captive portal systemdnsesp32hackingmicropython
At the beginning of October I wrote a blog article called White Hacking: WeMos and SquirelCrawl!. I used the WeMos (ESP32) and the firmware provided by Hacker Arsenal to do a captive portal. As you known, a captive portal is a web page which is displayed to newly connected users before they are granted broader access to network resources [wiki]. This can be used in combination with evil portals to obtain login credentials. The firmware provided by Hacker Arsenal has multiple limitations, e.g. the web page has to be a single file, without external files, meaning that all images should be integr...
Security | 2 min | 384
hybrid analysismacro virusofficephishingvirustotal
And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)
Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...
Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!
Guten Tag, Riva, Mauro Bitte die gekennzeichneten Stellen ergänzen und unterschreiben, bitte mit Stempel außer das SEPA Formular. Für die Abbuchung. http://docs.google.de/download/de_DE/doc/ -> with hyperlink (http://elp...
captive portalgetting credentialshackingMITMpythonsquirelcrawlwebpage compressor
I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.
I found the
Winx-Portable(update 17.10.2017: they are not offering this product anymore, they are offering the WiNX) on the website and I thought I have something like that. I look for the boards that I've recently bought, and I find the WeMos WiFi ESP32 D...
Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de firstname.lastname@example.org" with the subject:
Rech QK - 163-DA7666 Riva, Mauroand a text saying:
Guten Tag, Riva, Mauro Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.") Rech: http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!) Herzliche GrÃ¼ÃŸe (GrÃ¼ÃŸe: Grüße) email@example.com
As you see, there is a link to t...