I have to teach some folks how to find, isolate, and analyze signals tomorrow, which of course means this is the perfect time to document some quick steps for my own reference. I started the build out from the DEFCON 26 Hardware Hacking Village Kali Live Build. If you don’t have it your mileage may vary… on to the buildout.
I’ve been taking photos of all the badges/SAOs/Challenge Coins/etc I collected at DEFCON 26. I’m sure I’ve missed a few, but in no particular order here are the images so far, with a quarter for size reference. I’ll be making very high resolution images of most in the future, but now these will work.
I made a presentation a few months ago based on a simple question I relieved… “What is all that stuff in your backpack?” I normally carry, well, more than I really need. Full list with links is below, or here’s the presentation for those who want to see it in all its original, horrible glory. Ever wonder what types of stuff I normally carry when on a pentest? Well, now you know. Enjoy!
I maintain a modified version of Kali I use as the basis for my testing which includes a variety of extra tools, preference, references, etc. If you want a copy yourself, you can find one here:
Each version is named for a different character played by Henry Winkler, for the record.
You may often need to mirror all (or part) of a website for offline analysis. The ‘wget’ program has some easy features to use when you want to quickly get a local copy of a site and correct common issues (like links pointing to server locations). Set up one of these behind the scenes while you work on other aspects, then peruse at your leisure.
Update 2018-07-21: Or just use the script I wrote to simplify this for my customized Kali build, available here.
This is Killswitch. I’m a relatively new penetration tester trying to learn the tools of the trade. Hermit has graciously allowed me to post some guest articles from the POV of someone learning cyber security. As a newcomer to the scene, it’s easy to get overwhelmed by all of the knowledge out there in the community. My goal with these posts are to drop in little tips and tricks as I learn them from whatever source I can.
I was lucky enough to find a mentor to point me in the right direction and a community of like-minded individuals that are passionate about security in all forms. These post are my small attempt to give a little something back and try to help anyone that may be looking for a place to start learning. I hope they help.
One thing that always confuses me when I’m writing Bash scripts is what type of quote to use in a given situation. Luckily, Hermit schooled me with this quick rundown:
“SOMETHING” = This means evaluate what’s between the quotes.
‘SOMETHING’ = This means don’t evaluate what’s between the quotes. This is a literal string.
`SOMETHING`= This means execute the stuff between the quotes and spit out the result. NOTE: These little back quotes are hard to find. Look on the tilde key.
$(SOMETHING) = Same as above.
As you begin diving into hardware hacking and reading printed circuit boards (PCB) you will likely come across several common protocols. This article isn’t intended to be an exhaustive list of content, but rather a quick guide to identifying which protocols are commonly used, what they require, and what common tools will let you interface with them. I’ll be covering the following protocols in this article:
Because every so often it’s nice to have a list of characters you can just copy/paste from, rather than trying to figure out where else they may be.