Jump to content

Search the Community

Showing results for tags 'Security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall). My beginning purpose at this project is protect my personal server, now is protect the machines of my friends. When i talk "friends", i say peoples that don't know how to write low level code. Using the HiddenWall you can generate your custom kernel module for your firewall configuration. The low level programmer can write new templates for modules etc... First step, understand before run Verify if the kernel version is 3.x, 4.x or 5.x: uname -r Clone the repository git clone https://github.com/CoolerVoid/HiddenWall Enter the folder cd HiddenWall/module_generator Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module. $ cat rules/server.yaml module_name: SandWall public_ports: 80,443,53 unhide_key: AbraKadabra hide_key: Shazam fake_device_name: usb14 liberate_in_2_out: True whitelist: - machine: ip: 192.168.100.181 open_ports: 22,21 - machine: ip: 192.168.100.22 open_ports: 22 If you want study the static code to generate, look the content at directory "templates". Second step, generate your module If you want generate a kernel module following your YAML file of rules, follow that command: $ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml This generate a generic module with rules of server.yaml, if you want to use another template you can use "wall.c", so template module "hiddenwall" have option to run on hidden mode(is not visible to "# lsmod" for example). Third step, install your module To test module: # cd output; make clean; make # insmod SandWall.ko The rule of YAML to generate module is simple, drop all out to in packets, accept ports 80,443 and 53. The machine 192*.181 can connect at ports 22 and 21... if you use nmap at localhost/127.0.0.1 you can view the ports open... because rule liberate_in_2_out is true. Password to turn Firewall visible is "AbraKadabra". Password to turn Firewall invisible is "Shazam". You need to send password for your fake device "usb14". To exit module, you need turn visible at "lsmod" command ... # echo "AbraKadabra" > /dev/usb14 # lsmod | grep SandWall # rmmod SandWall Random notes Tested on ubuntu 16 and fedora 29 at kernels "3.x","4.x" and "5.x". TODO Suport to IPV6. Macro to select the interface(to use multiple modes for each interface). Option to remove last logs when turn hide mode. Option to search and remove others toolkits... Code generator to BFP... References Wikipedia Netfilter https://en.wikipedia.org/wiki/Netfilter Linux Device Drivers http://lwn.net/Kernel/LDD3/ M0nad's Diamorphine https://github.com/m0nad/Diamorphine/
  2. Can Police access the snapchat my eyes only feature when one hands over their phone to the authorities.
  3. Need to HIre an expert to sort out personel and business Network issues along with our devices etc. Please advise on options and recommendations thanks Cambar
  4. Hi.I Want To Learn About Cyber Security.I Have Used Kali Linux For Phising,Android Hacking,Wifi Hacking. But I Want To Know About Internet …What Language Should I Learn And From Where?If Possible Please Tell Me. I Know Some C Programming. I Just Dont Want To Exploit,Want To Create Also.Please Guide If Possible…Thanks
  5. Hi I currently use syslog for my network devices. I was wondering if would be possible to run software on RPi4 to analyse the syslog , to detect attacks and suspicious activity? Even better if it has a graphical interface 🤔
  6. hello everybady,i am new in this forum.right now i work as penetration tester for a little compay who protects from mobile hacking.In this project I am searching for an opensource app or a leaked app that has the ability to do full jailbreak to an iPhone and get full Remote access like: uploads and downloads data from the phone,use the camera and video, record voice,gets user location,web history,list of contacts and so on.i also tried many commrical apps like:mSpy,MobileStealth and so on but they were useless.i thoungt to myself that for the start i can lure the user using spearphising or wififisher.do you have any good,working ideas for the app?
  7. How would you go about hacking a WiFi based system like alarm.com or adt. Got one some time ago and would like to experiment with the cameras and system itself. Any tips or walkthroughs would be great.
  8. Hi! If anyone needs good password list for bruteforce hacking - bigpasswordlist.com I've downloaded all biggest lists and merged them together. List is good.
  9. As the title says I'm tinkering with Mac Addresses. I'm writing a simple python script that just takes in a Mac Address as a string and tries to figure out as much information about the device given nothing but that address (not even network access). However, I'm not sure what all that Mac can tell me or how to determine it. I know Mac Addresses can be spoofed. I know that the first 3 octets usually represent the OUI (Organizational Unique Identifier) but beyond that what can a Mac Address tell me? What other useful information can I extract? (any details or resources about how would be nice too) Thanks in advance.
  10. Hello, fellas security people, I would like to know the best way to authenticate offline software. We would like to sell our client our server software, but we want to ensure that this software would not be duplicated or used by non authorized users. We are thinking about usb authentication key, but I want to know how other people think about this problem.
  11. is there any relatively decent cheap VPNs you'd recommend??
  12. Hello guys, So i have trust issues. Nowadays everyone seems to be after every little bit of information. In fact this has grown so fast that everyone should be bothered. In the wake of certain events surrounding a certain social Network Data leak, i started to ask myself a few questions. Now i live in Belgium. For those that dont know where that is, its where the good beer comes from. Now, down where i live there is basically 1 major internet provider, there are others in the country but this 1 dominates the market so bad that the others are not opperating in every region of the country. With this in mind i wanted to find out if there is any regulatory instance for things like Internet and Information security in my country. Turns out that unless your fluent in dutch and have at least a law degree, you can go f yourself as nobody seems to know anything about it on the belgian state sites. Hell, even some major regional politicians didnt know. From that arise 3 questions: 1. How do i go about finding out who is in charge of what down here? 2. Can I trust my ISP not to eavesdrop on my traffic? 3. And if not, how do i protect myself ( Thinking VPN but id need a VPS for that and do i trust that VPS provider?) any piece of advice would be apreciated Thank you
  13. What book you recommend? Books in security, hacking pen testing, or anything else that you recommend to increase knowledge
  14. Hi, I want to use the Pineapple in an defensive mode, and as well it works like a regular router, for example: - To detect another Pineapple working in Rogue AP mode. - Can open ports. - MAC filter. - VPN. - ... Do you pls know whats firmware like OpenWRT or another like this I could use? Thank you,
  15. Hi all. I'm a newcomer on Hak5 forum but have been following the channel on Youtube for a little while now. I'm a (moderate) fan. I've been an IT person for about 20 years now and all aspects of security do matter to me. In a previous job I was watching the network security and providing users with common good practices. Although I'm no expert I try my best to act as responsibly as can be, leaving room for improvement — I guess there's plenty of it... For several years now the growing number of security flaws, exploits, vulnerabilities and hacks that have been reported through the news and all the channels that I happened to browse give me the creeps: yahoo breaches, XSS, CPU flaws, software bugs and poor programming practices, which government agencies profit from for spying, poor IoT security, connected spy-tools from Google and Amazon... (I'll stop there.) Not that I'm afraid I rather feel disgusted to the point of wanting to run away from a great part of the technology as much and as far as possible. As a recent measure I am running no-script and am, well, contemplating how the modern web browsing age depends on it... and breaks! For having been a web developer, too, I find it infuriating to see most of these sites rely on javascript to provide the simplest animation or gadget while CSS-only is much wiser and profitable to the user experience. As if no developer couldn't do without like their lives depended on it... (that's only my perception, probably exaggerated.) As I also follow the news and behind the (not-so) recent Meltdown and Spectre flaws that top it all I fee like whatever I can do ends up like putting steel locks with 12 digits on a tipi's curtain. So as for Javascript does it make sense to disable it, given that I don't perceive a browser as a safe platform when it comes to security? I have to confess that I asked this question recently and got slapped so bad I was treated like an obsolete, retrograde, has-been, last-century, ignorant monkey. Anyway I'm pleased to see there are still lots of sites perfectly working without and I'm not sure I'm inclined to going back to a full javascript-enabled experience... Thanks a whole lot, guys and keep the good work.
  16. Original link is here (with more pertinent details that I won't post in this thread): https://github.com/corna/me_cleaner/issues/51 My name is Carlos Royal and I've witnessed several zero day exploits used against my computer. As a result of this, I've been the target of government corruption AND an extended gaslighting campaign that's designed to undermine the fact that the government got caught red handed breaking into my pc (when I was using an end-of-life system that had no management engine) by means of both attempting to erode my sanity/make me question my memory and attempting to pull me out of integrity (so I hand my power away/do something criminal-esque due to provocation and end up in prison/lose liberties or rights... to undermine the fact that the NSA got caught red handed). This post, which spans an experience of at least three years, is meant to combat the governments method/tactic of gaslighting (to escape accountability/acknowledgement of misusing government capabilities), by means of making my experience a public record (since the techniques/tactics employed rely on me staying silent due to doubt, fear, and "what if's"), and is highly beneficial to any security professional that reads it. (to the organization that targeted me: Consider the above paragraph "Game Over.") Mandatory backstory: A while ago, I decided to challenge myself by attempting to obtain the Offensive Security Certified Professional certification in an effort to break into the penetration testing field. Over the course of 120 days, I managed to successfully breach and escalate on 16 systems within the OSCP lab. Firefox Zero Day: During my progress, I noticed unusual activity on my computer. I make heavy use of the Linux terminal on an everyday basis and I noticed that the shell that I was using wasn’t the first shell that was open. Upon further investigation, I noticed two bash processes running on my PC. Upon closing the one that I wasn’t using, my Firefox browser closed at the exact same instant. This leads me to believe that I was targeted by the FoxAcid system due to my activity from the OSCP labs and that the zero day exploit didn't use the proper escape sequence. Tor Malicious Node Zero Day: I utilized an Open-WRT router as the base of my build. From behind it, I built an Arch Linux “transparent TOR router” that was designed to fail-close (where if my PC could not connect to the internet through TOR, it wouldn’t be able to connect to the internet whatsoever). From behind this router, I rebuilt my new PC using the Arch Linux distro. A few weeks later, after my build was complete, in use, and thoroughly tested, I observed on the “check.torproject.org” page (which was a page that I would check compulsively) that I “wasn’t using TOR.” (THE MANAGEMENT ENGINE EXISTED WITHIN THE PC BUILD THAT I USED WHEN THIS EXPLOIT WAS USED AGAINST ME. THE GOVERNMENT UNMASKED ME OVER TOR SO I WOULD CATCH THE IP ADDRESS OF THE TOR NODE ON PURPOSE.) This would lead me to believe that the government is in possession of a risky zero day exploit that exists to target TOR only users. Instead of targeting the TOR network directly, it would seem that this exploit works at the modem level and intercepts and possibly redirects the user to a malicious TOR node that’s not on the TOR network. NOTE: If you "attempt to browse" the check.torproject.org page and it attempts to resolve for an extended period of time when using TOR, you should probably reset your circuit. You're probably being unmasked and your connection to the check.torproject.org page is most likely being dropped. DBUS Daemon Socket Exploit/X11 Socket Exploit: The "bash" and "sh" Linux binaries aren't the only things that the government can target. They are also capable of targeting other things, such as the DBUS-DAEMON socket or the X11 socket on a Linux PC, to create a secondary session for the purpose of viewing, and perhaps interacting, with the target's PC. Things that can be done include, but are not limited to: spawning extra lock screens, crashing GUI tied processes (such as security scripts running in konsole), crashing the GUI in general, viewing your keystrokes and monitors, etc. A home user's browser is one of the primary avenues of attack and can be targeted by state actors to spawn shell binaries (or any binary) or use exploits against the DBUS-DAEMON socket or X11 socket. NOTE: This can be rectified with pre-existing open source software, such as firejail (read the man page, USE THE AUDIT FEATURE. It will TELL YOU WHAT TO FIX.): firejail --rmenv=DBUS_SESSION_BUS_ADDRESS --private=/root/a/fake/home/directory/ --x11=xephyr --quiet --net=ethernet1 openbox Alternative to openbox, adding "nolisten local" to the X11 options of the X server running on a users system will disable abstract sockets (which should be sufficient in combination with a private tmp directory and private network spaces to use the PC's gui instead of nesting it). If you're cosmologically "lucky," you may be able to see firejail kick back an error when the "sandboxed application" attempts to access a blacklisted file/folder that it's not supposed to. If you're concerned about sandbox escapes (which do exist), this can be combated with the "kill" command listed below, as well as with good old fashioned socket monitoring (such as running "ss," with extra parameters, in a loop to tie processes to IP addresses). I've also found that renaming "dbus-launch" and "dbus-send" to "dbus-launch.old" and "dbus-send.old" as well as qdbus to qdbus.old serves to stifle the sandbox escapes that aren't covered by the shell kill script. These sandbox escapes aren't AS DETRIMENTAL as having shell access/control over the users PC, but can still be used for seriously nefarious purposes. Theory: The 3 letter agencies connect to a users pc through google IP addresses. Zombie Tracking Cookies: Firefox connects to the internet when opened, regardless of whether or not the user chooses to browse. Upon attempting to disable third party cookies, I noticed that there was a tracking cookie that was implanted in my browser despite the fact that I did no browsing. Previously, the only third party tracking cookie that I've witnessed was one belonging to "google." I theorize that the NSA's zombie cookies implant themselves when the user opens up their browser (which connects to the internet) and disguises itself as the site that the user visits first. Because I did no surfing whatsoever, the tracking cookie was disguised as a Mozilla tracking cookie. The Mozilla home page does not require third party tracking cookies. This exploit was spotted originally due to my use of an addon that self-destructs unused cookies after 1 minute. Before I found this cookie undisguised, I noticed that a "google" tracking cookie would continue to self-destruct every minute, despite me closing and re-opening the browser and not navigating to google. Catching it in it undisguised state some time later confirmed my suspicions that this was a zombie tracking cookie (which was most likely set to attempt to re-implant itself automatically whenever I opened my browser). How Corna's Intel ME removal script no shit saved my skin: Because of the nature of the incidents that I've witnessed, I've designed a script that utilizes the killall command that will kill all processes specified that are older than 5 seconds. killall "sh" -q -v -y 5s This command, when run in a loop every two seconds, kills all shells ("bash" and "sh" specifically) that are younger than 5 seconds. So long as a terminal process that THE USER CONTROLS is already running, the user gains the ability to use their own terminals while denying access to terminals that are opened as a result of any exploits that are used against their computer. The terminal is THE HEART of pentesting, and in denying this resource to an attacker, it denies an attacker the ability to gain control over a users PC. The idea is to open a few terminal processes before running this command in a loop in a script (AS ROOT AND AS A BACKGROUND PROCESS, since a terminal manager's process can be "crashed"), and then connecting to the internet as normal. Your operating system is capable of defending itself (for free) with native tools. This technique can be used for more than just stopping shells. It can also be used for sandbox escapes that occur through firejail. Common binaries that the 3 letters can target are "bash," "sh," "dbus-daemon," and "qdbus (kde)." The last two can be spawned as processes and attached to firefox, similar to escaped shells. The kill command will work to stop the end result of Firefox forking to binaries on your system that it shouldn't fork to. This can be tested ON YOUR OWN WITH A KNOWN VULNERABLE VM. I actually ENCOURAGE anyone and EVERYONE to try this for themselves (I want to be proven wrong). What's important to note here is that THIS IS USELESS WITHOUT THE INTEL MANAGEMENT ENGINE REMOVED FROM YOUR COMPUTER. No software solution will ever be a good enough solution so long as hardware backdoors/secondary operating systems exist within a users system. The Intel management engine contains an Operating system that shares physical resources with the target machine. Without Corna's removal efforts, I would be up the creek with no paddle. To obtain a better stance on PC security, open source security solutions must be used IN COMBINATION WITH CORNA'S REMOVAL SCRIPT/the removal of the Intel Management Engine. Both hardware and software security solutions must be used together. I leave my post here for the security experts to judge for themselves (all attempts to take the appropriate channels to close the leaks, have failed spectacularly). Critique this logic, spin up a vulnerable VM, and TEST IT FOR YOURSELF. I'd love for someone to prove me wrong.
  17. In the process of setting up 2 machines for my little ones and I want to make sure they don't "accidentally" stumble upon something they shouldn't. I have parental controls and content filtering inside the router which works well, but I'm wanting to have a separate network for just the kids and I want everything on that network to be restricted to appropriate content only. Should I setup a proxy and point their browser's to route traffic through a proxy, is there a web filter app/server software you recommend? OpenDNS works well, but if I remember right I was able to somewhat view content that should have been blocked. The only thing I really want fully open is YouTube. Thanks in advance. I'm open to all suggestions, the more enterprise the better.
  18. Hi, I'm fairly sure most people who get involved in security, pen testing etc, will know things about networks, linux, and a handful of languages and understanding of exploits depending on what they're doing. A part from things like becoming a better programmer or learning more about networks what are some things you would assume security experts to know? I'm looking for things to do with security but mainly things that don't necessarily come under security like linux kernel development or AI but could be incredibly beneficial to someone in security. Thanks!
  19. hello ive recently read a lot about anonsurf and was wondering if turning a vpn on before turning on anonsurf would ghost my activity? If not I would love to hear your thoughts about the best way to become ghost online.
  20. Greeting all, I am writing an encryption app for both iPhone and android devices and have come to a fork in the road...(ooo, bad pun)...I wanted to create a 'Save' option to store the encrypted texts locally on the device, but after the revelation of vault 7, I am thinking that maybe it's better to have users save their texts off device elsewhere. The Key is generated on the device locally and stored locally. The Key is protected and has self destruct mechanism, but my concerns are that they would both reside on the device and then could be fully compromised. With the ability of these agencies, where do we go from here? My question: would it be better to save off device or just store it locally? Any thoughts and elaborations are greatly appreciated.
  21. I have to travel a lot for work, so I am looking for a travel router that will be able to act as an OpenVPN client. I have considered purchasing a WIFI Pineapple nano for this application, but it seems to be a bit of an overkill for what I need. What would you suggest I get?
  22. Hey guys, I know most of the post here are about attacks for the rubberducky, but I wanted to share something different with you today: a script to prevent rubberducky attacks. DuckHunt: https://github.com/pmsosa/duckhunt For now it is a project intended to protect users against Rubberducky attacks (or other automated key injection attacks). I made sure to document as much as I could in the github page so that others can keep adding and eventually it could lead to a larger discussion on how to protect users from these types of attacks. I read the previous Defense Against Ducky posts, and it seems that people had lots of ideas surrounding how to defend against these guys. I was just curious to see what would be other legitimate things one could add to protect against these :) Cheers, - Konuko II
  23. Hello. I am new to this forum so if this thread needs to be moved somewhere else, please let me know. Sorry in advance. I have built a hacking lab for testing purposes. I have a target router which leads to a MitM device and a switch. The switch connects two target machines and a hacking machine. I want to supply internet access to the two target machines by connecting the router to my main router, thus giving it internet access (currently the router is not supplying internet). I have heard it is a bad idea to give labs internet access (for obvious reasons). Is there a safe and secure way of doing this that doesn't raise a high/moderate change of comprising the network outside of my hacking lab? I have heard of people using VPNs to secure their network. I just haven't really seen it done in this aspect. Any advice in doing this would be super great! Thanks.
  24. So now there these SOCs which seem to be really the top thing in cybersec these days. My idea of them is just guys sipping coffee and checking whatsapp and sending arcsight automated excel generated reports to people who also have no idea on what to do with them. Ec-council has also come with the incident handling cert now which i think is geared towards this. I want to know what the whole deal is with these SOCs, anybody working in one, please share. Right now all i know is the fuckers are expensive.
  25. Hi all, As the title suggests, I was wondering why WPA should be easier to crack than WPA2, and yet the process to crack them appears to be the same? The hash mode in Hashcat is exactly the same for WPA and WPA2, so surely they would take the exact same amount of time to break? Is there a quicker way to break WPA? I found http://www.aircrack-ng.org/doku.php?id=tkiptun-ng, but this appears to only be for WPA-TKIP, and doesn't look like a finished product. At the moment, are we doomed to cracking WPA using the same methods as WPA2? Thanks.
×
×
  • Create New...