Sildaekar

It all looks like a bot to me, but obviously can't be sure. Seems like it starts around 12:00AM CST and ends usually around 3:30AM-4:00AM CST averaging around 5-8 posts every 5 minutes. Maybe limit the amount of posts individuals with <5 posts can do within 6hrs? or 12hrs? Or just make it so that your first post has to be approved by a moderator? EDIT: Well it's 6AM now (CST) and they're still spamming so maybe I was wrong.

Thanks for the further reading and extra info Cooper....you're awesome!

Same here, I report the second I see it, night before last I reported ~30 something posts, last night it was <50 posts (and it was at least 4-5hrs before I saw anything hence my post), and so far tonight I'm at 12 :/ But glad you guys are working on it :) Ok, I wasn't aware that you guys just needed one report per account, I'll stop reporting EVERY thread now lol

In my personal opinion the best place to learn something new is youtube, aside from that just read every article and tutorial online that you can. Or go to your local bookstore and grab a few books, flip though them and see if they are interesting then buy 'em. I have never used the website you've mentioned so I can't comment on them either way but the methods I mentioned are what I do, plus I'm cheap like that haha.

Ok, so I know the basics of SSL, as well as HSTS but I recently got to thinking about MitM attacks using some sort of proxy such as mitmproxy. The proxy would basically generate self-signed certs and send them to the client, and yes I know there would be that ugly popup. I recently, however, came across cert pinning and was wondering just how widespread this is? I mean for example if I visited https://google.com/ and attempted to sniff the password I entered using the method stated above would certificate pinning prevent this? Also just how widespread is this practice? My apologies but this is my first time hearing of this and all I know is what I read over at the security stackexchange.

This spam has been getting out of hand the past few days. I respectfully request that a few more moderators be appointed, and that the Hak5 team starts getting behind this, maybe some sort of IPS for spam such as: https://www.invisionpower.com/services/spam-monitor

https://ask.wireshark.org/questions/37680/can-wireshark-automatically-resolve-the-ip-address-into-host-names and then to filter out the sites you don't care about: https://ask.wireshark.org/questions/33938/how-can-i-filter-by-website-names

It will require work on your part. I mainly mentioned the Asset store due to many assets on there including Augmented reality assets and map assets, all you would have to do is set up a webcam, and make it "paint" the webcam's view onto the screen, then you could lay transparent images over the areas you want to highlight or list more info on to give it that effect. Keep in mind this is a game engine so obviously when you search for "HUD" it's going to display results for a video game "HUD", it would be better to search for AR or augmented reality.

Probably the easiest way would be to look into something like the Unity game engine (they have plenty of AR tools in their asset store) and use that. Then you could just use UnityScript, or C# (or Boo) to program it.

A computer, a display, and a webcam. Those are the basic tools you would need to do this, the display would lay perpendicular (or at an angle less than 90 degrees) to the viewing panel (your window) also the display would have to show everything backwards. Then the computer would be used to do the processing, and the webcam would be used to view the buildings and streets outside your window. You may also want a GPS receiver to help out. You can do this with some serious graphic processing and/or just put everything in by hand.

This....this right here is going to be awesome!

Make sure USB debugging is enabled, it won't work otherwise.

Just be careful that you don't "tinker" the wrong way and mess up your ECU lol I personally just ordered two different Keyless Entry Systems today (I know, I know, not the same) to hopefully do some more with Keyfobs. Thinking about just wiring them to a LED (turns on for lock/unlock) and setting it up at my workbench.

Well, the Turtle is obviously some kind of LAN tool...any speculation guys? Looks like someone goofed and has already got the website semi-started ;) http://lanturtle.com/#!index.md

I have yet to play around with a Teensy (actually just ordered one yesterday), but I know that you can send data to it via the pins similar to the way you can an arduino. I don't know if you can do it over USB while you're using it or not though. You may want to take a look at the Teensy documentation here and you may find some more info on your specific needs.

This topic really confuses me, I'm not quite sure what you are saying or if you are just trying to make us aware of this contest. If you are this is the wrong forum.

Nice little find! The only issue I see with this is that this only works if they are using some sort of psuedo-random program to generate the keys, if they embed a TRNG on the device then I don't see the practicality of this approach....however, I don't see TRNGs being this small either. Either way this would be one approach to at minimum consider. Sorry I haven't made any more posts on this, been busy working on a bunch of stuff IRL, and just ordered a Teensy so I plan on playing around with that and seeing what I can get it to do as well.

Yeah you might want to look into Metasploit, or even a rubber ducky (or Teensy) for something like that.

Not sure if there are any infusions for that, but I imaging something like a bash script that automatically runs SCP, or FTP would do the trick. Also, they said that Turtle is expected to be announced sometime during Q2, it's only the beginning of May, not even halfway through Q2. Just be patient, it'll get here. ;)

Add "-h" to the end of the command to see the help screen and a list of options.

The Yagi is only an antenna and can be used with any radio that takes advantage of external antennas (and those that don't if you're comfortable with soldering). Just pick up some adapters and a wifi adapter and plug it into your Kali box, or just use one of the alfas with your kali box.

Wow, thanks for the info Cooper! I'll definitely give this a read. Also, you're probably right about them not using GPUs, if I recall correctly GPU calculations didn't really start to become popular until 2007 or 2008.

I see now, thanks for pointing out my mathematical error Cooper. Please keep in mind that keyfob that I listed was just some random generic keyfob that I located online and I'm not even sure if it comes from a vehicle manufacturer. I will be posting the ID of the actual keyfob in the future when I do more work on it. May try to tomorrow actually. I honestly didn't look at the circuit board on this particular keyfob but if what you are saying is true about no clock existing could there be a pseudo-random number generator such as what was explained in the article I previously linked to? I'm still fairly new with using SDR in a security sense, and I'm really taking this as my first major step into that realm. Any and all information, is greatly appreciated. Actually if you're ever in the USA I'd love to buy you a beer and pick your brain, but until then I guess the forums will do :P Do you have any ideas on other, realistic, attacks that may be possible on such devices? The best attacks I can think of a replay attacks, where the key continues working for some time after, and bruteforce but as we all know there are countless ways to defeat security systems. Also, please keep in mind that throughout my experiments I am always assuming that I will not have physical access to the keys or keyfob. See this is what I've always assumed, and when the clocks say got out of sync they used some type of clock recovery system to sync back up. I plan on getting up with a few of my friends, as well as family members and comparing the FCC reports of all their keyfobs here shortly. Maybe I'll find something that just sticks out, and if not maybe I'll discover something in my tests. I would really like to see more people jumping in on these kind of talks in this forum and sharing more information.

Just came across another interesting article over at Wired (you can see it here) that stated: While I personally don't believe it is a "backdoor" persay, but I do believe that this is the same incident that was happening with me. Also Swamppifi, I found a nice article over on HowStuffWorks that describes how they stay in sync: So, I'm just thinking here, assuming that the article I referenced is correct and most vehicles use a 40 bit key, and are programmed to accept anything up to 256 keys after that this would leave us with 4,294,967,296 possible attempts before we succeed. 40 bit key = 1,099,511,627,776 possible keys Possible keys / Error possibilities (the 256 keys allowed at any time) = 4,294,967,296 Now let's go on to say that it takes each key 50ms to transmit (got the number from a keyfob I randomly looked up online with FCC ID of KOBGT04A, I added on a few ms). We can transmit about 16 different keys every second, low estimation for various reasons. Which means it would take us about 214,748,364.8 seconds to try every key or ....wow... 6.8 years Well that was just me thinking out loud, lol. But I'm sure realistically it wouldn't take nearly that long, and I was making a LOT of assumptions and guesstimates as well.

I would like to find one as well, currently my pentesting box is a Alienware M17XR4 with Windows/Kali dual boot...would like to have a box with just kali...or hell I'd even go with Ubuntu. EDIT Btw, why did you join the IRC earlier say "Hi?" and then leave less than 5 seconds later? lmao, it was kinda funny. EDIT...AGAIN Also, I just noticed but you posted this in the wrong forum. This forum is intended for reporting issues or suggestions for the website or wiki.