[ Hacker Night School ] :: WEP Cracking Basics in Kali

This entry is part 16 of 32 in the series [ Hacker Night School ]

Wifi Cracking: Start With the Basics: WEP WEP is so old and weak you’ll hardly ever find it in use, though there are always the few who haven’t paid attention. WEP cracking is a great way to get familiar with the aircrack-ng suite (https://www.aircrack-ng.org/), its commands and processes. Where to Learn Start with the horse’s …

[ Hacker Night School ] :: CSRF

This entry is part 17 of 32 in the series [ Hacker Night School ]

Cross Site Request Forgery CSRF is a very specialized form of XSS. It relies on the victim being logged into a site, so the attacker can make a false request – to drain the victim’s bank account, for instance. Where to Learn First, read this OWASP presentation: http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf Next, webpwnized is your friend. Watch these …

[ Hacker Night School ] :: A Memory Forensics with Volatility Writeup

This entry is part 18 of 32 in the series [ Hacker Night School ]

I’ve spoken in many classes about the process of dumping memory with DumpIt, then analysis with Volatility (preinstalled on the SIFT Workstation, a VM distro you should definitely explore). Meet LeetDev.net and their CTF Archives. Here’s a link to the CTF list page; click the Volatility graphic to go to the article, fortunately in English. …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Hacker Night School ] :: Using the Greenbone Vulnerability Scanner

This entry is part 28 of 32 in the series [ Hacker Night School ]

When you say “Vulnerability Scanners” most people in our field immediately think of Nessus. But Nessus is just a commercial take-over of a previously open-source project, and the core developers don’t exactly love their work being commercialized at no benefit to them. (Don’t get me started here.) So they “forked” the project, creating the Open …

The KNOB Attack: Does this exploit from 2018 still work?

This entry is part 29 of 32 in the series [ Hacker Night School ]

Here’s an awesome Bluetooth exploit from 2018 that EVERY device was vulnerable to, called the KNOB attack. “We found and exploited a severe vulnerability in the Bluetooth specification that allows an attacker to break the security mechanisms of Bluetooth for any standard-compliant device. As a result, an attacker is able to the listen, or change …

[ Hacker Night School ] :: The Holy Unblocker

This entry is part 30 of 32 in the series [ Hacker Night School ]

A fellow teacher tells me about the “Holy Unblocker,” a proxy service that lets school kids get around their school’s web restrictions. It looks to me like it could be useful for other people, perhaps people living under regimes that want to control their access to knowledge and communications. This proxy is insidious: it uses …

[ Hacker Night School ] :: the POODLE attack, featuring TLS Downgrade

This entry is part 31 of 32 in the series [ Hacker Night School ]

The KBID XXX – TLS Downgrade I almost every course I teach I discuss the perils of “TLS fallback,” a fatal misconfiguration that negotiates a web server back to an old, insecure SSL/TLS version. From there it’s simple to use known exploits against the web server and boom, now it’s a Russian crimeware server. This …

[ Hacker Night School ] :: The Illustrated TLS Connection

This entry is part 32 of 32 in the series [ Hacker Night School ]

Https://tls.ulfheim.net/ has a beautiful graphical way to see every step of setting up a TLS connection. This is porn for network geeks, but also for hackers (sometimes the same people). To paraphrase Ultra Famous Hacking God Pablos Holman, Here’s the messages between website and client to set up TLS. Every one of these is an …