So you want to build yourself one of those Pwnagotchi that everyone is talking about since the Flipper Zero came out and no one can get one, eh? And you’ve followed the official installation instructions (which this post supplements, but does not replace) but have noticed that either (1) you can’t really find a Waveshare eInk 2.13″ display that’s not version 3, or (2) you can’t quite seem to get into your Pwnagotchi if it’s even running and ERMAGERD WTF why is this so obtuse? Well, this is the guide for you. 🙂
Continue reading “Pwnagotchi Waveshare V3”Hermit’s Hardware Hacking Box
Have you ever wanted to get into hardware hacking as well as offensive security, but didn’t know how to get started? Good news! For a recent meeting of the Pittsburgh Hacker’s Association I put together a presentation on how to setup the standard box I use for almost everything. It’s a dual-boot system with both Ubuntu and Kali, a shared data partition, and all the tools you could ever need pre-configured and installed. If you want to get started, just grab the PDF and get going!
Good hunting! 🙂
Starting the 2020 eChallenge Coin Redux
There’s a designer named Bradán Lane who makes some excellent hardware, and one of my favorite things he’s created is a set of challenge coin circuits. I won’t go into too much detail on them other than to note they have a fun story line, a series of challenges, and you have to exercise some basic hardware hacking skills to participate. If you’d like more details, please check out the listing for the coin on Tindie. But what if you don’t know how to get started? Well, a friend of mine (Visual) and I recently played through this, and thought we’d document how to get started for anyone who needs a little extra help. Let’s get started!
Continue reading “Starting the 2020 eChallenge Coin Redux”QuickHit: Things to Attack
Need a quick list of things to attack? Try these. 🙂
- Buggy Web App:Â http://www.itsecgames.com/
- Damn Vulnerable iOS App:Â http://damnvulnerableiosapp.com/
- Damn Vulnerable Web Application:Â http://www.dvwa.co.uk/
- Damn Vulnerable Web Services:Â http://dvws.professionallyevil.com/
- Google Gruyere Web App:Â http://google-gruyere.appspot.com/
- Hack This!:Â https://www.hackthis.co.uk/
- Hack This Site:Â https://www.hackthissite.org/
Proxmark3 RDV 4
So… I got a Proxmark3 RDV 4 for Christmas. It’s great. It’s tiny, svelte, and… had a bunch of errors right out of the box. Naturally that means it’s time to reflash it, but as it turns out the default wiki instructions for Kali Linux aren’t quite right for the RDV 4 now. Let’s fix that, shall we?
Wireless Hacking
This is just a quick post to provide the presentation I gave tonight at PwnSchool. If you’d like to review it you can download it here. Thanks!
Topics covered:
- Introduction to Radio Frequency
- Wireless Hacking (WEP and WPA2)
- RFID Hacking (HID Prox and MIFARE)
- Bluetooth Hacking (Bluelog/bluesnarfer/Wireshark/etc)
The Four Three Rule of Team PenTesting
Two posts in one night, because I’m catching up on some backlog items. I’ve been teaching/training a team on PenTesting lately, and it’s caused me to think through some personal truths and approaches that I’ve taken for several years. While going through that process I came to realize that I’d never really formally codified them; this is my attempt to do just that. It all comes down to what I’m now going to call the “Four Three Rule of Team PenTesting”.
Backpack Pentesting
I made a presentation a few months ago based on a simple question I relieved… “What is all that stuff in your backpack?” I normally carry, well, more than I really need. Full list with links is below, or here’s the presentation for those who want to see it in all its original, horrible glory. Ever wonder what types of stuff I normally carry when on a pentest? Well, now you know. Enjoy!
Chuck Lumley
I maintain a modified version of Kali I use as the basis for my testing which includes a variety of extra tools, preference, references, etc. If you want a copy yourself, you can find one here:
https://drive.google.com/drive/folders/1id6hRacVUtcQRtq8zjSkxtTSE3AvxTk3?usp=sharing
Each version is named for a different character played by Henry Winkler, for the record.
Benedict Slade
I maintain a modified version of Kali I use as the basis for my testing which includes a variety of extra tools, preference, references, etc. If you want a copy yourself, you can find one here:
https://drive.google.com/open?id=1X0IHNuRCWjHoQdvQUaEwWoDLKEB1_5ti