Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

  • Days Won


Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    Sacramento, CA
  • Interests
    Anything that lights up and has buttons.


Recent Profile Visitors

4,072 profile views

chriswhat's Achievements


Newbie (1/14)

  1. Thanks to all of my supporters and friends, we have achieved or goal (and much more). I received notification from YouTube that my channel has been reinstated. I will post my final thoughts and gratitude later today. Thank you all for standing by me... this wouldn't have happened without you. ...And thanks to those of you who doubted and criticized me. Your involvement was equally important in gaining YouTube's attention. For now, here is a link to my channel: http://hackersed.com -Chris
  2. Cooper, Why did I subtract "(or trying to, and rightfully so I might add)" from your statement? Whether or not you agree that I should earn a profit is irrelevant (don't interpret that as an insult - I value everyone's opinion). You placed emphasis on the financial component, implying that I'm primarily motivated by financial gain. This isn't true. In fact, my videos haven't been monetized since July. Money doesn't drive me. My viewers drive me. The discussions and compliments drive me. The need to help people find solutions drives me. The numbers drive me. You may not understand this but, when I lost my channel, I lost a big part of myself. I know, I know... I'm sensitive. You said "It might be that but the impression I was and still am getting is that you're not particularly interested in Youtube reversing their verdict."I think we can find a common ground here. I agree that I didn't leverage social media to its full capacity. Bad habit. Let's consider that a valuable lesson learned. However, I didn't give up... and I wasn't going to give up. I sent an email to YouTube and Google every morning. I tried calling every phone number I could find. I tracked down YouTube and Google employees, and contacted them. I reached out to my friends, family, and business contacts all over the world. Then, I called on the people who I've helped. I almost drove to the YouTube headquarters in San Mateo. I know, I wouldn't been escorted out of the building by security. A risk I was willing to take. http://www.reddit.com/r/sysadmin/comments/2ifs0b/youtube_shut_down_one_of_the_best_hacking/?limit=500 Ultimately, I was offended by the statements made by Zarabyte, not you. I just didn't want people to get the impression that I only care about money.
  3. I can hear the "jeopardy" clock fading away... and I'm anxiously waiting for a contestant to hit the buzzer.
  4. JRedded - I appreciate that you took the time to reach out. As I said earlier, it seems as though information censorship has become the core issue here. This is something that I'll discuss in my upcoming article for the Hacker News. For now, I'm collaborating with my teammates at CTF365 to make my videos available again. We'll get it figured out soon. Thanks again. newbi3 - Your contributions to this community are awesome. I've told you this in a past conversation but I'll say it again - the evil portal infusion is one of my favorite infusions. Your thoughts are shared by many others, and you're right when you say that YouTube isn't the only platform. As I said above, I'm working with some friends to get this situation resolved. It's looking like we may launch our own platform. In the meantime, we're working on a temporary solution. Thanks for your support.
  5. I'm not really sure where to begin here. I guess I'll start by thanking bytedeez for starting this thread in an effort to support me. For me, information censorship is an underlaying issue. However, it's an issue that many are finding in my situation, and it's an issue that holds significance in our community. This is something that I'll touch on later. To those of you who have an opinion but remain uninformed, the Hacker News is going to publish an article telling my story. When the article is available, I will post a link. For now, I'd like to address some inaccurate statements and attempts to ignite unjust rumors. 1) I still have all of my videos. Did you really think I'd just rest 2 years of my hard work in the hands of YouTube/ Google? Come on now... 2) Zarabyte (Matthew H. Knight) - I'd be curious to know where you gathered information suggesting that I use "misleading keywords and content" and "misleading descriptions." YouTube embeds each video's keywords in the source; and the only way to see them is to inspect the source. Is this a hobby of yours? I'll get back to the importance of this question in a moment. Regardless, my content is specific, and therefore specialized. I don't want to attract cat video lovers, home improvement hobbyists, or beer lovers. I want viewers who are interested in InfoSec, penetration testing, ethical hacking, etc. My video titles and descriptions tell the viewer EXACTLY what they can expect to learn. My custom thumbnails possess my logo and a brief description (title) of the video. My keywords are based on three categories: - Penetration testing distros (i.e. Kali Linux, BackTrack, etc.) - The overlaying subject (security, infosec, penetration testing, hacking, ethical hacking, etc.) - The video content/ sub-topic of the overlaying subject (i.e. fake ap, evil twin, word list, password cracking, MItM, packet sniffing, etc.) If I mislead my viewers, I wouldn't have achieved a 1 to 100 dislike to like ratio. I wouldn't have been on Google's first page results for "how to hack" searches. My channel wouldn't have remained active for 2 years, and I wouldn't have been a YouTube verified partner for 16 months. By involving yourself and by insulting the integrity of my work, you've left me no choice but to further translate this situation and state my defense. To be honest, I'm surprised at your audacity. I've had multiple viewers bring you to my attention. They pointed out that several of your videos share non-coincidental similarities with my videos as well as videos belonging to others. Prior to today, I tolerated you. How? I convinced myself to considered you a compliment to my work. Now, instead of thanking me, you make an attempt to tarnish my reputation and brand me as dishonest. That was a mistake; and it was a mistake that I won't tolerate. One more thing that bothered me - You said, "He was gonna start his own website to teach people anyways so he will be fine like their are not enough security schools online as it is i guess im the only one who isn't trying to make a living off the security world." Really? Is this a joke? I can't stand how contradicting you are. Did you forget that you have a Paypal donation system set up? In case you did forget, you can find your donation link here: https://matthewhknight.com/about/ I almost gave you the courtesy of a private message instead of this post; but, as I watched you continue on with your uneducated opinions and insults, the thought of courtesy dissolved. 3) Cooper - you stated, "He's clearly making his videos for profit." Let me make this clear. I do what I do because I love doing it. When you calculate my ad revenue with the countless hours that I've spent creating videos, answering questions, providing remote assistance, etc... I don't even earn 20% of California's minimum hourly wage. Also, I've reinvested the majority of my ad revenue into improving my videos (i.e. upgrading recording equipment, educating myself, buying post production software, etc). I've turned down a number of job offers simply so I can preserve enough time to serve my subscribers. Unlike Matthew H. Knight (Zarabyte), I've never asked for a donation... and I never will. I stand by my values and my belief in free education. "Skippable" advertisements do not compromise those values. Also, I am not saying "Well, that part of my life is now gone. Thanks for nothing Youtube". I have no intentions of quitting. Those who know me, know where to find me. They know who I am, what I do, and why I do it. YouTube was a big part of my life, and it was important to me for many reasons. I will reupload (why isn't "reupload" a word?) my videos elsewhere if this issue goes unresolved. However, I'm involved in other projects as well. For example, I'm part of CTF365 (http://ctf365.com), which is a security training platform. You can find my Metasploit tutorials on our YouTube channel at http://youtube.com/hackademyus. Microsoft's BizSpark has given us full support (including unlimited use of all Microsoft products). Metasploit has given us Metasploit Pro licenses ($20,000/ year licensing fee) to give away to users. We've been given recognition at security conferences and we've had articles written about us in tech and security magazines. Bottom line, I'm not going anywhere. I'm going to continue on with or without YouTube. 4) I've never asked for anything in return from my viewers. I continue to educate myself simply so I can share my education with others... and I do it for free. I take complexities and minimize them to expedite the learning process for others... and, personally, I think I've done a good job doing it. MOVING ON: For those who are interested, here is a copy of the original email notification that I received from YouTube. We'd like to inform you that due to repeated or severe violations of our Community Guidelines (http://www.youtube.com/t/community_guidelines) your YouTube account Chris Haralson has been suspended. After review we determined that activity in your account violated our Community Guidelines, which prohibit spam, scams or commercially deceptive content (https://support.google.com/youtube/bin/answer.py?answer=2801973&hl=en). My account had no strikes and was in good standing with the community. After researching the guidelines that YouTube based the suspension on, I can argue that I did not commit any violations. The only logical explanation (aside from information censorship) that I could rationalize was: My videos' comment sections were constantly being spammed with unwanted third-party advertisements and solicitations. My channel contained more than 50 videos and received an average of 3,000 unique daily views. With dozens of daily comments, messages, and emails, I couldn't possibly combat every spam comment that was posted. In addition, YouTube's spam filtering system was ineffective. Although I cannot be certain, I believe those spam comments may have justified YouTube's decision to suspend my account. Ultimately, this is why I've asked for your support. Over the last 2 years, I've received thousands of comments and messages thanking me for my time and work. This was my motivation to keep making videos. This was my achievement. Now, your support is what I need to defeat an unjust action taken by YouTube and Google. CONCLUSION: To the Hak5 team, forum admins, and community members- I'm sorry if I expressed myself in a manner that offends the purpose of these forums. I consider the Hak5 forums to be an awesome resource. I've met a lot of really cool people here and have had a lot of fun working on projects with them. I have a lot of respect for all of you, including the huge number of beginners who are simply following their newfound passion in an effort to find their place in the community. It's just very difficult for me to sit back and watch people discuss me as if I'm a topic, and not a fellow community member.
  6. This isn't necessarily accurate. Cyber law is becoming more comprehensive and well-defined, and it's something that we need to educate ourselves about. Everyone wants to take their Pineapple to Starbucks and steal Facebook passwords. My advise is this - "Don't take your Pineapple to Starbucks and steal Facebook passwords." Here are a couple of rudimentary questions that will be asked when determining legality: Was there a reasonable expectation of privacy? Like that camera in the bathroom stall... you may own the toilet, but it doesn't entitle you to the show. For what purpose was the WiFi hotspot being broadcasted? Hmm... are you a WiFi philanthropist? Did the provider disclose any terms and conditions, a privacy policy, or use agreement? You were broadcasting an open network named "Starbucks WiFi" while sipping a latte at Starbucks... but Starbucks costumers should know better. Of course, there are many situational variables that will be considered. If we're taking about your home network, things may be different... until you get the idea that you own the data traveling across your network... and use it to go shopping. Here are a few additional issues that you should consider: Civil litigation can occur regardless of whether or not a state or federal statute has been violated. It may not be against the law to hurt someone's feelings, but it doesn't mean that it won't cost you. You could be held liable for criminal offenses that occur on your network. Don't put a "borrow me" sign on a loaded gun and assume that it'll be used responsibly. More importantly, don't expect sympathy when you report it stollen. NOTE: I'm not an attorney so I cannot advise you on cyber law; however, I do provide common sense consultations at no cost.
  7. Yes, ff:ff:ff:ff:ff:ff is used to target all devices. If you leave the target field blank, it will automatically populate with ff:ff:ff:ff:ff:ff. Here's some bogus math: Default = Blank Blank = ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff = Target all devices Target all devices = Default Therefore, Blank = Target all devices
  8. I'm glad that I was able to help you out. The puzzle will never be complete. Each piece of the puzzle is a puzzle in itself... and the puzzle as a whole never stops expanding and evolving. Not to sound too philosophical. This is just one of the many reasons I enjoy security. There are too many challenges to face alone and, therefore, it never gets old or boring.
  9. Thanks for the shout out. I haven't done much with my channel lately because I've been extremely busy working on http://ctf365.com - our online security training platform. We provide our free users with access to several vulnerable-by-design servers and web applications, such as Metasploitable and DVWA. Our paid users get access to the main arena, which has real servers hosted by real people. The idea is to attack other servers while defending your own server, and our goal is to simulate the real world internet. We also hold weekend-long CTF competitions for our paid users. The next one starts on October 17. For now, I'm working on some new Pineapple tutorials. When I'm finished, I'll share them in the WiFi Pineapple University category.
  10. I'll elaborate on what jmelody said to help answer your question. The source and target fields are part of Dogma. What does Dogma do? Dogma allows you to focus your KARMA attack towards a specific device. It also allows you to specify a list of access points to broadcast. Source field - This is where you specify your access point's MAC address. You can enter your Pineapple's MAC address (default) or a spoofed MAC address. Target field - This is where you specify the MAC address of your target. You can leave it blank (default) to target all devices or you can enter a specific device's MAC address to only target that device. SSID Management - This is where you can specify a list of access points that you'd like to broadcast. These access points will be broadcasted to your target(s) when Dogma is enabled. You can manually add access points to the list or you can add them from the Reconnoissance scan results (by clicking the access point name). Here's an example scenario: Let's say that there are 10 devices sending out probe requests in search of familiar access points but you only want to target one of those devices. After enabling PineAP and Dogma, you can enter the MAC address of the device that you want to target in the "Target" field. When the target device is searching for a wireless access point, it will see the list of access points stored in the SSID Management area. The access points from the SSID Management area will not be broadcasted to the remaining 9 devices or any other devices that come within range. If you don't specify a target, the access points from the SSID Management area will be broadcasted to everyone within range. NOTE: You can use Reconnaissance to discover the MAC addresses of devices.
  11. My advice is to stop placing so much emphasis on Facebook. Many people use the same creds for most, if not all, of their accounts (i.e. social media, financial, email, etc.). Compromise one of them, and you can often compromise the rest of them. LinkedIn Wordpress Instagram Vimeo Microsoft Live PayPal Wells Fargo Chase Bank of America Fidelity Capital One IRS.gov Amazon Target Vudu RedBox HakShop DigitalOcean
  12. You're welcome. Now that the Pineapple is gaining a new foothold, I'm trying to revive my interest in it. I'll see about making a PineAP suite tutorial.
  13. I agree, and I prefer "client" over "victim."
  14. There are three network connection categories. Each category has a few connection options. 1) Ethernet Pineapple to router via ethernet cable Pineapple to ICS-enabled computer via ethernet cable 2) Wireless (Client Mode) Pineapple to wireless network, wireless AP, or WiFi hotspot via wlan1 Pineapple to wireless network, wireless AP, or WiFi hotspot via USB network adapter (wlan2) 3) USB Pineapple to USB 3G/4G modem via USB cable Pineapple to iPhone or Android via USB cable Yes. By default, wlan0 is reserved for Pineapple clients and is set to master mode (AP mode), which allows clients to connect to the Pineapple. If you wanted to, you could configure wlan0 to act as a client and wlan1 to act as an AP. Yes, the Mk V has two antennas because one (wlan1) is used as a client and the other (wlan0) is used as an access point. This allows the Pineapple to connect to a wireless network while simultaneously hosting an access point. It also allows the Pineapple to share its internet connection from wlan1 to the clients connected to wlan0. The Mk IV was only able to do one or the other without adding a USB network adapter. KARMA: Karma Attacks Radioed Machines Automatically KARMA's job is to trick WiFi-enabled devices (i.e. computers, smartphones, etc.) into connecting to the Pineapple. Here's how it works: Most devices are continuously searching for networks that they've previously connected to so they can automatically reestablish a connection. To do this, the devices send out probe requests. KARMA listens for those probe requests. When KARMA sees a probe request, it clones the network that the device is searching for and responds to the device. In other words, KARMA tricks the device into believing that the Pineapple is the network that it's looking for. This causes the device to connect to the Pineapple. I only updated to the latest firmware yesterday so I haven't experimented with the new PineAP suite yet. From what I can tell, the PineAP suite is essentially an extension of KARMA, and it was most likely developed in an effort to bring KARMA back to life. Beacon response is basically the new probe response. It's needed to exploit devices that are no longer susceptible to the traditional KARMA probe request/ response method. Harvester is used to harvest information from probe requests. Probe requests contain information about the access point that the device is searching for. Dogma gives you the ability to respond to a single probe request or respond to all probe requests. Before, KARMA would automatically respond to all probe requests. Dogma helps you to be more target-oriented.
  15. This one has me stumped. Maybe you need to buy a new laptop?
  • Create New...