Definition of Cyber Hunting by our good friends at Wikipedia: “Cyber threat hunting is “the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.” This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), and SIEM Systems, which typically involve an investigation after there has been a warning of a potential threat or an incident has occurred.” In short, hunting begins when traditional security methods fail. Teams are called upon to enter contested terrain and defeat attackers. This article discusses the high level process of how a team would approach such a situation. In later articles we will step through each phase of an attack, discuss technical methods and use some open source tools as a demonstration.
Homelabbers rejoice! In this review we are welcoming the Protectli 6 Port Vault to the home security hardware market. We have been in the market for something like this for a few months and while researching several products we stumbled across a CPU requirement for pfSense version 2.5. This requires chipsets that support AES-NI and even though pfSense 2.4 isn’t out yet we at Hackmethod always like to future proof as much as possible. For full disclosure, we reached out to Brent at Protecli and asked when/if they would have hardware to support the AES-NI requirement. We were informed that they were working on a new line of products due for release in a few months and wanted to know if we would like to get our hands on one for review. That lands us here today with Protecli graciously providing the Hackmethod team with some hardware to test out. Thanks Brent!
Disclaimer: What you do with this information is up to you. You are fully responsible for what you do with this info, and how you use it. HackMethod is not responsible for your actions. Please do not hack Wifi points that you are not allowed to.
NOTE: I do advise having a USB WiFi adapter, and an extra point would be to get a great one like the ALFA AWUS036NHR or AWUS051NH. Although any card would do as long as it supports monitor mode and packet injection.
When it comes to the world of WiFi hacking, the possibilities are only limited by your imagination. Skilled hackers can combine attacks together for increased efficiency, and can also judge on which attack is best to use given a particular situation. By the end of this guide you should have an overall idea on the types of attacks that you can use against any WiFi-enabled AP or router.
A cryptographic hash function is a mathematical algorithm that takes in data of arbitrary size and converts it to a string of a fixed size, which is designed to also be a one-way function, that is, a function which is infeasible to invert. See Fig 1. The idea is that one could input any string and receive a seemingly random irreversible string of fixed length. An input will always reproduce the same output. A single modification to the input will completely change the output and the only way to achieve the same output is by having the original input.
Hashes aren’t always secure
Hashes can be broken, this is due to the fact that more than one input can result in the same input theoretically. However, as long as this doesn’t occur more than just randomly then the hash is seen as secure as probability can’t be helped. Nevertheless, there have been a few hashing algorithms deemed broken such as MD5 or SHA-1 which have been affected by a collision attack. Meaning that somebody has figured out a way to get two inputs with the same output with more than just chance by finding a flaw in the mathematical algorithm.
Application in Hacking
Cryptographic hashing functions are commonly used for checking file integrity and storing passwords, two things hackers like to mess with. File integrity can be checked by taking in a file, calculating the hash (referred to as the checksum), and then comparing the hash of the original file against the new file. This can be useful when downloading a file and checking for corruption during transfer or checking if a file has been changed or tampered with.
When you use an online service and create an account with a password the website usually (unless it’s very unsecured) generates the hash for your password, ties it to your username, and stores the hash itself and not the plaintext password. This prevents your password from being transmitted and stored in plaintext for anyone to read. The next time you logon, it will hash your password input and compare the result to the hash that is stored in their database.
A hacker could compromise a website and steal their database of hashes and try to crack them to get into that account or even other accounts by the same user if that person happens to reuse passwords. Another hacker could also compromise a file a user may want to download and provide a collided checksum to give the user a false sense of security when they download the hacker’s malware. Make sure you use an up to date long hashing algorithm to prevent these from happening.
The GPU is the graphics processing unit, sometimes referred to as graphics card or visual processing unit (VPU). Commonly used for processing imagery, it is used to handle resource intensive computations that may overload your standard Central Processing Unit (CPU). It is typically embedded within the motherboard or CPU of your standard home computer, but can be upgraded by buying a separate, graphics card. The GPU compared to the CPU, has thousands of cores working in parallel on multiple calculations at a time while the CPU works sequentially, one calculation at a time.
Application in Hacking
Although its general intention may have been to provide high textured graphics at a high frames per second, the GPU can be a very useful tool for hacking. Due to its high processing power and use of parallelization, the GPU makes the perfect candidate to crack hashes. No matter the hashing algorithm, with a high tier graphics card one would be able to calculate millions of hashes per second to bruteforce any hash table to crack the desired passwords. However, if the password is complicated enough and uses a good hashing algorithm, the time it takes to crack said password may not be feasible (see: hashes).
While other users may use their graphics card for rendering animations, playing video games, or being completely unaware of its existence, the GPU is a password cracker’s best friend. With it’s ability to calculate thousands or even millions of hashes per second it makes password cracking actually conceivable.
Password strength or complexity is the goal of having a good password and making it strong against brute-force attacks. ab where a is the possible symbols and b is the length. If you have a 4 letter password containing only [0-9] then it might take 104 = 10,000 attempts, a computer with a decent graphics card can calculate billions of guesses per second.
Key stretching, also known as key strengthening, is the act of increasing the complexity enough that it wouldn’t be worth the hacker’s time to be able to crack it. This is done by taking a password (its salted version), hashing it, then hashing the output again an x amount of times, increasing the time it takes to crack the original password exponentially by hashing each iteration’s output.
Salting is the process of adding random data (a salt) at the end of a password before hashing it. It is a method commonly used to defend against dictionary and rainbow table attacks. See Fig 1.
A brute-force attack involves checking every bit until it matches the password’s hash. This is a very inefficient way of password cracking, because if a password is complex enough then it may take an absurdly large amount of time or power before it can be cracked. See Fig 2.
A dictionary attack is a common first resort against a password hash. People are predictable and make very commonly used passwords. Using a wordlist, a pre-compiled text file list of the most common passwords, the password cracker will go through each password on the list and check if the hash matches the original passwords.
Rainbow Table Attack
A rainbow table attack is similar to a dictionary attack except instead of a wordlist just containing plaintext passwords, a rainbow table contains plaintext passwords and their corresponding hash. This saves the hacker plenty of time in exchange for loss of space as these files can be very large.
HM Podcast 001 – Automating your Network Diagrams, Bug Bounties, and the Mirai Botnet
Incidrthreat, hellor00t, and A1ph4byte are eager to give back to a community that hasn’t stopped giving us various challenges and is always pushing us to improve ourselves as nerds. Together we make over 15 years experience and are excited to share and give back to a community that has always had our back and are still teaching us to this day. Join us on our journey to empower all levels of cyber security enthusiasts ranging from beginners and the advanced. If we touch on subjects that our listeners are already privy we simply look forward to entertaining anyone willing to deal with our corny jokes, misplaced wit, and like-minded enthusiasm for “cyber”.
Linux Unified Key Setup, or LUKS [luhks] as it will be referred to as from here on out, is a widely used method of disk-encryption. LUKS is proprietary to the Linux Kernel and a device encrypted with LUKS will not mount in a Windows or Apple environment. LUKS can encrypt entire block devices such as Hard Disks Drives (HDD), Solid-State Devices (SSD) such as USB sticks or Flash drives, partitions, etc. LUKS is largely recommended for protecting removable storage media, laptop hard-disks or Linux swap files and not recommended for file level encryption.
|Introduction Source Code vs Executable Code Narnia Level 0 – Source Code Narnia Level 0 – Exploitation Narnia Level 0 – Solution|
Malware Types Malware can be classified by it’s behavior, target platform, or attack commands. Of the three classifications, we will look more specifically at malware based on behavior. These can be divided into 8 different categories:
- I. Infectors
- II. Network Worms
- III. The Trojan Horse
- IV. Backdoors
- V. Remote Access Trojans
- VI. Information Stealers
- VII. Ransomware
- VIII. Rootkits