• Hacking

      Hacking

      DIY Projects to perform ethical or white hacking. This is a structured hacking performed to expose vulnerabilities in a system, using tools and techniques with the organization's' knowledge. Hardware and Software developments that include sniffing, MITM, and more projects.

    • Analytics, Hacking
      1 min | 1412

      #Docker: Docker hub has been hacked

      Analytics, Hacking | 1 min | 1412


      Attention Docker Hub users - Docker Hub has been hacked!

      An email containing the following highlight was sent to the users whose account data may have been exposed.

      During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds (full email).

      If you got this email you should (and if you didn't receive that email, do it too ;)):

      1. Change your...

    • Hacking, MicroPython
      5 min | 6472

      #Hacking: Wemos (ESP32) & Captive Portal using MicroPython

      Hacking, MicroPython | 5 min | 6472


      At the beginning of October I wrote a blog article called White Hacking: WeMos and SquirelCrawl!. I used the WeMos (ESP32) and the firmware provided by Hacker Arsenal to do a captive portal. As you known, a captive portal is a web page which is displayed to newly connected users before they are granted broader access to network resources [wiki]. This can be used in combination with evil portals to obtain login credentials. The firmware provided by Hacker Arsenal has mul...

    • Hacking
      2 min | 1025

      #Security: Phishing with Macros once again!

      Hacking | 2 min | 1025


      And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)

      Virus Macro!
      Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...

      Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!

      Guten Tag, Riva, Mauro 
      
      Bitte die gekennzeichneten Stellen ergänzen und unterschreiben, bitte mit Stempel außer das SEPA Formular. Für die Abbuchung. 
      
      http://docs.google.de/download/de_DE/doc/ -> with hyperlink (http://elp...
    • Hacking
      3 min | 2320

      #White Hacking: WeMos and SquirelCrawl! (update 17.10.2017)

      Hacking | 3 min | 2320


      I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.

      PythonCode: https://goo.gl/YuT5qm

      I found the Winx-Portable (update 17.10.2017: they are not offering this product anymore, they are offering the WiNX) on the website and I thought ...

    • Hacking
      2 min | 1411

      #Security: Phishing with Macros! (updated)

      Hacking | 2 min | 1411


      Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de nancy@hillstar.brcoxmail.com" with the subject: Rech QK - 163-DA7666 Riva, Mauro and a text saying:

      Guten Tag, Riva, Mauro
      
      Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.")
      
      Rech:
      http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!)
      
      Herzliche Grüße (Grüße: Grüße)
      
      boss.name@our-institute.uni-hannover.de
      

      As you see, there is a link to the B...