Looking at the title you might think that it’s Katy Perry new hit… It isn’t… I’m sorry… One of my favourite tools when doing security assessments is bettercap. Its like “one tool to rule them all”. With that in mind, I needed something to carry my bettercap arsenal when going to a client. Using my… Continue reading I printed a 3D box for my bettercap arsenal and I liked it
Following what I mentioned in my previous post, I went to my electronics bin and gathered a Logitech Wireless mouse (M185) and a USB cable. On the mouse, I took the receiver – a Logitech Unifying Receiver CU0010 (nRF24L family): And cut one of the sides of a random USB cable: Split the wires: Removed… Continue reading Gone in 30 seconds – a HID cable story tale
Since ever I’ve been using HID devices on red-team assessments at Char49 – specially using Rubber Ducky and latelly with Cactus WHID. I wanted to play a little more so I’ve picked one of my favourite tools from my arsenal which is the tiny Digispark. This ATTINY85 with 8kb flash memory – became part of… Continue reading Make HID great again
Many friends and colleagues are asking me what I use for red team assessments so I decided to write a post with my arsenal – which will could not reflect others Red Team approach. Also, the hardware is task specific. For example, if you’re going on a Wifi hunt you might not need a set… Continue reading My Red Team assessment hardware
When I was in Casa das Artes – venue for an event that I would give a talk – I was discussing some RF topics with my pal Zezadas. One of them was to play with RF pointers… I went home the next day and did a small prank which involved the hackrf replay of… Continue reading Pointer hijack and portapack testing
One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks. I went throught the affected devices list… Continue reading Popular wireless Logitech mouse vulnerable to keystroke injection
I got my hands on a smartlock that costs around 35€ on Amazon which unlocks using the fingerprint or app (using BLE). In reality I don’t know the brand and model but this is not something that I really care. What I wanted to check was – how hard was breaking this smartlock? After a… Continue reading Opening a fingerprint + BLE smartlock – the smart way!
So I got a new toy – micro:bit. I initially bought three of these devices so I can sniff BLE traffic using btlejack. After playing with it, I decided to learn more about this hardware. It’s pretty simple to use, specially if you decide to use Microsoft MakeCode, but also support MicroPython. I went with… Continue reading micro:bit password generator