Saturday, April 25, 2020

CloudFrunt - A Tool For Identifying Misconfigured CloudFront Domains


CloudFrunt is a tool for identifying misconfigured CloudFront domains.

Background
CloudFront is a Content Delivery Network (CDN) provided by Amazon Web Services (AWS). CloudFront users create "distributions" that serve content from specific sources (an S3 bucket, for example).
Each CloudFront distribution has a unique endpoint for users to point their DNS records to (ex. d111111abcdef8.cloudfront.net). All of the domains using a specific distribution need to be listed in the "Alternate Domain Names (CNAMEs)" field in the options for that distribution.
When a CloudFront endpoint receives a request, it does NOT automatically serve content from the corresponding distribution. Instead, CloudFront uses the HOST header of the request to determine which distribution to use. This means two things:

  1. If the HOST header does not match an entry in the "Alternate Domain Names (CNAMEs)" field of the intended distribution, the request will fail.
  2. Any other distribution that contains the specific domain in the HOST header will receive the request and respond to it normally.
This is what allows the domains to be hijacked. There are many cases where a CloudFront user fails to list all the necessary domains that might be received in the HOST header. For example:
  • The domain "test.disloops.com" is a CNAME record that points to "disloops.com".
  • The "disloops.com" domain is set up to use a CloudFront distribution.
  • Because "test.disloops.com" was not added to the "Alternate Domain Names (CNAMEs)" field for the distribution, requests to "test.disloops.com" will fail.
  • Another user can create a CloudFront distribution and add "test.disloops.com" to the "Alternate Domain Names (CNAMEs)" field to hijack the domain.
This means that the unique endpoint that CloudFront binds to a single distribution is effectively meaningless. A request to one specific CloudFront subdomain is not limited to the distribution it is associated with.

Installation
$ pip install boto3
$ pip install netaddr
$ pip install dnspython
$ git clone https://github.com/disloops/cloudfrunt.git
$ cd cloudfrunt
$ git clone https://github.com/darkoperator/dnsrecon.git
CloudFrunt expects the dnsrecon script to be cloned into a subdirectory called dnsrecon.

Usage
cloudfrunt.py [-h] [-l TARGET_FILE] [-d DOMAINS] [-o ORIGIN] [-i ORIGIN_ID] [-s] [-N]

-h, --help                      Show this message and exit
-s, --save                      Save the results to results.txt
-N, --no-dns                    Do not use dnsrecon to expand scope
-l, --target-file TARGET_FILE   File containing a list of domains (one per line)
-d, --domains DOMAINS           Comma-separated list of domains to scan
-o, --origin ORIGIN             Add vulnerable domains to new distributions with this origin
-i, --origin-id ORIGIN_ID       The origin ID to use with new distributions

Example
$ python cloudfrunt.py -o cloudfrunt.com.s3-website-us-east-1.amazonaws.com -i S3-cloudfrunt -l list.txt

 CloudFrunt v1.0.3

 [+] Enumerating DNS entries for google.com
 [-] No issues found for google.com

 [+] Enumerating DNS entries for disloops.com
 [+] Found CloudFront domain --> cdn.disloops.com
 [+] Found CloudFront domain --> test.disloops.com
 [-] Potentially misconfigured CloudFront domains:
 [#] --> test.disloops.com
 [+] Created new CloudFront distribution EXBC12DE3F45G
 [+] Added test.disloops.com to CloudFront distribution EXBC12DE3F45G


More info


Posted by at No comments:

Thursday, April 23, 2020

WiFi Hacking On Tablets

Disclaimer: Don't hack anything where you don't have the authorization to do so. Stay legal.

Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need it, but I want it :) After some googling, I read that you can't use your WiFi chipset for packet injection, and I forgot the whole topic.

After a while, I read about hacking on tablets (this was around a year ago), and my first opinion was: 
"This is stupid, lame, and the usage of that can be very limited".

After playing one day with it, my opinion just changed: 
"This is stupid, lame, the usage is limited, but when it works, it is really funny :-)"

At the beginning I looked at the Pwn Pad as a device that can replace a pentest workstation, working at the attacker side. Boy was I wrong. Pwn Pad should be used as a pentest device deployed at the victim's side!

You have the following options:
  1. You have 1095 USD + VAT + shipping to buy this Pwn Pad
  2. You have around 200 USD to buy an old Nexus 7 tablet, a USB OTG cable, a USB WiFi dongle (e.g. TP-Link Wireless TL-WN722N USB adapter works).



In my example, I bought a used, old 2012 Nexus WiFi. Originally I bought this to play with different custom Android ROMs, and play with rooted applications. After a while, I found this Pwn Pad hype again and gave it a shot.

The Pwn Pad community edition has an easy-to-use installer, with a proper installation description. Don't forget to backup everything from your tablet before installing Pwn Pad on it!

I don't want to repeat the install guide, it is as easy as ABC. I booted a Ubuntu Live CD, installed adb and fastboot, and it was ready-to-roll. I have not measured the time, but the whole process was around 20 minutes.


The internal WiFi chipset can be used to sniff traffic or even ARP poisoning for active MiTM. But in my case, I was not able to use the internal chipset for packet injection, which means you can't use it for WEP cracking, WPA disauth, etc. This is where the external USB WiFi comes handy. And this is why we need the Pwn Pad Android ROM, and can't use an average ROM.

There are two things where Pwn Pad really rocks. The first one is the integrated drivers for the external WiFi with monitor mode and packet injection capabilities. The second cool thing is the chroot wrapper around the Linux hacking tools. Every hacking tool has a start icon, so it feels like it is a native Android application, although it is running in a chroot Kali environment.

Wifite

The first recommended app is Wifite. Think of it as a wrapper around the aircrack - airmon - airodump suite. My biggest problem with WEP cracking was that I had to remember a bunch of commands, or have the WEP cracking manual with me every time I have to crack it. It was overcomplicated. But thanks to Wifite, that is past.

In order to crack a WEP key, you have to:
  1. Start the Wifite app
  2. Choose your adapter (the USB WiFi)

  3. Choose the target network (wep_lan in the next example)
  4. Wait for a minute 
  5. PROFIT!

SSH reverse shell

This is one of the key functionalities of the Pwn Pad. You deploy the tablet at the Victim side, and let the tablet connect to your server via (tunneled) SSH.

The basic concept of the reverse shells are that an SSH tunnel is established between the Pwn Pad tablet (client) and your external SSH server (either directly or encapsulated in other tunneling protocol), and remote port forward is set up, which means on your SSH server you connect to a localport which is forwarded to the Pwn Pad and handled by the Pwn Pad SSH server.

I believe the best option would be to use the reverse shell over 3G, and let the tablet connect to the victim network through Ethernet or WiFi. But your preference might vary. The steps for reverse shells are again well documented in the documentation, except that by default you also have to start the SSH server on the Pwn Pad. It is not hard, there is an app for that ;-) On your external SSH server you might need to install stunnel and ptunnel if you are not using Kali. The following output shows what you can see on your external SSH server after successful reverse shell.

root@myserver:/home/ubuntu# ssh -p 3333 pwnie@localhost
The authenticity of host '[localhost]:3333 ([127.0.0.1]:3333)' can't be established.
ECDSA key fingerprint is 14:d4:67:04:90:30:18:a4:7a:f6:82:04:e0:3c:c6:dc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:3333' (ECDSA) to the list of known hosts.
pwnie@localhost's password:
  _____      ___  _ ___ ___   _____  _____ ___ ___ ___ ___
 | _ \ \    / / \| |_ _| __| | __\ \/ / _ \ _ \ __/ __/ __|
 |  _/\ \/\/ /| .` || || _|  | _| >  <|  _/   / _|\__ \__ \
 |_|   \_/\_/ |_|\_|___|___| |___/_/\_\_| |_|_\___|___/___/

 Release Version: 1.5.5
 Release Date: 2014-01-30
 Copyright 2014 Pwnie Express. All rights reserved.

 By using this product you agree to the terms of the Rapid Focus
 Security EULA: http://pwnieexpress.com/pdfs/RFSEULA.pdf

 This product contains both open source and proprietary software.
 Proprietary software is distributed under the terms of the EULA.
 Open source software is distributed under the GNU GPL:
 http://www.gnu.org/licenses/gpl.html

pwnie@localhost:~$

Now you have a shell on a machine that is connected to the victim network. Sweet :) Now Metasploit really makes sense on the tablet, and all other command-line tools.

EvilAP and DSniff

Start EvilAP (it is again a wrapper around airobase), choose interface (for me the Internal Nexus Wifi worked), enter an SSID (e.g freewifi), enter channel, choose whether force all clients to connect to you or just those who really want to connect to you, and start.


The next step is to start DSniff, choose interface at0, and wait :) In this example, I used a popular Hungarian webmail, which has a checkbox option for "secure" login (with default off). There are sooo many problems with this approach, e.g. you can't check the certificate before connecting, and the login page is delivered over HTTP, so one can disable the secure login checkbox seamlessly in the background, etc. In this case, I left the "secure" option on default off.



In the next tutorial, I'm going to show my next favorite app, DSploit ;)

Lessons learned

Hacking has been never so easy before
In a home environment, only use WPA2 PSK
Choose a long, nondictionary passphrase as the password for WPA2
Don't share your WiFi passwords with people you don't trust, or change it when they don't need it anymore
Don't let your client device auto-connect to WiFi stations, even if the SSID looks familiar

I believe during an engagement a Pwn Plug has better "physical cloaking" possibilities, but playing with the Pwn Pad Community Edition really gave me fun moments.

And last but not least I would like to thank to the Pwn Pad developers for releasing the Community Edition!

Read more

  1. Best Hacking Games
  2. Paginas De Hackers
  3. Hacking Con Buscadores Pdf
  4. Growth Hacking Madrid
  5. Hacking Web Sql Injection
  6. Tecnicas De Ingenieria Social
Posted by at No comments:

Wednesday, April 22, 2020

Rastrea2R - Collecting & Hunting For IOCs With Gusto And Style



Ever wanted to turn your AV console into an Incident Response & Threat Hunting machine? Rastrea2r (pronounced "rastreador" - hunter- in Spanish) is a multi-platform open source tool that allows incident responders and SOC analysts to triage suspect systems and hunt for Indicators of Compromise (IOCs) across thousands of endpoints in minutes. To parse and collect artifacts of interest from remote systems (including memory dumps), rastrea2r can execute sysinternal, system commands and other 3rd party tools across multiples endpoints, saving the output to a centralized share for automated or manual analysis. By using a client/server RESTful API, rastrea2r can also hunt for IOCs on disk and memory across multiple systems using YARA rules. As a command line tool, rastrea2r can be easily integrated within McAfee ePO, as well as other AV consoles and orchestration tools, allowing incident responders and SOC analysts to collect forensic evidence and hunt for IOCs without the need for an additional agent, with 'gusto' and style!
Dependencies
  • Python 2.7.x
  • git
  • bottle
  • requests
  • yara-python

Quickstart
  • Clone the project to your local directory (or download the zip file of the project)
$git clone https://github.com/rastrea2r/rastrea2r.git
$cd rastrea2r
  • All the dependencies necessary for the tool to run can be installed within a virtual environment via the provided makefile.
$make help
help                           - display this makefile's help information
venv                           - create a virtual environment for development
clean                          - clean all files using .gitignore rules
scrub                          - clean all files, even untracked files
test                           - run tests
test-verbose                   - run tests [verbosely]
check-coverage                 - perform test coverage checks
check-style                    - perform pep8 check
fix-style                      - perform check with autopep8 fixes
docs                           - generate project documentation
check-docs                     - quick check docs consistency
serve-docs                     - serve project html documentation
dist                           - create a wheel distribution package
dist-test                      - test a wheel distribution package
dist-upload                    - upload a wheel distribution package
  • Create a virtual environment with all dependencies
$make venv
//Upon successful creation of the virtualenvironment, enter the virtualenvironment as instructed, for ex:
$source /Users/ssbhat/.venvs/rastrea2r/bin/activate
  • Start the rastrea2r server by going to $PROJECT_HOME/src/rastrea2r/server folder
$cd src/rastrea2r/server/
$python rastrea2r_server_v0.3.py
Bottle v0.12.13 server starting up (using WSGIRefServer())...
Listening on http://0.0.0.0:8080/
  • Now execute the client program, depending on which platform you are trying to scan choose the target python script appropriately. Currently Windows, Linux and Mac platforms are supported.
$python rastrea2r_osx_v0.3.py -h
usage: rastrea2r_osx_v0.3.py [-h] [-v] {yara-disk,yara-mem,triage} ...

Rastrea2r RESTful remote Yara/Triage tool for Incident Responders

positional arguments:  {yara-disk,yara-mem,triage}

modes of operation
 yara-disk           Yara scan for file/directory objects on disk
 yara-mem            Yara scan for running processes in memory
 triage              Collect triage information from endpoint

optional arguments:
 -h, --help            show this help message and exit
 -v, --version         show program's version number and exit


Further more, the available options under each command can be viewed by executing the help option. i,e

$python rastrea2r_osx_v0.3.py yara-disk -h
usage: rastrea2r_osx_v0.3.py yara-disk [-h] [-s] path server rule

positional arguments:
path          File or directory path to scan
server        rastrea2r REST server
rule          Yara rule on REST server

optional arguments:
-h, --help    show this help message and exit
-s, --silent  Suppresses standard output
  • For ex, on a Mac or Unix system you would do:
$cd src/rastrea2r/osx/

$python rastrea2r_osx_v0.3.py yara-disk /opt http://127.0.0.1:8080/ test.yar

Executing rastrea2r on Windows

Currently Supported functionality
  • yara-disk: Yara scan for file/directory objects on disk
  • yara-mem: Yara scan for running processes in memory
  • memdump: Acquires a memory dump from the endpoint ** Windows only
  • triage: Collects triage information from the endpoint ** Windows only

Notes
For memdump and triage modules, SMB shares must be set up in this specific way:
  • Binaries (sysinternals, batch files and others) must be located in a shared folder called TOOLS (read only)
    \path-to-share-foldertools
  • Output is sent to a shared folder called DATA (write only)
    \path-to-share-folderdata
  • For yara-mem and yara-disk scans, the yara rules must be in the same directory where the server is executed from.
  • The RESTful API server stores data received in a file called results.txt in the same directory.

Contributing to rastrea2r project
The Developer Documentation provides complete information on how to contribute to rastrea2r project

Demo videos on Youtube

Presentations

Credits & References



Related posts

  1. Penetration Testing A Hands-On Introduction To Hacking
  2. Hacking Definicion
  3. Elhacker Ip
  4. Como Ser Un Buen Hacker
Posted by at No comments:

HOW TO BOOST UP BROWSING SPEED?

Internet speed is the most cared factor when you buy an internet connection. What if still, you face a slow speed browsing problem? No worries, as I came with a solution to this problem. I will let you know how to boost up browsing speed. It's very simple to follow.

SO, HOW TO BOOST UP BROWSING SPEED?

There can be many ways you can get a speedy browsing whether you use paid service or free hacks. I am going to share this free speed hack with you.

STEPS TO FOLLOW

  1. Navigate to Control Panel > Network and Internet Options > Network and Sharing Center.
  2. Now look for the active internet connection to which you're currently connected to.
  3. Open up Connection Properties of your active connection.
  4. Click on IPv4 and open its Properties.
  5. Here you will notice your DNS, you just need to change your DNS address with the following DNS.
    Preferred DNS server: 208.67.222.222
    Alternate DNS server: 208.67.220.220
  6. Once done, save it and no configure it for IPv6. Just change the IPv6 DNS with the following DNS.
    Preferred DNS server: 2620:0:ccc::2
    Alternate DNS server: 2620:0:CCD::2
  7. Finally, save and you're done with it.
That's all. You have successfully learned how to boost up browsing speed. Hope it will work for you. Enjoy speedy internet..!

Related links


  1. Hacking Software
  2. Hacking Python
  3. El Mejor Hacker Del Mundo
  4. Hacking Virus
  5. Clases De Hacker
Posted by at No comments:

Thousand Ways To Backdoor A Windows Domain (Forest)

When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of the following blog post made some waves:
http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx

"The only way a domain compromise can be remediated with a high level of certainty is a complete rebuild of the domain."

Personally, I agree with this, but .... But whether this is the real solution, I'm not sure. And the same applies to compromised computers. When it has been identified that malware was able to run on the computer (e.g. scheduled scan found the malware), there is no easy way to determine with 100% certainty that there is no rootkit on the computer. Thus rebuilding the computer might be a good thing to consider. For paranoids, use new hardware ;)

But rebuilding a single workstation and rebuilding a whole domain is not on the same complexity level. Rebuilding a domain can take weeks or months (or years, which will never happen, as the business will close before that).

There are countless documented methods to backdoor a computer, but I have never seen a post where someone collects all the methods to backdoor a domain. In the following, I will refer to domain admin, but in reality, I mean Domain Admins, Enterprise Admins, and Schema Admins.


Ways to backdoor a domain

So here you go, an incomplete list to backdoor a domain:

  • Create a new domain admin user. Easy to do, easy to detect, easy to remediate
  • Dump password hashes. The attacker can either crack those or just pass-the-hash. Since KB2871997, pass-the-hash might be trickier (https://technet.microsoft.com/library/security/2871997), but not impossible. Easy to do, hard to detect, hard to remediate - just think about service user passwords. And during remediation, consider all passwords compromised, even strong ones.
  • Logon scripts - modify the logon scripts and add something malicious in it. Almost anything detailed in this post can be added :D
  • Use an already available account, and add domain admin privileges to that. Reset its password. Mess with current group memberships - e.g. http://www.exploit-db.com/papers/17167/
  • Backdoor any workstation where domain admins login. While remediating workstations, don't forget to clean the roaming profile. The type of backdoor can use different forms: malware, local admin, password (hidden admin with 500 RID), sticky keys, etc.
  • Backdoor any domain controller server. For advanced attacks, see Skeleton keys 
  • Backdoor files on network shares which are commonly used by domain admins by adding malware to commonly used executables - Backdoor factory
  • Change ownership/permissions on AD partitions - if you have particular details on how to do this specifically, please comment
  • Create a new domain user. Hide admin privileges with SID history. Easy to do, hard to detect, easy to remediate - check Mimikatz experimental for addsid
  • Golden tickets - easy to do, hard to detect, medium remediation
  • Silver tickets - easy to do, hard to detect, medium/hard remediation
  • Backdoor workstations/servers via group policy
    • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce,
    • scheduled tasks (run task 2 years later),
    • sticky-keys with debug
  • Backdoor patch management tool, see slides here
[Update 2017.01.10]


Other tricks

The following list does not fit in the previous "instant admin" tips, but still, it can make the attackers life easier if their primary foothold has been disabled:

  • Backdoor recent backups - and when the backdoor is needed, destroy the files, so the files will be restored from the backdoored backup
  • Backdoor the Exchange server - get a copy of emails
  • Backdoor workstation/server golden image
  • Change permission of logon scripts to allow modification later
  • Place malicious symlinks to file shares, collect hashes via SMB auth tries on specified IP address, grab password hashes later
  • Backdoor remote admin management e.g. HP iLO - e.g. create new user or steal current password
  • Backdoor files e.g. on shares to use in SMB relay
  • Backdoor source code of in-house-developed software
  • Use any type of sniffed or reused passwords in new attacks, e.g. network admin, firewall admin, VPN admin, AV admin, etc.
  • Change the content of the proxy pac file (change browser configuration if necessary), including special exception(s) for a chosen domain(s)  to use proxy on malicious IP. Redirect the traffic, enforce authentication, grab password hashes, ???, profit.
  • Create high privileged users in applications running with high privileges, e.g. MSSQL, Tomcat, and own the machine, impersonate users, grab their credentials, etc. The typical pentest path made easy.
  • Remove patches from servers, change patch policy not to install those patches.
  • Steal Windows root/intermediate CA keys
  • Weaken AD security by changing group policy (e.g. re-enabling LM-hashes)
Update [2015-09-27]: I found this great presentation from Jakob Heidelberg. It mentions (at least) the following techniques, it is worth to check these:
  • Microsoft Local Administrator Password Solution
  • Enroll virtual smart card certificates for domain admins

Forensics

If you have been chosen to remediate a network where attackers gained domain admin privileges, well, you have a lot of things to look for :)

I can recommend two tools which can help you during your investigation:

Lessons learned

But guess what, not all of these problems are solved by rebuilding the AD. One has to rebuild all the computers from scratch as well. Which seems quite impossible. When someone is creating a new AD, it is impossible not to migrate some configuration/data/files from the old domain. And whenever this happens, there is a risk that the new AD will be backdoored as well.

Ok, we are doomed, but what can we do? I recommend proper log analysis, analyze trends, and detect strange patterns in your network. Better spend money on these, than on the domain rebuild. And when you find something, do a proper incident response. And good luck!

Ps: Thanks to Andrew, EQ, and Tileo for adding new ideas to this post.

Check out the host backdooring post as well! :)
More articles
  1. Que Es El Hacking
  2. Un Hacker
  3. Curso Seguridad Informatica
  4. Programas Para Hackear
Posted by at No comments:

Monday, April 20, 2020

AirPods Pro: Unas Pruebas En Casa De Safety & Security (I De III)

A principios de año por fin me pude hacer con mis AirPods Pro para utilizarlos con mi iPhone y mi equipamiento de Apple - que ya sabéis que tengo un MacBook Pro antiguo y un iPad Pro ya que hablo muchas veces de ellos -. La verdad es que costó conseguirlos, pero la verdad es que es un dispositivo fantásticamente cómodo y de una de calidad en el sistema de Cancelación de Ruido que me encanta.

Figura 1: AirPods Pro: Unas pruebas en casa de Safety & Security (I de III)

No os voy a hablar mucho de lo mucho que me gustan, sino de otras cosas. De lo mucho que me preocupan, tanto por perderlos, como de que una niña como Mi Hacker los utilice. Desde el primer momento me preocupó ver que no hay ningún sistema de protección anti-robo aparentemente, y que si te los quitan, los puede utilizar cualquiera.


Esto que os he dicho, aunque aparentemente es cierto, existen un montón de situaciones curiosas que he ido descubriendo y probado - gracias a que a veces le robo a Mi Hacker sus AirPods Pro y su viejo iPhone - al más puro estilo de Big Band Theory. Vale, si no has pillado la referencia, en uno de los capítulos el Doctor Leonard Hofstadter, el Doctor Sheldon Cooper, y  Howard Wolowitz (que al menos tiene un "máster") deciden probar la seguridad de un sistema de reconocimiento de retina en la Temporada 10, episodio 2.

Figura 3: Big Band Theory S10x02

Aunque mi favorita es la parte en la que prueban a darle las retinas al revés, yo no he llegado a tanto, pero sí a hacer pareados dobles, dobles enfundados - al más puro estilo Altered Carbon - y reemplazo de cascos y baterías, e intento de localizar uno de los cascos perdidos. Y os voy a ir contando qué es lo que he ido descubriendo, que es curioso. 

1.- El caso del casco perdido y el punto medio

Este primer incidente me sucedió cuando haciendo mi ruta en bicicleta por la Casa de Campo de Madrid, en un pequeño salto por una piedra mientras descendía a unos 40 kilómetros por hora, el casco de mi oreja izquierda saltó y se me cayó a la pista, rebotando en la bici en el suelo y perdiéndolo de mi vista.

Horror. Con lo que cuestan no estaba dispuesto a perderlo, así que frené la montura, me quité las calas y paré el Endomondo. Batir record era menos importante que encontrar la mitad de mis Air Pods Pro. Así que empecé a buscarlo y nada. Entre la caída del casco y la frenada en mitad de la bajada podia haber fácilmente unos 20 metros y el casco podía haber rebotado y terminado en cualquier sitio.

Después de un rato buscándolo y sin verlo decidí hacer un experimento, me puse el casco que quedaba en la oreja, y le di al Play a Spotify. Y comencé a andar hacia arriba. Hasta que se paró la música. ¿Por qué? Pues porque había detectado la pérdida de conexión BLE con el otro casco. Di marcha atrás unos pasos y volvió la música.

Desde ese punto empecé a andar hacia abajo contando los pasos hasta que la música volvió a pararse. Me había alejado demasiado demasiado por el otro lado y había vuelto a perder la conexión con el casco.Así que desandé la mitad de los pasos y centré mi búsqueda en ese área. Como había sospechado, el casco se encontraba en esa zona.

Ahí aprendí tres cosas:
a.- Prueba de goma: Que antes de usar los AirPods hay que revisar correctamente las gomas de ajuste. Para ello hay una pequeña utilidad en las opciones BlueTooth de los AirPods. 
Figura 4: Probar que te encaja la goma del audífono perfectametne

Yo lo había hecho y llevaba la correcta, pero aún así lo revisé para entender si la caída del casco podía haber sido debido a ello. Quería comprobar si había habido algún cambio en la goma. 
b.- Protector de Seguridad: Yo vengo de usar los PowerBeats, y estos vienen con unas gomas de sujeción para la oreja. Pues bien, también se pueden comprar para los AirPods Pro. Así que me hice con unos de ellos para cuando salgo con ellos en la bicicleta. 
Figura 5: EarHooks para AirPods. Úsalos si te los llevas a hacer deporte
d.- Detección de eventos: Los AriPods Pro paran la música en el dispositivo cuando notan que te los has quitado de la oreja, pero también, cuando uno de los dos cascos se desconecta. En este caso esta característica me sirvió para encontrar el casco caído.
2.- Doble conexión de audífonos a dos dispositivos en paralelo

Estos días de confinamiento estoy todos los días conectados al ordenador y uso mi AirPods Pro también en el iPhone para hacer algunas llamadas, así que me paso todo el día conectándolos manualmente a uno o a otro según lo necesite. La gracia es que ellos guardan una histórico de la última conexión, por lo que solo se conectan automáticamente al equipo que se conectaron la última vez. Si no, debes hacerlo manualmente.

Esto abrió una pregunta en mi cabeza, ¿podría conectar un audífono al ordenador y otro al iPhone al mismo tiempo y en el mismo espacio de conexión BLE? Al final, la conexión de los cascos es algo que pide inicializar el equipo - ya sea el iPhone o el MacBook Pro - y si el casco ya ha está pareado, se realiza perfectamente.

Para ello primero hay que responder a la pregunta de si funcionan los cascos solos. Y la respuesta es sí. Basta con que guardes un casco en la funda-batería-cargador, y conectes el otro. Podrás escuchar música y usarlo como micrófono. Es decir. si los usas para vídeo conferencias como hago yo, y no te aguantan la batería, podrías utilizar solo uno mientras el otro está cargando y utilizarlos de forma alterna. 

Y ahora, la pregunta,  ¿podría tener los dos cascos conectados por separado cada uno a un dispositivo y cada uno escuchando música distinta y usarlos a la vez? ¿O tener, por ejemplo, el casco izquierdo con audio/micro para el iPhone y el audífono derecho con el altavoz y el micro del MacBook Pro? La respuesta es sí, pero para hacer la prueba tuve que usar un truco de los que ya me conozco tras haber escrito el libro de Hacking iOS: iPhone & iPad (2ª Edición) y de haber hecho nuestro querido DirtyTooth. Jugar con iPhone: "I love it".
Para hacer la prueba use dos iPhones y un audífono para cada uno de ellos. Puse música en uno en una sala y me fui lejos con el otro casco metido en la batería para conectarlo al otro iPhone lejos. Lo conecté y regresé, pero cuando volví a juntarlos, el primer audífono estaba reproduciendo la música que traía en el segundo. ¿Por qué? Pues porque al habérmelo quitado de la oreja se desconectó del primer iPhone y cuando el segundo audífono lo detectó forzó la conexión del primero al primer dispositivo. 

Para solucionarlo, necesitaba otra oreja. Así que nada, con Mi Hacker en un iPhone y yo en el otro, lejos de distancia BLE (BlueTooth Low Energy), cada uno conectamos el audífono de AirPods Pro y nos llamamos por teléfono. Nos fuimos acercando hasta que estuvimos en la misma sala. Sin quitárnoslos de las orejas, pusimos música y me pasó su audífono a mí. Desconecté la llamada y el resultado fue tener cada audífono conectado a un dispositivo escuchando música distinta.

Por supuesto, no parece una gran habilidad, pero tal vez un día quieras dejar un audífono a un hijo, y otro para ti, o dejárselo a dos niños y que cada uno pueda escuchar su música. En ese momento, puede que este truco te sea de utilidad. Con esta prueba aprendí:
e.- Conexión LIFO: Es decir, tus AirPods Pro se conectan al último dispositivo pareado que los ha utilizado y uno conecta al otro cuando aparece en la distancia. 
f.- Se pueden usar individualmente:Si pierdes un casco, siempre podrás utilizar al menos el que te queda como micro y audio para llamadas o vídeo conferencias. No creo que para música sea útil.
f.- Doble conexión: Si lo quieres - o necesitas -, puedes hacer un doble conexión en paralelo entre dispositivos.
En las próximas partes os contaré más experimentos, que me ha dado juego esto de revisar la seguridad del dispositivo, y seguridad personal del dueño haciendo diferentes tests. A mí me han sido muy útiles y sobre todo sirven para terminar con las recomendaciones de Safety & Security que os dejaré en la última parte.

Saludos Malignos!

*****************************************************************************************************
- AirPods Pro: Unas pruebas en casa de Safety & Security (I de III)
- AirPods Pro: Unas pruebas en casa de Safety & Security (II de III)
- AirPods Pro: Unas pruebas en casa de Safety & Security (III de III)
*****************************************************************************************************

Autor: Chema Alonso (Contactar con Chema Alonso)



Sigue Un informático en el lado del mal RSS 0xWord

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

Related links


  1. Pentest Tools Linux
  2. Pentest Tools Port Scanner
  3. Hack Tools
  4. Pentest Tools Find Subdomains
  5. Pentest Tools Bluekeep
  6. Pentest Tools Url Fuzzer
  7. Hacking Tools Download
  8. Hack Tools
  9. Pentest Tools For Mac
  10. Pentest Tools Apk
  11. Hack Tools
  12. Pentest Tools Github
  13. Hacking Tools Download
  14. Hack Website Online Tool
  15. Pentest Tools List
Posted by at No comments:

SANS SEC575 Mentor Class

Hi everyone,

Great news! I will be mentoring SANS 575: Mobile Device Security and Ethical Hacking in Luxembourg on Thursday evenings 18:00-20:00, starting from January 15, 2015.

Mentor classes are special, 10 week-format SANS classroom sessions that give the students time to absorb and master the same material with the guidance of a trained security professional.

Students receive all the same course materials used at SANS conferences and study at a more leisurely pace, so students will have:
  • Hardcopy set of SANS course books
  • Mentor Program study materials
  • Weekly Mentor led sessions
Prior to the weekly Mentor-led classroom sessions, students study SANS course material at their own pace. Each week, students meet with other professionals in their hometown area and the SANS mentor, who leads topical discussions pointing out the most salient features of the weekly material studied, provides hands-on demonstrations, and answer questions. The Mentor's goal is to help student's grasp the more difficult material, master the exercises, demonstrate the tools and prepare for GIAC certification.

On SANS SEC575, we will learn about mobile device infrastructures, policies and management, we will see the security models of the different platforms, like the data storage and file system architecture. We will also see how to unlock, root and jailbreak mobile devices in order to prepare them for data extraction and further testing. In the second half of the course, we will learn how to perform static and dynamic mobile application analysis, the usage of automated application analysis tools and how to manipulate application behavior. Last but not least, we will see how to perform mobile penetration testing that includes fingerprinting mobile devices, wireless network probing and scanning, attacking wireless infrastructures, using network manipulation attacks and attacks against mobile applications and back-end applications.

For more info, here is the link for the class: http://www.sans.org/mentor/class/sec575-luxembourg-15jan2015-david-szili
My Mentor bio: http://www.sans.org/mentor/bios#david-szili 

Information on the class, special discounts and applying for the class: szili_(dot)_david_(at)_hotmail_(dot)_com

Additional info can be also found at: https://www.sans.org/mentor
Some special price is also available for this course. A few examples: http://www.sans.org/mentor/specials

Best regards,
David

Such low price. Very SANS. Much learning. Wow!

More info

  1. Hacker Tools Mac
  2. Hacker Tools Github
  3. Pentest Recon Tools
  4. Github Hacking Tools
  5. Usb Pentest Tools
  6. Hacker Tools For Mac
  7. Hacking Tools Pc
  8. Pentest Box Tools Download
  9. What Are Hacking Tools
  10. Hack Tool Apk No Root
  11. Hacking Tools 2019
  12. Best Hacking Tools 2019
  13. How To Install Pentest Tools In Ubuntu
  14. Hack Tools Pc
  15. World No 1 Hacker Software
  16. Hacking Tools For Games
  17. Pentest Tools Website Vulnerability
Posted by at No comments:

FOOTPRITING AND INFORMATION GATHERING USED IN HACKING

WHAT IS FOOTPRITING AND INFORMATION GATHERING IN HACKING?

Footpriting is the technique used for gathering information about computer systems and the entities they belongs too. 
To get this information, a hacker might use various tools and technologies.

Basically it is the first step where hacker gather as much information as possible to find the way for cracking the whole system or target or atleast decide what types of attacks will be more suitable for the target.

Footpriting can be both passive and active.

Reviewing a company's website is an example of passive footprinting, 
whereas attempting to gain access to sensititve information through social engineering is an example of active information gathering.

During this phase hacking, a hacker can collect the following information>- Domain name
-IP Addresses
-Namespaces
-Employee information 
-Phone numbers
-E-mails 
Job information

Tip-You can use http://www.whois.com/ website to get detailed information about a domain name information including its owner,its registrar, date of registration, expiry, name servers owner's contact information etc.

Use of  Footprinting & Information Gathering in People Searching-
Now a days its very easy to find anyone with his/her full name in social media sites like Facebook, Instragram,Twitter,Linkdedin to gather information about date of birth,birthplace, real photos, education detail, hobbies, relationship status etc.

There are several sites like PIPL,PeekYou, Transport Sites such as mptransport,uptransport etc and Job placement Sites such as Shine.com,Naukari.com , Monster.com etc which are very useful for hacker to collect information about anyone.  
Hacker collect the information about you from your Resume which you uploaded on job placement site for seeking a job as well as  hacker collect the information from your vehicle number also from transport sites to know about the owner of vehicle, adderess etc then after they make plan how to attack on victim to earn money after know about him/her from collecting information.




INFORMATION GATHERING-It is the process of collecting the information from different places about any individual company,organization, server, ip address or person.
Most of the hacker spend his time in this process.

Information gathering plays a vital role for both investigating and attacking purposes.This is one of the best way to collect victim data and find the vulnerability and loopholes to get unauthorized modifications,deletion and unauthorized access.



Related articles


Posted by at No comments:
Subscribe to: Comments (Atom)