• 12
      Nov - 2017

      Hacking, MicroPython, Security | 5 min | 2846

      #Hacking: Wemos (ESP32) & Captive Portal using MicroPython

      Hacking, MicroPython, Security | 5 min | 2846


      captive portal system
      dns
      esp32
      hacking
      micropython

      At the beginning of October I wrote a blog article called White Hacking: WeMos and SquirelCrawl!. I used the WeMos (ESP32) and the firmware provided by Hacker Arsenal to do a captive portal. As you known, a captive portal is a web page which is displayed to newly connected users before they are granted broader access to network resources [wiki]. This can be used in combination with evil portals to obtain login credentials. The firmware provided by Hacker Arsenal has multiple limitations, e.g. the web page has to be a single file, without external files, meaning that all images should be integr...

    • 03
      Nov - 2017

      Security | 2 min | 384

      #Security: Phishing with Macros once again!

      Security | 2 min | 384


      hybrid analysis
      macro virus
      office
      phishing
      virustotal

      And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)

      Virus Macro!
      Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...

      Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!

      Guten Tag, Riva, Mauro 
      
      Bitte die gekennzeichneten Stellen ergänzen und unterschreiben, bitte mit Stempel außer das SEPA Formular. Für die Abbuchung. 
      
      http://docs.google.de/download/de_DE/doc/ -> with hyperlink (http://elp...
    • 05
      Oct - 2017

      Hacking, Security | 3 min | 1059

      #White Hacking: WeMos and SquirelCrawl! (update 17.10.2017)

      Hacking, Security | 3 min | 1059


      captive portal
      getting credentials
      hacking
      MITM
      python
      squirelcrawl
      webpage compressor

      I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.

      Python Code: https://goo.gl/YuT5qm

      I found the Winx-Portable (update 17.10.2017: they are not offering this product anymore, they are offering the WiNX) on the website and I thought I have something like that. I look for the boards that I've recently bought, and I find the WeMos WiFi ESP32 D...

    • 25
      Aug - 2017

      Security | 2 min | 492

      #Security: Phishing with Macros! (updated)

      Security | 2 min | 492


      Hi!

      Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de nancy@hillstar.brcoxmail.com" with the subject: Rech QK - 163-DA7666 Riva, Mauro and a text saying:

      Guten Tag, Riva, Mauro
      
      Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.")
      
      Rech:
      http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!)
      
      Herzliche Grüße (Grüße: Grüße)
      
      boss.name@our-institute.uni-hannover.de
      

      As you see, there is a link to t...