Hacker Talk

The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd!

In this episode, we cover:

Alex background, working with hak5, content creation

O.MG pentesting cable

Signal intelligence

Wifi hacking

Hardware hacking

Modifying the hardware of calculators, playing games on calculators

Hacking the texas instrument ti 84 calculator

Alex's first computer being the raspberry pi

Starting with Linux

Embedded security

Hardware developer perspective

Making hardware devices

Making low-cost hacking devices

low cost, high availability and effective hacking devices

GPS implants

ESP8266, 3 dollar wifi microcontroller

Wardriving with esp8266

wifi nugget

Making cat-shaped hardware

Making a friendly and portable hardware design

Learning about wifi hacking and microcontrollers

USB nugget

USB rubber ducky

Keystroke injection attacks

ATtiny85 Arduino

Thought process behind creating the wifi nugget

How Filip cracked his neighbors wifi

Aircrack-ng

Airgeddon

Creating a DIY beginner hardware kit

The creation of wifi nugget, the first 100 devices

SpaceHuhn Maker

Wifi Beacon spoofing pranks

esp32 vs esp8266 wifi chip

Crafting custom packets with the esp8266 chip

Espressif Systems trying to stop people from using it's wifi chips for offensive purposes by locking down its software development kit.

Spoofing attacks

esp32 native USB mode

EMulating USB connected devices for data exfiltration

Auto trunked packets

pmkid wifi attack

Cracking wpa2 handshakes

Guessing autogenerated wifi passwords

Hashcat

Password generator based on your local area code

The best password-cracking word list Filip has ever used

Funny pranks with the wifi nugget

Nugget defender, see if anyone is attacking your network

use Canary tokens to detect if someone is breaking into your system

Bugged microsoft word and pdf documents

Having an intrusion detection system in your pocket

wifi honeypots

Getting started designing custom printed circuit boards(PCB)

Design with easyeda

Creating a tv-be-gone

Sourcing pcb boards

Circuit board art

What software to use to create boards

Antenna design

Omni directional antennas

Yagi antennas

Sourcing hardware

Making it more user friendly

Links:

https://alexlynd.com/

https://mg.lol/blog/omg-cable/

https://github.com/HakCat-Tech/WiFi-Nugget

https://education.ti.com/en/products/calculators/graphing-calculators/ti-84-plus

https://en.wikipedia.org/wiki/Raspberry_Pi

https://hak5.org/

https://en.wikipedia.org/wiki/ESP8266

https://retia.io/

https://twitter.com/AlexLynd

https://usbnugget.com/

https://shop.hak5.org/products/usb-rubber-ducky

https://en.wikipedia.org/wiki/ATmega328

https://en.wikipedia.org/wiki/Arduino_Nano

https://www.pcboard.ca/mini-attiny85-usb

https://www.arrow.com/en/research-and-events/articles/attiny85-arduino-tutorial

https://github.com/derv82/wifite2

https://en.wikipedia.org/wiki/Aircrack-ng

https://www.kali.org/tools/airgeddon/

https://github.com/SpacehuhnTech/esp8266_deauther

http://deauther.com/

https://spacehuhn.com/

https://ieeexplore.ieee.org/document/4529384/

https://en.wikipedia.org/wiki/ESP32

https://www.espressif.com/

https://documentation.meraki.com/MR/Other_Topics/PMKID_Vulnerability_FAQ_-_WPA%2F%2FWPA2-PSK_and_802.11r

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

https://colab.research.google.com/

https://en.wikipedia.org/wiki/Hashcat

https://github.com/danielmiessler/SecLists

https://github.com/HakCat-Tech/Nugget-Invader

https://canarytokens.org/generate

https://easyeda.com/

https://www.pcbway.com/

https://www.kicad.org/

https://en.wikipedia.org/wiki/Nordic_Semiconductor

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!

In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison. 

What is it like to apply strong operation security practices in your everyday life?  How does one survive and adapt to hostile environments?

Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story. 

In this episode we cover:   

Darknet Vendor, Darknet Marketplaces  

Darknet Forum Administrator

First Introduction to Tor 

Silkroad,

Early Bitcoin days 

Bitcoin Pizza for 20 000 Bitcoins

Moderating darknet forums

Money laundering charges   

Privacy

Journey into selling on the darknet  

Residential Security   

Living in Vermont, United States of America

Computer support   

Forming information security policies  

Backtraq 2(Released March 2007) 

Yagi antenna, randomizing your mac address before you use your neighbors wifi

Removing DNA from packages.  

Speaking at Defcon  

Dealing with the Department of Homeland security

Social Engineering

Operation security

Dread Darknet Forum

Dealing with Hostile Environments on the darknet and in prison 

Profiling yourself

Importance of Adoptability  

Managing multiple identities 

Pretty good privacy(PGP)

Trust on the Darknet

Resumes on the Darknet   

Best practices for Password Managers 

Storing password's in "The Slip", secure convenience security  

How to ship mail securely

Interacting with the united states judicial system 

Franks hearing

Becoming a paralegal in Prison

Writing a 200-page passion of release motion

Building trust in Online Communities

Links:

Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime

Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0 

https://en.wikipedia.org/wiki/Vermont

https://en.wikipedia.org/wiki/BackTrack 

Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y

https://www.16personalities.com/

https://en.wikipedia.org/wiki/Pretty_Good_Privacy  

https://en.wikipedia.org/wiki/Silk_Road_(marketplace)   

https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/

https://forum.defcon.org/node/241998

https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security. 

Tune in now!

In this episode we cover:

Background, getting into security

Getting into Bug Bounty 

First Bug bounty 

Hackerone, Bug crowd

Reporting Security Bugs

Coordinating bug bounties  

Life as a bug bounty hunter

Interaction with engineers

Bug bounty bootcamp Book

Security as a hobby

Writing Books

How to hack web applications  

Vickie's favourite types of Vulnerabilities   

Template injection

IDOR

Writers block

Nostarch  

Book Publishing  

Bug bounty tools

Python and Bash   

Make bug bounties more enjoyable 

Portswinger Lab

Finding low hanging fruits  

legal harbor 

Caring about security researchers  

Links:

https://twitter.com/vickieli7   

https://en.wikipedia.org/wiki/Bug_bounty_program

https://vickieli.dev/  

https://portswigger.net/web-security/all-labs   

https://portswigger.net/research/server-side-template-injection

https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/   

https://nostarch.com/bug-bounty-bootcamp

Grab a copy of Vickie's book:

https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.  

By converting your code base into a Codeql database, you can now write  

queries in a read-only way, in order to find security vulnerabilities   

and problems in you Code-base.

We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!  

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.  

Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!

Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages 

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities   

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities

Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries    

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL 

Reduce false possitives 

CodeQL with nvim(neovim)    

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.  

CodeQL with Emacs

Remote code execution bugs found with CodeQL.  

Bugs found in Radar Covid App

Patterns leading to remote code execution   

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL

External links:

https://lgtm.com/  

https://github.com/pwntester  

https://neovim.io/

https://en.wikipedia.org/wiki/Language_Server_Protocol    

https://en.wikipedia.org/wiki/Semgrep

Covid 19 tracing app

- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/

- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/

Github Security Lab web site: https://securitylab.github.com/

Join Github Security Lab Slack Channel: 

https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg

https://twitter.com/pwntester

Bounty program: https://securitylab.github.com/bounties/

https://codeql.github.com/

https://codeql.github.com/docs/codeql-overview/  

http://www.pwntester.com/

https://en.wikipedia.org/wiki/Abstract_syntax_tree  

https://en.wikipedia.org/wiki/Control_flow_analysis

https://github.com/github/codeql-learninglab-actions

https://github.com/anticomputer/emacs-codeql/   

Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!

Tune is as we deep into secbsd, the penetration distribution for the BSD community.

In this episode we cover:

Video games

Kali linux meets bsd

Started to hack in college

mandraka linux

FreeBSD 4.8 and beyond   

BSD vs Linux   

Reading the RFC's

IRIX

Learn from developer mailing lists  

OpenBSD's mailing 

The start of SECBSD - BSD based Penetration testing distribution        

SecBSD, release cyckle

Documentation in the BSD world  

NetBSD on toasters and sega dreamcast   

Comparing the BSD's   

Porting ruby Beef to BSD   

Web applications as houses   

Webb application api's   

Security    

Penetration testing  

Management vs Security Researchers and developers     

The adventures of Hacking and learning  

The state of Hacking  

Tinkering with FreeBSD    

ManPages

Unix Powertools book  

Vi Editor  

Having fun with Technology  

People code computers   

Time allocation and having a good schedule    

Rust programming   

Visual code studio   

Pentesting with Rust   

Mental health  

Taking brakes, allocating  

discord and Internet Relay Chat     

Libera.chat irc  

Irssi irc client    

Phreakers going into VoIP

OpenBTS   

IceCast

Future of IT-Security   

Moving everything to the browser   

Challenge of the episode: 

The BSDBandit challenges you to read one man page per day for one year      

Links:    

https://en.wikipedia.org/wiki/Mandriva_Linux    

https://www.freebsd.org/releases/4.8R/announce/    

https://secbsd.org   

https://twitter.com/SecBSD   

https://rfcs.io/http     

https://www.rfc-editor.org/rfc/     

https://en.wikipedia.org/wiki/IRIX     

https://en.wikipedia.org/wiki/Sub7     

https://marc.info/?l=openbsd-misc&r=1    

https://www.openbsd.org/faq/ports/guide.html    

https://twitter.com/CryptoBanshee_   

https://beefproject.com/   

https://www.oreilly.com/library/view/unix-power-tools/0596003307/    

https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603   

https://en.wikipedia.org/wiki/Vim_(text_editor)   

https://en.wikipedia.org/wiki/Vi   

https://twitter.com/bsdbandit    

https://crates.io/   

https://www.rust-lang.org/    

https://github.com/bsdbandit   

https://crates.io/crates/pledge   

https://en.wikipedia.org/wiki/Ghostscript    

https://en.wikipedia.org/wiki/Discord   

https://en.wikipedia.org/wiki/Irssi   

https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly   

https://libera.chat/   

https://en.wikipedia.org/wiki/OpenBTS   

https://icecast.org/   

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman!

Replacing docker with Podman

Subscribe to Hacker Talk's RSS feed:

https://anchor.fm/s/7984c230/podcast/rss

In this episode of Hacker Talk, we are joined by the social engineer, windows security ninja, hacker and security researcher Mattias Borg.

Tune is as we get to hear about scam calls and social engineering!

In this episode we cover:

Social Engineering

Micro-expressions

How long can you get with scam calls?

Windows Security Best practices

Dealing with scam callers

Getting more information from scam call center

What happens when people fall for scam callers.

Educating others 

Links:

The Art of Human Hacking

https://en.wikipedia.org/wiki/Christopher_J._Hadnagy

https://twitter.com/MattiasBorg82

https://blog.sec-labs.com/  

https://www.youtube.com/watch?v=YsznWl0Wc4I

https://www.youtube.com/watch?v=1zTsfs4Q6IY  

For feedback and guest suggestions, email:

podcast at firosolutions dot com

In this episode of Hacker Talk, we are joined by the amazing Hacker, G0t mi1k! G0t mi1k is part of the offensive security team and he also runs the database of vulnerable virtual machines, called Vulnhub.

Topics:

Background

Getting into infosec

Becoming a moderator

First remote shell

Backtrack

Offensive security

Start and background story of Vulnhub.com

Encouraging people to run virtual machines

Hoarding data, hosting virtual machine images

The start of Exploit-db, milw0rm

Curating exploits

Running virtual machines with Proxmox home lab and vmwareVMware

Best practices for protecting internet facing virtual machines

Locking down machines

The rise and fall of port knocking

Single Packet Authorization

Learning security by doing

Understanding the entire circle of it security.

Exploits in Fail2ban

Writing a book as a dyslexic

The importance of changing the pace of Life. Taking time away from the Keyboard.

Working from home

External links:

https://en.wikipedia.org/wiki/Proxmox_Virtual_Environment   

https://www.exploit-db.com/

Single Packet Authorization

https://www.vulnhub.com/

https://en.wikipedia.org/wiki/Fail2ban

https://en.wikipedia.org/wiki/Port_knocking

https://blog.g0tmi1k.com/

https://twitter.com/g0tmi1k

https://research.securitum.com/fail2ban-remote-code-execution/

Today we are joined by: Mike Spicer, the builder of the Wifi Cactus, someone you can see walking around various security conference   

with a backpack filled with wireless monitoring goodies :)

Mike wanted to see what was really happening on one of the most dangerous wifi networks in the world, this and a lot more in this episode of Hacker Talk. 

In this episode we cover:

Questioning the dangerous assumption

How dangerous is Defcon's network really?

Dialup internet, warez, Hacking, Tinkering, and programming

The movie Hackers from 1995

Wardriving, driving around to find internet, Orinoco gold wireless card

WiFi

Starting a startup wireless internet service provider company

Software-defined radio

Hacking Radiofrequency

LoRa

Helium Lori hardware

Things network Lori iot

Amazon sidewalk

Interconnected devices

900megahertz

OpenBTS BladeRF

3g stingrays

WiFi Cactus, wifi kraken

Wardriving with wireless antennas

Pitfalls with airodump

Wireless captures

Wireless standards, going to WiFi 6

From one box to twelve

25 hak5 pineapples from Darren kitchen

Kismet, Andrew dragon(creator of kismet)

Intel nuc

Live streaming data from the WiFi Cactus

WiFi Cactus at Defcamp in Romania

Analyzing wardriving from security conferences

Pcapinator GitHub

Wireshark

Mdns, clear text,

DNS queries to slack

Building your own wardriving device

Wireless penetration tests

Intel ax220 PCI express WiFi adapter, 30-40 USD, native Linux support

Monitoring for wireless de-authentication attacks

Deploying kismet for detection with raspberry pi 4 with a 30usd Wireless adapter for starting to monitor their WiFi security

Best practices for cracking wpa2 handshakes with hashcat

Best security practices for setting up wireless networks

Links:

https://www.imagine41.com/product/orinoco-gold-wireless-networks-pc-card/

https://en.wikipedia.org/wiki/Software-defined_radio

https://en.wikipedia.org/wiki/Wardriving

https://twitter.com/d4rkm4tter

https://github.com/mspicer/pcapinator

https://www.wigle.net/  

https://en.wikipedia.org/wiki/LoRa

https://www.helium.com

https://www.kismetwireless.net/  

https://www.intel.com/content/www/us/en/products/sku/189347/intel-wifi-6-ax200-gig/specifications.html   

We would like to give a special thanks to Feedspot for featuring us, we recommend that you check them out:

https://blog.feedspot.com/hacker_podcasts/

Welcome back to Hacker Talk!

This is part two of our conversation with Steven Phillips 

Steven is a really interesting developer, hacker and thinker. I  

personally enjoy reading his blog 

tryingtobeawesome.com where he covers various parts of 

programming, philosophy and software.

Topics:

"Machine Learning" being good or bad   

Security with machine learning

Turning a stop light to a truck  

Algorithms

What type of Artificial intelligence do we need for software   

James Mickens

Generative Pre-trained Transformer 3  

Solving bad human code datasets   

Global code quality  

How do we write good code?  

The progress of software 

how good Structured Query Language is  

Secure codebase's 

Pseudorandom 

Clojure

Python 

Golang

Vlang

Designing

The ethical source movement 

Code Licenses

Internet Privacy

End-to-end encryption

Podman

Browser Extensions

Reaching the largest userbase for software  

Web assembly  

The onion router | Tor user adoption 

AI-Powered Super Hackers are a real threat  

and a lot more on Hacker Talk!

Links:

https://en.wikipedia.org/wiki/James_Mickens

https://en.wikipedia.org/wiki/GPT-3  

https://en.wikipedia.org/wiki/SQL

https://en.wikipedia.org/wiki/Clojure   

https://effective.af/

https://firstdonoharm.dev/

https://www.torproject.org/   

https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit  

https://en.wikipedia.org/wiki/Go_(game)  

View part one here:

https://anchor.fm/hacker-talk/episodes/Programmable-Philosophy-with-Steve-Phillips---Part-1-e1ju6b3