NoExecute

If the keyboard is not attached to the dongle along with the mouse, you can't. If it's unify, look into the logitacker project 🙂 or simply just use a software keylogger on the laptop, that will always work. Or, build some kind of mod on the docking station, as someone else suggested. Have fun 😉

Why not go study and build your own ? If you buy it, chance is it wont work, usually it will get detected pretty fast. And why would you want a crypter in the first place ? If it's for bypassing AV, and it's NOT your machine, you have no right to hack it, or bypass AV in the first place. If it's for leaning some kind of C2, simply just turn off AV while you learn, simple as that 😉

I will try to be gentle, but.. a lot of what you're saying doesn't make much sense. Is he in the house (just to clarify), or is he next door ? If he has access to your hardware, well..protect your hardware. Live usb linux, well, if someone has access to the usb drives, and they can write a new os to them (custom made live with a backdoor), game over... As for hacking your phone, as someone else pointed out, if he has a remote exploit, i doubt he would use it to harass you, is worth a pretty penny if he sold it. Resettting the router, it can reset due to a power glitch, or update from your ISP, so nothing alarming there. So, please, a bit more info, and be very specific and clear on what you experience, when, where and how 🙂 /NX

Simple answer, you dont, you cant "embed" anything to an exe file. And why would you want to, for what ?

You can't really. There's so many ways to do that, and so many sizes and shapes of devices, so you have to take apart everything that "could" hold a covert device. Tv, loudspeakers, power sockets, and so on. But is it realistic that someone is watching you or listening ? And, long range video / photo is a thing, so is microphones working long range (from another house), so there's no real way to be sure. But most people don't want to go through the trouble, or use the kind of money something like this would cost, so try not to worry to much about it 😉

It depends on what you're trying to do.. If theres no external ports, and thus, no webgui, it has to be done internally, so attacking wifi / clients could be the way to go. If you get on the internal side, using bruteforce attacks against the admin portal is a way, (owasp ZAP) / HYDRA or Burp-suite can be a way. But again, if it's not your network / your router, DONT !! /NX

What you're saying isn't possible. As others have pointed out, no "hacking device", can do that. And, from that range, NO. But, let me point out. Hearing changes with age, and it can change from minute to minute with PTSD. I'm diagnosed with PTSD, and when i'm not doing computer stuff, working as a sound tech, and my "feeling" of frequencies shifts according to mood, stress, lack of sleep and various other factors. So, check your TV EQ settings, find some mid level settings that work for you, there's no tech solution for this. I hope you find a solution that works for you 🙂 Take care 🙂 /NX

Depends on OS. In Windows you can use encrypted usb storage, on Linux, use a LUKS partioned usb key. For more advanced option, use GPG encryption with a smartcard GPG key 🙂 That should protect you a bit 😉 (if you're trying to protect your dev USB key and files, NOT the Bunny /O.MG itself) Ahh, if it's protecting the bunny if it's lost, sorry no idea, other than, use it, and take it with you. Write the payload to use servers you can afford to burn (one-time-use), and prepare to loose the Bunny / o.mg cable if not a permitted test. But, you really shuldn't run unpermitted tests anyway, so what's the problem ? 😄 /NX

You could try to sign the file, or make a wrapper in autohotkey and "sign" it using AHK compiler directives. Sometimes that works, but it depends.. But, for the most part, loading exe from usb, can be a trigger... /NX

For the scenario you describe, no it can't do that. You need a software keylogger on the phone, / backdoor, that transmits data back to you in realtime. Can you use the omg cable for installing something like that, maybe.. Switch the original charging / data cable with an omg, and remote trigger install of the payload. But the payload is up to you to write, as well as the connect back / c2 endpoint, to get the data. So, it looks like you have a long journey ahead of you 🙂

if it's a complex password, forget it, unless you use a gpu based cluster for cracking. You could try crunch with custom password masks. Mid level GPU..hmm. My cracking rig is a sixteen core ryzen, and and a highend GPU, and even that kind of system breaks a sweat when trying to go up against complex passwords, that's totally unknown. so, go for a GPU based cluster, those can be rented at linode. Good luck, and happy cracking 😉

Lean to be clear in what you want, what you ask doesnt make much sense. Wtf is a "portable text expander" ? And why keycrock..read the manual 😉

Hehe, Much Happy Hacking 🙂 Looking forward to hear how you're getting on with your new toys 😉

I've tied this too. I simply reflashed with the programmer, to confirm settings, and rebooted my laptop, then I could get on the OM.G cables wifi. I don't know if you tried to reflash it, and if that helped ?. Maybe try to clear your systems wifi history fro saved networks and passwords, sometimes that can also be an issue. /NX

As Dark_Pyrro pointed out, that's a tall order. I would say, start out with a Bash Bunny, a Rubber Ducky, depending on what your equipment is, some O.MG cables, and a O.MG prorammer. And, Payload Studio Pro is worth the money. if you're into wifi, get a good alpha wireless card, and you're good. But, this gear is not a magic bullet, it won't help you to get that sweet shell. For that, look into powershell, Python, and other programming languages. read books on pentesting, look at youtube. This type of gear, will only be of any help to you, if you know programming, Av evasion and stuff like that. You need to know the ins and outs of the platform you're targeting, it's defenses and weaknesses, that's the only way. BTW, Learn Linux, you'll need it 🙂 And, when you're done, look into a ProxMark3, a Flipper Zero, and a HackRF One, for some fun with software defined radio, and RFID. For good measure, throw in some lockpicking (always fun to do over a cup of tea and some Netflix 🙂 ) Much Happy Hacking

You cant.. You can get the user to plug in the cable, and trigger it within a short distance, and get it to run a payload. BUT, get it to turn the camera on, without the user knowing, well..that's the payloads job. So, maybe you question should be "how do i write a payload that's undetected by OS-X, that turns on the webcam, without alerting the user, and makes me a peeping tom ?": Can you use an OMG cable, sure..but the payload, figure it out yourself, and happy coding 😉

How do you know data was stolen from the system ? What you did is totally overkill for most use, and no it shouldn't be possible to extract data, unless you using crappy security cameras, so these can be shut down, a crappy safe, that's easy to crack, and no harddrive encryption on the laptop 🙂

Windows can only be installed on the first drive, on the primary controller, not anywhere else. So, if Linux is taking up what "would" be seen as drive C, that's your problem, install on the primary drive, install Linux on secondary drive, and see if it will boot 🙂

Forget it, it can't be used in that way. And, what about all the other wifi signals in the area ? You're saying it's to "stop intruders..". How do you mean ? One good start is to look at your wifi coverage (antenna design, buildings, site plan, materials and so on). And simply stop people from using smart devices in the area.. A very (ILLEGAL), way would to use a cellphone / WIFI jammer, to simply knock their devices offline.. What you wan't cant be done, not in an easy way anyway 🙂 /NoExecute

Stop stealing other peoples work :) You can see if you can figure out what base-theme they used, and base your own design on that. The same for plugins, and the like, but plain downloading everything, throw it on a new server doesn't make it your content, and yes, it is theft, and copyright infringement. You can buy base-themes and use for a starting point in your own design, some allow that. So, going that route would be the right route, everything else is plain wrong. Be creative on your own :) And yes, it can take a lot of time designing a website, that's half the fun :) If it's for a phishing campaign, stop doing something illegal :) You cant just download a WP site, you'll need the files, AND the DBase, to have a complete backup / copy. If you don't have creds, and can't get them, you're on the wrong path :) /Kent

I would say, it depends a lot... Are we talking about a vulnerability test, or a penetration test ? Running a scan for vulns, missing patches, or weak passwords are one thing, running a full test, is quite different. And,what is the scope for a test, how "far" are you allowed to go ? When it comes to equipment,a good laptop, running Kali, some Alfa Wireless cards, and you've got the basic gear you'll need. Everything else,is just "nice to have", not "need to have". But for "nice to have". A rubber ducky / Bunny, and a Odroid C2 and some lockpicks 😄 (and a veeeery patient Boss) /Kent

Hi guys 🙂 Got somewhat of a rookie problem. Rented a new VPS, based on debian 9, and hooked it up to my DNS. My primary site / domain is www.labet.dk, the server is downloads.labet.dk. The strange thing is, if I try to ping it on downloads.labet.dk, I get a response from the right IP, but DNS , it shows up as mail.darrenmusic,com. When I log in, and run a netstat -a, this is the output root@downloads:~# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:webmin 0.0.0.0:* LISTEN tcp 0 172 mail.darrenmusic.c:2222 80-197-123-156-ca:44938 ESTABLISHED tcp 0 0 mail.darrenmusic.:50180 m2420.contaboserve:http TIME_WAIT tcp6 0 0 [::]:2222 [::]:* LISTEN udp 0 0 0.0.0.0:10000 0.0.0.0:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 2 [ ] DGRAM 13824 /run/systemd/cgroups-agent unix 2 [ ACC ] STREAM LISTENING 13828 /run/systemd/private unix 2 [ ACC ] STREAM I cant seem to find any services configured to mail.darrenmusic.com, so right now, Im really lost. Any thoughts would be really welcome... Sorry for asking rookie questions 🙂

Enter stage left, grumpy old man , MUPPET SHOW THEME PLAYING... Young man...listen up, and listen veeeery carefully. Since RKiver gave you the short version, and right now, you're wondering why, I'll give it a try. Since you haven't gotten permission, dont do anything to those machines. just bypassing login restrictions, would be a crime. Launching any kind of exploit, botnet, or malware is a crime. Since you dont know what you're doing, its a real dissaster waiting to happen..period. Go do your learning on a virtual lab, or private lab network, not on your schools gear. But you could try and ask the network staff if you can give them a hand, because you want to learn, and maybe someday be an admin yourself. Some of them might actually think it's cool, and start you in the right direction. Exit stage right, grumpy old man

Sorry for posing a stupid question... but why ? You can setup the client, to not connect if server is not in known_hosts, but as far as I see it, SSH wont function properly without sending servers public key. I'm not sure, but I really can't see the point in it either ;) If it' a matter of security, set key auth only, and disable ordinary password login. throw some fail2ban in front of it, and you should be fairly safe :)

just some quick thoughts ? For demo purposes, i would recommend a laptop running dual alfa wifi cards, as it's easier to use a laptop if something goes wrong, or you need to adapt. I usually do it that way, and keep the HAK5 stuff for easy depployment on field tests if need be. But, as for showing the dangers of wifi, i would say you're on the right track, if you can demonstrate deployment of malware, capturing credentials, dns spoofing, java-script injection and stuff like that. Just simple stuff, but with an impact none the less. It really shows why you shouldn't be using the network on McD or Starbucks without a VPN ? Something like DNSchef, Beef-Xss, Metasploit and Blackeye captive portal comes to mind ? As far as using videos, I think you're right. Better to make mistakes "live" than using a video. It better demonstrates what can be done and the tech behind it. Even though I failed at a demo, and had to try a second time, it gave everybody an opportunity to talk about the tech behind it, why it failed, what to do about it, and so on. So what could have been a dissaster, ended up begin a really nice talk with the people present about a lot of stuff related to security, and the ides and technologies behind the demo.