DIY Projects to perform ethical or white hacking. This is a structured hacking performed to expose vulnerabilities in a system, using tools and techniques with the organization's' knowledge. Hardware and Software developments that include sniffing, MITM, and more projects.
Attention Docker Hub users - Docker Hub has been hacked!
An email containing the following highlight was sent to the users whose account data may have been exposed.
During a brief period of unauthorized access to a Docker Hub database, sensitive data from approximately 190,000 accounts may have been exposed (less than 5% of Hub users). Data includes usernames and hashed passwords for a small percentage of these users, as well as Github and Bitbucket tokens for Docker autobuilds (full email).
If you got this email you should (and if you didn't receive that email, do it too ;)):
At the beginning of October I wrote a blog article called White Hacking: WeMos and SquirelCrawl!. I used the WeMos (ESP32) and the firmware provided by Hacker Arsenal to do a captive portal. As you known, a captive portal is a web page which is displayed to newly connected users before they are granted broader access to network resources [wiki]. This can be used in combination with evil portals to obtain login credentials. The firmware provided by Hacker Arsenal has mul...
Hacking | 2 min | 1101
And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)
Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...
Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!
Guten Tag, Riva, Mauro Bitte die gekennzeichneten Stellen ergänzen und unterschreiben, bitte mit Stempel außer das SEPA Formular. Für die Abbuchung. http://docs.google.de/download/de_DE/doc/ -> with hyperlink (http://elp...
Hacking | 3 min | 2621
I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.
I found the
Winx-Portable(update 17.10.2017: they are not offering this product anymore, they are offering the WiNX) on the website and I thought ...
Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de firstname.lastname@example.org" with the subject:
Rech QK - 163-DA7666 Riva, Mauroand a text saying:
Guten Tag, Riva, Mauro Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.") Rech: http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!) Herzliche GrÃ¼ÃŸe (GrÃ¼ÃŸe: Grüße) email@example.com
As you see, there is a link to the B...