Security

Category page of all posts on the web site that are tagged as related to security including Kali Linux, networking security and many other topics

Use HackRF SDR to Lock / Unlock Car

CubicSDR - Lock / Unlock Intercept

I’ve previously covered getting your HackRF set up in Linux and getting the firmware updated. In that guide we installed the very easy to use CubicSDR application and were able to easily tune to various audio signals.

Today we’re going to do something more interactive and actually use the transmitter. We’re going to unlock and lock my vehicle using the HackRF! Let’s get started.

Use HackRF SDR to Lock / Unlock Car Read More »

Getting Root / SSH Access to a Nebra Outdoor Helium Miner

Nebra Outdoor Hotspot Opened

I won’t lie. When I opened the Nebra Outdoor hotspot I was annoyed. Like many, many Helium hotspot owners I paid hundreds of dollars and waited many, many months past expected delivery for a Helium point.

What did I get for my money and patience? I got a several generation outdated Raspberry Pi Compute Module 3 from 2015 that they no doubt paid literally a single digit number of dollars for, some connector boards and wireless chips. And of course it came too late to make any money in this last bull market.

To be fair to Nebra that is a beautiful Pi setup. If only they had used a Compute Module 4 or even a 3+ but still, that is clean except for maybe the wireless-N dongle (wouldn’t have needed it if you used a better Pi). However, it really isn’t going to make me any money at this point and is more interesting as an outdoor enclosed Pi setup to me now.

That means I needed to access it by rooting the device and getting SSH access and in this article I’ll show you exactly how I did it. Let’s begin now!

Getting Root / SSH Access to a Nebra Outdoor Helium Miner Read More »

Cryptocurrency ASIC Miners – Security and Hacking Audit

Eclipse - TCF Connection Manager

I’ve been mining cryptocurrency for a very long time. I’ve been recently building out my ASIC farm and I wanted to get an idea of how secure these are as I have a significant investment in this hardware. Considering that ASIC miners are machines that literally print money out of thin air (in the form of cryptocurrency) I figured they’d be quite secure. I haven’t seen any ASIC miner exploits found in years. That’s a good sign right?

Wrong. What happened was all of the ASIC manufacturers stopped releasing their source code. In the early days it was all available on GitHub. After the first set of hacks came out most of them close-sourced their firmware. But James, you might be saying, didn’t that work if there hasn’t been any exploits found this entire time?

Negative. Security through obscurity only slows them down but in the end you are more vulnerable as so few eyeballs will ever see the source code. As a result the security is a joke and today I’ll be presenting extremely serious vulnerabilities for multiple ASIC mining manufacturers. They are definitely *not* secure. They are making mistakes that there’s no way would have happened if the firmware was open source as I will prove to you.

The point will be that you need to upgrade to the latest firmware to protect yourself and that you should *NEVER* port forward a port from the internet to your miner or you are going to get hacked for sure, and you always were. We’re going to discuss everything you need to protect yourself against these vulnerabilities and other future vulnerabilities that have yet to be discovered. Let’s begin!

Cryptocurrency ASIC Miners – Security and Hacking Audit Read More »

HackRF Software Defined Radio Guide for Linux

Cubic SDR - Main Screen

The term “software defined radio” simply means that parts of a radio that were traditionally hardware are implemented in software. This means that functions that used to require knobs, dials or some kind of physical mechanism can now be controlled via software. Essentially this makes using computers/ software with radios much easier and more accessible (cheaper) than it had ever been traditionally.

Now with that background I can explain what the HackRF device is. The HackRF is a software defined radio device that is designed to let you access *all* of the radio spectrum all the way from 1 MHz up to 6 GHz! Think of it like a FM radio where the frequency controls don’t stop at 88 MHz or 108 MHz and you could turn it way below or above that. That is exactly what a HackRF is!

You are definitely not limited to listening to radio stations though. You can basically receive all types of signals with the HackRF (depending on your antenna) including video and data signals which can be processed by your computer. In this guide I’m going to cover how to get started with a device like this in Ubuntu Linux and give you an idea of what kind of things you can do with it!

HackRF Software Defined Radio Guide for Linux Read More »

Pwnagotchi WiFi Audit Tool Build / Guide

Pwnagotchi Raspberry Pi Zero W Build

A “pwnagotchi” is a device used for wireless security auditing / hacking that captures the handshakes of any WiFi access points in range of the device. These handshakes can later be cracked. How difficult these are to crack depends on how secure the wireless network is. If the network is set up with the latest encryption standards and an extremely secure password (or is using WPA encryption) it can be nearly/essentially impossible. If the password is a common dictionary word it may crack within seconds.

It’s common and smart security practice for both enterprises and home users to check what kind of networks are operating within range. It’s common to find devices that are “broadcasting” a wireless access point used to share internet but this is often not intended / authorized. It’s also very common to find devices using extremely insecure passwords that will crack in seconds that are authorized to be on the network but need a more secure password. These are basically backdoors into your home / company and they can go for a long time without being caught when this is never checked for.

The “pwnagotchi” tool automates this process. It will capture anything in range to be easily checked later for extremely insecure hashes (typically using hashcat or there are even online tools to find common hashes which we will cover). This saves a ton of time and can greatly improve your security. Today I’ll cover how to build a pwnagotchi setup as well as the steps to use it. Let’s begin!

Pwnagotchi WiFi Audit Tool Build / Guide Read More »

Ubertooth One Kali Linux Latest Tools / Firmware Setup Guide

Kismet Ubertooth One BTLE Capture

The world is full of devices communicating with Bluetooth even if (or maybe especially if) you don’t realize it. Most “smart” devices are advertising some Bluetooth services (some of them even publicly writable without a password!). Even my treadmill is advertising writeable Bluetooth endpoints!

The Ubertooth One is a bluetooth and bluetooth low-energy (BTLE) capture device intended for developers and security researchers/auditors. It has an external antenna and is able to communicate at much further distances than most BTLE devices by both transmitting more powerfully and having a more sensitive antenna to listen to the response. To find out what is nearby and happening over the air this is the device you want to have.

In this guide I’ll show you how to get the latest Ubertooth tools on Kali Linux as well as update the firmware for the Ubertooth device and actually use the device!

Ubertooth One Kali Linux Latest Tools / Firmware Setup Guide Read More »

Telecom Monopoly CenturyLink’s Static IP / Modem / UPS Scam Outlined

CenturyLink Tower of Shame

I’m really sorry to say that I was excited when I found out CenturyLink offered gigabit 1000 up 1000 down fiber to the home in the neighborhood I just moved into. Dreams of things like having enough upload speed to leave the cloud and operate jamesachambers.com independently in my own home seemed like they could finally be a reality. Dreams were quickly shattered when I realized what kind of incompetence and dishonesty I would be dealing with.

Telecom Monopoly CenturyLink’s Static IP / Modem / UPS Scam Outlined Read More »

Join Mac OS X Mojave to Active Directory Using Built In Tools

Mac AD Join Successful

Joining a Mac to Active Directory has continued to get more and more difficult over the years. High Sierra and Mojave now require a Active Directory functional level of Windows Server 2008 or later and are still pretty tricky to get to join it.

When I started researching the topic I saw a whole lot of advice to install third party software to join a Mac to Active Directory. In most corporate environments installing third party software is frowned upon due to licensing and security considerations so I was determined to get the native Mac OS X tools to work.

This guide will walk you through the basic steps to join Active Directory without having to resort to using third party software.

Join Mac OS X Mojave to Active Directory Using Built In Tools Read More »

Kali Linux P4wnP1 ALOA Guide – Setup / Usage / Examples

P4wnP1 Kali Linux

P4wnP1 A.L.O.A. is a tool for the Raspberry Pi Zero W that allows you to plug a Pi into a host computer and send remote commands and share networking with a host computer all without any user interaction. A.L.O.A. stands for “A Little Offensive Appliance”.

There’s practically no defense to this type of attack other than physically securing your USB ports. Let’s jump right in!

Kali Linux P4wnP1 ALOA Guide – Setup / Usage / Examples Read More »