Karit

Some great VMs to work through with exercises https://pentesterlab.com/

Cell phone boosters are illegal as will as they are broadcasting on frequencies you don't have a license for.

Assuming you have a license for the frequency or a good Faraday cage. Have a read about making your own Cell tower which could be handy for this. https://www.evilsocket.net/2016/03/31/how-to-build-your-own-rogue-gsm-bts-for-fun-and-profit/ One tip set the Ki to * so encryption isn't used and will allow SIMs you don't know the keys for connect.

How does the site require HTTPS? IF the site enforces HTTPS through HSTS and the user has visited the site before or they have HSTS Preload the browser just won't connect to HTTP for the site.

Maybe get remote code execution. https://pentesterlab.com/can walk you through some of it.

At 470MHz mightn't get through put required because frequency isn't high enough. Maybe look at the Ham data services as they have data link in the Ham bands. More likely to have worked samples/code to start from, I would guess

Yard Stick one does RF Cat which makes it simple python commands. (As is a hardware define radio) A hackRF is an SDR and isn't that simple but more powerful not as restricted with frequencies or modulation types.

THanks, But I am needing to use HackRF due to frequency requirements. RFCat only works with Yardstick One (and similar chipsets). Plus RFCat doesn't do PPM.

Depends what problem you are trying to solve. If you are in supported bands and supported encoding Yard Stick One is nice and simple.

Hi, Has anyone come across any good tutorials on transmitting on the HackRF. I can find stuff on record replay but that isn't want I want. I know the bits I want to send and need to send them PPM on a frequency just trying to find an example so I can repeat it.

Import Burp's CA cert into your OS's or Firefox's trust store so it trusts all the certs that Burp signs. If it is just a HTTP header you need to add you can look at browser addons to add HTTP headers.

Does the egagement have enough fat to pay someone to do it? http://www.onlinehashcrack.com/- only pay if they crack it https://www.cloudcracker.com/

The HackRF is open source and on Git Hub I tink.

Yes can be done. THough I don't think the barcode standard contains the window key to do a win+r and don't think alt is there either. I have done stuff about a year to login into something with a user/pass and could pass enter keys in at least. If you new the POS system you could press the delete previous items button or something and finish purchase at a lower amount. I'm sure someone will think of an app escape you do basically have keyboard input as you say.

Seriously in the real world. No one notices. Most organisations can't notice stuff on their wired LAN. Sometime saying you were nosiey and they didn't detect you is a very important finding.

My first thought is what exactly do you want to run on the xenserver to make a hack lab? For beginning the single VM/iso from https://pentesterlab.com/ are really good. They just run fine on your desktop just need one at a time, so no need for a full server. I personally would start there. Save the money for now. Sure if want to get into more set up a xenserver so you can start making a full network to pivot through etc. Though maybe by that stage best to see if you can get a job with a Pen Test firm as then your client set up and manage the network for you :p You just need to identify the issues.

Yes last time I looked those apps Cert Pin. Also you will find a lot of apps with use OAuth so don't store or transmit user/pass pairs. Though you can still use the OAuth token. Though the token is often limited in the functions it can do.

With a lot of these things need to consider your threats, risk and advisories and pick the most important to target. If someone has third party access they can make a copy of everything (especially if phone is rooted) and they can brute force offline. If wipe after X wrong passwords either go back to safe copy each time or just update the counter back to zero. Main thing if lose the phone or if some else accesses it the brute time should be longer than the time it takes you to change all your passwords. The phone's password and full disk crypto are important here.

Restore from backup? I know this is a little late but my first step would have been to plug the disk in as an external drive to a working computer and copied off the files I required. When disks start throwing errors like that it is a matter time before they die completely so should plan out what you want to do before powering them back up. If the partition tables were still good I would target the files I wanted as the drive might just die during an image as the I/O of an image is quite high and could kill it even faster without getting the required files.

If site has HSTS the only way to SSL Strip a user is on the user's very first visit in that browser. As they may got to the HTTP site first. If they have visited a site with HSTS the browser will never go to the HTTP version. If the site is in the preload list (https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.json) the browser will never go the HTTP regardless. To add a site to the preload need hsts headers then to be added to https://hstspreload.appspot.com/ Given how HSTS use is growing and the preload list is also growing SSL Strip is going to become less effective. As HSTS and preload is designed to stop this. Almost got to look rolling out custom browser or some other totally new class of attack. With sites like https://www.ssllabs.com/ssltest/it is much easier for owners to valid the setup of their site. Then to help stop rouge certs there is Host Key Pinning that pins on the public or the CA. Google has that set up in the Preload list and other sites are doing it through the headers. https://en.wikipedia.org/wiki/HTTP_Public_Key_PinningWith this if you are trying a MitM the user won't even get a self signed warning to click through the browser just want even let them in. One attack that may work is actually going after the cipher weaknesses and decrypting the traffic. Use BEAST, POODLE, etc to attack the sites.

Kiwicon has had their first Kiwicon 10 planning meeting so guess that is on the cards. https://twitter.com/kiwicon/status/679152258559307776 Just waiting to hear back on some CFT and CFP responses and there might be some more :)

With HSTS not really sure how you are going to get around it. If it is in the Preload list or have visited the site before the broswer will refuse to connect to anything but HTTPS. Then you have to hope the user will just click yes on the cert warning dialog.

A great set of video tutorials https://greatscottgadgets.com/sdr/

Need to pay attention to the parts list. Know some of these alternate builds uses a lower spec processor then over clock it. So it might use more power or be less stable for example. Also from what I understand all the hardware test code and hardware test jigs aren't open source so the the assembly line testing of these isn't as goos as the ones from Great Scott Gadgets.

Aviation uses AM rather than FM so you will need to change the demodulation settings