The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
I’ve decided to centralize the default password lists for multiple vendors. I’m making this a sticky post and will update this list when as I find these types of sites:
* http://bit.ly/2S6SToW – NETGEAR Default Password List
* http://bit.ly/2S37j9u – Linksys Default Password List
* http://bit.ly/2S3gPJV – D-Link Default Password List
* http://bit.ly/2S8KWzJ – Cisco Default Password List
* http://bit.ly/2S37FwQ – Default Router Usernames and Passwords (multiple vendors)
* http://bit.ly/2HrgT3O – Telnet, MySQL and other Linux and Windows service passwords courtesy of n0tazombie.
I have identified the following CTF labs which are 24/7 and most if not all are free:
- 24/7 CTF: https://247ctf.com/ (Added 11/7/2019)
- Immersive Labs: https://immersivelabs.online
- pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
- 365 CSAW: https://365.csaw.io
- CTF101: https://ctf101.org/
- Shellter Hacking Express: https://shellterlabs.com/en/contests/
- Backdoor: https://backdoor.sdslabs.co/
- ShellWePlayAGame?: https://shellweplayagame.org/
- RootMe: https://www.root-me.org/?lang=en
- OverTheWire: https://overthewire.org/wargames/
- Virginia Cyber Range: https://portal.virginiacyberrange.net/
- Hack The Box: https://www.hackthebox.eu/
- FuzzyLand: https://fuzzy.land/
- Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!
This is a really cool open source gadget that uses AI to track and hack Wi-Fi access points. Right now it’s a DIY project that uses a Raspberry Pi Zero W teamed with an e-Ink display. The creator thought it reminded him of a Tomogatchi from the 90’s and named the device Pwnagotchi!
Read More: http://bit.ly/2N1IfPr
The OWASP Foundation recently released a new version of their OSINT tool named Amass. It has great features that make it really good for pentesters and red teamers alike. It will automatically gather OSINT from DNS, search engines, web archives, APIs such as Shodan, Twitter and PasteBin. You may want to consider making this tool in your toolbox for the next engagement you are on!
GitHub Link is: http://bit.ly/2W2KcPR
A hacker with the Twitter handle axi0mX recently announced on Twitter that they have found an “epic” flaw in all modern day iOS devices. It affects the iPhone 4-iPhone X. Since it’s a flaw in the hardware it’s impossible to patch without revising the hardware as well. The flaw is in the boot loader’s code.
USB Armory MkII is the successor to the original USB Armory which was introduced back in 2014. This new revision is currently accepting backers on Crowd Supply, which is a crowd funding site that is very similar to Kickstarter, and is currently over 250% funded. The funding for this project will end on November 1, 2019 at 01:59 PM EDT:
A security-minded USB-C stick computer that runs Linux
The USB armory Mk II is a full featured computer (900 MHz ARM® processor, 512 MB RAM, Bluetooth, USB-C) in a tiny form-factor, designed from the ground up with information security applications in mind.
- SoC: NXP i.MX6ULZ ARM® Cortex™-A7 900 MHz
- RAM: 512 MB DDR3
- Storage: internal 16 GB eMMC + external microSD
- Bluetooth module: u-blox ANNA-B112 BLE
- USB-C ports: DRP (Dual Role Power) receptacle + UFP (Upstream Facing Port) plug
- LEDs: two
- Slide switch: for boot mode selection between eMMC and microSD
- External security elements: Microchip ATECC608A + NXP A71CH
- Physical size: 66 mm x 19 mm x 8 mm (without enclosure, including USB-C connector)
- Enclosure: included with all units for device protection
Independent Security Evaluators, or ISE for short, have done a new study of IoT devices and they found over 125 new flaws in them which can be used to gain unauthorized access to a device and even gain execution in some cases. Most of these are consumer level devices. You should check to see if anything you have on your home network is on their list.
The Chinese are at it again. Last week Bo Mao, who a visiting professor of computer science at the University of Texas at Arlington has been “charged with conspiracy to commit wire fraud against a California technology startup to obtain its ‘property’ on behalf of a Chinese telecommunications company.” There is some suspicion the startup is CNEX Labs Inc.
Full article can be found here:
Welp, time to move off grid!
Google’s Project Zero just release information regarding an exploit chain targeting iOS devices. The exploit chains were used as a part of a watering hole campaign that would exploit an iOS device that was viewing it. Watering hole campaigns involve websites where the site has either been hacked into or stood up such that anyone viewing it will be potentially exploited. What’s interesting about the implant that the complex exploit chains installs is that is very unsophisticated and uses clear text protocols for data exfiltration.
Talos security recently announced several serious bugs in the Nest Cam IQ camera, which is their most advanced IoT offering on the market. The vulnerabilities range in severity from a simple DoS to RCE. The bugs were all found in one of their communication protocols they use called Weave (the Net Cam IQ also supports TCP, UDP, Bluetooth and 6lowpan).