Pilfering Passwords with the USB Rubber Ducky Can you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC. In honor of the USB Rubber […]

Read more

DEF CON 24: Warwalking at DEF CON, Semaphor and Consumer Privacy, Mousejack and Keysniffer, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— D4rkm4tter talks warwalking at DEF CON and his upgrade to deploying 12 nodes at DEF CON 24 http://www.palshack.com Alan Fairless, Founder of Spideroak […]

Read more

Did the NSA get hacked? Pokemon Go users fall prey to malware, and a TCP vulnerability is found on many Android devices. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://threatpost.com/pokemon-go-spam-ransomware-on-the-rise/119948/ https://threatpost.com/malicious-pokemon-go-app-installs-backdoor-on-android-devices/119174/ https://threatpost.com/tcp-flaw-in-linux-extends-to-80-percent-of-android-devices/119897/ http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf http://www.techinsider.io/nsa-cyberweapon-auction-shadow-brokers-2016-8 https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/ http://arstechnica.com/security/2016/08/group-claims-to-hack-nsa-tied-hackers-posts-exploits-as-proof/ https://webcache.googleusercontent.com/search?q=cache:owtq6OBSmgEJ:https://theshadowbrokers.tumblr.com/+&cd=1&hl=en&ct=clnk&gl=us http://arstechnica.com/tech-policy/2016/08/snowden-speculates-leak-of-nsa-spying-tools-is-tied-to-russian-dnc-hack/ https://securelist.com/blog/incidents/75812/the-equation-giveaway/ https://www.wired.com/2016/08/shadow-brokers-mess-happens-nsa-hoards-zero-days/ Youtube […]

Read more

Today on HakTip we’re talking Vi, the powerful text editor for Linux systems! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

DEF CON 24: VNC vulnerabilities, Blue Hydra bluetooth sniffing, making your own DEF CON Black Badge, and the DEF CON DarkNet, this week on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Dan Tentler (Viss) from Phobos Group talks VNC vulnerabilities – https://phobos.io/ http://www.github.com/phobosgroup https://github.com/0x3a/stargate Zero_Chaos and Granolocks […]

Read more

Millions of Volkswagen Cars are Vulnerable to a Hack, and apparently so is that air-gapped PC, plus several hotels in the US get their credit card data stolen. All that coming up now on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_garcia.pdf https://threatpost.com/key-fob-hack-allows-attackers-to-unlock-millions-of-cars/119846/ https://www.cnet.com/roadshow/news/100-million-volkswagens-at-risk-with-new-wireless-key-hack/ https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ https://threatpost.com/westin-marriott-sheraton-hotels-hit-by-payment-card-malware/119879/ […]

Read more

Monitoring network traffic in OpenWRT and benchmarking throughput from the Linux command line, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Bandwidth benchmarking tools speedtest-cli https://github.com/sivel/speedtest-cli speedtest.sh http://dl.getipaddr.net/ netspeed.sh https://gist.github.com/rsvp/1272488 wget –output-document=/dev/null http://speedtest.wdc01.softlayer.com/downloads/test500.zip Bandwidth monitoring tools bwm-ng – super small and simple live monitoring bmon […]

Read more

Description: Bluetooth smart locks can be hacked wirelessly, apple begins a bug bounty program finally, point of sale terminals are hacked once again, and Qualcomm had a few Android chipset security flaws. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.tomsguide.com/us/bluetooth-lock-hacks-defcon2016,news-23129.html […]

Read more

——- Support us: http://www.patreon.com/tekthing Amazon Associates: http://amzn.to/1OTcDZn Subscribe: https://www.youtube.com/c/tekthing Website: http://www.tekthing.com RSS: http://feeds.feedburner.com/tekthing THANKS! Hak5!: http://hak5.org/ HakShop: https://hakshop.myshopify.com/ SOCIAL IT UP! Twitter: https://twitter.com/tekthing Facebook: https://www.facebook.com/TekThing Google+: https://plus.google.com/+Tekthing/ Reddit: https://www.reddit.com/r/tekthingers EMAIL US! ask@tekthing.com ——- Today’s topics: 01:28 Block Thumbdrive Hacks- @GeneComer tweets “any suggestions on methods to check thumb drives which came from uncertain sources like […]

Read more

Setting up Let’s Encrypt Certificates, and understanding TLS / SSL. This time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://en.wikipedia.org/wiki/Transport_Layer_Security https://letsencrypt.org/how-it-works/ http://www.github.com/certbot http://certbot.eff.org Commands: pwd wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto /root/certbot-auto /root/certbot-auto –apache Test your site! For us, it’s: https://www.internetspiritguide.com /root/certbot-auto renew –dry-run crontab -e /root/certbot-auto […]

Read more

It is time to leave LastPass? Wireless keyboards can spy on you! A gov’t agency finally gets 2FA, and Android security notifications are now a thing.. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ https://threatpost.com/lastpass-patches-ormandy-remote-compromise-flaw/119533/ http://www.pcworld.com/article/3101354/security/how-to-make-sure-youre-using-the-latest-version-of-lastpass-for-firefox.html https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ https://bugs.chromium.org/p/project-zero/issues/detail?id=884 https://www.wired.com/2016/07/radio-hack-steals-keystrokes-millions-wireless-keyboards/ http://www.keysniffer.net/affected-devices/ […]

Read more

Deploying an OpenVPN server in minutes with one simple script, plus clients configuring Android and automating connections on the WiFi Pineapple. New dates available for Pentest With Hak5! See info at http://pentestwithhak5.com/ ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://github.com/Nyr/openvpn-install wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh Setting […]

Read more

Snowden and Huang are trying to build a warning system for your phone’s radio, DMCA is under fire by the EFF, and the DNC was hacked… All that coming up now on Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/snowden-designs-device-warn-iphones-radio-snitches/ https://theintercept.com/2016/07/21/edward-snowdens-new-research-aims-to-keep-smartphones-from-betraying-their-owners/ https://www.pubpub.org/pub/direct-radio-introspection https://threatpost.com/eff-files-lawsuit-challenging-dmcas-restrictions-on-security-researchers/119410/ https://www.eff.org/document/1201-complaint http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/ […]

Read more

Building the most awesome console and arcade emulator ever – all that and more, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today’s topic: Run: ls -l /dev/sd* sudo dd if=Lakka-*.img of=/dev/sdX (where X is your USB flashdrive) Downloading Lakka: http://www.lakka.tv/get/ Joypad config: http://www.lakka.tv/doc/Input-settings/ Enabling […]

Read more

This week on Hak5 we’re building an Arcade Machine Emulator in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— https://www.hak5.org/episodes/hak5-episode-4-released https://www.hak5.org/episodes/episode-3×03-release SDL=Simple DirectMedia Layer. Graphics library for Linux: http://sdlmame.wallyweek.org/download/ AdvanceMenu: http://advancemame.sourceforge.net/ Attract-Mode: http://attractmode.org/about.html Puppy Arcade: http://scottjarvis.com/page105.htm AdvanceMAMECD: http://www.advancemame.it/cd-readme.html RetroARCH: http://www.libretro.com/index.php/retroarch-2/ We’ll be building a Lakka MAME! http://www.lakka.tv/get/

Read more

Facebook Messenger gets Encryption, kinda… Quantum Computing gets a real life competitor from Google, and Wendy’s got hacked! All that on this episode of Threat Wire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/ https://threatpost.com/facebook-messenger-end-to-encryption-not-on-by-default/119133/ https://fbnewsroomus.files.wordpress.com/2016/07/secret_conversations_whitepaper.pdf https://whispersystems.org/ https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/ https://threatpost.com/google-testing-post-quantum-cryptography-in-chrome/119137/ https://www.wired.com/2016/07/google-tests-new-crypto-chrome-fend-off-quantum-attacks/ http://arstechnica.com/security/2016/07/https-crypto-is-on-the-brink-of-collapse-google-has-a-plan-to-fix-it/ https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html http://www.cnet.com/news/speed-desk-headlinewendys-opens-up-about-malware-says-hackers-accessed-payment-info/ http://krebsonsecurity.com/2016/07/1025-wendys-locations-hit-in-card-breach/ https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates https://payment.wendys.com/paymentcardcheck.html Pokemon […]

Read more

Today we’re building an OpenVPN server from scratch in Linux! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Install and setup OpenVPN apt-get update; apt-get install openvpn easy-rsa gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/server.conf nano /etc/openvpn/server.conf replace dh1024.pem with dh2048.pem #uncomment push “redirect-gateway def1 bypass-dhcp” #uncomment push “dhcp-option DNS” and replace […]

Read more

HummingBad hits 85 MILLION Android devices, Comcast and Netflix bury the hatchet, one badass botnet built from security cameras… and the FBI Says Don’t Indict Hillary Clinton. Today, on ThreatWire! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: FBI Finishes Clinton Investigation http://www.theverge.com/2016/7/5/12096364/hillary-clinton-email-probe-fbi-indict-private-server Comcast & Netflix Bury The […]

Read more

Part two of Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Recap: We’ve been building an VPN WiFi hotspot using OpenWRT and OpenVPN. Last week we setup the OpenVPN Access Server and setup user accounts. Today we’re going to work […]

Read more

Download DRM movies for free! But that’s probably a bad idea, given the FBI can legally hack a pc. Plus, how to spot a credit card skimmer, and more! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: https://motherboard.vice.com/read/court-rules-the-fbi-does-not-need-a-warrant-to-hack-a-computer?utm_source=mbtwitter https://www.eff.org/deeplinks/2016/06/federal-court-fourth-amendment-does-not-protect-your-home-computer https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/ http://arstechnica.com/security/2016/06/chrome-drm-download-netflix-piracy/ http://arstechnica.com/tech-policy/2016/06/800-pound-comodo-tries-to-trademark-upstart-rivals-lets-encrypt-name/ https://letsencrypt.org/2016/06/23/defending-our-brand.html https://forums.comodo.com/general-discussion-off-topic-anything-and-everything/shame-on-you-comodo-t115958.0.html http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/ http://krebsonsecurity.com/2016/06/how-to-spot-ingenico-self-checkout-skimmers/ Youtube […]

Read more

Today on HakTip we’re learning about the terminal environment and customizations ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Commands you’ll need to know: printenv printenv USER set alias Learn about the Alias command from this episode of HakTip! – https://youtu.be/4-IngQNj0rQ?list=PLW5y1tjAOzI2ZYTlMdGzCV8AJuoqW5lKB ls -a nano .bashrc umask 0002 export HISTCONTROL=ignoredups […]

Read more

Building an OpenVPN access point, this time on Hak5. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Today we are going to install OpenVPN Access Server, configure it, setup clients and test the connection. Next week we’re going to work on the access-point side of things in OpenWRT by […]

Read more

Net Neutrality Wins… Locals Fight The Mapping Power… Apple Might Be More Secure, and the ruskies are hacking again… All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: Net Neutrality Is Safe… http://gizmodo.com/the-fcc-just-won-a-huge-net-neutrality-victory-in-feder-1781954855 http://arstechnica.com/tech-policy/2016/06/net-neutrality-and-title-ii-win-in-court-as-isps-lose-case-against-fcc/ $50 Million Currency Hack! http://www.nytimes.com/2016/06/18/business/dealbook/hacker-may-have-removed-more-than-50-million-from-experimental-cybercurrency-project.html https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/ http://blog.erratasec.com/2016/06/etheriumdao-hack-similfied.html#.V2hVtSgrKUl Waze […]

Read more

Did we like Pcapr, the online social networking site for packet captures? Watch this episode of HakTip to find out! http://www.pcapr.net/home ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more

Backpacking as a hacker – our top travel tech tips for packing, this time on Hak5! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: What Darren Brought: Ricoh Theta S – http://amzn.to/25YvVVX Manfrotto Compact Xtreme 2-in-1 Monopod and Pole – http://amzn.to/25Yv73A Novoflex MICROPOD – http://amzn.to/1PuFIpS http://amzn.to/28FRxVZ http://amzn.to/1PuFBL9 Sony […]

Read more

Did Twitter get hacked? All signs point to… no. IT admins – be careful when you delete files… And the IRS Get Transcript service comes back online after over a year. All that coming up now on ThreatWire. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— Links: http://techcrunch.com/2016/06/08/twitter-hack/ https://www.wired.com/2016/06/twitter-hack/ […]

Read more

Today on HakTip we’re checking out a tool specifically made for sharing and collaborating with pcap files online. ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 —————————— http://hat.t2t2.eu to vote for Hak5! https://www.cloudshark.org/ CloudShark is best for collaboration and sharing of packet capture files from Wireshark. But is it a […]

Read more

This week we’re joined in studio by Kevin McKay of http://www.razorquad.com/ to talk competitive drone racing! ——————————- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ——————————

Read more