Ryandinho

Posts

SMiShing Campaign Leverages USPS and Parcel Service Distrust

  • 4 min read

Beginning the week of August 23rd, a SMiShing campaign began to unfold that, by and large, impersonated large mail carrier and parcel services with the intention of stealing sensitive information from the victims. This post will explain the high-level tactics and technologies the attacker(s) used to send these SMiShes as well as several real-world text message examples that were attributed to this campaign, including myself. At the end of this post will be the list of known domains and URLs used in this campaign (tentative).

Read More

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Hacking a WEP Encrypted Wireless Access Point using the Aircrack-ng Suite

  • 25 min read

Introduction

Wired Equivalent Privacy (WEP) was introduced in 1997 in tandem with the original IEEE 802.11 standard, but it was ratified as the official Wi-Fi security standard in 1999. As the name suggests, WEP was meant to equal the security of wired LAN communcations. However, shortly after it’s ratification, weaknesses in the security algorithm began to surface as soon as 2001 when Scott Fluhrer, Itsik Mantin, and Adi Shamir released their publication: Weaknesses in the Key Scheduling Algorithm of RC4. From then on, the flood gates were open; weaknesses in the algorithm and WEP’s implementation of the RC4 symmetric stream cipher came in waves. This post will discuss the fundamentals of the WEP algorithm and why it is weak, flawed, and ultimately deprecated by IEEE as of 2004. Although it has been long deprecated, it is important to know how these cryptographic mechanisms are implemented and, you never know, some organizations still may be using WEP encryption (unfortunately).

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Review and Thoughts of PTSv4 Course and eJPT Certification

  • 5 min read

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Read More

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More