Decrypting Morse code with a simple terminal command and a PC sound card, this time on Hak5! Shannon’s call sign is KM6FPP! Listen for her on the radio soon. Installing and setting up XDEMorse: sudo apt-get install xdemorse cd /usr/share/doc/xdemorse/examples/ sudo gunzip xdemorserc.example.gz cp xdemorserc.example ~/.xdemorserc nano ~/.xdemorserc xdemorse & xdemorse http://www.qsl.net/5b4az/pkg/morse/xdemorse/xdemorse.html rscw http://wwwhome.ewi.utwente.nl/~ptdeboer/ham/rscw/ minimodem […]

Read more

On this episode of Hak5 we chat with Nick Cano about hacking video games for fun! Plus, Gene Bransfield joins us to chat War Collar Industries and their new Dope Scope, a directional WiFi Sniffing device that fits in the palm of your hand. https://twitter.com/nickcano93 https://www.nostarch.com/gamehacking https://www.youtube.com/watch?v=I_ExILIAw0Y http://warcollar.com/ https://forums.warcollar.com/ https://www.derbycon.com/ ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire […]

Read more

The makers of Signal get a subpoena, Yahoo experiences more bad press, an NSA contractor is in hot water, and the EU wants to make IoT devices more secure. All that coming up now on Threat Wire. Links: https://whispersystems.org/bigbrother/eastern-virginia-grand-jury/ https://www.aclu.org/blog/free-future/new-documents-reveal-government-effort-impose-secrecy-encryption-company https://theintercept.com/2016/10/10/subpoena-to-encrypted-app-provider-highlights-overbroad-fbi-requests-for-information/ http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT https://motherboard.vice.com/read/yahoo-government-email-scanner-was-actually-a-secret-hacking-tool https://theintercept.com/2016/10/07/ex-yahoo-employee-government-spy-program-could-have-given-a-hacker-access-to-all-email/ http://arstechnica.com/tech-policy/2016/10/report-fbi-andor-nsa-ordered-yahoo-to-build-secret-e-mail-search-tool/ https://theintercept.com/2016/10/05/nsa-theft-suspect-works-for-contractor-that-sells-the-government-tech-for-spotting-rogue-employees/ https://www.cnet.com/news/harold-thomas-martin-iii-booz-allen-hamilton-edward-snowden-leak/ https://www.wired.com/2016/10/nsa-contractor-arrested-taking-top-secret-documents/ https://krebsonsecurity.com/2016/10/europe-to-push-new-security-rules-amid-iot-mess/ https://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/ Youtube Thumbnail credit: https://cdn0.vox-cdn.com/thumbor/6HssVl1ip74KsAGiWiizB9l234g=/0x53:1020×627/1600×900/cdn0.vox-cdn.com/uploads/chorus_image/image/51187061/signal-003.0.jpg ——————————- […]

Read more

Hak5 heads to DerbyCon in Louisville, KY to chat with Tim MalcomVetter about breaking tokenization in the credit card industry. Plus, RenderMan joins us to discuss the security and privacy flaws in internet of things connected adult toys. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://twitter.com/malcomvetter https://www.youtube.com/watch?v=17UcQohAjXw https://www.derbycon.com/ […]

Read more

Emergency text alerts get a well needed upgrade, but with that I also have some concerns. DDoS gets more costly and more widespread, and Yahoo! faces more problems. All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://www.wired.com/2016/09/emergency-alert-texts-getting-much-needed-upgrade/ https://www.cnet.com/news/new-phone-amber-alerts-could-include-photo-of-missing-child/ http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/ http://arstechnica.com/security/2016/10/brace-yourselves-source-code-powering-potent-iot-ddoses-just-went-public/ https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ […]

Read more

Hak5 heads to Louisville, KY for DerbyCon 6.0, to chat with the Dave Kennedy, founder of DerbyCon. Plus the winners of the Hack My Derby Contest, AgentSixty6 and Gangrif chat about their mods! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://twitter.com/HackingDave https://www.trustedsec.com/ https://github.com/trustedsec https://www.derbycon.com/ https://twitter.com/agentsixty6 https://twitter.com/gangrif http://hackmyderby.com/about https://www.undrground.org/hmd2015

Read more

An InfoSec Journalist is Censored by a DDoS, the Yahoo Hack Leaks Half a Billion Creds, and Researchers remotely hack a tesla’s brake system. All that coming up now on Threat Wire. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://threatpost.com/questions-mount-around-yahoo-breach/120876/ […]

Read more

Stealing creds from a locked PC using a Hak5 LAN Turtle, plus Mubix joins us! This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Stealing creds from a locked PC using a Hak5 LAN Turtle, plus Mubix joins us! This time on Hak5! https://room362.com/ – Mubix’s […]

Read more

Today we review MOSH an alternative to SSH that’s better at high latency and intermittent Internet connections. Plus, your USB Rubber Ducky questions and tips! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://mosh.org/ ConsoleHost_history.txt is kept under %APPDATA%\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt, you can check where your system keeps this file by […]

Read more

Steal passwords from a locked PC, 911 is still vulnerable to hacks, and Chrome calls out non secure sites. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Learn more about NTLM Challenge Response Authentication: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/ https://github.com/Spiderlabs/Responder http://www.exploit-monday.com/2016/09/introduction-to-windows-device-guard.html https://room362.com/post/2016/snagging-creds-from-locked-machines/ http://www.cnet.com/news/chrome-warning-insecure-http-websites-expose-passwords-credit-card-numbers/ https://blog.chromium.org/2016/09/moving-towards-more-secure-web.html […]

Read more

Previously on Hak5, we showed off an USB Rubber Ducky payload to steal plaintext Windows passwords in 15 seconds. So, what if we told you we could get just the logon hash in under two? A 2 second technique for stealing Windows password hashes and otherwise auditing corporate USB drive policies! Learn more on today’s […]

Read more

Clinton’s got an Email Problem, Dropbox and Last.Fm 2012 Hacks get leaked, and is Ford going to introduce a new way to unlock their cars? All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://arstechnica.com/security/2016/09/over-40-million-usernames-passwords-from-2012-breach-of-last-fm-surface/ http://www.last.fm/passwordsecurity https://www.cnet.com/roadshow/news/ford-could-replace-your-key-fob-with-radio-button-passcodes/ http://www.freepatentsonline.com/20160244022.pdf https://motherboard.vice.com/read/hackers-stole-over-60-million-dropbox-accounts https://www.wired.com/2016/08/hack-brief-four-year-old-dropbox-hack-exposed-68-million-peoples-data/ https://blogs.dropbox.com/dropbox/2012/07/security-update-new-features/ […]

Read more

Pilfering Passwords with the USB Rubber Ducky Can you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC. In honor of the USB Rubber […]

Read more

Was the ShadowBrokers NSA hack an inside Job?, ATM’s Hacked through EMV Chips, Update Your iPhone NOW, Voter Records Stolen in a State Hack. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://arstechnica.com/security/2016/08/hints-suggest-an-insider-helped-the-nsa-equation-group-hacking-tools-leak/ https://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shadow-brokers-theory?trk_source=popular https://taia.global/2016/08/shadowbroker-is-a-native-english-speaker-trying-to-appear-non-native/ http://www.reuters.com/article/us-intelligence-nsa-commentary-idUSKCN10X01P http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/ http://www.securityweek.com/leaked-cisco-asa-exploit-adapted-newer-versions https://threatpost.com/cisco-begins-patching-equation-group-asa-zero-day/120124/ https://threatpost.com/ripper-atm-malware-uses-malicious-evm-chip/120192/ http://www.securityweek.com/ripper-atm-malware-linked-thailand-heist […]

Read more

DEF CON 24: Warwalking at DEF CON, Semaphor and Consumer Privacy, Mousejack and Keysniffer, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— D4rkm4tter talks warwalking at DEF CON and his upgrade to deploying 12 nodes at DEF CON 24 http://www.palshack.com Alan Fairless, Founder of Spideroak […]

Read more

Did the NSA get hacked? Pokemon Go users fall prey to malware, and a TCP vulnerability is found on many Android devices. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://threatpost.com/pokemon-go-spam-ransomware-on-the-rise/119948/ https://threatpost.com/malicious-pokemon-go-app-installs-backdoor-on-android-devices/119174/ https://threatpost.com/tcp-flaw-in-linux-extends-to-80-percent-of-android-devices/119897/ http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf http://www.techinsider.io/nsa-cyberweapon-auction-shadow-brokers-2016-8 https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ http://arstechnica.com/security/2016/08/group-claims-to-hack-nsa-tied-hackers-posts-exploits-as-proof/ https://webcache.googleusercontent.com/search?q=cache:owtq6OBSmgEJ:https://theshadowbrokers.tumblr.com/+&cd=1&hl=en&ct=clnk&gl=us http://arstechnica.com/tech-policy/2016/08/snowden-speculates-leak-of-nsa-spying-tools-is-tied-to-russian-dnc-hack/ https://securelist.com/blog/incidents/75812/the-equation-giveaway/ https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zero-days/ Youtube […]

Read more

Today on HakTip we’re talking Vi, the powerful text editor for Linux systems! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

DEF CON 24: VNC vulnerabilities, Blue Hydra bluetooth sniffing, making your own DEF CON Black Badge, and the DEF CON DarkNet, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Dan Tentler (Viss) from Phobos Group talks VNC vulnerabilities – https://phobos.io/ http://www.github.com/phobosgroup https://github.com/0x3a/stargate Zero_Chaos and Granolocks […]

Read more

Millions of Volkswagen Cars are Vulnerable to a Hack, and apparently so is that air-gapped PC, plus several hotels in the US get their credit card data stolen. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf https://threatpost.com/key-fob-hack-allows-attackers-to-unlock-millions-of-cars/119846/ https://www.cnet.com/roadshow/news/100-million-volkswagens-at-risk-with-new-wireless-key-hack/ https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ https://threatpost.com/westin-marriott-sheraton-hotels-hit-by-payment-card-malware/119879/ […]

Read more

Monitoring network traffic in OpenWRT and benchmarking throughput from the Linux command line, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Bandwidth benchmarking tools speedtest-cli https://github.com/sivel/speedtest-cli speedtest.sh http://dl.getipaddr.net/ netspeed.sh https://gist.github.com/rsvp/1272488 wget –output-document=/dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip Bandwidth monitoring tools bwm-ng – super small and simple live monitoring bmon […]

Read more

Description: Bluetooth smart locks can be hacked wirelessly, apple begins a bug bounty program finally, point of sale terminals are hacked once again, and Qualcomm had a few Android chipset security flaws. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html […]

Read more

Setting up Let’s Encrypt Certificates, and understanding TLS / SSL. This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://en.wikipedia.org/wiki/Transport_Layer_Security https://letsencrypt.org/how-it-works/ http://www.github.com/certbot http://certbot.eff.org Commands: pwd wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto /root/certbot-auto /root/certbot-auto –apache Test your site! For us, it’s: https://www.internetspiritguide.com /root/certbot-auto renew –dry-run crontab -e /root/certbot-auto […]

Read more

It is time to leave LastPass? Wireless keyboards can spy on you! A gov’t agency finally gets 2FA, and Android security notifications are now a thing.. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/ http://www.pcworld.com/article/3101354/security/how-to-make-sure-youre-using-the-latest-version-of-lastpass-for-firefox.html https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ https://bugs.chromium.org/p/project-zero/issues/detail?id=884 https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ http://www.keysniffer.net/affected-devices/ […]

Read more

Deploying an OpenVPN server in minutes with one simple script, plus clients configuring Android and automating connections on the WiFi Pineapple. New dates available for Pentest With Hak5! See info at http://pentestwithhak5.com/ ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://github.com/Nyr/openvpn-install wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh Setting […]

Read more

Snowden and Huang are trying to build a warning system for your phone’s radio, DMCA is under fire by the EFF, and the DNC was hacked… All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-snitches/ https://theintercept.com/2016/07/21/edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their-owners/ https://www.pubpub.org/pub/direct-radio-introspection https://threatpost.com/eff-files-lawsuit-challenging-dmcas-restrictions-on-security-researchers/119410/ https://www.eff.org/document/1201-complaint http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/ […]

Read more

Building the most awesome console and arcade emulator ever – all that and more, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today’s topic: Run: ls -l /dev/sd* sudo dd if=Lakka-*.img of=/dev/sdX (where X is your USB flashdrive) Downloading Lakka: http://www.lakka.tv/get/ Joypad config: http://www.lakka.tv/doc/Input-settings/ Enabling […]

Read more

This week on Hak5 we’re building an Arcade Machine Emulator in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://www.hak5.org/episodes/hak5-episode-4-released https://www.hak5.org/episodes/episode-3×03-release SDL=Simple DirectMedia Layer. Graphics library for Linux: http://sdlmame.wallyweek.org/download/ AdvanceMenu: http://advancemame.sourceforge.net/ Attract-Mode: http://attractmode.org/about.html Puppy Arcade: http://scottjarvis.com/page105.htm AdvanceMAMECD: http://www.advancemame.it/cd-readme.html RetroARCH: http://www.libretro.com/index.php/retroarch-2/ We’ll be building a Lakka MAME! http://www.lakka.tv/get/

Read more

Facebook Messenger gets Encryption, kinda… Quantum Computing gets a real life competitor from Google, and Wendy’s got hacked! All that on this episode of Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/ https://threatpost.com/facebook-messenger-end-to-encryption-not-on-by-default/119133/ https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf https://whispersystems.org/ https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/ https://threatpost.com/google-testing-post-quantum-cryptography-in-chrome/119137/ https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/ http://arstechnica.com/security/2016/07/https-crypto-is-on-the-brink-of-collapse-google-has-a-plan-to-fix-it/ https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html http://www.cnet.com/news/speed-desk-headlinewendys-opens-up-about-malware-says-hackers-accessed-payment-info/ http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/ https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates https://payment.wendys.com/paymentcardcheck.html Pokemon […]

Read more