◾️
10.7K posts
This is my last week working professionally on a Red Team, excited to be joining the super talented people over at @elastic in just over a week as a Senior Security Research Engineer!
Alongside my regular red team work I have been lucky enough to have a day a week secondment with a partner organisation performing Windows security research.
One massive thing I have learned that I thought would be worth sharing, is having questions to answer in security research is super important when it comes to learning, growing skills and finding things which matter.
Whilst poking at stuff in free time is fun - you will find you have much greater success when there are legitimate questions to answer. If you enjoy it as a hobby / want to grow deeper skills - try that :).
English
@vxunderground I wish I could code something like this one day you are one talented guy smelly
English
If you're curious what a basic position independent polymorphic mutation engine looks like in C (compiled as C++), this is what it looks like.
I'll do a write up later.
gist.github.com/vxunderground/…
English
◾️ nag-retweet
This is exactly the reason why I flag Routerhosting abuse.
I mention that I see tons of malware online and the CEO comes in with a “We respect the users privacy” incase of actually handling the abuse being flagged for weeks on end.
English
I have finished my Polymorphic Mutation Engine. It is very silly.
I spent hours, probably 6 hours or more, debugging trying to figure out why it wasn't mutating correctly.
Then it dawned on me Visual Studio was optimizing out segments of my code which made it break.
English
@banthisguy9349 @abuse_ch cloudzy doesn’t give a fuck what you do on on their services
English
urlhaus.abuse.ch/asn/14956/
To all my @abuse_ch reporting homies. Keep the pressure up on routerhosting!
I see tons of malware urls online, but I know for a fact that there is even more to be found!
Fox_threatintel@banthisguy9349
@Hannan_Nozari you need to take some god damn responsibility for the abuse on your ASN with your company @cloudzyvps / Routerhosting. Enough is enough.
English
dating tip: if you want a gf you should ask a girl to be your gf
English
Giveaway Time - 150 Cool Stickers
30 winners 5 Stickers Each
Comment below and follow @HackerStick3rs
Winners chosen in 24 hours
English
The Neighbor's Challenge: Hacking his sweet 1Gbps WiFi
> > be me
> > moving into new apartment
> > ISP says "3 weeks for installation"
> > absolute-disaster.jpg
> > see neighbor in hallway
> > "Hey, can I pay you to use your Wi-Fi for a week?"
> > neighbor looks at my hoodie and glasses
> > "No. If you want internet so bad, why don't you just hack it, Mr. Robot?"
> > neighbor laughs and slams door
> > wait... did he just give me permission?
> > "Are you sure? You really want me to try?" I yell through the wood.
> > "Yeah, go for it, nerd!"
> > challenge accepted.
>
Phase 1: The Setup
> > walk back to my dark room
> > boot up my Fujistu E744
> > Kali Linux logo glows in the dark
> > pull out the Alfa AW... wireless adapter
> > the high-gain antenna looks like a weapon of war
> > lsusb ... adapter detected.
> > airmon-ng start wlan0
> > monitor mode enabled. I am now the ghost in the machine.
>
Phase 2: The Reconnaissance
> > airodump-ng wlan0mon
> > scanning the airwaves like a digital bloodhound
> > there it is: "Pretty_Fly_For_A_WiFi"
> > WPA2-PSK. Strong signal. One client connected.
> > time to intercept the handshake.
> > airodump-ng -c 6 --bssid [MAC_ADDRESS] -w capture wlan0mon
>
Phase 3: The Deauthentication
> > neighbor is probably watching Netflix
> > time to briefly disrupt the peace
> > aireplay-ng -0 5 -a [BSSID] -c [CLIENT_MAC] wlan0mon
> > send deauth packets
> > neighbor's laptop or Tv disconnects for a split second
> > it automatically tries to reconnect
> > it sends the encrypted handshake into the void
> > I catch it.
> > "WPA Handshake: [MAC]" appears in the corner
> > I have the prize.
>
Phase 4: The Crack
> > hashcat -m 2500 capture.hccapx rockyou.txt
> > GPU fans start screaming like a jet engine
> > 5,000,000 guesses per second
> > 2 minutes pass...
> > STATUS: CRACKED
> > Password: password123
> > are you kidding me?
>
The Aftermath
> > log in to his router settings
> > change his SSID to "I_SHOULD_HAVE_SHARED"
> > change his wallpaper on his smart TV to a picture of a kitten
> > walk back over and knock on the door
> > neighbor opens it, looking annoyed
> > "Hey man, your Wi-Fi name is a bit weird, and you might want to check your TV."
> > show him the password on my phone
> > neighbor turns pale
> > "So... can I have that guest password now?"
> > he gives it to me for free.
> > mfw I have 1Gbps fiber for the cost of a 2-minute crack.
English
THERES A FUCKING EBAY FOR BUYING EXTENSIONS AND ROOTKITTING THEM?
tuckner@tuckner
Almost forgot I took a screenshot of the original ExtensionHub listing 🥳🥳🥳
English
@vxunderground if social media enforces IDs I’ll be paying a guy from a third world country $20 off fiverr & use that
English
When I was a teenager we would ask homeless people to buy us alcohol. In exchange we would give them money for alcohol.
It's called B2B sales.
If social media requires an ID soon, do you think kids will offer homeless people alcohol money in exchange for social media access?
English
@NotNordgaren @agent_duckman I’ve always installed it on regular win10 isos never had any issues, just gotta get windows defender to fuck off.
English
@agent_duckman Is that the iso they want for flarevm? It's always a specific one. Last time I installed flareVM, it was the windows 10 edge version or whatever for testing edge.
English
@skocherhan @gitlab nice find this makes multiple get requests to telegram channels with bios containing the domain used to exfil data to angry-toaster[.]com which would be the IOC.
English
◾️ nag-retweet
I had a few people test this when it was behind auth but pulled the auth back. If you're interested in Defender signatures and ASR rules.
defender.hackpwn.net
English