Skip to main content

Posts

Mass Hacking Android Phones

Recent posts

Hacking IOT: Google Chromcast

Hacking Google Chromcast Slack Group Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below: NEW Hacking Group Slack Channel Introduction Its January 2nd, 2019 and like I always do I was checking my news feed and noticed an article about how some malicious hacker attacking chromcast which resulted in their TV being forced to render unwanted content ( News Article ). Message hacker left on TVs This peaked my interest so I set out discover how the hacker accomplished this. Technical Details  Recon According to the internet the definition of chromcast is a streaming media adapter from Google that allows users to play online content such as videos and music on a digital television .   At the time of writing this post this is a h

Hacking Books

Best Hacking Books List Slack Group Before we get started I have started a new slack group dedicated to hacking. We welcome everyone from beginner to advanced to join. I will be on everyday answer questions, doing CTFs, and talking about cool hacks. If you enjoy hacking and are looking for like minded people join below: NEW Hacking Group Slack Channel If you want to get really good at something its best to have some sort of mentor. Reading the words that smart people have written down can be just has good as talking to them one on one. I have create a list of some of the best hacking books I know of which can be bought on amazon by following the provided links. If you were to read all of the listed books you would with out a doubt become a PRO. Beginner The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Basic Security Testing with Kali Linux 2 Hash Crack: Password Cracking Manual (v2.0) Nmap Network Scanning: The Official

Threat Hunting

Abstract    The paper reviews a threat hunters methodology and aims to help organizations protect themselves against advanced persistent threats(APT). The paper starts off by explaining the first hacking case and explains how attacks have advanced over the years. The rest of the paper talks about the threat hunters methodology and how it can be used to combat APT groups. Introduction    Hackers have been infiltrating and pilligings networks for decades now. In 1903 the hacker Nevil Maskelyne was caught sending disrespectful messages in morse code through the auditorium's projector. Hackers have always been around but responding to and protecting ourselves from these malicious actors is relatively new. Threat hunting focuses on finding these malicious actors commonly referred to as advanced persistent threats(APT).    Hackers have advanced tremendously over the years. The days are over where you only have to worry about teenagers in their mom's basement. In today'

Expired Domains

Expired Domains Finding expired domains By using expired domains we can mimic a legit website and forge other information to make our malicious domain seem legit. There are several websites that can be used to find expired domains. There are also a few open source tools that allow you to locate expired domains. I will be searching for domains that have the word church in their name. Hiding behind innocent domains that act as churches, medical help, education, or other related things can help cover a malicious domain. We can see the domain “hope-community-church.com” Domain Price We need to check the price of the domain before we go further. We can do this with a number of sites. Looks like it will cost $10.98 to purchase this domain. Cover Page We need to find a legit cover page for our domain. We can do this using the “way back machine” (archive.org). This websites takes snapshots of websites overtime. So we should be able to look at an old version of this

Message Queuing Telemetry Transport (MQTT) Hacking

Introduction      IOT devices need a way to communicate with each other and there are several protocols that allow them to do this. The most popular IOT communication protocols that run over wifi are HTTP, MQTT, XMPP, and AMQP. All of these protocols have their own weaknesses but I will be covering the MQTT protocol.    Message Queuing Telemetry Transport (MQTT) is a publish subscribe based message passing protocol. This protocol was invented in 1999 and they didn't really have security in mind when they were developing it. The MQTT has several design flaws that could allow hackers to completely take over your devices and perform other unwanted attacks. MQTT Message Queuing  Telemetry Transport (MQTT) is a protocol that runs at the application layer. MQTT was designed to run on IOT devices because of its many benefits such as: Efficient Information Distribution Increased Scalability Reduced Network Bandwidth MQTT is a publish subscribe based mess