digininja

Give us some more information, who mentioned it, is there some context?

I'd burn it all down and move house, sounds like they've got you well and truly in their grasp and are unlikely to let go. With pin hole cameras there could be one in every nail and screw head in your apartment and you'd never know unless the doors fell off the cupboards because they used cameras instead of nails, that might give it away. I'd also stay off the Raspberry Pi, did you know that if you sum up the ASCII values of all the letters in the name you get 745 which is the year Kulun Beg died and I think we all know what that means.

Most solutions like this will take a fingerprint of the installation then require an initial internet connection to sign that fingerprint. The app checks the fingerprint when starting up and fails if it doesn't match. If you can't get that initial internet connection you give the user a text file with the fingerprint in it and they then have to get it onto the internet where they send it to you, you sign it and send back the hash, they input the hash and all is good to go. You just have to be careful about what you fingerprint, too little and it can be cloned, too much and small tweaks to the machine break it. You can also build expiry dates into this so the app expires but that relies on them having a working and up to date clock on the machine.

Have you tried going back to your testers? They should give you full support after the test not just deliver a report and walk away. You can ask if you want though.

Find @webbreacher on Twitter, he is king of OSINT and regularly publishes stuff about it.

A different way to look at this, call the device X. Is X the main AP for the building? Easy way to tell, look for an alternative AP, if there is, turn it off and see if you still get wifi. If X is the main AP, then bad things could be happening. If X isn't the main AP, try connecting to an open network that doesn't exist, if you can, then something is running that shouldn't. If you can't, then it is unlikely X is spoofing APs. If X isn't the main AP and isn't spoofing things, is it on the network? Turn off all other devices, except the main AP, and then do a network scan. See what is left, if there is a Linux box with 22 and maybe 80 or 1471 open then browse to it and see what you get. If it isn't on the network then it could just be doing passive things and there is nothing you can do to detect that. With whatever normal access you have, try connecting to a HTTPS site you've never connected to before which doesn't do HTTPS preloading (google it all), my site would be one. If you get a valid certificate then it is unlikely that there is any odd SSL man-in-the-middle attacks going on. Try a traceroute to the main AP and to external sites, see if you get an unexpected additional hop before the AP or directly after it. If the room it is in has a door going to the floor, pick up a cheap ring and roll it under the door then call the landlord and ask him to come and open the door so you can retrieve it, while doing it, get a proper look at the device. My guess would be that it isn't a Pineapple and that nothing odd is going on as that is the most usual way things work out.

If your boss won't listen to "it's illegal" tell him "it's not possible", he can't force you to do it if you don't know how. If it's your fair, you set the rules ban any recording devices.

I use one of these: https://www.pcengines.ch/apu2.htm Before that I had one of their Alix boards, both work really well. I added an SSD drive so there was space to work on it and store logs, I found that using an SD drive sometimes mean problems upgrading as there wasn't enough room to run the upgrade script.

I said if you weren't already running everything through the VPN things would be leaking. If you want to do it the easy way, my setup is a pfsense box sat in front of my modem which can be set up to connect to my VPN server and run everything through the VPN. That way I don't have to worry about individual machines, the firewall does it all for me.

I can see the hosting company the VPN is running through, is it one you set up yourself or a commercial offering? If you built it yourself then that is easy to track back as they talk to the hosting company and get a list of IPs who connected to the box and the details of the person paying for it. If it is a commercial offering then there are ways of monitoring traffic content and meta data to tie inbound traffic to outbound and work back from there. It would all need warrants but then so would doing it at your ISP level. If you aren't currently running all your devices through the VPN then you will be leaking at least some info to the ISP.

Don't forget, if the government want to watch your traffic, they will just put a tap on the VPN end point. Sure you get it but a lot of people miss that their traffic has to emerge from the VPN somewhere and at that point it becomes visible to anyone who is on the route or can request traffic. Do you stream movies through the VPN? If so, that is likely to eat up your allotted bandwidth pretty quickly.

You say any network, do you do all these at home as well? VPN and hardware locks as well? If you do VPN all the time, what are you defending against, your ISP? Do you trust the VPN endpoint more than them?

Unlikely. I'd set the VPN up on an access point and have the firestick connect to that.

Are the phones company ones or private? In a few countries it is illegal to monitor private devices even if they are connected to a corporate network as there is an expected level of privacy. If they are corporate phones then you can get monitoring software to install on the phone but doing this without informing the user is again considered a beach of their privacy even if they signed an agreement.

If you have the keys, why do you need to forward the traffic on?

Without the keys you couldn't decrypt any traffic so you might be and to do it but it would be worthless. You would also have the problem of you having to be able to talk to the real AP while stopping the victim from doing it. The only real situation I see this working in is where you have an open network in a different geographic region that you want traffic going through so you listen in your region, tunnel the traffic to a transmitter in the target thin the then play it out.

Honk, wrong answer. We don't teach techniques for illegal activities on these forums.

What is it you are trying to achieve once you get this HTML page up?

Sounds like you are trying to write a password brute forcer for Netflix to me. We don't allow illegal activity on these forums so please, don't ask questions like this.

Some stuff is possible, some stuff isn't and depending on your location, a lot of it is illegal. There is a lot of published work on weaknesses in things like S7 and GSM. Defcon 19 or 21 had a relatively famous talk on GSM hacking where they had a no mobile phones restriction round the talk area, search their archives and you should find that. It is old but will give you some ideas.

Sounds like a Challenge Anneka or 321 clue if you have to work it out like that.

Are some of your posts done by a bot as this makes no sense at all.

That is true, it will teach you how to install them which involves understanding dependencies, versioning, using repos such as GitHub or such as PPA, permissions and all sort of other stuff which is really helpful. If you know how to install all the key tools you use then when you pop a shell on a client's network and need to pivot through it you don't have a sudden learning curve. It also makes you focus on the tools you actually need. If you are going to spend time installing a tool you may as well be installing the correct one for the job, so do some research, work out what will do what you need, then install that, rather than just looking in a pre-selected list of tools other people use and picking one at random because you need something for X and it is in the X category. You also need to remember that not all tools are Linux based, I use a lot of Windows tools when I'm testing Windows networks, at that point, if all you've learned to use is Kali you are screwed. In the DVWA support team we get loads of people asking how to get it working, the vast majority of the time it is because they are missing a really obvious library or have missed setting the permissions on a file. If you can't install the app that you are trying to hack, it doesn't bode well for your changes on actually hacking it.

The recommendation is the same to everyone, learn as much as you can in as many areas as you can and show your enthusiasm for the subject by blogging, tweeting and getting involved. As for Kali Vs Parrot Vs anything else, they are just Linux distros with pre installed tools. You don't learn Kali, you learn the tools. My recommendation is to pick a standard distro such as Debian, and install the tools yourself. That way you improve you sys admin skills, understand how the tool works and get to pick the tools you want to use rather than fumbling through a raft of them picked by someone else.

It is only a problem if you do a recursive decompress. Pick a single file and just pull that out, that will be a compressed file. Repeat the process. If you are worried about crashing the computer, create a fixed size drive and mount that so it can't escape beyond it and kill things.