Share Hacker Talk
Share to email
Share to Facebook
Share to X
By Firo Solutions LTD
5
11 ratings
The podcast currently has 19 episodes available.
The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd!
In this episode, we cover:
Alex background, working with hak5, content creation
O.MG pentesting cable
Signal intelligence
Wifi hacking
Hardware hacking
Modifying the hardware of calculators, playing games on calculators
Hacking the texas instrument ti 84 calculator
Alex's first computer being the raspberry pi
Starting with Linux
Embedded security
Hardware developer perspective
Making hardware devices
Making low-cost hacking devices
low cost, high availability and effective hacking devices
GPS implants
ESP8266, 3 dollar wifi microcontroller
Wardriving with esp8266
wifi nugget
Making cat-shaped hardware
Making a friendly and portable hardware design
Learning about wifi hacking and microcontrollers
USB nugget
USB rubber ducky
Keystroke injection attacks
ATtiny85 Arduino
Thought process behind creating the wifi nugget
How Filip cracked his neighbors wifi
Aircrack-ng
Airgeddon
Creating a DIY beginner hardware kit
The creation of wifi nugget, the first 100 devices
SpaceHuhn Maker
Wifi Beacon spoofing pranks
esp32 vs esp8266 wifi chip
Crafting custom packets with the esp8266 chip
Espressif Systems trying to stop people from using it's wifi chips for offensive purposes by locking down its software development kit.
Spoofing attacks
esp32 native USB mode
EMulating USB connected devices for data exfiltration
Auto trunked packets
pmkid wifi attack
Cracking wpa2 handshakes
Guessing autogenerated wifi passwords
Hashcat
Password generator based on your local area code
The best password-cracking word list Filip has ever used
Funny pranks with the wifi nugget
Nugget defender, see if anyone is attacking your network
use Canary tokens to detect if someone is breaking into your system
Bugged microsoft word and pdf documents
Having an intrusion detection system in your pocket
wifi honeypots
Getting started designing custom printed circuit boards(PCB)
Design with easyeda
Creating a tv-be-gone
Sourcing pcb boards
Circuit board art
What software to use to create boards
Antenna design
Omni directional antennas
Yagi antennas
Sourcing hardware
Making it more user friendly
Links:
https://alexlynd.com/
https://mg.lol/blog/omg-cable/
https://github.com/HakCat-Tech/WiFi-Nugget
https://education.ti.com/en/products/calculators/graphing-calculators/ti-84-plus
https://en.wikipedia.org/wiki/Raspberry_Pi
https://hak5.org/
https://en.wikipedia.org/wiki/ESP8266
https://retia.io/
https://twitter.com/AlexLynd
https://usbnugget.com/
https://shop.hak5.org/products/usb-rubber-ducky
https://en.wikipedia.org/wiki/ATmega328
https://en.wikipedia.org/wiki/Arduino_Nano
https://www.pcboard.ca/mini-attiny85-usb
https://www.arrow.com/en/research-and-events/articles/attiny85-arduino-tutorial
https://github.com/derv82/wifite2
https://en.wikipedia.org/wiki/Aircrack-ng
https://www.kali.org/tools/airgeddon/
https://github.com/SpacehuhnTech/esp8266_deauther
http://deauther.com/
https://spacehuhn.com/
https://ieeexplore.ieee.org/document/4529384/
https://en.wikipedia.org/wiki/ESP32
https://www.espressif.com/
https://documentation.meraki.com/MR/Other_Topics/PMKID_Vulnerability_FAQ_-_WPA%2F%2FWPA2-PSK_and_802.11r
https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
https://colab.research.google.com/
https://en.wikipedia.org/wiki/Hashcat
https://github.com/danielmiessler/SecLists
https://github.com/HakCat-Tech/Nugget-Invader
https://canarytokens.org/generate
https://easyeda.com/
https://www.pcbway.com/
https://www.kicad.org/
https://en.wikipedia.org/wiki/Nordic_Semiconductor
Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!
In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison.
What is it like to apply strong operation security practices in your everyday life? How does one survive and adapt to hostile environments?
Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story.
In this episode we cover:
Darknet Vendor, Darknet Marketplaces
Darknet Forum Administrator
First Introduction to Tor
Silkroad,
Early Bitcoin days
Bitcoin Pizza for 20 000 Bitcoins
Moderating darknet forums
Money laundering charges
Privacy
Journey into selling on the darknet
Residential Security
Living in Vermont, United States of America
Computer support
Forming information security policies
Backtraq 2(Released March 2007)
Yagi antenna, randomizing your mac address before you use your neighbors wifi
Removing DNA from packages.
Speaking at Defcon
Dealing with the Department of Homeland security
Social Engineering
Operation security
Dread Darknet Forum
Dealing with Hostile Environments on the darknet and in prison
Profiling yourself
Importance of Adoptability
Managing multiple identities
Pretty good privacy(PGP)
Trust on the Darknet
Resumes on the Darknet
Best practices for Password Managers
Storing password's in "The Slip", secure convenience security
How to ship mail securely
Interacting with the united states judicial system
Franks hearing
Becoming a paralegal in Prison
Writing a 200-page passion of release motion
Building trust in Online Communities
Links:
Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime
Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0
https://en.wikipedia.org/wiki/Vermont
https://en.wikipedia.org/wiki/BackTrack
Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y
https://www.16personalities.com/
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
https://en.wikipedia.org/wiki/Silk_Road_(marketplace)
https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/
https://forum.defcon.org/node/241998
https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/
Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security.
Tune in now!
In this episode we cover:
Background, getting into security
Getting into Bug Bounty
First Bug bounty
Hackerone, Bug crowd
Reporting Security Bugs
Coordinating bug bounties
Life as a bug bounty hunter
Interaction with engineers
Bug bounty bootcamp Book
Security as a hobby
Writing Books
How to hack web applications
Vickie's favourite types of Vulnerabilities
Template injection
IDOR
Writers block
Nostarch
Book Publishing
Bug bounty tools
Python and Bash
Make bug bounties more enjoyable
Portswinger Lab
Finding low hanging fruits
legal harbor
Caring about security researchers
Links:
https://twitter.com/vickieli7
https://en.wikipedia.org/wiki/Bug_bounty_program
https://vickieli.dev/
https://portswigger.net/web-security/all-labs
https://portswigger.net/research/server-side-template-injection
https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/
https://nostarch.com/bug-bounty-bootcamp
Grab a copy of Vickie's book:
https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3
In this episode of Hacker Talk:
One of the most powerful newer static analysis tool is CodeQL.
By converting your code base into a Codeql database, you can now write
queries in a read-only way, in order to find security vulnerabilities
and problems in you Code-base.
We wanted to know more about this declarative language called "CodeQL".
Straight from Github's Security Lab, we are joined by Alvaro Munoz!
Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.
Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!
Topics covered:
Learning to thing outsite the box by playing Capture the flag
CodeQL declarative languages
Static code analysis
Getting a broad view of the source code
Writing queries with CodeQL to find vulnerabilities
Modeling vulnerabilities with CodeQL
The learning curve of CodeQL
Quering github repositories for vulnerabilities
Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)
Linters vs codeql
CodeQL integrated with continuous integration pipelines
Get started with Codeql
Submit your codeql queries to Github Security Lab's Bug bounty
Best practices for writing queries
Thinking of the code as a database with codeql
Finding vulnerabilities in Covid-19 systems
Best pratices for CodeQL
Reduce false possitives
CodeQL with nvim(neovim)
Improving vim by creating a more interactive development enviroment alternative, "neovim".
LSP integration with neovim.
CodeQL with Emacs
Remote code execution bugs found with CodeQL.
Bugs found in Radar Covid App
Patterns leading to remote code execution
Auditing javascript frameworks
CodeQL vs other static analysis tools
Capture the flag codeql challanges
The future of CodeQL
External links:
https://lgtm.com/
https://github.com/pwntester
https://neovim.io/
https://en.wikipedia.org/wiki/Language_Server_Protocol
https://en.wikipedia.org/wiki/Semgrep
Covid 19 tracing app
- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/
- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/
Github Security Lab web site: https://securitylab.github.com/
Join Github Security Lab Slack Channel:
https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg
https://twitter.com/pwntester
Bounty program: https://securitylab.github.com/bounties/
https://codeql.github.com/
https://codeql.github.com/docs/codeql-overview/
http://www.pwntester.com/
https://en.wikipedia.org/wiki/Abstract_syntax_tree
https://en.wikipedia.org/wiki/Control_flow_analysis
https://github.com/github/codeql-learninglab-actions
https://github.com/anticomputer/emacs-codeql/
Special thanks too:
We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!
In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!
Tune is as we deep into secbsd, the penetration distribution for the BSD community.
In this episode we cover:
Video games
Kali linux meets bsd
Started to hack in college
mandraka linux
FreeBSD 4.8 and beyond
BSD vs Linux
Reading the RFC's
IRIX
Learn from developer mailing lists
OpenBSD's mailing
The start of SECBSD - BSD based Penetration testing distribution
SecBSD, release cyckle
Documentation in the BSD world
NetBSD on toasters and sega dreamcast
Comparing the BSD's
Porting ruby Beef to BSD
Web applications as houses
Webb application api's
Security
Penetration testing
Management vs Security Researchers and developers
The adventures of Hacking and learning
The state of Hacking
Tinkering with FreeBSD
ManPages
Unix Powertools book
Vi Editor
Having fun with Technology
People code computers
Time allocation and having a good schedule
Rust programming
Visual code studio
Pentesting with Rust
Mental health
Taking brakes, allocating
discord and Internet Relay Chat
Libera.chat irc
Irssi irc client
Phreakers going into VoIP
OpenBTS
IceCast
Future of IT-Security
Moving everything to the browser
Challenge of the episode:
The BSDBandit challenges you to read one man page per day for one year
Links:
https://en.wikipedia.org/wiki/Mandriva_Linux
https://www.freebsd.org/releases/4.8R/announce/
https://secbsd.org
https://twitter.com/SecBSD
https://rfcs.io/http
https://www.rfc-editor.org/rfc/
https://en.wikipedia.org/wiki/IRIX
https://en.wikipedia.org/wiki/Sub7
https://marc.info/?l=openbsd-misc&r=1
https://www.openbsd.org/faq/ports/guide.html
https://twitter.com/CryptoBanshee_
https://beefproject.com/
https://www.oreilly.com/library/view/unix-power-tools/0596003307/
https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603
https://en.wikipedia.org/wiki/Vim_(text_editor)
https://en.wikipedia.org/wiki/Vi
https://twitter.com/bsdbandit
https://crates.io/
https://www.rust-lang.org/
https://github.com/bsdbandit
https://crates.io/crates/pledge
https://en.wikipedia.org/wiki/Ghostscript
https://en.wikipedia.org/wiki/Discord
https://en.wikipedia.org/wiki/Irssi
https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly
https://libera.chat/
https://en.wikipedia.org/wiki/OpenBTS
https://icecast.org/
Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman!
Replacing docker with Podman
Subscribe to Hacker Talk's RSS feed:
https://anchor.fm/s/7984c230/podcast/rss
In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg.
Tune is as we get to hear about scam calls and social engineering!
In this episode we cover:
Social Engineering
Micro-expressions
How long can you get with scam calls?
Windows Security Best practices
Dealing with scam callers
Getting more information from scam call center
What happens when people fall for scam callers.
Educating others
Links:
The Art of Human Hacking
https://en.wikipedia.org/wiki/Christopher_J._Hadnagy
https://twitter.com/MattiasBorg82
https://blog.sec-labs.com/
https://www.youtube.com/watch?v=YsznWl0Wc4I
https://www.youtube.com/watch?v=1zTsfs4Q6IY
For feedback and guest suggestions, email:
podcast at firosolutions dot com
In this episode of Hacker Talk, we are joined by the amazing Hacker, G0t mi1k! G0t mi1k is part of the offensive security team and he also runs the database of vulnerable virtual machines, called Vulnhub.
Topics:
Background
Getting into infosec
Becoming a moderator
First remote shell
Backtrack
Offensive security
Start and background story of Vulnhub.com
Encouraging people to run virtual machines
Hoarding data, hosting virtual machine images
The start of Exploit-db, milw0rm
Curating exploits
Running virtual machines with Proxmox home lab and vmwareVMware
Best practices for protecting internet facing virtual machines
Locking down machines
The rise and fall of port knocking
Single Packet Authorization
Learning security by doing
Understanding the entire circle of it security.
Exploits in Fail2ban
Writing a book as a dyslexic
The importance of changing the pace of Life. Taking time away from the Keyboard.
Working from home
External links:
https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment
https://www.exploit-db.com/
Single Packet Authorization
https://www.vulnhub.com/
https://en.wikipedia.org/wiki/Fail2ban
https://en.wikipedia.org/wiki/Port_knocking
https://blog.g0tmi1k.com/
https://twitter.com/g0tmi1k
https://research.securitum.com/fail2ban-remote-code-execution/
Today we are joined by: Mike Spicer, the builder of the Wifi Cactus, someone you can see walking around various security conference
with a backpack filled with wireless monitoring goodies :)
Mike wanted to see what was really happening on one of the most dangerous wifi networks in the world, this and a lot more in this episode of Hacker Talk.
In this episode we cover:
Questioning the dangerous assumption
How dangerous is Defcon's network really?
Dialup internet, warez, Hacking, Tinkering, and programming
The movie Hackers from 1995
Wardriving, driving around to find internet, Orinoco gold wireless card
WiFi
Starting a startup wireless internet service provider company
Software-defined radio
Hacking Radiofrequency
LoRa
Helium Lori hardware
Things network Lori iot
Amazon sidewalk
Interconnected devices
900megahertz
OpenBTS BladeRF
3g stingrays
WiFi Cactus, wifi kraken
Wardriving with wireless antennas
Pitfalls with airodump
Wireless captures
Wireless standards, going to WiFi 6
From one box to twelve
25 hak5 pineapples from Darren kitchen
Kismet, Andrew dragon(creator of kismet)
Intel nuc
Live streaming data from the WiFi Cactus
WiFi Cactus at Defcamp in Romania
Analyzing wardriving from security conferences
Pcapinator GitHub
Wireshark
Mdns, clear text,
DNS queries to slack
Building your own wardriving device
Wireless penetration tests
Intel ax220 PCI express WiFi adapter, 30-40 USD, native Linux support
Monitoring for wireless de-authentication attacks
Deploying kismet for detection with raspberry pi 4 with a 30usd Wireless adapter for starting to monitor their WiFi security
Best practices for cracking wpa2 handshakes with hashcat
Best security practices for setting up wireless networks
Links:
https://www.imagine41.com/product/orinoco-gold-wireless-networks-pc-card/
https://en.wikipedia.org/wiki/Software-defined_radio
https://en.wikipedia.org/wiki/Wardriving
https://twitter.com/d4rkm4tter
https://github.com/mspicer/pcapinator
https://www.wigle.net/
https://en.wikipedia.org/wiki/LoRa
https://www.helium.com
https://www.kismetwireless.net/
https://www.intel.com/content/www/us/en/products/sku/189347/intel-wifi-6-ax200-gig/specifications.html
We would like to give a special thanks to Feedspot for featuring us, we recommend that you check them out:
https://blog.feedspot.com/hacker_podcasts/
Welcome back to Hacker Talk!
This is part two of our conversation with Steven Phillips
Steven is a really interesting developer, hacker and thinker. I
personally enjoy reading his blog
tryingtobeawesome.com where he covers various parts of
programming, philosophy and software.
Topics:
"Machine Learning" being good or bad
Security with machine learning
Turning a stop light to a truck
Algorithms
What type of Artificial intelligence do we need for software
James Mickens
Generative Pre-trained Transformer 3
Solving bad human code datasets
Global code quality
How do we write good code?
The progress of software
how good Structured Query Language is
Secure codebase's
Pseudorandom
Clojure
Python
Golang
Vlang
Designing
The ethical source movement
Code Licenses
Internet Privacy
End-to-end encryption
Podman
Browser Extensions
Reaching the largest userbase for software
Web assembly
The onion router | Tor user adoption
AI-Powered Super Hackers are a real threat
and a lot more on Hacker Talk!
Links:
https://en.wikipedia.org/wiki/James_Mickens
https://en.wikipedia.org/wiki/GPT-3
https://en.wikipedia.org/wiki/SQL
https://en.wikipedia.org/wiki/Clojure
https://effective.af/
https://firstdonoharm.dev/
https://www.torproject.org/
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
https://en.wikipedia.org/wiki/Go_(game)
View part one here:
https://anchor.fm/hacker-talk/episodes/Programmable-Philosophy-with-Steve-Phillips---Part-1-e1ju6b3
The podcast currently has 19 episodes available.
7,598 Listeners
299 Listeners