Default password lists

I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:

* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.

Always available CTF Labs

I have identified the following CTF labs which are 24/7 and most if not all are free:

To everyone that made me aware of these thank you!

BlueFrag: The Android Bluetooth exploit

I posted about a back in February about a new Android bug in the Bluetooth stack (CVE-2020-0022). This is a nasty bug that affects Android 8-10 devices and requires no user interaction the attack just needs to be in proximity to any Android device that has Bluetooth enabled. In Android 8 and 9 it’ll gain remote code execution and in Android 10 it’ll just crash the Bluetooth stack. BlueFrag is the name of the exploit that takes advantage of this vulnerability.

Links:

DEF CON 28 officially cancelled!

I just read on the official DEF CON Twitter account that Dark Tangent has decided to cancel DEF CON 28 due to the COVID-19 pandemic. The good news is he said it was the “in-person” conference held in Las Vegas, so there is still hope that they will have a virtual version of it just like Way West Wild Hackin’ Fest did in March for their in-person conference for the same reason.

Links:

Two SDR dedicated Linux distros

I guess one of the benefits of being on lockdown is that security engineers have a lot of free time on their hands to create new Linux distributions and in this case there are two new Linux distros that have been developed focusing on software defined radios.

    • DragonOS – DragonOS LTS an out-of-the-box Lubuntu 18.04 based x86_64 operating system for anyone interested in software defined radios. All source installed software is located in the /usr/src directory while the remaining software was installed by package managers. This is a brief summary of the software included, while not complete, it covers the bigger named packages and some of the drivers installed for the various supported SDRs such as the HackRF One, RTL-SDR, and LimeSDR. This distro includes the following SDR related tools: Universal Radio Hacker, GNU Radio, Aircrack-ng, GQRX, Kalibrate-hackrf, wireshare, gr-gsm, rtl-sdr, HackRF, IMSI-catcher, Zenmap, inspectrum, qspectrumanalyzer, LTE-Cell-Scanner, CubicSDR, Limesuite, ShinySDR, SDRAngel, SDRTrunk, Kismet, BladeRF
    • Gorizont-rtlsdr – This distribution contains only RTL2832U chipset family rtl_sdr drivers and modules, and concentrates on providing terrestial HF/VHF/UHF signal processing and portable DAB+ reception with the cheapest and most available equipment. No other devices are supported. This distribution is intended for experimentation and legal listening purposes only. NOTE: No TETRA or similar trunked system decoders are included in this distribution for legal reasons.