Hak5 2307 – Introducing the Packet Squirrel!

Get yours here! https://hakshop.com/
https://www.hak5.org/
Learn more: https://www.hak5.org/gear/packet-squirrel
https://www.hak5.org/gear/packet-squirrel/docs

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

Hak5 2306 – Bash Bunny Phishing Attack With Hamsters

Hak5.org/live to watch the event announcement live!
Hak5.org/rsvp to come to our San Francisco event.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

WPA2 Wi-Fi Vulnerable to KRACK Hack; RSA Keys Broken – ThreatWire

Krack is bad for WiFi, Equifax loses their IRS contract, and an RSA crypto key is vulnerable to being reverse engineered. Today on ThreatWire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://www.krackattacks.com/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
https://github.com/kristate/krackinfo
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

Equifax Takes Down Compromised Page Redirecting to Adware Download

Equifax Credit Assistance Site Served Spyware

https://www.cnet.com/news/equifax-website-ads-served-adware-malware-expert-finds/
https://randy-abrams.blogspot.com/2017/10/new-equifax-website-compromise.html
https://www.cnet.com/news/irs-reportedly-suspends-7-2-million-equifax-contract/
https://arstechnica.com/tech-policy/2017/10/after-second-bungle-irs-suspends-equifaxs-taxpayer-identity-contract/

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
https://en.wikipedia.org/wiki/Coppersmith%27s_attack
https://www.yubico.com/keycheck/
https://keychest.net/roca

Youtube Thumbnail credit:
https://static.pexels.com/photos/7101/wood-coffee-iphone-notebook.jpg

Source: Security news

HakTip 166 – How To Use ExFAT In Linux: Linux Terminal 201

Having problems mounting a flashdrive formatted in ExFAT on Ubuntu? Here’s how to fix that!

Use coupon code haktip at https://www.eero.com for free overnight shipping on your order to the US or Canada!

Props to HowToGeek for the awesome written directions! https://www.howtogeek.com/235655/how-to-mount-and-use-an-exfat-drive-on-linux/

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

Hak5 2305 – Password Grabber Bash Bunny Payload

Check out the awesome password grabber payload for the Bash Bunny on Hak5!

Sign up for our October 20 Event where we’ll be giving away gear gifts to the first 100 attendees! – hak5.org/rsvp

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

3 Billion Yahoo Accounts Hacked; Disqus Hacked! – Threat Wire

The Yahoo breach was a lot worse than we thought, the Equifax ex-CEO sheds light on some questions, disqus was hacked, and Kaspersky is stuck in the middle of debates. All that coming up now on ThreatWire.

Hak5 Product Launch Event! October 20th: https://www.hak5.org/rsvp

——————————-
——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://motherboard.vice.com/en_us/article/8x8b4x/whoops-yahoo-says-2013-hack-actually-hit-3-billion-users
https://www.oath.com/press/yahoo-provides-notice-to-additional-users-affected-by-previously/

2013 Yahoo Breach Affected All 3 Billion Accounts

Fear Not: You, Too, Are a Cybercrime Victim!

https://www.cnet.com/how-to/find-out-if-your-yahoo-account-was-hacked/
https://www.cnet.com/news/yahoo-announces-all-3-billion-accounts-hit-in-2013-breach/
https://www.cnet.com/how-to/how-to-delete-your-yahoo-account/
https://arstechnica.com/information-technology/2017/10/yahoo-says-all-3-billion-accounts-were-compromised-in-2013-hack/
https://www.wired.com/story/yahoo-breach-three-billion-accounts/
https://thehackernews.com/2017/10/yahoo-email-hacked.html

https://thehackernews.com/2017/10/kaspersky-nsa-spying.html
https://www.wired.com/story/nsa-contractors-hacking-tools/
https://arstechnica.com/information-technology/2017/10/the-cases-for-and-against-claims-kaspersky-helped-steal-secret-nsa-secrets/
https://www.cnet.com/news/russian-hackers-reportedly-stole-nsa-cyber-secrets-in-2015/
https://motherboard.vice.com/en_us/article/kz755a/ex-nsa-hackers-are-not-surprised-by-bombshell-kaspersky-report

We aggressively protect our users and we’re proud of it.

https://www.wired.com/story/equifax-ceo-congress-testimony/
https://arstechnica.com/tech-policy/2017/10/irs-awards-equifax-7-25m-taxpayer-identity-contract-weeks-after-hack/
https://www.cnet.com/news/irs-gives-equifax-7-25-million-contract-to-prevent-tax-fraud/
https://www.cnet.com/news/equifax-ex-ceo-blames-breach-on-one-person-and-a-bad-scanner/

https://blog.disqus.com/security-alert-user-info-breach
https://thehackernews.com/2017/10/disqus-comment-system-hacked.html

Youtube Thumbnail credit:
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/Yahoo%21_Taiwan_weiya_stage_20160119.jpg/1280px-Yahoo%21_Taiwan_weiya_stage_20160119.jpg

Source: Security news

HakTip 165 – Monitoring System Resources Pt 2: Linux Terminal 201

Monitoring system resources via the Linux terminal!

https://github.com/Distrotech/lsof/blob/master/00QUICKSTART
https://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

TekThing 145 – 3 Photo Apps For Better Phone Photos! Shure SE215 Earphone Review, Best Wire Cutter For Makers!

Awesome Android Photography Apps! Shure SE215 Sound Isolating Earphone Review, Best Wire Cutter For Makers Costs $5!
——
01:42 Android Photography
Anthony asks “could you give some advice on the best settings or android apps to use for smartphone photography?” Sure! Shannon’s got a ton of tips that’ll work with iOS, too… we talk VSCO, Snapseed, and Adobe’s Lightroom photo apps, and gadgets like lenses in the video!
https://play.google.com/store/apps/details?id=com.vsco.cam&referrer=utm_source%3Dcorporate%26utm_medium%3Dcorpweb v
https://play.google.com/store/apps/details?id=com.niksoftware.snapseed&hl=en
https://play.google.com/store/apps/details?id=com.adobe.lrmobile
http://photojojo.com/awesomeness/cell-phone-lenses

14:26 Shure SE215 Review
Can Shure’s entry level in ear monitor, the SE215 Sound Isolating Earphones, replace 1MORE’s Triple Driver as our favorite earbud under $100? Watch the video to find out… especially if you need in ear monitors that block background noise, or constantly trash headphone cables!!! (Earbuds around $25? Check The Wirecutter!)
http://www.shure.com/americas/products/earphones/se-earphones/se215-sound-isolating-earphones
http://www.shure.com/americas/products/accessories/earphones/earphone-headphone-cables

The Best Earbuds Under $50

22:51 Wire Cutters for Electronic Makers!
JayLuigi tweets, “@patricknorton I can’t remember the wire snippers you recommended heeeelp??” For most things? Channellock! But you probably saw us using Haako’s CHP-170 Micro Soft Wire Cutter!
https://twitter.com/JayLuigi/status/914792433526956033
https://www.amazon.com/Tools-Home-Improvement-Channellock/s?ie=UTF8&field-brandtextbin=Channellock&page=1&rh=n%3A228013
https://www.amazon.com/Hakko-CHP-170-Stand-off-Construction-21-Degree/dp/B00FZPDG1K/

25:21 Blocking Facebook Photos You Don’t Want To See
Lance asks, “how can we hide someone’s FaceBook photos from our eyes without stopping people who what to see them.” We discuss your options, and Facebook Notification Settings, in the video.
https://www.facebook.com/settings?tab=notifications&section=on_facebook&view

29:16 Search for Books and eBooks In Your Local Library!
From the we had no idea department, You can now check for ebooks at your local libraries on Google Search! We demo how it works (and where you look for ’em) in the video!
http://www.androidauthority.com/check-ebooks-local-libraries-google-search-801906/

30:38 Do Something Analog
Like Mark, who tells us about the Mayowood Mansion, picking apples, and “over 300 bushels (600 5-gallon pails) of black walnuts with our 4H club” in the video! Awesome!
http://www.olmstedhistory.com/your-visit/mayowood.html
——
Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week!
https://www.patreon.com/tekthing
——
EMAIL US!
ask@tekthing.com
——
Amazon Associates: http://amzn.to/2gm9Egf
Subscribe: https://www.youtube.com/c/tekthing
——
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing
THANKS!
HakShop: https://hakshop.myshopify.com/
——
SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Reddit: https://www.reddit.com/r/tekthingers
——

Source: Security news

Hak5 2304 – Operating System Detection with the Bash Bunny and A Heartfelt Goodbye

Please join us in saying goodbye to our favorite feline, Kerby Kitchen, who was with us since September 2001. We miss her dearly.

(NOTE FROM SHANNON)
Please consider donating to The Humane Society or your favorite animal charity in honor of Kerby. http://www.humanesociety.org Thank you, and thank you for your support. We love you all

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news

Ducky Script – USB Rubber Ducky 101

Ducky Script is the language of the USB Rubber Ducky. Writing scripts for can be done from any common ascii text editor such as Notepad, vi, emacs, nano, gedit, kedit, TextEdit, etc.

Syntax

Ducky Script syntax is simple. Each command resides on a new line and may have options follow. Commands are written in ALL CAPS, because ducks are loud and like to quack with pride. Most commands invoke keystrokes, key-combos or strings of text, while some offer delays or pauses. Below is a list of commands and their function, followed by some example usage.

REM

Similar to the REM command in Basic and other languages, lines beginning with REM will not be processed. REM is a comment.
REM The next three lines execute a command prompt in Windows
GUI r
STRING cmd
ENTER

DEFAULT_DELAY or DEFAULTDELAY

DEFAULT_DELAY or DEFAULTDELAY is used to define how long (in milliseconds * 10) to wait between each subsequent command. DEFAULT_DELAY must be issued at the beginning of the ducky script and is optional. Not specifying the DEFAULT_DELAY will result in faster execution of ducky scripts. This command is mostly useful when debugging.
DEFAULT_DELAY 10 
REM delays 100ms between each subsequent command sequence

DELAY

DELAY creates a momentary pause in the ducky script. It is quite handy for creating a moment of pause between sequential commands that may take the target computer some time to process. DELAY time is specified in milliseconds from 1 to 10000. Multiple DELAY commands can be used to create longer delays.
DELAY 50
REM will wait 500ms before continuing to the next command.

STRING

STRING processes the text following taking special care to auto-shift. STRING can accept a single or multiple characters.
STRING | a…z A…Z 0…9 !…) `~+=_-“‘;:<,>.?[{]}/|!@#$%^&*()
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello World!

WINDOWS or GUI

Emulates the Windows-Key, sometimes referred to as the Super-key.
GUI r
REM will hold the Windows-key and press r, on windows systems resulting in the Run menu.

MENU or APP

Emulates the App key, sometimes referred to as the menu key or context menu key. On Windows systems this is similar to the SHIFT F10 key combo, producing the menu similar to a right-click.
GUI d
MENU
STRING v
STRING d
REM Switch to desktop, pull up context menu and choose actions v, then d toggles displaying Windows desktop icons

SHIFT

Unlike CAPSLOCK, cruise control for cool, the SHIFT command can be used when navigating fields to select text, among other functions.
SHIFT | DELETE, HOME, INSERT, PAGEUP, PAGEDOWN, WINDOWS, GUI, UPARROW, DOWNARROW, LEFTARROW, RIGHTARROW, TAB
SHIFT INSERT
REM this is paste for most operating systems

ALT

Found to the left of the space key on most keyboards, the ALT key is instrumental in many automation operations. ALT is envious of CONTROL
ALT |END, ESC, ESCAPE, F1…F12, Single Char, SPACE, TAB
GUI r
DELAY 50
STRING notepad.exe
ENTER
DELAY 100
STRING Hello World
ALT f
STRING s
REM alt-f pulls up the File menu and s saves. This two keystroke combo is why ALT is jealous of CONTROL's leetness and CTRL+S

CONTROL or CTRL

The king of key-combos, CONTROL is all mighty.
CONTROL | BREAK, PAUSE, F1…F12, ESCAPE, ESC, Single Char | | CTRL | BREAK, PAUSE, F1…F12, ESCAPE, ESC, Single Char
CONTROL ESCAPE
REM this is equivalent to the GUI key in Windows

Arrow Keys

DOWNARROW or DOWN | | LEFTARROW or LEFT | | RIGHTARROW or RIGHT | | UPARROW or UP

Extended Commands

These extended keys are useful for various shortcuts and operating system specific functions and include:
BREAK or PAUSE
CAPSLOCK
DELETE
END
ESC or ESCAPE
HOME
INSERT
NUMLOCK
PAGEUP
PAGEDOWN
PRINTSCREEN
SCROLLOCK
SPACE
TAB

Source: Security news