There is now a Git repo for people to submit tips, tricks, and advice to! Why a Git repo you ask rather than a wiki? It allows people to pull in an offline copy quickly and easily.
Security
DEFCON for N00bs (v0.1)
The first revision of DEFCON for Noobs is up. Still very rough, early draft, and missing many things. However, I figured a living document is better and would do better with feedback.
-H
Red Team Entry Pack
Over the years I have acquired many tools and tricks used to gain entry to a target office. At DEFCON 23 I got a lot of questions regarding my custom pack, and the gear inside.
While I cannot share every detail (that would give away too many trade secrets), I have dissected the general pack here for your perusal.
Home Depot Key Code Randomization Failure
I found a massive Key Space Reduction Attack on locks sold by Home Depot. The flaw lies in their procurement process, rather than the locks themselves, and enables an adversary to reduce the possible key codes for locks based on the time of shipment, identified by the approximate time of install. For commercial settings where building permits indicate construction time lines, this can give a significant advantage to an attacker in that he may use an actual key and not leave a trace. The flaw is caused by the Home Depot’s processes, not their lock vendors who have urged them not to refuse randomization.
Google Dork Password for Nuclear Regulatory Commission
I found a spreadsheet containing a nuclear materials database credential on Google. The technique used was very simple, but I have to wonder why such a document misplacement was overlooked. Maybe people are afraid to tell them they just stumbled upon a nuclear system fearing they might get disappeared. Well, I decided to contact them and hilarity ensued. The database was relatively benign, but the saga went on for a little longer than it should. This also resulted in my first interview for a major publication, The Guardian.
Copyright ©
2016 - 2024
Hon1nbo @ Hacking and Coffee