Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hi all! I'm a student and I need to know, JUST IN THEORY, for a research, how to perform a DoS or DDoS attack. I mean, it's performed sending a large number of ping packet or clicking continously on the same link, or I don't know how many other possible ways. What are the common ways to generate a DoS attack? Can anyone help me?! Thanks
  2. Does anybody have any helpful information regarding capturing a password attempt to access my own wifi network? So this is before the user even logs onto my network, I want the ability to see what passwords the user is trying. I am thinking about hacking an open source router which I may need for this to work? If anyone has any information regarding this that would be very helpful, I have wireshark but the question is specifically about the initial password attempt to access the wifi network. Thanks!
  3. Hi All, ages since i posted, I have an idea running through my head and can only assume that because i'm not cutting edge someone has been here before me. I have been burgled (well attempted) and have since installed an IR sensor and alarm to my property but thought about something alittle extra. Bluetooth logging, most people have smart phones these days, criminals included, well if fingerprinting and foot prints are enough to send crimbo's to the slammer then bluetooth mac addresses have to be closley followed right ? I mean most bluetooth devices have the owners name on them like bob or jim (no offence to law abiding bob's & jims ) but this gives you a name of who was snooping nearby and the unique ID of there phone. I know i could get something like thepineapple to capture wifi and maybe assiocate to an accesspoint but think bluetooth is of a lesser range and as a result wouldn't give so many false positives. ideally based on low power consumption as it will be 12 volts powered.
  4. Whats the best way to lock up a system when a wirless device belonging to the owner is 21" from the keyboard? I had to run outside and help my frantic neighbor extinguish a bush fire his kid started by throwing a bottle rocket into a pile of dry leaves yesterday. As I was hosing it down it occurred to me I left my outlook open. I'm looking for a ubiquitous, OS agnostic, device or secure protocol such as bluetooth that will lock up the system in the event of an emergency. The incident reminded me of a famous story I read....
  5. Hi, I have been a few times attacked by DDoS attacks just because I sponsor some guilds and clans with a TeamSpeak server. My current router has "Denial-of-service (DoS) attack prevention". Well this is good on paper but when a DNS DDoS attack comes as it has done, my router gets a little slow. The attacks won't kill my connection, but it more or less gets unusable. The router has a 680 MHz processor with 16 MB flash and 128 MB RAM. (Netgear WNDR3800 - N600 Wireless Dual Band Gigabit Router—Premium edition) Would a homemade router stand better against these kinds of attacks or is there a way to make the current one better against it? If a homemade router would be better, what OS / firewall should be used? I know Smoothwall has gotten a lot of good things said about it, and I know Darren has used this in one segment (back in 2010 i think). Would that still be one of the better free versions that is easy to handle or has there come up something new? Sincerely, Sleepwalker/Uyurgezer
  6. Educational purposes only! So i was wondering what are actually the best ways of not getting caught using the pineapple or hacking into someone? Metaphorically. Like what VPN do you use etc?
  7. Here are the steps to watching security cameras on the internet: 1. Open up your web browser. (Chrome, Firefox) 2. Go to a search engine of your choice (i.e. Google, Yahoo, etc.), and input any of the search queries listed below. 3. After you Google/Yahoo one of these queries, you will see some search results, click on any one of them. 4. Depending on the type of camera that you have access to, you may be able to zoom, pan, and tilt the camera to see what you want to. 5. Do not try to get onto password protected cameras, as this will not go unnoticed if too many attempts are made. Some things to search in google: inurl:/view.shtml intitle:Live View / AXIS | inurl:view/view.shtml^ inurl:ViewerFrame?Mode= inurl:ViewerFrame?Mode=Refresh inurl:axis-cgi/jpg inurl:view/index.shtml inurl:view/view.shtml liveapplet intitle:liveapplet allintitle:Network Camera NetworkCamera intitle:axis intitle:video server intitle:liveapplet inurl:LvAppl intitle:EvoCam inurl:webcam.html intitle:Live NetSnap Cam-Server feed intitle:Live View / AXIS 206M intitle:Live View / AXIS 206W intitle:Live View / AXIS 210″ inurl:indexFrame.shtml Axis intitle:start inurl:cgistart intitle:WJ-NT104 Main Page intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/ intitle:snc-rz30 inurl:home/ intitle:sony network camera snc-p1″ viewnetcam.com intitle:Toshiba Network Camera user login intitle:i-Catcher Console Web Monitor I take absolutely NO RESPONSIBILITY of what you do with this.
  8. Hello Hak5 fans! SkyDogCon is a technology conference in Nashville, TN for the individual with the Renaissance Mind. It mixes Hacking and Making with a healthy dose of Technology. SkyDogCon exists to facilitate learning, information sharing and mingling with like-minded people in a relaxed atmosphere. This is the 3rd "official" SkyDogCon, and we would love to see some new faces this year! Hang out, catch some spectacular talks, learn, and have tons of fun. We cover a wide range of Hacking/Making including Security and Hardware Hacking! Events: Lockpick Village Electronic Badge Hacking Duplicity CTF (Live Capture the Flag!) Lots of Talks CouchCon Vendors' Area Nerdcore Rap http://www.skydogcon.com
  9. Hi guys, (I have gotten permission from one of the Mod's here to post this, so I think it's okay) I already feel out of my depth here by looking at a few topics :) I am a webmaster for an up and coming poker news website - Flushdraw dot com. I have a good number of years in the online gambling/poker niche and am always looking to offer value to my readers. As part of this value I am looking for a technically gifted candidate to perform a task for me. In my niche there is a threat for with players with regards to data security. Many players (recreational and professional) are very unaware of the dangers of playing (or even browsing) online using a un-secure Wifi connection. When they play on open Wifi networks they are open to poker exploitation (I think!) and data fraud. I am hoping to highlight the dangers and security threats for these players. Below I will outline the details of what I want and feel free to ask me any questions. What I would like is a 1 or 2 videos made by a security expert showing; 1) The dangers of using an open Wifi connection for credit cards, data, email passwords etc... and 2) The dangers of playing online poker or casino games (for real money) over an open Wifi connection. I assume there is a way to exploit someone playing an online poker game on an un-secure connection but you the security expert would be better able to tell me this. When I say the video should show the dangers, I mean the candidate show show it being done whilst explaining how (easy) they done it. When I say 1 or 2 videos, it means that if number 2 can be done, I want two videos. I assume videos will be made in HD using Camstia (if available on Linunx) or some other desktop recording software. In addition to this, I would like the expert to write a few words on the subject. I assume about 300 -500 words detailing the risks, consequences and precautions. Excellent writing skills are not exactly requitred as out editing team can change it up - we jut need the technical know-how to produce the content. Requirements: You need to know what you are doing. If you are not a security expert, I will know. I have friends in this vertical that will be analysing applications and submissions. You should have a company and/or security website (for accreditation and background research check). Your website will be mentioned with the video. You should have exemplary English. I do not care if you are foreign, once you speak very good English :) You should be a very anal about your work. I want perfection to a clean finished product. You should be able to speak jargon in laymans terms. The audience will range from very internet savvy to not so savvy. Payment: While I hate to say this and it probably works out badly for me is: I am quite flexible on this. I would like users to give me either an hourly rate and estimated number of hours, or a fixed price for the job. Cost is not my concern here, it's quality - Although I'm not retarded. I will know what is a blatant overprice . I can pay on PayPal or MoneyBookers (Skrill) or even work with something else. If there any any concerns, I am willing to discuss Escrow with on of the Mods here (if they oblige) or with Escrow.com. Submissions: Please PM me as much relevant information as possible. I want to see samples of your videos in the past, your thoughts, your opinions, your experience, etc... Show off to me. Also please include your hourly rate x estimate number of hours or your fixed price proposal. I am open to a discussion here too guy about any suggestions or opinions you may have. Again feel free to ask any questions. Thanks
  10. Hey guys, Been ages since i posted. But recently i was reading a bit of news and came across this article: ctf365: capture flag next generation http://ctf365.com/ So i was wondering if you guys heard of it. And if people are gone take place in it. If some team/group is gone take part and got some room left. And wouldnt mind some1 looking over the shoulders, let me know ;) P.S. Im more in for the defence part. Europe based. Regards, GuardMoony
  11. Ok so as an ongoing personal research , one thing I've REALLY been wanting to get into encryption. I know there are plenty of "free text encryptors", but I want to get into the encryption that doesn't require a key, or any of that jazz, i want to learn the hard way essentially. Anyone shed some light? :)
  12. I am looking for an option to use a router (PfSense, monowal, anything else I am forgetting) and Wifi Capable router to attach to this system. A way to use something like proxychain. I would like to setup a way to bounce over multiple proxy sites securely. Thinking of something like hitting 5 or so proxies to make my traffic anonymous. Looking for something to browse securely and not have to worry about remembering things like enabling proxy on my browser. I was also thinking of having this system setup at either my office on a separate static IP or at home and being able to VPN into it from my MAC Book PRO that I always use. Thanks in advance for any help and or suggestions you have. Nathan
  13. I feel as though this should be a discussion for Hak5 Forum Members to have. If devices are getting more NFC capabilities why not use them for a second factor of authentication? Try combining NFC with PIN, Pattern, or Face Lock (maybe more). Try the more extreme measure of injecting an NFC capable tag into your body. I don't care what you do but please document it thoroughly and share it with everyone else.
  14. OK, so I believe a member of this community has developed a hot new WordPress attack scanner. I've got my scanner plugins installed but I still feel like my WordPress site is a huge pile of SQL vulnerabilities and opporunities for leaking databases, XSS, RFI/LFI, and other penetration. Beyond having a scanner plugin, what more can I do to harden WordPress? Is it an intrinsically vulnerable system or can the security be pretty tight? Frankly, I have a $100 reward for anyone who hacks my site and I want to post even more tempting challenges for people to hack it, but I feel like right now it's just not up to snuff [it's not really ready yet, so don't ask for the URL lol]. In addition to security I would like my WordPress to look leet, have some leet features, and ideally not be recognized as WordPress. I used to build websites in the 90's and early 00's, but I just have not had the time to stay current, thus WordPress is a very attractive option. But I feel like some lamer having this cookie-cutter pre-coded solution... so can I at least hack it in the sense of making it appear to be a hand coded site? I have a plugin called hide-login that changes some of the default WordPress directories and I've modified a public domain theme to remove the dead giveaways, but what more can I do? Finally, what are your favorite themes for hacking/tech stuff, if any? I like the Commodore theme but its formatting doesn't hold up well on anything but desktop based IE and Chrome.
  15. hello, I'm looking for some good security podcasts (besides hak5 and pauldotcom's stuff) more in the news category. any suggestions?
  16. My site gets attacked daily, and for whatever reason, someone or some group truly wants into my site. This has been going on for about two years now, and they are pretty relentless, hitting me a few hundred times a day, sometimes taking it down with DoS attacks, and almost always with the same stupid attacks, looking for TimThumb flaws in my site, so they can try to get a reverse shell. They also try a number of other types of attacks as well, like XSS, SQLi, RFI and LFI attacks, all of which fail, but none the less, they keep trying. So I started writing a decoder and grepping my logs every day for all of their shell scripts. After a few weeks of downloading and decoding their shell scripts, I realized this wasn't some random drive by, but targeted attacks. I went on the offensive, and started tracking down the attackers, their sites, the sites they compromised and so on. A few people took notice on Twitter about my complaining and such, one of whom is our very own Brian Wallace, aka Bwall, from the forums and FireBwall and Ballast Security. He took a look at what I was doing, and wrote his own decoder, which decodes more types of obfuscation than my decoder was doing. This also spawned a few papers he wrote on the subject of RFI attacks and Bot-Nets that he invited me to work on with him and MaXe from Inern0t. When the paper was done, I had collected somewhere around 200mb's of shell scripts, perl and php bots, and so on. What was I going to do with all these files? Nothing really, but I was using the decoded bots and scripts to track down who my attackers were, and with the help of Brian, shutting down some of these bot nets. My attackers didn't seem to like that to much, and as such, took notice of the paper Bwall had written and also the decoder site we we're using to reverse their bots and infiltrate their IRC channels. Then it dawned on me, We needed an easier way to catch these attacks, instead of me grepping logs on a daily basis, we needed an attack scanner to do the work for us. Initially, all we we're doing, was sending any RFI attack to FireBwall.com, and while thats great for decoding and collecting their shell scripts, I figured if we we're going to be checking and logging these attacks, we might as well start blocking them as well. Thats when I asked Brian to help me re-write some horrible code I had thrown together to log the attacks, and he turned it into a nice little Firewall for WordPress. Right now, we have a free version of our WordPress Attack Scanner Plug-in up for anyone to download and use, check it out and see whats happening to your own WordPress based site. You might be surprised by some of the things you see show up on the logs. The free version is only a logging utility, which lets you see what attacks we're tried against your site, but also where and who your attackers are. We do Geo-IP lookups from our own database now as well, and offer some basic stats on the various attacks. Here is a sample of what one of the attacks looks like. We're still working on this and will also be releasing the full blown Firewall based version within the next few weeks, but we wanted to offer up the free one to anyone who wants to give it a try, send us feedback, feature requests, bugs or hacks you may have discovered with it, etc, and we will be sure to add those fixes and look into adding more features. Again, this is still under heavy development, but we wanted to give everyone a chance to try it out and give us some feedback on what they thought. While the free version does not block the attacks, its till a very useful tool in discovering things you might not have known were happening to your WordPress based site. Check our http://www.attack-scanner.com/wp-attack-scanner-firewall.php'>http://www.attack-scanner.com/wp-attack-scanner-firewall.php to see all the things we currently check for. If you have ideas on things we should add, we're all ears!! Also, another plug-in I wrote, that works well with this one, is a Login Alerts plug-in that notifies you when someone is trying to brute force their way into your WordPress site. one of the things our attack scanner does, is check to see if anyone is trying to do user name enumeration. If they find the true admin name for the site, they will then try brute forcing their way in, and WordPress by default has no lockout periods or ways to notify site owners this is happening, so check out our Attack Scanner as well as our Login Alerts plug-in and let us know what you think. Links to both can be found on http://www.attack-scanner.com We're also going to be working with Dave Kennedy, aka Rel1k of TrustedSec and SET fame, to integrate the Artillery IP Ban list from his central database of banned attackers, so hopefully we'll have that in the full version when we are ready to release sometime before Derbycon is here. Thanks guys, let us know what you think, or if you run into any problems with installing them, etc. Big shout out to Bwall for all his help. You can learn more about this project on our site. NOTE!!! Once you activate the attack scanner, go to the configuration panel, and CHANGE THE DEFAULT PASSWORD!!! If you don't, and someone sees you are running it, they can download and read your logs. This password, encrypts your logs, and if you forget what the password is when migrating the file to another site running the same plug-in, there is no way to read the logs without the original password you used to encrypt the logs!!
×
×
  • Create New...