Stealing creds from a locked PC using a Hak5 LAN Turtle, plus Mubix joins us! This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Stealing creds from a locked PC using a Hak5 LAN Turtle, plus Mubix joins us! This time on Hak5! https://room362.com/ – Mubix’s […]

Read more

Today we review MOSH an alternative to SSH that’s better at high latency and intermittent Internet connections. Plus, your USB Rubber Ducky questions and tips! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://mosh.org/ ConsoleHost_history.txt is kept under %APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt, you can check where your system keeps this file by […]

Read more

Steal passwords from a locked PC, 911 is still vulnerable to hacks, and Chrome calls out non secure sites. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Learn more about NTLM Challenge Response Authentication: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/ https://github.com/Spiderlabs/Responder http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html https://room362.com/post/2016/snagging-creds-from-locked-machines/ http://www.cnet.com/news/chrome-warning-insecure-http-websites-expose-passwords-credit-card-numbers/ https://blog.chromium.org/2016/09/moving-towards-more-secure-web.html […]

Read more

Previously on Hak5, we showed off an USB Rubber Ducky payload to steal plaintext Windows passwords in 15 seconds. So, what if we told you we could get just the logon hash in under two? A 2 second technique for stealing Windows password hashes and otherwise auditing corporate USB drive policies! Learn more on today’s […]

Read more

Clinton’s got an Email Problem, Dropbox and Last.Fm 2012 Hacks get leaked, and is Ford going to introduce a new way to unlock their cars? All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://arstechnica.com/security/2016/09/over-40-million-usernames-passwords-from-2012-breach-of-last-fm-surface/ http://www.last.fm/passwordsecurity https://www.cnet.com/roadshow/news/ford-could-replace-your-key-fob-with-radio-button-passcodes/ http://www.freepatentsonline.com/20160244022.pdf https://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts https://www.wired.com/2016/08/hack-brief-four-year-old-dropbox-hack-exposed-68-million-peoples-data/ https://blogs.dropbox.com/dropbox/2012/07/security-update-new-features/ […]

Read more

Pilfering Passwords with the USB Rubber Ducky Can you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC. In honor of the USB Rubber […]

Read more

Was the ShadowBrokers NSA hack an inside Job?, ATM’s Hacked through EMV Chips, Update Your iPhone NOW, Voter Records Stolen in a State Hack. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://arstechnica.com/security/2016/08/hints-suggest-an-insider-helped-the-nsa-equation-group-hacking-tools-leak/ https://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shadow-brokers-theory?trk_source=popular https://taia.global/2016/08/shadowbroker-is-a-native-english-speaker-trying-to-appear-non-native/ http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ http://www.securityweek.com/leaked-cisco-asa-exploit-adapted-newer-versions https://threatpost.com/cisco-begins-patching-equation-group-asa-zero-day/120124/ https://threatpost.com/ripper-atm-malware-uses-malicious-evm-chip/120192/ http://www.securityweek.com/ripper-atm-malware-linked-thailand-heist […]

Read more

DEF CON 24: Warwalking at DEF CON, Semaphor and Consumer Privacy, Mousejack and Keysniffer, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— D4rkm4tter talks warwalking at DEF CON and his upgrade to deploying 12 nodes at DEF CON 24 http://www.palshack.com Alan Fairless, Founder of Spideroak […]

Read more

Did the NSA get hacked? Pokemon Go users fall prey to malware, and a TCP vulnerability is found on many Android devices. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://threatpost.com/pokemon-go-spam-ransomware-on-the-rise/119948/ https://threatpost.com/malicious-pokemon-go-app-installs-backdoor-on-android-devices/119174/ https://threatpost.com/tcp-flaw-in-linux-extends-to-80-percent-of-android-devices/119897/ http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf http://www.techinsider.io/nsa-cyberweapon-auction-shadow-brokers-2016-8 https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ http://arstechnica.com/security/2016/08/group-claims-to-hack-nsa-tied-hackers-posts-exploits-as-proof/ https://webcache.googleusercontent.com/search?q=cache:owtq6OBSmgEJ:https://theshadowbrokers.tumblr.com/+&cd=1&hl=en&ct=clnk&gl=us http://arstechnica.com/tech-policy/2016/08/snowden-speculates-leak-of-nsa-spying-tools-is-tied-to-russian-dnc-hack/ https://securelist.com/blog/incidents/75812/the-equation-giveaway/ https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zero-days/ Youtube […]

Read more

Today on HakTip we’re talking Vi, the powerful text editor for Linux systems! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

DEF CON 24: VNC vulnerabilities, Blue Hydra bluetooth sniffing, making your own DEF CON Black Badge, and the DEF CON DarkNet, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Dan Tentler (Viss) from Phobos Group talks VNC vulnerabilities – https://phobos.io/ http://www.github.com/phobosgroup https://github.com/0x3a/stargate Zero_Chaos and Granolocks […]

Read more

Millions of Volkswagen Cars are Vulnerable to a Hack, and apparently so is that air-gapped PC, plus several hotels in the US get their credit card data stolen. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf https://threatpost.com/key-fob-hack-allows-attackers-to-unlock-millions-of-cars/119846/ https://www.cnet.com/roadshow/news/100-million-volkswagens-at-risk-with-new-wireless-key-hack/ https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ https://threatpost.com/westin-marriott-sheraton-hotels-hit-by-payment-card-malware/119879/ […]

Read more

Monitoring network traffic in OpenWRT and benchmarking throughput from the Linux command line, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Bandwidth benchmarking tools speedtest-cli https://github.com/sivel/speedtest-cli speedtest.sh http://dl.getipaddr.net/ netspeed.sh https://gist.github.com/rsvp/1272488 wget –output-document=/dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip Bandwidth monitoring tools bwm-ng – super small and simple live monitoring bmon […]

Read more

Description: Bluetooth smart locks can be hacked wirelessly, apple begins a bug bounty program finally, point of sale terminals are hacked once again, and Qualcomm had a few Android chipset security flaws. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html […]

Read more

Setting up Let’s Encrypt Certificates, and understanding TLS / SSL. This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://en.wikipedia.org/wiki/Transport_Layer_Security https://letsencrypt.org/how-it-works/ http://www.github.com/certbot http://certbot.eff.org Commands: pwd wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto /root/certbot-auto /root/certbot-auto –apache Test your site! For us, it’s: https://www.internetspiritguide.com /root/certbot-auto renew –dry-run crontab -e /root/certbot-auto […]

Read more

It is time to leave LastPass? Wireless keyboards can spy on you! A gov’t agency finally gets 2FA, and Android security notifications are now a thing.. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/ http://www.pcworld.com/article/3101354/security/how-to-make-sure-youre-using-the-latest-version-of-lastpass-for-firefox.html https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ https://bugs.chromium.org/p/project-zero/issues/detail?id=884 https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ http://www.keysniffer.net/affected-devices/ […]

Read more

Deploying an OpenVPN server in minutes with one simple script, plus clients configuring Android and automating connections on the WiFi Pineapple. New dates available for Pentest With Hak5! See info at http://pentestwithhak5.com/ ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://github.com/Nyr/openvpn-install wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh Setting […]

Read more

Snowden and Huang are trying to build a warning system for your phone’s radio, DMCA is under fire by the EFF, and the DNC was hacked… All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-snitches/ https://theintercept.com/2016/07/21/edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their-owners/ https://www.pubpub.org/pub/direct-radio-introspection https://threatpost.com/eff-files-lawsuit-challenging-dmcas-restrictions-on-security-researchers/119410/ https://www.eff.org/document/1201-complaint http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/ […]

Read more

Building the most awesome console and arcade emulator ever – all that and more, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today’s topic: Run: ls -l /dev/sd* sudo dd if=Lakka-*.img of=/dev/sdX (where X is your USB flashdrive) Downloading Lakka: http://www.lakka.tv/get/ Joypad config: http://www.lakka.tv/doc/Input-settings/ Enabling […]

Read more

This week on Hak5 we’re building an Arcade Machine Emulator in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://www.hak5.org/episodes/hak5-episode-4-released https://www.hak5.org/episodes/episode-3×03-release SDL=Simple DirectMedia Layer. Graphics library for Linux: http://sdlmame.wallyweek.org/download/ AdvanceMenu: http://advancemame.sourceforge.net/ Attract-Mode: http://attractmode.org/about.html Puppy Arcade: http://scottjarvis.com/page105.htm AdvanceMAMECD: http://www.advancemame.it/cd-readme.html RetroARCH: http://www.libretro.com/index.php/retroarch-2/ We’ll be building a Lakka MAME! http://www.lakka.tv/get/

Read more

Facebook Messenger gets Encryption, kinda… Quantum Computing gets a real life competitor from Google, and Wendy’s got hacked! All that on this episode of Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/ https://threatpost.com/facebook-messenger-end-to-encryption-not-on-by-default/119133/ https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf https://whispersystems.org/ https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/ https://threatpost.com/google-testing-post-quantum-cryptography-in-chrome/119137/ https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/ http://arstechnica.com/security/2016/07/https-crypto-is-on-the-brink-of-collapse-google-has-a-plan-to-fix-it/ https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html http://www.cnet.com/news/speed-desk-headlinewendys-opens-up-about-malware-says-hackers-accessed-payment-info/ http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/ https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates https://payment.wendys.com/paymentcardcheck.html Pokemon […]

Read more

Today we’re building an OpenVPN server from scratch in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Install and setup OpenVPN apt-get update; apt-get install openvpn easy-rsa gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf nano /etc/openvpn/server.conf replace dh1024.pem with dh2048.pem #uncomment push “redirect-gateway def1 bypass-dhcp” #uncomment push “dhcp-option DNS” and replace […]

Read more

HummingBad hits 85 MILLION Android devices, Comcast and Netflix bury the hatchet, one badass botnet built from security cameras… and the FBI Says Don’t Indict Hillary Clinton. Today, on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: FBI Finishes Clinton Investigation http://www.theverge.com/2016/7/5/12096364/hillary-clinton-email-probe-fbi-indict-private-server Comcast & Netflix Bury The […]

Read more

Part two of Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Recap: We’ve been building an VPN WiFi hotspot using OpenWRT and OpenVPN. Last week we setup the OpenVPN Access Server and setup user accounts. Today we’re going to work […]

Read more

Download DRM movies for free! But that’s probably a bad idea, given the FBI can legally hack a pc. Plus, how to spot a credit card skimmer, and more! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://motherboard.vice.com/read/court-rules-the-fbi-does-not-need-a-warrant-to-hack-a-computer?utm_source=mbtwitter https://www.eff.org/deeplinks/2016/06/federal-court-fourth-amendment-does-not-protect-your-home-computer https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/ http://arstechnica.com/security/2016/06/chrome-drm-download-netflix-piracy/ http://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-trademark-upstart-rivals-lets-encrypt-name/ https://letsencrypt.org/2016/06/23/defending-our-brand.html https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/ http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers/ Youtube […]

Read more

Today on HakTip we’re learning about the terminal environment and customizations ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Commands you’ll need to know: printenv printenv USER set alias Learn about the Alias command from this episode of HakTip! – https://youtu.be/4-IngQNj0rQ?list=PLW5y1tjAOzI2ZYTlMdGzCV8AJuoqW5lKB ls -a nano .bashrc umask 0002 export HISTCONTROL=ignoredups […]

Read more

Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today we are going to install OpenVPN Access Server, configure it, setup clients and test the connection. Next week we’re going to work on the access-point side of things in OpenWRT by […]

Read more

Net Neutrality Wins… Locals Fight The Mapping Power… Apple Might Be More Secure, and the ruskies are hacking again… All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Net Neutrality Is Safe… http://gizmodo.com/the-fcc-just-won-a-huge-net-neutrality-victory-in-feder-1781954855 http://arstechnica.com/tech-policy/2016/06/net-neutrality-and-title-ii-win-in-court-as-isps-lose-case-against-fcc/ $50 Million Currency Hack! http://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/ http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2hVtSgrKUl Waze […]

Read more