Hak5 2306 – Bash Bunny Phishing Attack With Hamsters

Hak5.org/live to watch the event announcement live!
Hak5.org/rsvp to come to our San Francisco event.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

WPA2 Wi-Fi Vulnerable to KRACK Hack; RSA Keys Broken – ThreatWire

Krack is bad for WiFi, Equifax loses their IRS contract, and an RSA crypto key is vulnerable to being reverse engineered. Today on ThreatWire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://www.krackattacks.com/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
https://github.com/kristate/krackinfo
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

Equifax Takes Down Compromised Page Redirecting to Adware Download

Equifax Credit Assistance Site Served Spyware

https://www.cnet.com/news/equifax-website-ads-served-adware-malware-expert-finds/
https://randy-abrams.blogspot.com/2017/10/new-equifax-website-compromise.html
https://www.cnet.com/news/irs-reportedly-suspends-7-2-million-equifax-contract/
https://arstechnica.com/tech-policy/2017/10/after-second-bungle-irs-suspends-equifaxs-taxpayer-identity-contract/

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
https://en.wikipedia.org/wiki/Coppersmith%27s_attack
https://www.yubico.com/keycheck/
https://keychest.net/roca

Youtube Thumbnail credit:
https://static.pexels.com/photos/7101/wood-coffee-iphone-notebook.jpg

Source: Security news

HakTip 166 – How To Use ExFAT In Linux: Linux Terminal 201

Having problems mounting a flashdrive formatted in ExFAT on Ubuntu? Here’s how to fix that!

Use coupon code haktip at https://www.eero.com for free overnight shipping on your order to the US or Canada!

Props to HowToGeek for the awesome written directions! https://www.howtogeek.com/235655/how-to-mount-and-use-an-exfat-drive-on-linux/

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

Hak5 2305 – Password Grabber Bash Bunny Payload

Check out the awesome password grabber payload for the Bash Bunny on Hak5!

Sign up for our October 20 Event where we’ll be giving away gear gifts to the first 100 attendees! – hak5.org/rsvp

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

3 Billion Yahoo Accounts Hacked; Disqus Hacked! – Threat Wire

The Yahoo breach was a lot worse than we thought, the Equifax ex-CEO sheds light on some questions, disqus was hacked, and Kaspersky is stuck in the middle of debates. All that coming up now on ThreatWire.

Hak5 Product Launch Event! October 20th: https://www.hak5.org/rsvp

——————————-
——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://motherboard.vice.com/en_us/article/8x8b4x/whoops-yahoo-says-2013-hack-actually-hit-3-billion-users
https://www.oath.com/press/yahoo-provides-notice-to-additional-users-affected-by-previously/

2013 Yahoo Breach Affected All 3 Billion Accounts

Fear Not: You, Too, Are a Cybercrime Victim!

https://www.cnet.com/how-to/find-out-if-your-yahoo-account-was-hacked/
https://www.cnet.com/news/yahoo-announces-all-3-billion-accounts-hit-in-2013-breach/
https://www.cnet.com/how-to/how-to-delete-your-yahoo-account/
https://arstechnica.com/information-technology/2017/10/yahoo-says-all-3-billion-accounts-were-compromised-in-2013-hack/
https://www.wired.com/story/yahoo-breach-three-billion-accounts/
https://thehackernews.com/2017/10/yahoo-email-hacked.html

https://thehackernews.com/2017/10/kaspersky-nsa-spying.html
https://www.wired.com/story/nsa-contractors-hacking-tools/
https://arstechnica.com/information-technology/2017/10/the-cases-for-and-against-claims-kaspersky-helped-steal-secret-nsa-secrets/
https://www.cnet.com/news/russian-hackers-reportedly-stole-nsa-cyber-secrets-in-2015/
https://motherboard.vice.com/en_us/article/kz755a/ex-nsa-hackers-are-not-surprised-by-bombshell-kaspersky-report

We aggressively protect our users and we’re proud of it.

https://www.wired.com/story/equifax-ceo-congress-testimony/
https://arstechnica.com/tech-policy/2017/10/irs-awards-equifax-7-25m-taxpayer-identity-contract-weeks-after-hack/
https://www.cnet.com/news/irs-gives-equifax-7-25-million-contract-to-prevent-tax-fraud/
https://www.cnet.com/news/equifax-ex-ceo-blames-breach-on-one-person-and-a-bad-scanner/

https://blog.disqus.com/security-alert-user-info-breach
https://thehackernews.com/2017/10/disqus-comment-system-hacked.html

Youtube Thumbnail credit:
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/Yahoo%21_Taiwan_weiya_stage_20160119.jpg/1280px-Yahoo%21_Taiwan_weiya_stage_20160119.jpg

Source: Security news

HakTip 165 – Monitoring System Resources Pt 2: Linux Terminal 201

Monitoring system resources via the Linux terminal!

https://github.com/Distrotech/lsof/blob/master/00QUICKSTART
https://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

TekThing 145 – 3 Photo Apps For Better Phone Photos! Shure SE215 Earphone Review, Best Wire Cutter For Makers!

Awesome Android Photography Apps! Shure SE215 Sound Isolating Earphone Review, Best Wire Cutter For Makers Costs $5!
——
01:42 Android Photography
Anthony asks “could you give some advice on the best settings or android apps to use for smartphone photography?” Sure! Shannon’s got a ton of tips that’ll work with iOS, too… we talk VSCO, Snapseed, and Adobe’s Lightroom photo apps, and gadgets like lenses in the video!
https://play.google.com/store/apps/details?id=com.vsco.cam&referrer=utm_source%3Dcorporate%26utm_medium%3Dcorpweb v
https://play.google.com/store/apps/details?id=com.niksoftware.snapseed&hl=en
https://play.google.com/store/apps/details?id=com.adobe.lrmobile
http://photojojo.com/awesomeness/cell-phone-lenses

14:26 Shure SE215 Review
Can Shure’s entry level in ear monitor, the SE215 Sound Isolating Earphones, replace 1MORE’s Triple Driver as our favorite earbud under $100? Watch the video to find out… especially if you need in ear monitors that block background noise, or constantly trash headphone cables!!! (Earbuds around $25? Check The Wirecutter!)
http://www.shure.com/americas/products/earphones/se-earphones/se215-sound-isolating-earphones
http://www.shure.com/americas/products/accessories/earphones/earphone-headphone-cables

The Best Earbuds Under $50

22:51 Wire Cutters for Electronic Makers!
JayLuigi tweets, “@patricknorton I can’t remember the wire snippers you recommended heeeelp??” For most things? Channellock! But you probably saw us using Haako’s CHP-170 Micro Soft Wire Cutter!
https://twitter.com/JayLuigi/status/914792433526956033
https://www.amazon.com/Tools-Home-Improvement-Channellock/s?ie=UTF8&field-brandtextbin=Channellock&page=1&rh=n%3A228013
https://www.amazon.com/Hakko-CHP-170-Stand-off-Construction-21-Degree/dp/B00FZPDG1K/

25:21 Blocking Facebook Photos You Don’t Want To See
Lance asks, “how can we hide someone’s FaceBook photos from our eyes without stopping people who what to see them.” We discuss your options, and Facebook Notification Settings, in the video.
https://www.facebook.com/settings?tab=notifications&section=on_facebook&view

29:16 Search for Books and eBooks In Your Local Library!
From the we had no idea department, You can now check for ebooks at your local libraries on Google Search! We demo how it works (and where you look for ’em) in the video!
http://www.androidauthority.com/check-ebooks-local-libraries-google-search-801906/

30:38 Do Something Analog
Like Mark, who tells us about the Mayowood Mansion, picking apples, and “over 300 bushels (600 5-gallon pails) of black walnuts with our 4H club” in the video! Awesome!
http://www.olmstedhistory.com/your-visit/mayowood.html
——
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
https://www.patreon.com/tekthing
——
EMAIL US!
ask@tekthing.com
——
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
——
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
THANKS!
HakShop: https://hakshop.myshopify.com/
——
SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers
——

Source: Security news

Hak5 2304 – Operating System Detection with the Bash Bunny and A Heartfelt Goodbye

Please join us in saying goodbye to our favorite feline, Kerby Kitchen, who was with us since September 2001. We miss her dearly.

(NOTE FROM SHANNON)
Please consider donating to The Humane Society or your favorite animal charity in honor of Kerby. http://www.humanesociety.org Thank you, and thank you for your support. We love you all

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

Ducky Script – USB Rubber Ducky 101

Ducky Script is the language of the USB Rubber Ducky. Writing scripts for can be done from any common ascii text editor such as Notepad, vi, emacs, nano, gedit, kedit, TextEdit, etc.

Syntax

Ducky Script syntax is simple. Each command resides on a new line and may have options follow. Commands are written in ALL CAPS, because ducks are loud and like to quack with pride. Most commands invoke keystrokes, key-combos or strings of text, while some offer delays or pauses. Below is a list of commands and their function, followed by some example usage.

REM

Similar to the REM command in Basic and other languages, lines beginning with REM will not be processed. REM is a comment.
REM The next three lines execute a command prompt in Windows
GUI r
STRING cmd
ENTER

DEFAULT_DELAY or DEFAULTDELAY

DEFAULT_DELAY or DEFAULTDELAY is used to define how long (in milliseconds * 10) to wait between each subsequent command. DEFAULT_DELAY must be issued at the beginning of the ducky script and is optional. Not specifying the DEFAULT_DELAY will result in faster execution of ducky scripts. This command is mostly useful when debugging.
DEFAULT_DELAY 10 
REM delays 100ms between each subsequent command sequence

DELAY

DELAY creates a momentary pause in the ducky script. It is quite handy for creating a moment of pause between sequential commands that may take the target computer some time to process. DELAY time is specified in milliseconds from 1 to 10000. Multiple DELAY commands can be used to create longer delays.
DELAY 50
REM will wait 500ms before continuing to the next command.

STRING

STRING processes the text following taking special care to auto-shift. STRING can accept a single or multiple characters.
STRING | a…z A…Z 0…9 !…) `~+=_-“‘;:<,>.?[{]}/|!@#$%^&*()
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello World!

WINDOWS or GUI

Emulates the Windows-Key, sometimes referred to as the Super-key.
GUI r
REM will hold the Windows-key and press r, on windows systems resulting in the Run menu.

MENU or APP

Emulates the App key, sometimes referred to as the menu key or context menu key. On Windows systems this is similar to the SHIFT F10 key combo, producing the menu similar to a right-click.
GUI d
MENU
STRING v
STRING d
REM Switch to desktop, pull up context menu and choose actions v, then d toggles displaying Windows desktop icons

SHIFT

Unlike CAPSLOCK, cruise control for cool, the SHIFT command can be used when navigating fields to select text, among other functions.
SHIFT | DELETE, HOME, INSERT, PAGEUP, PAGEDOWN, WINDOWS, GUI, UPARROW, DOWNARROW, LEFTARROW, RIGHTARROW, TAB
SHIFT INSERT
REM this is paste for most operating systems

ALT

Found to the left of the space key on most keyboards, the ALT key is instrumental in many automation operations. ALT is envious of CONTROL
ALT |END, ESC, ESCAPE, F1…F12, Single Char, SPACE, TAB
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello World
ALT f
STRING s
REM alt-f pulls up the File menu and s saves. This two keystroke combo is why ALT is jealous of CONTROL's leetness and CTRL+S

CONTROL or CTRL

The king of key-combos, CONTROL is all mighty.
CONTROL | BREAK, PAUSE, F1…F12, ESCAPE, ESC, Single Char | | CTRL | BREAK, PAUSE, F1…F12, ESCAPE, ESC, Single Char
CONTROL ESCAPE
REM this is equivalent to the GUI key in Windows

Arrow Keys

DOWNARROW or DOWN | | LEFTARROW or LEFT | | RIGHTARROW or RIGHT | | UPARROW or UP

Extended Commands

These extended keys are useful for various shortcuts and operating system specific functions and include:
BREAK or PAUSE
CAPSLOCK
DELETE
END
ESC or ESCAPE
HOME
INSERT
NUMLOCK
PAGEUP
PAGEDOWN
PRINTSCREEN
SCROLLOCK
SPACE
TAB

Source: Security news

Optimizing and Obfuscating Payloads – USB Rubber Ducky 101

Obfuscation and Optimization

While this post isn’t intended to be a comprehensive list of obfuscation and optimization techniques, these three simple examples effectively illustrate the concept.

Obfuscation

So what is obfuscation? Obfuscation is all about reducing the visibility of the payload, or simply put – making it stealthier. This is crucial in a social engineering deployment scenario. If a payload is too long, or too “noisy” it’s more likely to be noticed and thwarted. With that in mind, let’s look at two simple examples of obfuscating the Windows command prompt.

Our ducky script begins with a common combination of keystrokes which opens the Windows command prompt.

DELAY 1000
GUI r
DELAY 100
STRING cmd
ENTER

From here we typically have a large black and white terminal window open – which to laymen may look intimidating. Let’s reduce that visibility.

DELAY 500
STRING color FE
ENTER
STRING mode con:cols=18 lines=1
ENTER

The first command, “color FE“, sets the command prompt color scheme to yellow text on a white background. Unfortunately the same color cannot be set as both background and foreground, however a yellow on white command prompt is very difficult to read and will obscure our payload. For a complete list of color combinations, issue “color *” in a terminal. Bonus: For 1337 mode, issue “color a

The next command, “mode con:cols=18 lines=1” reduces the command prompt window size to 18 columns by 1 line. This, in combination with the above color command, creates a very small and extremely difficult to read command prompt. Best of all, while this makes reading the payload difficult by any observer, it does not impact the function of the payload in any way. The computer simply doesn’t care that the command prompt is illegible.

Finally we’ll execute our command. Let’s pick something silly that’ll take some time to run, just for fun. In that case we’d add to our obfuscated payload the following:

STRING tree c: /F /A
ENTER
DELAY 20000
STRING exit
ENTER

The above tree command will map the file and directory structure of the C drive in ASCII. Even with the fast solid state drive in my development computer, this task takes about 20 seconds to complete. Afterwards, when our nefarious tree command finishes, we’ll want to close the command prompt in order to prevent our target user from noticing our devilish deeds. So for that we’ll need to add a 20 second delay, followed by the exit command to close the command prompt. While we may be able to issue the “exit” and ENTER keystrokes while the tree command is executing, depending on the complexity of the running process there is no guarantee it will issue.

By adding up the delays and keystrokes of this ducky script, we can approximate this payload to require around 23 seconds to execute.

Optimization

What about optimization? If obfuscation is all about making a payload stealthier, optimization is all about making it faster. Short of injecting keystrokes faster, often times a little finesse can go a long way in reducing unnecessary delays. Let’s take a crack at optimizing the above “tree” attack payload while maintaining its obfuscation.

DELAY 1000
GUI r
DELAY 100
STRING cmd /C color FE&mode con:cols=18 lines=1&tree c: /F /A
ENTER

These 5 lines of ducky script executes the exact same payload as the previous 15-line version, and executes in less than 3 seconds instead of 23! Now, the command prompt is still open for around 20 seconds while the tree command completes, but no further action from the USB Rubber Ducky is needed once the single command is run. Meaning, seconds after plugging in the USB Rubber Ducky, it can be safely removed while the tree command continues to run. Let’s take a look at how.

Similar to the first version, we open the Windows Run dialog and enter the “cmd” command in order to open a command prompt, but rather than just open the prompt we’ll pass it a few parameters and commands. The first is “/C“, which tells the command prompt to close once the command completes. Alternatively if we were to issue “/K” for “keep“, the command prompt would stay visible even after the tree command completes.

The rest of the payload is to string together all of the commands. By placing an ampersand symbol (&) in between our commands, we can string them together on one line. in our case this is “color“, “mode“, and “tree“. This is what we would call a one-liner payload since it utilizes just a single STRING command.

Aside from being able to unplug the USB Rubber Ducky as soon as the Run dialog completes, this payload is also more reliable. The biggest issue with the first version was the 500 ms delay between issuing “cmd” and beginning to type the commands.

Any time a payload must wait on a GUI element, a reliability issue can occur. If the target computer were running slowly, and more than a half-second were required in order to open the command prompt, the payload would have failed.

Optimizing the Optimized

Our obfuscated and optimized tree attack ducky script is great, but like all ducky scripts there’s always room for even more improvement.

DELAY 1000
GUI r
DELAY 100
STRING cmd /C "start /MIN cmd /C tree c: /F /A"
ENTER

Like CMD inception, the above ducky script is even more optimized. Notice the “color” and “mode” commands have been removed, and instead the “cmd /C tree c: /F /A” command has been wrapped inside another “cmd /C” command.

The first “cmd” issues the second with the leading “start /MIN” command. The “start” command executes everything following with the parameter “/MIN“. The “/MIN” parameter opens the second “cmd” window in a minimized state.

Since the first “cmd” running the “start” command completes in an instant, the command prompt is only visible for a split second. The second “cmd“, which is actually executing our “tree c: /F /A” command, is left minimized in the background mapping the file and directory structure of the C drive.

The result is a script which executes even faster than before, having typed only 42 characters instead of 56. This new version is actually even more obfuscated than the previous one with the tiny yellow on white command prompt, because it’s command prompt is minimized the entire time the tree command is running.

This is just one benign example of an optimized and obfuscated USB Rubber Ducky payload, though it illustrates greatly the importance of taking the time to finesse any ducky script.

Source: Security news