Imagine that you are sitting with your computer on an upper floor of a secure building located in the middle of a restricted zone fenced by electrified barbed wire. You feel completely safe: cameras and vigilant security personnel protect you. As of a sudden, you hear suspicious buzzing outside the window, and this sound distracts you for a few seconds. And in these few seconds, a backdoor is installed on your computer, and a hacker located 20 km from you penetrates the corporate network. Sounds fantastic? No way!
Read full article →Poisonous fruit. How to assemble your own Wi-Fi Pineapple and put it to use
In sci-fi movies, hackers often use small pocket devices, less than a cellphone in size, to hack a company’s wireless network, gain access to its servers, and steal passwords. This article gives you a chance to become one of such hackers; all you need for this is a fantastic gadget called Pineapple. Most importantly, you can assemble it yourself, and I will explain in detail how.
Read full article →Invisible device. Penetrating into a local network with an ‘undetectable’ hacker gadget
Unauthorized access to someone else’s device can be gained not only through a USB port, but also via an Ethernet connection – after all, Ethernet sockets are so abundant in modern offices and public spaces. In this article, I will explain how to penetrate into a local network using a special ‘invisible’ device and how this device operates.
Read full article →Evil modem. Establishing a foothold in the attacked system with a USB modem
If you have direct access to the target PC, you can create a permanent and continuous communication channel with it. All you need for this is a USB modem that must be slightly modified first. In this article, I will explain in detail how to deliver such an attack.
Read full article →Evil Ethernet. BadUSB-ETH attack in detail
If you have a chance to plug a specially crafted device to a USB port of the target computer, you can completely intercept its traffic, collect cookies and passwords, and hack the domain controller. The attack is delivered over Wi-Fi, and this article explains how to implement it.
Read full article →VERY bad flash drive. BadUSB attack in detail
BadUSB attacks are efficient and deadly. This article explains how to deliver such an attack, describes in detail the preparation of a malicious flash drive required for it, provides code that must be written on this device, and discusses how to make Windows and Linux users plug your ‘memory stick’ into their computers.
Read full article →Croc-in-the-middle. Using crocodile clips do dump traffic from twisted pair cable
Some people say that eavesdropping is bad. But for many security specialists, traffic sniffing is a profession, not a hobby. For some reason, it’s believed that this process requires special expensive equipment, but today, I will show how network traffic can be intercepted using regular crocodile clips.
Read full article →