jaime_lion
-
Posts
47 -
Joined
-
Last visited
-
Days Won
1
Posts posted by jaime_lion
-
-
On 12/2/2016 at 8:22 AM, haze1434 said:
You could achieve all of those functions with the LAN Turtle nowadays.
It's not that they aren't useful, it's just that cheaper and sneakier alternatives are available.
So is this a reason that hak5 is changing there store around and not selling things they used to? Basically technology is moving on and the old devices are not as "good".
-
This is the device I used.
Also if someone broke into the servers because fingerprint data is not stored on them there is nothing they could get. The reader reads the fingerprint and assigns a set of numbers to it. The numbers are what is stored in the server and you can not recreate a fingerprint from it.
https://ebblink.com/ Here is there website they have switched gears a little and are focused on 2FA and secure sign on for IOT.
The big thing I see with this stuff is it is way more secure than what we use now and pretty much everyone is ok with what we use now.
-
1 hour ago, Dec100 said:
There are pros and cons, same as everything. One thing to consider is the moral aspect. For example, what if a retina scan detected signs of disease? Should the company check for things like that and warn people, or is that a breach of privacy?
Also, what if the data is compromised? You can change a password or token easily enough, but you can't change your fingerprint.
The system I used the bio-metric data was not stored on servers or such. It would read your fingerprint and send the information to the servers and get the code assigned to it. If the servers were hacked the codes could not be turned into fingerprints or anything useful.
54 minutes ago, Sebkinne said:In my opinion Biometrics should not be used for authentication, but for identification. They are a username, not a password. Fingerprint + pin / password? Absolutely.
Will just say I have never forgotten my fingerprint at home or had a case of stupid and misspelled it or lost it. Also this is a big reason you guys get paid the big bucks to make sure to secure against the "bad guys".
I practice martial arts and one of the big reason I liked the finger print payment system I used was cause no one could get my wallet from me. Also the system was not set up so you could get money from it.
-
So I am curious what is everyone's thoughts on Bio-metric password systems? Also on Bio-metric payment systems? I have used a few and I love them. The one I used had a UV light and a pulse sensor so you could not use a fake finger and it had to be alive.
-
So I was searching hackerwarehouse.com and came across a few devices that I am hoping you guys can tell me if they are still used and when and where? These devices seem kind of outdated in my mind. Maybe I am wrong and pen testers use them all the time.
The first is a networked KVM. Now I know these are used and when and where but this particular model seems old. is this model still used in Data centers or pentesting?
http://hackerwarehouse.com/product/raritan-dominion-kx-ii-101-v2/
The next two products I can totally see use cases for but it seems like with Laptops and All in ones people would notice these. Unless there is some specialized place they go?
http://hackerwarehouse.com/product/keygrabber/
http://hackerwarehouse.com/product/videoghost/
Anywho thanks for the info.
-
I am assuming USB A to USB type c adapters.
-
So the original tv hacker Macgyver is set to return on CBS tomorrow September 23rd. Who will watch the premier? I know I will. Hopefully this follows the original series in being as close as possible in tv land with science.
-
26 minutes ago, KeeganWolf said:
58 furcons so far, oklacon, wild nights, mff,mfm,ac,rmfc,blfc, and furry fiesta. Still haven't been to fc,fwa, or ef.
So do you remember seeing me at rmfc this year? I was volunteering with security. Your nick looks familiar you go on irc?
-
So who here is a furry? Anyone been to any cons? Anyone been to RMFC?
Moo I am a lion.
-
So I am curious how this works lets say I am a company that has all their servers in AWS or such. How would one go about pen testing that? Would one try and get access in the company or directly attack amazon?
-
44 minutes ago, barry99705 said:
Where would you expect to use one of those? Not like anybody will let you use their monitor/tv unless they know you, and even then maybe not!
As for what's in my bag, I've posted this here before, the only thing that's changed is the laptop. Same size, just an i7 now.
So how often do you use like the firewire and vga etc cables? is this a better to have it and not need it than need it and not have it situation?
And yes he might not be able to use it unless he is in a stationary setting but since he uses a chromebook I thought I might ask.
-
4 hours ago, anode said:
Lan tap will sniff traffic to a third machine live. (and only sniff)
The turtle is more like a MitM computer under your control (if done right)
But if you are a mitm doesn't that meen you can also see the traffic? How does that differ from what the lan tap can do with seeing the traffic?
-
4 hours ago, cooper said:
I'm going to slightly hijack this thread, sorry.
What's the maximum acceptable weight (by which I mean the bag and its contents combined) for an EDC?
As you see here, people generally say bag X can carry everything I put in, but once you cross, say, 10 pounds your EDC becomes a millstone to drag around as opposed to the nimble toolbox people often claim it to be. Also, with a given weight you need a certain quality bag for it to last a while. This is why any good quality bag tends to have a significant price tag.
My regular laptop is too huge (and, at 6 pounds, *WAY* too heavy) to get involved in any EDC discussion. My Chromebook interestingly enough tends to be too small for most bags. These days I rely on a mostly cheap shoulder bag I got for being a HitB crew member. It's great because by the time the thing would become too heavy to hang over your shoulder, it's just full. I can fit my Chromebook, an A4-sized writing pad, some pens, MP3 player and 2 books. The things I do are such that all my kit goes into a trolley case (Pelican 1510 - it's *great*!). If my Chromebook won't cut it, I'll bring my beast of a laptop in its backpack which means I try as much as I can to limit everything else since it weighs me down so much.
So I know it isnt a laptop and it doesnt fit the same workload but have you thought about the ASUS Chromebit? I got mine a week ago and love it.
For me with everyday carry stuff I tend to stick to pockets or at most fanny pack. I only use my messenger bag to carry my laptop and that is really only for point A to point B reasons.
-
So I am curious what is everyone's EDC here? Also I am wondering what people carry at defcon and such for EDC? I see lots of backpacks in the videos there. EDC stands for everyday carry, everyday carry is what it sounds like what you carry everyday. My EDC is as follows.
Smartphone cheap pay as you go htc phone
Wallet and keys "hopefully in the next few years I can get rid of these as phone and bio-metrics and such become the ways to pay and unlock things.
Kubotan "I carry this more so cause I am a martial artist and not so much that I believe it will help me in a self defense situation"
USB flash drive I believe 8 gigs but not sure I rarely if ever use the thing
pen and notepad
flashlight
micro USB charger for phone
Cant wait to see yours.
Thanks
-
1
-
-
So I am wondering if the lan turtle does the same things as the lan tap? like from my noobish eyes they seem to do the same type of stuff? can someone explain the differences and where one would be better than the other one or are they the same?
Thanks
-
So I was watching the show MR. Robot last night and saw the USB rubber ducky that is awesome. Just thought I would post about that awesomeness that hak5 is getting more famous.
Also if anyone from the show is reading this I would love to see a series of episodes dedicated to hacking in the media. One of the reasons I like Mr robot is the creater has said he wants to portray hacking as close as possible as it is in real life.
-
Hopefully this is in the right forum if not you guys know what to do. Anywho I've been playing around with the idea of getting a pineapple and was wondering if I bought the mark 5 or Mark 6 when the new model came out would I need to buy a new one or can you just keep upgrading the old software? What is the life expectancy of a pineapple? Is there an end of life date?
Thanks
-
You can only download the trigger records and calibration as you stated. You would not be able to "increase" voltage because that is all regulated by circuitry and would require modification. If you wanted to modify the software, you most likely would have to JTAG and know what you are doing to even come close.
I have only messed with a couple of them to download the trigger pull records.
Thanks for the info. So have you worked with TASER's like as a police officer or security? Or like as IT for police and such?
I would be curious on your thoughts on the "TASER's cause heart failure" controversy?
-
No experience in this field at all, but I would expect the device to be designed around the concept of delivering a specific jolt and going (much) over that would fry the device as much as it would your intended victim. In other words, your mod will probably involve replacing a few components on the board within the device. Do note that depending on where you live having one in the first place could be illegal and further weaponizing it might make it more so.
Another thing, I don't think the army/police issue tasers use a different voltage or amperage. They're just more accurate and can have longer wires to their darts. So the bottom line seems to be that you're trying to turn your taser into effectively a very limited range one-shot pistol. Since a single unit costs $300 I'm guessing you'd be cheaper off getting an actual pistol (assuming that is legal where you live).
The military and police issue ones just have longer wires they are not more accurate they train for one of the probes missing the target.
Good way to kill someone.
I was putting on my white hat with this thought.
What if someone was able to install malware into the police computers and when the taser was connected to the computer to download the shot time and duration it uploaded upgrades to the taser that would make it more of a deadly weapon the next use? or what if when used it fried the device? Some police departments have to share TASER's. Some have the individual police buy them out of pocket. So if this were possible at the very least it would cost huge ammounts of money in lawsuits or new devices.
-
So as you may know by my posts on here I don't know much about coding and programming side of computers. I like more of the hardware side of things like installing hard drives and ram or terminating patch panels and keystone jacks.
Any who I have practiced the martial arts for 12 or so years. Mainly focusing on empty hand work cause laws and modern day society tend to make weapons like swords obsolete. Also the fact that life isn't like Hollywood. So I have done my fair amount of research on things like OC aka pepper spray and TASER's.
The TASER is not the same thing as a stun gun, where a stun gun will just shock you in a localized area the TASER shoots out darts that paralyze you for 5 seconds. Its called neuromuscular incapacitation or NMI. There are a few different types of TASER's the M26 the X26 and the X2 and there civilian counter parts. And the C2 the first civilian TASER. The TASER does connect to a computer to download records of when it was shot and how many times and for what duration. One of the reasons that the police swapped from the TASER M26 to X26 and then to the X2 aside from newer tech and smaller units is because the operating systems on the computers became obsolete. The TASER M26 was built to interface with windows 98 machine. The M26 used a serial cable to connect to a computer and the X26 and X2 use a USB cable.
So my question to you all after this brief explanation is, would it be possible to hack a TASER to make it higher volts or more amps etc? Does anyone know of anyone doing research into this?
Thanks
-
The antlion pheromones is made by Viss and shipped to us in sealed containers.
The stuff is absolutely amazing. I love spicy food and this adds the extra kick to most foods. I went through mine in about three months, depending on usage ymmv.
Viss also has an etsy store, so if you don't want to buy from us, you can always go directly to the source.
Best regards,
Sebkinne
Thank you will check that out but will more than likely be supporting the hakshop come September.
-
So I love spicy stuff and in September will more than likely be buying the Antlion Pheremones. But like I am kind of a little leery buying a food product form a place that mainly sells computer equipment. Anyone tried it and like it and such? What are your thoughts?
Thanks
-
Well what I was thinking was like buying 5 cheap usb's from best buy and having a drag and drop solution to making a cheap rubber ducky. But if that isn't available yet i am fine with the usb rubber ducky.
-
So basically as a teaching tool to teach people not to plug USB flash drives and such into there machines from pretty much anyone. I use a USB rubber ducky with a modified hello world script that reads "im in your pc and i can see you. You should never plug anything into your machine."
But at 40 dollars a pop they are kinda pricey if i need a replacement. So does anyone know if there is a plug and play way to make Badusb yet?
Data center pen testing?
in Business and Enterprise IT
Posted
So my original question was similar to what IDNeon said. But also I was wondering if I went to a company and they said something like "All of our servers are in AWS and every employee here basically has laptops that they just use to get to the servers on AWS." Would I even need to sneak into the company to plant wifi pineapples and such or could I just stay in my lab and attack amazon over the internet?
https://aws.amazon.com/security/penetration-testing/
I believe that is what you would fill out.