Tags

hacking

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Review and Thoughts of PTSv4 Course and eJPT Certification

  • 5 min read

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Read More

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

wifi

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

wifi-hacking

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

wireless

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

wireless-hacking

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

how-to

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

linux

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

penetration-testing

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Review and Thoughts of PTSv4 Course and eJPT Certification

  • 5 min read

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Read More

Back to Top ↑

kali-linux

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Hacking a Wireless Access Point (Router) with WPA/WPA2 Personal Encryption using the Aircrack-ng Suite

  • 5 min read

Introduction

WPA

After WEP encryption was introduced with the ratification of the IEEE 802.11 standard in 1997, it was quickly discovered to be vulnerable to a myriad of exploits. As such, the Wi-Fi Alliance, in conjunction with the IEEE, adopted a quick fix for this increasingly risky encryption mechanism - WPA (Wi-Fi Protected Access) - in 2003. WPA sought to implement fixes for major flaws that were exposed in WEP with the most important change being the adoption of the new security protocol, TKIP (Temporal Key Integrity Protocol). TKIP introduced a few major improvements over WEP including:

  • Implementation of a packet sequencer so out-of-order packets are rejected
  • Mixes root keys with IVs on a key-by-key basis instead of appending root key with IV
  • Stronger data assurance than the Cyclic Redundancy Check (CRC) from WEP with the introduction of a 64-bit MIC (Message Integrity Check)

Read More

Setting up a new Wi-Fi Penetration Testing Setup

  • 3 min read

This quick post will cover the preliminary steps of setting up a PC to begin wireless (Wi-Fi) penetration testing using a Kali Linux VM and a Wi-Fi adapter capable of packet injection (promiscuous mode). This post is NOT for someone who has no experience or for someone trying to hack their neighbors Wi-Fi for nefarious purposes or free Internet. This is an educational post for those who have some idea of what they are doing and want to get started with Wi-Fi penetration testing.

Read More

Back to Top ↑

certifications

Review and Thoughts of PTSv4 Course and eJPT Certification

  • 5 min read

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

reviews

Review and Thoughts of PTSv4 Course and eJPT Certification

  • 5 min read

On August 12th, 2019 I began studying for the Penetration Testing Student (PTS) course and achieved the correlating eLearnSecurity Junior Penetration Tester (eJPT) certification on August 18th, 2019. This post will discuss both the PTS course and eJPT exam from purchase to certification attainment.

Read More

WiFu and OSWP Certification Review

  • 5 min read

On May 10th, 2019, I successfully attempted and passed the Offensive Security Wireless Professional (OSWP) exam. In this post I will talk about the preliminary Offensive Security Wireless Attacks with Kali (WiFu) course, as well as my thoughts on the OSWP exam.

Read More

Back to Top ↑

windows

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

wifi-pineapple

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

web-security

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Back to Top ↑

phishing

SMiShing Campaign Leverages USPS and Parcel Service Distrust

  • 4 min read

Beginning the week of August 23rd, a SMiShing campaign began to unfold that, by and large, impersonated large mail carrier and parcel services with the intention of stealing sensitive information from the victims. This post will explain the high-level tactics and technologies the attacker(s) used to send these SMiShes as well as several real-world text message examples that were attributed to this campaign, including myself. At the end of this post will be the list of known domains and URLs used in this campaign (tentative).

Read More

Back to Top ↑

social engineering

SMiShing Campaign Leverages USPS and Parcel Service Distrust

  • 4 min read

Beginning the week of August 23rd, a SMiShing campaign began to unfold that, by and large, impersonated large mail carrier and parcel services with the intention of stealing sensitive information from the victims. This post will explain the high-level tactics and technologies the attacker(s) used to send these SMiShes as well as several real-world text message examples that were attributed to this campaign, including myself. At the end of this post will be the list of known domains and URLs used in this campaign (tentative).

Read More

Back to Top ↑

mac

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

android

How To Set Up A WiFi Pineapple Nano

  • 11 min read

The WiFi Pineapple has become ubiquitous within the cyber security community and network industry professionals alike. The low price tag, easy to use PineAP GUI, and mobility have shown that Hak5 have made a product to genuinely assist with wireless security assessments. This post was originally used to reference the setup process or for those who have a dusty WiFi Pineapple sitting around, or anyone looking for help.

Read More

Back to Top ↑

twe

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

Back to Top ↑

trusted-wireless-environment

Checking Access Points For WIPS/WIDS Protection From Evil Twin Attacks

  • 3 min read

The premier defense for rogue access points in a wireless network is the implementation of a Wireless Intrusion Prevention System (WIPS) or Wireless Intrusion Detection System (WIDS). A quick WIPS/WIDS implementation check can be performed on any access point with a WiFi Pineapple Nano handy. This proof-of-concept will show how to check open access points for WIPS/WIDS implementation by using a WiFi Pineapple Nano. This check is both safe and legal and is a good starting point to test the WiFi Pineapple functionality and an access point for ONE of the SIX Trusted Wireless Environment common hacks - “Evil Twin” Access Points

Read More

Back to Top ↑

hsts

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Back to Top ↑

ssl-tls

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Back to Top ↑

http

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Back to Top ↑

https

HSTS: What It Is, Why It is Important, and Vulnerabilities Within

  • 6 min read

Intro

HTTP Strict Transport Security (HSTS) is an HTTP security mechanism that allows web sites to declare themselves as accessible only via secure connections and for users to direct user agents (UAs), or your browser, to interact with web sites only over a secure connection. A “secure connection” in this case means an SSL/TLS encrypted HTTP connection, or HTTPS. This mechanism is designed to protect against downgrade attacks such as sslstrip which downgrades HTTPS to HTTP via redirection mappings. I will talk more about that later, but first, how did HSTS come about?

Read More

Back to Top ↑

raspberry-pi

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Back to Top ↑

pivpn

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Back to Top ↑

vpn

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Back to Top ↑

pi-hole

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Back to Top ↑

ssh

Setting up SSH, PiVPN, and Pi-Hole on a Raspberry Pi

  • 6 min read

The Raspberry Pi is a versatile, credit card-sized computer that is used for a myriad of different projects. As a personal project of mine, I’ve tailored my Raspberry Pi 3 to be a personal VPN, network advertisement blocker, and additionally, a bad domain blocker as well. This post will go over how to perform a similar task at a high-level, specifically:

  • Enable SSH on your RPi
  • Setup a simple personal VPN using PiVPN
  • Setup an adblocker using Pi-Hole
  • Add a phishing domain feed to Pi-Hole to kickstart the bad domain blocker
  • Edit the pi-hole cron job to update daily instead of weekly

Read More

Back to Top ↑

ftp

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

file-carving

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

wireshark

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

forensics

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

microsoft

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

ctf

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

filezilla

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

winscp

Extracting a Microsoft Word Document from a PCAP

  • 10 min read

Introduction

This post pertains to a prior Capture-The-Flag (CTF) competition I was competing in where one of the challenges was to read the text (or flag) of a file from a packet capture (PCAP). The PCAP was taken from a user downloading a file from a misconfigured or outdated FTP server that didn’t have SSL/TLS encryption. So, I set up a simple FileZilla FTP server on my Windows machine and attempted to recreate the challenge so I could have documentation on how to perform some of the actions. This post covers how to read unencrypted FTP traffic from a Wireshark PCAP and file carving techniques to be able to recreate a file from a PCAP stream.

Read More

Back to Top ↑

virtualbox

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Back to Top ↑

virtualization

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Back to Top ↑

windows-10

Setting Up a Virtual Machine Using VirtualBox

  • 8 min read

Introduction

This post will cover how to set up a virtual machine from scratch on Windows 10 using VirtualBox ONLY. This post will NOT cover VMWare Workstation Player because the process is very similar to VirtualBox. This post will also NOT cover how to set up a virtual machine using Hyper-V due to the fact that Hyper-V requires Windows 10 Enterprise, Pro, or Education. Most readers of this post will likely have Windows 10 Home which doesn’t allow virtualization. As an example, I will visually walk through how to set up the following operating systems on VirtualBox:

  • Kali Linux
  • Windows 10

Read More

Back to Top ↑

SPF

Back to Top ↑

SMiShing

SMiShing Campaign Leverages USPS and Parcel Service Distrust

  • 4 min read

Beginning the week of August 23rd, a SMiShing campaign began to unfold that, by and large, impersonated large mail carrier and parcel services with the intention of stealing sensitive information from the victims. This post will explain the high-level tactics and technologies the attacker(s) used to send these SMiShes as well as several real-world text message examples that were attributed to this campaign, including myself. At the end of this post will be the list of known domains and URLs used in this campaign (tentative).

Read More

Back to Top ↑

scam

SMiShing Campaign Leverages USPS and Parcel Service Distrust

  • 4 min read

Beginning the week of August 23rd, a SMiShing campaign began to unfold that, by and large, impersonated large mail carrier and parcel services with the intention of stealing sensitive information from the victims. This post will explain the high-level tactics and technologies the attacker(s) used to send these SMiShes as well as several real-world text message examples that were attributed to this campaign, including myself. At the end of this post will be the list of known domains and URLs used in this campaign (tentative).

Read More

Back to Top ↑