Wireless Hacking

This is just a quick post to provide the presentation I gave tonight at PwnSchool.  If you’d like to review it you can download it here.  Thanks!

Topics covered:

  • Introduction to Radio Frequency
  • Wireless  Hacking (WEP and WPA2)
  • RFID Hacking (HID Prox and MIFARE)
  • Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)

The Four Three Rule of Team PenTesting

Two posts in one night, because I’m catching up on some backlog items.  I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years.  While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that.  It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.

Continue reading “The Four Three Rule of Team PenTesting”

RFID Fundamentals

I realized I didn’t have any good notes on Radio Frequency Identification (RFID) tags/badges/etc, so I figured it was time to compile that and update it while I’m at it.  This post is just a quick run-down of the frequencies, types, and common cards/IDs.  If you don’t know what an RFID is, for the purposes of most pentesting it’s a security badge or a key fob, like you can see in the image at the top of this posting.

Continue reading “RFID Fundamentals”

QuickHit: wget Website Mirroring

You may often need to mirror all (or part) of a website for offline analysis.  The ‘wget’ program has some easy features to use when you want to quickly get a local copy of a site and correct common issues (like links pointing to server locations).  Set up one of these behind the scenes while you work on other aspects, then peruse at your leisure.

Update 2018-07-21: Or just use the script I wrote to simplify this for my customized Kali build, available here.

Continue reading “QuickHit: wget Website Mirroring”

Create a website or blog at WordPress.com

Up ↑