Ducky Script is the language of the USB Rubber Ducky. Writing scripts for can be done from any common ascii text editor such as Notepad, vi, emacs, nano, gedit, kedit, TextEdit, etc. Syntax Ducky Script syntax is simple. Each command resides on a new line and may have options follow. Commands are written in ALL […]

Read more

Obfuscation and Optimization While this post isn’t intended to be a comprehensive list of obfuscation and optimization techniques, these three simple examples effectively illustrate the concept. Obfuscation So what is obfuscation? Obfuscation is all about reducing the visibility of the payload, or simply put – making it stealthier. This is crucial in a social engineering […]

Read more

Your First Payload Writing a successful payload is a process of continuously researching, writing, encoding, testing and optimizing. Often times a payload involves re-writing the ducky script, encoding the inject.bin and deploying the payload on a test machine several times until the desired result is achieved. For this reason it’s important to become familiar with […]

Read more

Whether you’re auditing an ATM, esoteric cash register system, an electronic safe, specialized kiosk or an ordinary Windows PC – the workflow will be similar.   Pre-engagement Interactions As with any audit, pre-engagement interactions may help determine the hardware, software and network environment of the target. Asking detailed questions about the environment before the engagement […]

Read more

A two second HID attack against Windows and Mac that launches the website of your choosing. That’s by far the most effective security awareness payload for the USB Rubber Ducky. Cyber security awareness building is important, and developing an effective security awareness program – or at least raising eyebrows that one is even necessary – doesn’t […]

Read more

Courtesy of National Geographic Hacker and Developer Darren Kitchen believes hacking is not an inherently criminal act. Instead, he thinks hacking can help foster more open and free societies around the world.

Read more

As a keystroke injection attack tool capable of mimicking both a USB keyboard and mass storage, the USB Rubber Ducky excels at autonomously exfiltrating documents – or what we like to call performing an involuntary backup. In this article I will briefly outline the steps necessary to create turn your USB Rubber Ducky into a document […]

Read more

The 3 Second Reverse Shell with a USB Rubber Ducky In this tutorial we’ll be setting up a Reverse Shell payload on the USB Rubber Ducky that’ll execute in just 3 seconds. A reverse shell is a type of shell where the victim computer calls back to an attacker’s computer. The attacking computer typically listens […]

Read more

Pilfering Passwords with the USB Rubber Ducky Can you social engineer your target into plugging in a USB drive? How about distracting ’em for the briefest of moments? 15 seconds of physical access and a USB Rubber Ducky is all it takes to swipe passwords from an unattended PC. In honor of the USB Rubber […]

Read more

Radio Brute Force Attacks and a little Binary Phase-shift Keying theory. All that and more, this time on Hak5. In this episode we’re going to: – check out a python script for RF Brute Force attacks with RfCat and a compatible dongle like the YARD Stick One – Do some maths regarding these types of […]

Read more

Support ThreatWire on Patreon! patreon.com/threatwire New DMCA Exemptions! https://twitter.com/doctorow/status/659082991738597376 http://boingboing.net/2015/10/27/librarian-of-congress-grants-l.html EU Dumps Net Neutrality http://arstechnica.co.uk/tech-policy/2015/10/eu-net-neutrality-goes-on-the-chopping-block-next-week-heres-how-to-fix-it/ http://www.wired.com/2015/10/cisa-cybersecurity-information-sharing-act-passes-senate-vote-with-privacy-flaws/ Whats App Is Spying?!? http://www.theregister.co.uk/2015/10/27/whatsapp_forensic_analysis/ Zero Days From Hell http://www.forbes.com/sites/thomasbrewster/2015/10/21/scada-zero-day-exploit-sales/?ss=Security Facebook! https://www.facebook.com/notes/facebook-security/notifications-for-targeted-attacks/10153092994615766

Read more

Drones have to be registered, coming soon! The Diffie-Hellman protocol for crypto is probably NSA’s favorite thing ever. Secure all the things! With Facebook… and China is hacking US, are we surprised? All that coming up now on ThreatWire. http://www.wired.com/2015/10/a-second-snowden-leaks-a-mother-lode-of-drone-docs/ http://www.theverge.com/2015/10/19/9567625/drone-registration-will-be-required-in-us-dot-faa-announce http://www.engadget.com/2015/10/19/us-transportation-department-confirms-drone-registration-program/ https://www.transportation.gov/briefing-room/us-transportation-secretary-anthony-foxx-announces-unmanned-aircraft-registration https://theintercept.com/drone-papers/ Prime Diffie-Hellman Weakness May Be Key to Breaking Crypto http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Hak5 […]

Read more

Hacking wireless remotes using RF Replay Attacks using the YARD Stick One! In this episode we cover: How to gather intel on the device you want to hack How to sniff its wireless signals Determining modulation Decode OOK signals Transmitting a Replay Attack with RfCat and the YARD Stick One Step 1: Gathering Intel First […]

Read more

Getting Started with the YARD Stick One for Sub 1 GHz hacking! All that and more, this time on Hak5. Support Hak5, follow along and get a YARD Stick One from our very own HakShop at https://hakshop.myshopify.com/products/yard-stick-one The YARD in YARD Stick One stands for Yet Another Radio Dongle and it was created by Mike […]

Read more

As Hackers reaches its 20th anniversary, we’re celebrating the film that pays tribute to the hacker culture itself. You see, behind the cyberpunk neon pagers and rollerblades, insanely great 28.8 bps modems and the far out network visualizations is a treasure trove of hacker history and lore baked in by the real hackers and technical […]

Read more

GPG Encryption for Windows, what happens if Keybase disappears, Free SSL certificates and how you could end up in prison for withholding your decryption keys. All that and more, this time on Hak5. — Jay – “great vid is there a windows equivalent?” Yes, you’ll need GPG4Win and Node.js for Windows http://gpg4win.org/download.html https://nodejs.org/en/#download When installing […]

Read more

What could be easier than file encryption with GPG? File encryption with keybase.io! Darren Kitchen and Shannon Morse demo the basics of the Keybase command-line app on this episode of Hak5.

Read more

It’s the Apple Event Day! We’ve got details on the new iPhone 6s and 6s Plus, the new iPad Pro, Apple TV and more! Plus, PCPer’s Ryan Shrout talks Skylake and the latest GPU’s, reliable SSDs, more help with Windows 10, and LTE 5G? Coming up today on TekThing! —— Download the video. Subscribe To […]

Read more

Encrypted File Sharing? We speak with the Demonsaw founder. Plus, building a cubed acrylic drone battle arena. All that and more, this time on Hak5! Demonsaw – https://www.demonsaw.com/ Autodesk 123D Design – http://www.123dapp.com/design MatterControl – http://www.mattercontrol.com/

Read more

Microsoft dropped a dozen security updates, including fixes for flaws being exploited ‘in the wild,’ the Office of Personnel Management just dropped $133M on credit monitoring, Turla APT used satellite Internet links to cover their tracks, Blue Coat’s top 10 Top Level Domains for malicious domains, moar! Support us on Patreon! https://www.patreon.com/ThreatWire Links: MS Drops […]

Read more

Is Google’s OnHub the Ultimate Home Router …or can a $94 router spank it? The Wirecutter’s David Murphy joins us w/ the answer! What’s the best tool to manage your travel mileage rewards? Shannon’s on it! Will the FCC kill Open Source Router updates, what comes after MPEG, and your alarm system feedback! —— Download […]

Read more

Windows 7 & 8 are phoning home just like Windows 10 does, weaponized drones are now legal in the USA, and Agora, the site for selling narcotics, takes a vacation.   Links: http://arstechnica.com/information-technology/2015/08/microsoft-accused-of-adding-spy-features-to-windows-7-8/ https://thehackernews.com/2015/08/windows-spying-on-you.html https://support.microsoft.com/en-us/kb/3022345   http://readwrite.com/2015/08/26/drone-law-north-dakota-weaponizing http://www.thedailybeast.com/articles/2015/08/26/first-state-legalizes-armed-drones-for-cops-thanks-to-a-lobbyist.html   http://www.wired.com/2015/08/agora-dark-webs-biggest-drug-market-going-offline/   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/d/d0/Luftwaffe_99-01_RQ-4B_EuroHawk_ILA_2012_1.jpg

Read more

Both Samsung’s Galaxy Note 5 and S6 Edge+ have hit and are top-of-the-line. LG’s G4 is another great option… but should you -WAIT- a few more weeks before you buy a new phone? Will Sprint and Verizion going ‘contract free’ save you money? Two Factor Authentication: Shannon talks Authy, Duo, and Google Authenticator. Will a […]

Read more

The White House is backing the new cybersecurity bill, the FTC can now sue companies for getting hacked, and robocalls are being blocked by a robokiller! All that coming up now on Threat Wire.   Links:   https://threatpost.com/white-house-support-for-cisa-worries-privacy-advocates/114383 http://thehill.com/policy/cybersecurity/250241-white-house-endorses-senate-cyber-bill   http://www.wired.com/2015/08/court-says-ftc-can-slap-companies-getting-hacked/ http://www2.ca3.uscourts.gov/opinarch/143514p.pdf   http://arstechnica.com/information-technology/2015/08/robokiller-wins-ftc-prize-by-annihilating-robo-calls/ https://www.kickstarter.com/projects/485600868/robokiller-app-stop-telemarketing-robocalls-foreve/description   Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/e/e1/White_House_Washington.JPG

Read more

Suicides, extortion, and a $500,000 bounty for Impact Team… it’s gotten ugly at Ashley Madison.com. Amazon’s dropping Flash ads in September. China’s arrested 15,000 that “jeopardized Internet security” tho that does not mean what you think it means. Patch WordPress, there’s some nasty exploits. Some Android browsers have Zero Day flaws, and will Microsoft ever […]

Read more

We’ve got reviews of the LIVA X2 Mini PC, and the Smanos W020i WiFi Alarm and Wireless Camera Kit, more Skylake info from IDF, three awesome free windows apps, how to block phone numbers in Android, and what happens when you use your favorite video streaming gear on vacation! —— Download the video. Subscribe To […]

Read more

Checking out Kali Linux 2.0 and cracking the Hack Across America challenge coin, this time on Hak5!   Download HD  |   Download MP4   — Kali Linux 2.0 —   BackTrack’s successor was Kali Linux (which we reviewed on episode 1408), an excellent tool for pentesters since forever. It’s been updated as of a few […]

Read more

BitTorrents are all the rage for DOS attacks, the IRS announces new breach numbers, and Microsoft is on a disabling rampage. All that coming up now on ThreatWire. Links: http://arstechnica.com/security/2015/08/how-bittorrent-could-let-lone-ddos-attackers-bring-down-big-sites/ https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf   http://www.cnet.com/news/hackers-might-have-stolen-irs-data-on-more-than-300000-households/ http://arstechnica.com/security/2015/08/irs-estimate-of-tax-records-stolen-by-fraudsters-soars-to-over-300000/   http://www.alphr.com/microsoft/microsoft-windows-10/1001360/microsoft-can-disable-your-pirated-games-and-illegal-hardware https://www.microsoft.com/en-us/servicesagreement/   http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/   http://arstechnica.com/tech-policy/2015/08/company-pays-fcc-750000-for-blocking-wi-fi-hotspots-at-conventions/   http://www.wsj.com/article_email/target-reaches-settlement-with-visa-over-2013-data-breach-1439912013-lMyQjAxMTI1MDE1ODkxMjgzWj   Youtube Thumbnail credit: https://www.flickr.com/photos/[email protected]/6757821397

Read more

This week Darren has a conversation with Chad Rikansrud about Mainframe vulnerabilities and Shannon gets to details on an amazing talk about using the USB Rubber Ducky while bypassing Enterprise Security. Download HD  |   Download MP4 Links: Mainframe Security – bigendiansmalls.com

Read more

The US Secretary of State is worried about China and Russia hacking his email. OwnStar is expanding to add BMW, Mercedes, and Chrysler virtual keys on iOS, Oracle’s Chief Security Office -and EULA- gets mocked for telling security researchers, “Don’t, Just Don’t,” and the NSA loves AT&T for the “ability to spy on vast quantities […]

Read more

DEF CON: Best Hacks and a TON of security advice! Samsung’s new 16TB SSD… the biggest HD ever. Windows AV and anti-malware, is Windows Defender still good enough?Tablet for kids: what do we recommend? Cheap USB (and HDMI) cables, making fax suck less, why you should wait to buy a new iPhone, is it time […]

Read more

A car hack is silenced in the US, Windows Mount Manager has a vulnerability (it’s been patched), and Square credit card readers are exploitable. All that coming up now on ThreatWire. Links: https://threatpost.com/microsoft-patches-usb-related-flaw-used-in-targeted-attacks/114240 http://arstechnica.com/security/2015/08/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs/ https://threatpost.com/researchers-unveil-square-reader-mobile-pos-hacks/114187 http://arstechnica.com/security/2015/08/researchers-reveal-electronic-car-lock-hack-after-2-year-injunction-by-volkswagen/ http://www.cs.ru.nl/~rverdult/Dismantling_Megamos_Crypto_Wirelessly_Lockpicking_a_Vehicle_Immobilizer_Hash.pdf Youtube Thumbnail credit: https://www.flickr.com/photos/nedko/111901487

Read more

Automotive hacking is in its infancy, and already you can see a clear path to failure… just look at how Tesla responsds to hackers compared to Chrysler. Ars Technica calls it: Android updates are a complete failure when it comes to patching security flaws. Ubiquiti Networks makes awesome networking gear… and got taken for $46 […]

Read more

Today on TekThing! Intel has announced the new Skylake CPU. Can a $500 printer save you thousands? Is there a legal way to back up Blu-Ray discs? And Windows 10 security paranoia… we’ve got privacy concerns! ——– Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— Love the show? Please support […]

Read more

We’re celebrating our 10 year anniversary episode with some of our favorite bloopers! Get your beverages ready.   Download HD  |   Download MP4

Read more

Don’t click on links in email. Ever. Especially if they claim to be Windows 10 upgrade links, ‘cause CTB Locker Ransomware hurts. Does the latest TOR attack spell DOOM for privacy, or is it overrated and fairly easy to spoof? The U.S. Court of Appeals for the Seventh Circuit reversed a lower court decision tossing […]

Read more

A Bind Exploit Causes DOS Attacks, an Android Mediaserver Attack Crashes Phones, and TrackingPoint Sniper Rifles have a Wireless Hack. All that coming up now on ThreatWire. http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/ https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ http://arstechnica.com/security/2015/07/new-vulnerability-can-put-android-phones-into-permanent-vegetative-state/ http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/ http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/ Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/c/c4/Precision_Guided_Firearm_Heads_Up_Display.jpg

Read more

Windows 10 is here! We’re checking out the OS security, features, and some specific questions you sent to us! Plus, Motorola’s new Android phones, and what classes to study if you’re college bound and want to make a career in tech. All that and more in this episode of TekThing! —— Download the video. Subscribe To […]

Read more

The mother of all Android vulnerabilities, a safe running Windows XP is unsafe, and ZOMG Drones! All that coming up now on ThreatWire.   Android Text Message Hack: Stagefright   http://www.androidcentral.com/stagefright-exploit-what-you-need-know https://www.twilio.com/blog/2015/07/how-to-protect-your-android-device-from-stagefright-exploit.html https://github.com/WhisperSystems/TextSecure/issues/3817   Brink Smart Safe Hacking https://www.youtube.com/watch?v=mzD58OavYVY http://www.bishopfox.com/blog/2015/07/on-the-brink-of-a-robbery/ http://www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/ http://webcache.googleusercontent.com/search?q=cache:Nf-lEGqozmEJ:www.bishopfox.com/news/2015/06/def-con-23-hacking-smart-safes-on-the-brink-of-a-robbery/+&cd=1&hl=en&ct=clnk&gl=us https://www.youtube.com/watch?v=Kq9LwFNM55k   ZOMG Drones http://hackaday.com/2015/07/22/no-mounting-a-gun-to-a-quadcopter-probably-isnt-illegal/ http://www.wsj.com/articles/next-step-for-drones-defending-against-them-1437645600?mod=WSJ_TechWSJD_moreTopStories http://www.computerworld.com/article/2951878/telematics/firewalls-cant-protect-todays-connected-cars.html   Thumbnail credit: Michael Mandiberg: https://www.flickr.com/photos/theredproject/10662464343/in/photostream/

Read more

Introducing the Hak5 LAN Turtle, and a site to site VPN with OpenVPN Access Server. All that and more, this time on Hak5. Download HD  |   Download MP4 Our newest edition to the Hak5 family of pentesting gear is the LAN Turtle, a covert tool for remote access, network scanning, and man-in-the-middle. It is covert […]

Read more

Do I need a UPS or power conditioner to ‘protect’ my PC and home theater gear? 3 travel accessories every geek should have during their summer vacation, Ethernet vs. WiFi? (Hint, one of ’em crushes the other…) Why you might want to run conduit, and how to password protect a folder on your external hard […]

Read more

Follow up on our quick and dirty OpenVPN guide from last week with the final setup to getting it online and accessible from outside your LAN. Download HD  |   Download MP4 1. Setup Static IP 2. Configure Xen to start VM automatically 3. Port Forward ==Set Static IP== #SSH Into the Ubuntu OpenVPN Server ssh […]

Read more

The Impact Team says they’ve compromised Avid Life Media, owners of AshleyMadison.com… and they’re gonna expose all the accounts if the site isn’t shut down. The latest Hacking Team data revelation: a backdoor through the Google Play screening process. Worried about all the Hacking Team malware? Rook Security has a free tool, and tips on […]

Read more

Way to go NASA, the New Horizon images from Pluto are amazing! Logitech’s K400 Plus Keyboard, three awesome iPhone apps, Amazon Prime Day, securing your bank account with two factor authentication, syncing Google Drive Photos… All that and more, on TekThing!!! —— Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— […]

Read more

Your weekly hacking team update, Flash is patched and dumped all on the same day, and United gives out one million miles for an exploit. All that coming up now on Threat Wire. Links: https://threatpost.com/hacking-team-promises-to-rebuild-controversial-surveillance-software/113743 http://thehackernews.com/2015/07/hacking-uefi-bios-rootkit.html http://arstechnica.com/security/2015/07/hacking-team-broke-bitcoin-secrecy-by-targeting-crucial-wallet-file/   http://arstechnica.com/security/2015/07/once-again-adobe-releases-emergency-flash-patch-for-hacking-team-0-days/ https://addons.mozilla.org/en-us/firefox/blocked/p94 https://twitter.com/alexstamos/status/620306643360706561 https://twitter.com/alexstamos/status/620306791520309248   https://threatpost.com/united-airlines-hands-out-million-mile-bug-bounty/113766   http://w3techs.com/technologies/details/cp-flash/all/all http://httparchive.org/interesting.php https://alternativeto.net/software/flash-player/ https://www.sophos.com/en-us/security-news-trends/security-trends/html5-and-security.aspx http://www.smashbrand.com/articles/html-5-explained-quickly/ https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet http://www.sitepoint.com/security-risks-html5-apps/   Youtube Thumbnail […]

Read more

VPNs are great for protecting your Internet traffic when on untrusted networks – like Public WiFi. So many times it’s thrown around as advice “just get a VPN” – but where should you get a VPN? When you sign up for a $10/month VPN service in “the cloud” you’re basically handing over both money *and* […]

Read more

Yet another Flash exploit has been found… expect a patch, but we’d rather you removed Adobe’s Flash. RhinoSecurity has cancelled the super cool ProxyHam, and the DefCon talk, Patent Trolls are getting worse, and the first new zero day Java attack in two years! We’ll explain it all in today’s edition of ThreatWire Links: Another […]

Read more

Synology DS1515+… just what is a NAS, anyhow??? Email Encryption, getting surround sound speakers set up right, die flash die, portable chargers, and more, today on TekThing! ——- Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— Love the show? Please support us on Patreon! THANKS to Hak5! & The HakShop!!! SOCIAL IT UP! Twitter, Facebook, Google+. Email [email protected]!!! […]

Read more

Adobe Flash 0-Day Vulnerability, No More Private Registration?!, T-Mobile Transparency Report Released. All that coming up now on Threat Wire. Links: http://arstechnica.com/security/2015/07/hacking-team-leak-releases-potent-flash-0day-into-the-wild/ http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/ http://www.wired.com/2015/07/unassuming-web-proposal-make-harassment-easier/ https://gnso.icann.org/en/issues/raa/ppsai-initial-05may15-en.pdf http://www.cnet.com/news/t-mobiles-transparency-report-reveals-352000-customer-data-requests/ http://newsroom.t-mobile.com/content/1020/files/NewTransparencyReport.pdf https://plus.google.com/u/0/b/105419513438843979262/communities/108468376385294386339   Youtube Thumbnail credit: https://www.flickr.com/photos/maxkiesler/8114167283

Read more

Sniffing Packets on Android with tPacketCapture and Xen Orchestra, a free open source web-based management system for XenServers. Download HD  |   Download MP4 Links: https://xen-orchestra.com https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture&hl=en https://www.kismetwireless.net/android-pcap/

Read more

Was Hacking Team knowingly selling their “lawful interception tools” to foreign governments with less than stellar human rights records? Plex and Harvard have suffered breaches, Trump might have a credit card problem, and right now would be a good time to update Mozilla Firefox. Yo! Links: Hacking Team Hacked: http://www.securityweek.com/surveillance-software-firm-hacking-team-suffers-data-breach Hacking Team Responds: http://www.csoonline.com/article/2944333/data-breach/hacking-team-responds-to-data-breach-issues-public-threats-and-denials.html Plex […]

Read more

Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— Love the show? Please support us on Patreon! THANKS to Hak5! & The HakShop!!! SOCIAL IT UP! Twitter, Facebook, Google+. Email [email protected]!!! ——- Sponsor: Thanks Hostgator.com!  Use coupon code TekThing for 30% off your hosting package ——- TekThing Episode 26: ——- iPhone 6s Rumors: Apple’s next gen smart phone is coming, […]

Read more

NSA data collection is a thing, at least til November, ‘Dino’ malware was found in Iran, and OPM makes the news, yet again. All that coming up now on ThreatWire. Links: http://www.cnet.com/news/nsa-can-track-everyones-phone-calls-again-for-a-while/ https://s3.amazonaws.com/s3.documentcloud.org/documents/2124483/br-15-75-misc-15-01-opinion-and-order.pdf http://arstechnica.com/security/2015/06/researchers-expose-dino-espionage-malware-with-a-french-connection/ http://www.welivesecurity.com/2015/06/30/dino-spying-malware-analyzed/ http://arstechnica.com/tech-policy/2015/06/opm-shuts-down-background-investigation-portal-because-of-vulnerability/ http://www.opm.gov/news/releases/2015/06/opm-notifies-agencies-of-temporary-suspension-of-e-qip-system/ Youtube Thumbnail credit: https://c2.staticflickr.com/6/5577/14731380678_ef5314e065_b.jpg

Read more

Today on Hak5, we’re continue our experiments with the home lab virtual server with open source OpenXenManager for Linux. Download HD  |   Download MP4 Links: Open Xen Manager – http://sourceforge.net/projects/openxenmanager/

Read more

Fourth of July terror warning? It’s an annual thing. If you run Cisco Security Appliances, heads up, there’s a vulnerability that could give root user level access, it looks like private MAC addresses are coming, which is GREAT for privacy, and, yes, official fingers are pointing at China for the OPM data theft. Links: MAC […]

Read more

Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— Love the show? Please support us on Patreon! THANKS to Hak5! & The HakShop!!! SOCIAL IT UP! Twitter, Facebook, Google+. Email [email protected]!!! ——- TekThing Episode 25 Shownotes: ——- Upgrade Flash, Chrome, & IE NOW: Flash has a pretty nasty vulnerability, here’s more info and how to fix it! Undo Send in […]

Read more

Update Flash -and your Chrome browser- NOW, ’cause there’s a nasty bug that’s being exploited in the wild. Watch Out WiFi Pineappple, here comes PITA Wireless Password Theft… seriously, researchers are wirelessly grabbing passwords! Blackshades Leader Gets 57 Months for RAT… and the FBI has great info on how to figure out if your machine […]

Read more

Today on Hak5, we’re building a home lab virtual server with open source Xenserver and an Intel NUC. Download HD  |   Download MP4 Links: http://xenserver.org/ https://www-ssl.intel.com/content/www/us/en/nuc/overview.html

Read more

The Australian Gov’t’s New copyright bill, google play apps are hackable, again. Emails can be hacked with a simple code, and 14 million people just got doxxed? All that coming up now on ThreatWire. Links: http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5446 http://arstechnica.com/tech-policy/2015/06/australia-passes-controversial-anti-piracy-web-censorship-law/ https://torrentfreak.com/netflix-vpn-problem-leave-consumers-alone-aussie-minister-says-150617/ http://www.abs.gov.au/AUSSTATS/[email protected]/DetailsPage/6291.0.55.003May%202015?OpenDocument http://arstechnica.com/security/2015/06/game-over-https-defects-in-dozens-of-android-apps-expose-user-passwords/ https://www.appbugs.co/home/youre-on-your-own-ensuring-the-safety-of-the-data-on-your-mobile-device/ http://arstechnica.com/security/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/ http://thehackernews.com/2015/06/how-to-hack-email-account.html   Youtube Thumbnail credit: https://upload.wikimedia.org/wikipedia/commons/7/7a/Aus_Flag.jpg

Read more

Download the video. Subscribe To Our Video on YouTube, iTunes, RSS. Download audio only MP3. (Audio RSS Feed Coming!) —— Love the show? Please support us on Patreon! THANKS to Hak5! & The HakShop!!! SOCIAL IT UP! Twitter, Facebook, Google+. Email [email protected]!!! ——- TekThing Episode 24 Shownotes: ——- LastPass Hacked??? Info on the breach here, our advice in the video. Credit Freeze: Worried about identity theft? Was your information stolen from the OPM? ou […]

Read more

An Apple Zero Day breaks out of OSX and iOS sandboxes. SAP installs pop with default creds. ZOMG 600 million vulnerable Samsung devices? And free encryption keys for all, coming in just a few weeks! Support ThreatWire: https://www.patreon.com/ThreatWire Links: http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/ https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view http://erpscan.com/press-center/news/static-encryption-keys-as-the-latest-trend-in-sap-security/#more-8205 http://www.theregister.co.uk/2015/06/19/sap_hana_vulns/ https://letsencrypt.org/2015/06/16/lets-encrypt-launch-schedule.html   Photo Credit https://upload.wikimedia.org/wikipedia/commons/c/c6/Sandbox_with_toys.JPG https://upload.wikimedia.org/wikipedia/commons/0/07/Honeycrisp-Apple.jpg

Read more