out of this.
-
I just install straight Debian or Slackware and just grab anything I need from github/ect, only reason I do it is I use the systems for other things and I don't need or want things i'm not going to use.
-
Just deactivate your account or ignore it. If its threats towards your life then report it to the police.
-
Might be useful.
-
Well there was the Ubertooth which could only sniff a single channel of bluetooth at once, being that Bluetooth hops 2400 to 2483.5MHz and there are 1600 hops per second, you would miss a lot sniffing with anything less than a high end spectrum analyser, or I know you can cover all the channels at once with two USRP2's. Still the Ubertooth had their uses.
Other than that, people have looked into things that use Bluetooth, like jamming electric skateboards, which stops the skateboard and sends the rider flying, there is some interest around Bluetooth locks, not so much connecting to them, as that is easy enough (putting them into pairing mode, when the owner isn't there), but how the app's pass the unlock code.
You also have a fair amount of research into abusing/playing with iBeacon, bypassing passkey authentication in BTLE in versions 4.0, but 4.1/4.2 fixed a lot of issues around being able to sniff the pairing session, there is the old brute-forcing pass-key on passkey protected devices method.
-
They look like regular 433MHz modules, the likes you would use for lots of tasks, like weather stations.
http://www.seeedstudio.com/wiki/2KM_Long_Range_RF_link_kits_w/_encoder_and_decoder
I'm fairly sure they aren't bidirectional, like http://www.aliexpress.com/store/product/Long-distance-LoRa-SX1276-SX1278-RF-wireless-module-DRF1278F/1396782_2021201457.html
-
Also that antenna is a fairly small helical antenna, this is what I have on my icom
-
51 minutes ago, cooper said:
I remember the long-haired guy coming to Steel Con with you last year. Fairly sure I've seen the guy in the foreground before too.
Bottom pic: That is one HELL of a large antenna for a handset...
Yeah, I've been going to 2600 meetings since I was 14 or 15 (now in my mid 30's), its always been a good place to learn new things, ask questions and make like minded friends, and that goes for any of the global meetings, San Francisco and Toronto 2600 were two of my favourite ones, when I was working out those ways. Its a great way to settle into an area as most sercurity events, feel like a formal networking event where people are trying to sell you a product, service, or themselves.
The whole shared interest thing means you rarely go to cons on your own, no matter where they are in the world. I think 8 or 9 people are travelling up for Steelcon this year, as the four of us that traveled up last year had so much fun.
-
Not sure how many of you are in London, or the surrounding areas, but you might want to check out a 2600 meeting.
This will be the London 2600 July meeting. As always we meet at the front entrance of the former Trocadero Centre from 18:30 to 19:30, before moving onto the second venue.
For anyone new to 2600 meetings, London 2600 meetings are part of a global movement. Stemming from a radio show and magazine focusing on Phreaking, which flourished into global meetings, happening the first Friday of every month. Bringing hackers/geeks/tech obsessives/cyber punks/tin foil hat wearers together to shoot the shit, relax and have fun.
2600 IRC
IRC Network - irc.2600.london on port 6667 (non-SSL) or 6697 (SSL, recommended)
Channel - #2600
2600 Mailing List
https://lists.kentgeek.org/mailman/listinfo/london2600
Social Media
https://www.facebook.com/London2600
https://twitter.com/London2600Twit
-
Sure you have http://www.blekeyrfid.com/ , https://github.com/CroweCybersecurity/ravenhid and
https://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools/ I'd go with the first two.
-
I'm cheap, just use http://samurai.inguardians.com/, and something like http://www.dvwa.co.uk/. Trick is learn the basics from watching videos and reading documentation, along with experimenting. Once you've got a reasonable grasp of the subject, you can normally find a mentor in the community, as long as you aren't annoying.
-
You might want to go for Chinese ones, the ones I got from AliExpress were $4 each and had no issues range wise. Realistically if you just use a bare wire like they do you aren't going to get the best range, you can get cheap Chinese 70CM band antennas which cover rx/tx on 420 to 450 MHz.
-
13 minutes ago, haze1434 said:
That does sound perfect, that's basically what the RPi is doing yes.
I've done some general research on this LoRa stuff, but I don't quite understand how one would connect to an RPi and get a command line with it? Is that possible?
You can use these as stand alone units or feed/receive serial from a rPi, although I don't buy from Adafruit, as I just normally get stuff from China and not pay the US shipping and other additions. If you go with a Adafruit product you do get support and code examples
https://learn.adafruit.com/adafruit-feather-32u4-radio-with-lora-radio-module/using-the-radio
-
I've played with the lora stuff on 433MHz, range was fairly good, five-ish miles in a village environment. Towns and cities gets about a mile from experimentation, on a farm I'd not see there being an issue, other then data rates, but if you are just monitoring things like UV, PH levels, wind speeds, temperatures, barometric pressure, humidity, basic shit like that, or using it to trigger relays, then 433MHz is great.
-
A lot of universities have moved away from having their own servers, which is understandable from a cost stand point and email servers get attacked a hell of a lot. As for companies, well any non US company would be insane to have anything confidential in the US, as they are likely to pass it (willingly or not) to the US government, who then pass it onto American competitors. This is widely known to have happened with Airbus a European company and Boeing as US company. You can't blame the US for doing this, its protecting jobs and what is good for them, which is what governments are meant to do, but you can't trust US services if you aren't American, the same could be said for a lot of other countries.
-
On 6/13/2016 at 1:50 AM, cooper said:
If you come to SteelCon you can say hi to the both of us. Hell, I'll throw in a beer.
Yep it's us, from the very start. I stopped watching the show years ago, but noticed a few of the old guys on when I was seeing what had changed. Apparently IRC is good now, but the forums seem to be mostly a support system for the products they sell. As Cooper said, we will both be at SteelCon.
-
You could also do a specific degree in cyber sercurity and get a low level gov/military gig. In the UK its 9k a year and takes three years to complete. Most the people that come through this way aren't people I'd want to hirer, as they very rarely have any real interest in the subject (chasing money), but it ticks a lot of the boxes for gov and mil work and will get your foot in the door, as they are racing to fill voids in defences.
-
-
If I were you, I'd go to smaller cons where it is easier to talk/get to know people and make friends. Having friends in the industry tends to lead to opportunities. That or start writing tools and putting them out there, even if they're shit, people will see you are trying and opportunities will come.
-
Got to say if I see someone in my company or street, living that tacticool lifestyle, its going to draw my attention and others. Sometimes is better to looks completely normal and unremarkable, just blend in and do what you need to do.
2600
in Everything Else
Posted
I don't read the mag any more, but I try and attend the monthly meetings if the city I'm working in has one.