Pilfering Passwords with the USB Rubber Ducky Can you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC. In honor of the USB Rubber […]

Read more

Radio Brute Force Attacks and a little Binary Phase-shift Keying theory. All that and more, this time on Hak5. In this episode we’re going to: – check out a python script for RF Brute Force attacks with RfCat and a compatible dongle like the YARD Stick One – Do some maths regarding these types of […]

Read more

Support ThreatWire on Patreon! patreon.com/threatwire New DMCA Exemptions! https://twitter.com/doctorow/status/659082991738597376 http://boingboing.net/2015/10/27/librarian-of-congress-grants-l.html EU Dumps Net Neutrality http://arstechnica.co.uk/tech-policy/2015/10/eu-net-neutrality-goes-on-the-chopping-block-next-week-heres-how-to-fix-it/ http://www.wired.com/2015/10/cisa-cybersecurity-information-sharing-act-passes-senate-vote-with-privacy-flaws/ Whats App Is Spying?!? http://www.theregister.co.uk/2015/10/27/whatsapp_forensic_analysis/ Zero Days From Hell http://www.forbes.com/sites/thomasbrewster/2015/10/21/scada-zero-day-exploit-sales/?ss=Security Facebook! https://www.facebook.com/notes/facebook-security/notifications-for-targeted-attacks/10153092994615766

Read more

Drones have to be registered, coming soon! The Diffie-Hellman protocol for crypto is probably NSA’s favorite thing ever. Secure all the things! With Facebook… and China is hacking US, are we surprised? All that coming up now on ThreatWire. http://www.wired.com/2015/10/a-second-snowden-leaks-a-mother-lode-of-drone-docs/ http://www.theverge.com/2015/10/19/9567625/drone-registration-will-be-required-in-us-dot-faa-announce http://www.engadget.com/2015/10/19/us-transportation-department-confirms-drone-registration-program/ https://www.transportation.gov/briefing-room/us-transportation-secretary-anthony-foxx-announces-unmanned-aircraft-registration https://theintercept.com/drone-papers/ Prime Diffie-Hellman Weakness May Be Key to Breaking Crypto http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Hak5 […]

Read more

Hacking wireless remotes using RF Replay Attacks using the YARD Stick One! In this episode we cover: How to gather intel on the device you want to hack How to sniff its wireless signals Determining modulation Decode OOK signals Transmitting a Replay Attack with RfCat and the YARD Stick One Step 1: Gathering Intel First […]

Read more

Getting Started with the YARD Stick One for Sub 1 GHz hacking! All that and more, this time on Hak5. Support Hak5, follow along and get a YARD Stick One from our very own HakShop at https://hakshop.myshopify.com/products/yard-stick-one The YARD in YARD Stick One stands for Yet Another Radio Dongle and it was created by Mike […]

Read more

As Hackers reaches its 20th anniversary, we’re celebrating the film that pays tribute to the hacker culture itself. You see, behind the cyberpunk neon pagers and rollerblades, insanely great 28.8 bps modems and the far out network visualizations is a treasure trove of hacker history and lore baked in by the real hackers and technical […]

Read more

GPG Encryption for Windows, what happens if Keybase disappears, Free SSL certificates and how you could end up in prison for withholding your decryption keys. All that and more, this time on Hak5. — Jay – “great vid is there a windows equivalent?” Yes, you’ll need GPG4Win and Node.js for Windows http://gpg4win.org/download.html https://nodejs.org/en/#download When installing […]

Read more

What could be easier than file encryption with GPG? File encryption with keybase.io! Darren Kitchen and Shannon Morse demo the basics of the Keybase command-line app on this episode of Hak5.

Read more

It’s the Apple Event Day! We’ve got details on the new iPhone 6s and 6s Plus, the new iPad Pro, Apple TV and more! Plus, PCPer’s Ryan Shrout talks Skylake and the latest GPU’s, reliable SSDs, more help with Windows 10, and LTE 5G? Coming up today on TekThing! —— Download the video. Subscribe To […]

Read more

Encrypted File Sharing? We speak with the Demonsaw founder. Plus, building a cubed acrylic drone battle arena. All that and more, this time on Hak5! Demonsaw – https://www.demonsaw.com/ Autodesk 123D Design – http://www.123dapp.com/design MatterControl – http://www.mattercontrol.com/

Read more

Microsoft dropped a dozen security updates, including fixes for flaws being exploited ‘in the wild,’ the Office of Personnel Management just dropped $133M on credit monitoring, Turla APT used satellite Internet links to cover their tracks, Blue Coat’s top 10 Top Level Domains for malicious domains, moar! Support us on Patreon! https://www.patreon.com/ThreatWire Links: MS Drops […]

Read more

Is Google’s OnHub the Ultimate Home Router …or can a $94 router spank it? The Wirecutter’s David Murphy joins us w/ the answer! What’s the best tool to manage your travel mileage rewards? Shannon’s on it! Will the FCC kill Open Source Router updates, what comes after MPEG, and your alarm system feedback! —— Download […]

Read more

Windows 7 & 8 are phoning home just like Windows 10 does, weaponized drones are now legal in the USA, and Agora, the site for selling narcotics, takes a vacation.   Links: http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/ https://thehackernews.com/2015/08/windows-spying-on-you.html https://support.microsoft.com/en-us/kb/3022345   http://readwrite.com/2015/08/26/drone-law-north-dakota-weaponizing http://www.thedailybeast.com/articles/2015/08/26/first-state-legalizes-armed-drones-for-cops-thanks-to-a-lobbyist.html   http://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/d/d0/Luftwaffe_99-01_RQ-4B_EuroHawk_ILA_2012_1.jpg

Read more

Both Samsung’s Galaxy Note 5 and S6 Edge+ have hit and are top-of-the-line. LG’s G4 is another great option… but should you -WAIT- a few more weeks before you buy a new phone? Will Sprint and Verizion going ‘contract free’ save you money? Two Factor Authentication: Shannon talks Authy, Duo, and Google Authenticator. Will a […]

Read more

The White House is backing the new cybersecurity bill, the FTC can now sue companies for getting hacked, and robocalls are being blocked by a robokiller! All that coming up now on Threat Wire.   Links:   https://threatpost.com/white-house-support-for-cisa-worries-privacy-advocates/114383 http://thehill.com/policy/cybersecurity/250241-white-house-endorses-senate-cyber-bill   http://www.wired.com/2015/08/court-says-ftc-can-slap-companies-getting-hacked/ http://www2.ca3.uscourts.gov/opinarch/143514p.pdf   http://arstechnica.com/information-technology/2015/08/robokiller-wins-ftc-prize-by-annihilating-robo-calls/ https://www.kickstarter.com/projects/485600868/robokiller-app-stop-telemarketing-robocalls-foreve/description   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/e/e1/White_House_Washington.JPG

Read more

Suicides, extortion, and a $500,000 bounty for Impact Team… it’s gotten ugly at Ashley Madison.com. Amazon’s dropping Flash ads in September. China’s arrested 15,000 that “jeopardized Internet security” tho that does not mean what you think it means. Patch WordPress, there’s some nasty exploits. Some Android browsers have Zero Day flaws, and will Microsoft ever […]

Read more

We’ve got reviews of the LIVA X2 Mini PC, and the Smanos W020i WiFi Alarm and Wireless Camera Kit, more Skylake info from IDF, three awesome free windows apps, how to block phone numbers in Android, and what happens when you use your favorite video streaming gear on vacation! —— Download the video. Subscribe To […]

Read more

Checking out Kali Linux 2.0 and cracking the Hack Across America challenge coin, this time on Hak5!   Download HD  |   Download MP4   — Kali Linux 2.0 —   BackTrack’s successor was Kali Linux (which we reviewed on episode 1408), an excellent tool for pentesters since forever. It’s been updated as of a few […]

Read more

BitTorrents are all the rage for DOS attacks, the IRS announces new breach numbers, and Microsoft is on a disabling rampage. All that coming up now on ThreatWire. Links: http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites/ https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf   http://www.cnet.com/news/hackers-might-have-stolen-irs-data-on-more-than-300000-households/ http://arstechnica.com/security/2015/08/irs-estimate-of-tax-records-stolen-by-fraudsters-soars-to-over-300000/   http://www.alphr.com/microsoft/microsoft-windows-10/1001360/microsoft-can-disable-your-pirated-games-and-illegal-hardware https://www.microsoft.com/en-us/servicesagreement/   http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/   http://arstechnica.com/tech-policy/2015/08/company-pays-fcc-750000-for-blocking-wi-fi-hotspots-at-conventions/   http://www.wsj.com/article_email/target-reaches-settlement-with-visa-over-2013-data-breach-1439912013-lMyQjAxMTI1MDE1ODkxMjgzWj   Youtube Thumbnail credit: https://www.flickr.com/photos/68751915@N05/6757821397

Read more

This week Darren has a conversation with Chad Rikansrud about Mainframe vulnerabilities and Shannon gets to details on an amazing talk about using the USB Rubber Ducky while bypassing Enterprise Security. Download HD  |   Download MP4 Links: Mainframe Security – bigendiansmalls.com

Read more

The US Secretary of State is worried about China and Russia hacking his email. OwnStar is expanding to add BMW, Mercedes, and Chrysler virtual keys on iOS, Oracle’s Chief Security Office -and EULA- gets mocked for telling security researchers, “Don’t, Just Don’t,” and the NSA loves AT&T for the “ability to spy on vast quantities […]

Read more

DEF CON: Best Hacks and a TON of security advice! Samsung’s new 16TB SSD… the biggest HD ever. Windows AV and anti-malware, is Windows Defender still good enough?Tablet for kids: what do we recommend? Cheap USB (and HDMI) cables, making fax suck less, why you should wait to buy a new iPhone, is it time […]

Read more

A car hack is silenced in the US, Windows Mount Manager has a vulnerability (it’s been patched), and Square credit card readers are exploitable. All that coming up now on ThreatWire. Links: https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-targeted-attacks/114240 http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ https://threatpost.com/researchers-unveil-square-reader-mobile-pos-hacks/114187 http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/ http://www.cs.ru.nl/~rverdult/Dismantling_Megamos_Crypto_Wirelessly_Lockpicking_a_Vehicle_Immobilizer_Hash.pdf Youtube Thumbnail credit: https://www.flickr.com/photos/nedko/111901487

Read more

Automotive hacking is in its infancy, and already you can see a clear path to failure… just look at how Tesla responsds to hackers compared to Chrysler. Ars Technica calls it: Android updates are a complete failure when it comes to patching security flaws. Ubiquiti Networks makes awesome networking gear… and got taken for $46 […]

Read more