Hacker Talk Firo Solutions LTD

The hardware hacker, creator of the wifi-nugget, cybersecurity content creator, hak5 host and our guest of honor in this episode of Hacker Talk is Alex Lynd!



In this episode, we cover:

Alex background, working with hak5, content creation

O.MG pentesting cable

Signal intelligence

Wifi hacking

Hardware hacking

Modifying the hardware of calculators, playing games on calculators

Hacking the texas instrument ti 84 calculator

Alex's first computer being the raspberry pi

Starting with Linux

Embedded security

Hardware developer perspective

Making hardware devices

Making low-cost hacking devices

low cost, high availability and effective hacking devices

GPS implants

ESP8266, 3 dollar wifi microcontroller

Wardriving with esp8266

wifi nugget

Making cat-shaped hardware

Making a friendly and portable hardware design

Learning about wifi hacking and microcontrollers

USB nugget

USB rubber ducky

Keystroke injection attacks

ATtiny85 Arduino

Thought process behind creating the wifi nugget

How Filip cracked his neighbors wifi

Aircrack-ng

Airgeddon

Creating a DIY beginner hardware kit

The creation of wifi nugget, the first 100 devices

SpaceHuhn Maker

Wifi Beacon spoofing pranks

esp32 vs esp8266 wifi chip

Crafting custom packets with the esp8266 chip

Espressif Systems trying to stop people from using it's wifi chips for offensive purposes by locking down its software development kit.

Spoofing attacks

esp32 native USB mode

EMulating USB connected devices for data exfiltration

Auto trunked packets

pmkid wifi attack

Cracking wpa2 handshakes

Guessing autogenerated wifi passwords

Hashcat

Password generator based on your local area code

The best password-cracking word list Filip has ever used

Funny pranks with the wifi nugget

Nugget defender, see if anyone is attacking your network

use Canary tokens to detect if someone is breaking into your system

Bugged microsoft word and pdf documents

Having an intrusion detection system in your pocket

wifi honeypots

Getting started designing custom printed circuit boards(PCB)

Design with easyeda

Creating a tv-be-gone

Sourcing pcb boards

Circuit board art

What software to use to create boards

Antenna design

Omni directional antennas

Yagi antennas

Sourcing hardware

Making it more user friendly





Links:

https://alexlynd.com/

https://mg.lol/blog/omg-cable/

https://github.com/HakCat-Tech/WiFi-Nugget

https://education.ti.com/en/products/calculators/graphing-calculators/ti-84-plus

https://en.wikipedia.org/wiki/Raspberry_Pi

https://hak5.org/

https://en.wikipedia.org/wiki/ESP8266

https://retia.io/

https://twitter.com/AlexLynd

https://usbnugget.com/

https://shop.hak5.org/products/usb-rubber-ducky

https://en.wikipedia.org/wiki/ATmega328

https://en.wikipedia.org/wiki/Arduino_Nano

https://www.pcboard.ca/mini-attiny85-usb

https://www.arrow.com/en/research-and-events/articles/attiny85-arduino-tutorial

https://github.com/derv82/wifite2

https://en.wikipedia.org/wiki/Aircrack-ng

https://www.kali.org/tools/airgeddon/

https://github.com/SpacehuhnTech/esp8266_deauther

http://deauther.com/

https://spacehuhn.com/

https://ieeexplore.ieee.org/document/4529384/

https://en.wikipedia.org/wiki/ESP32

https://www.espressif.com/

https://documentation.meraki.com/MR/Other_Topics/PMKID_Vulnerability_FAQ_-_WPA%2F%2FWPA2-PSK_and_802.11r

https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

https://colab.research.google.com/

https://en.wikipedia.org/wiki/Hashcat

https://github.com/danielmiessler/SecLists

https://github.com/HakCat-Tech/Nugget-Invader

https://canarytokens.org/generate

https://easyeda.com/

https://www.pcbway.com/

https://www.kicad.org/

https://en.wikipedia.org/wiki/Nordic_Semiconductor

Sam Bent, previously by his online handle as the Darknet Vendor "2happytimes2" is our Hacker of the episode!





In this episode of Hacker Talk we get to hear, how Sam put toghter an Opsec plan that ended up protecting him against a 20 count indetment and 200 years in prison. Thanks to a bruteforce attack in the true hacker spirit he managed to get out of prison. 



What is it like to apply strong operation security practices in your everyday life?  How does one survive and adapt to hostile environments?





Join us in this thrill seeking episode of Hacker Talk, where we get to hear Sam's story. 





In this episode we cover:   

Darknet Vendor, Darknet Marketplaces  

Darknet Forum Administrator

First Introduction to Tor 

Silkroad,

Early Bitcoin days 

Bitcoin Pizza for 20 000 Bitcoins

Moderating darknet forums

Money laundering charges   

Privacy

Journey into selling on the darknet  

Residential Security   

Living in Vermont, United States of America

Computer support   

Forming information security policies  

Backtraq 2(Released March 2007) 

Yagi antenna, randomizing your mac address before you use your neighbors wifi

Removing DNA from packages.  

Speaking at Defcon  

Dealing with the Department of Homeland security

Social Engineering

Operation security

Dread Darknet Forum

Dealing with Hostile Environments on the darknet and in prison 

Profiling yourself

Importance of Adoptability  

Managing multiple identities 

Pretty good privacy(PGP)

Trust on the Darknet

Resumes on the Darknet   

Best practices for Password Managers 

Storing password's in "The Slip", secure convenience security  

How to ship mail securely

Interacting with the united states judicial system 

Franks hearing

Becoming a paralegal in Prison

Writing a 200-page passion of release motion

Building trust in Online Communities









Links:

Doingfedtime Youtube channel: https://www.youtube.com/@DoingFedTime

Bitcoin talk pizza thread: https://bitcointalk.org/index.php?topic=137.0 

https://en.wikipedia.org/wiki/Vermont

https://en.wikipedia.org/wiki/BackTrack 

Sam's defcon talk: https://www.youtube.com/watch?v=NGiUhjuB22Y

https://www.16personalities.com/

https://en.wikipedia.org/wiki/Pretty_Good_Privacy  

https://en.wikipedia.org/wiki/Silk_Road_(marketplace)   

https://www.shouselaw.com/ca/blog/warrant/what-does-it-mean-to-traverse-a-warrant-what-is-a-franks-motion/

https://forum.defcon.org/node/241998

https://www.darknetstats.com/seasoned-dark-web-vendor-2happytimes2-sentenced-to-5-years-in-prison/

Our Hacker of the episode is "Vickie lii"! Vickie tells us about Bug Bounties, her new book and information security. 

Tune in now!



In this episode we cover:

Background, getting into security

Getting into Bug Bounty 

First Bug bounty 

Hackerone, Bug crowd

Reporting Security Bugs

Coordinating bug bounties  

Life as a bug bounty hunter

Interaction with engineers

Bug bounty bootcamp Book

Security as a hobby

Writing Books

How to hack web applications  

Vickie's favourite types of Vulnerabilities   

Template injection

IDOR

Writers block

Nostarch  

Book Publishing  

Bug bounty tools

Python and Bash   

Make bug bounties more enjoyable 

Portswinger Lab

Finding low hanging fruits  

legal harbor 

Caring about security researchers  





Links:

https://twitter.com/vickieli7   

https://en.wikipedia.org/wiki/Bug_bounty_program

https://vickieli.dev/  

https://portswigger.net/web-security/all-labs   

https://portswigger.net/research/server-side-template-injection

https://www.geeksforgeeks.org/insecure-direct-object-reference-idor-vulnerability/   

https://nostarch.com/bug-bounty-bootcamp



Grab a copy of Vickie's book:

https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3

In this episode of Hacker Talk:

One of the most powerful newer static analysis tool is CodeQL.  

By converting your code base into a Codeql database, you can now write  

queries in a read-only way, in order to find security vulnerabilities   

and problems in you Code-base.



We wanted to know more about this declarative language called "CodeQL".

Straight from Github's Security Lab, we are joined by Alvaro Munoz!  

Alvaro, is a Security Researcher, Leads a team of researchers that leverage Codeql to find and model vulnerabilities at Github, with a background in research related to finding remote code execution bugs through deserialization.  



Tune in as we get to hear the ins and out of CodeQL, how to get started, when Codeql was used to find a vulnerability in a public Covid-19 system, how to find vulnerabilities with Codeql and a lot more!







Topics covered:

Learning to thing outsite the box by playing Capture the flag

CodeQL declarative languages 

Static code analysis

Getting a broad view of the source code

Writing queries with CodeQL to find vulnerabilities   

Modeling vulnerabilities with CodeQL

The learning curve of CodeQL

Quering github repositories for vulnerabilities



Write codeql for a large amount of repositories with lgtm(use it goes before it goes EOL)

Linters vs codeql

CodeQL integrated with continuous integration pipelines

Get started with Codeql

Submit your codeql queries to Github Security Lab's Bug bounty

Best practices for writing queries    

Thinking of the code as a database with codeql

Finding vulnerabilities in Covid-19 systems

Best pratices for CodeQL 

Reduce false possitives 

CodeQL with nvim(neovim)    

Improving vim by creating a more interactive development enviroment alternative, "neovim".

LSP integration with neovim.  

CodeQL with Emacs

Remote code execution bugs found with CodeQL.  

Bugs found in Radar Covid App

Patterns leading to remote code execution   

Auditing javascript frameworks

CodeQL vs other static analysis tools

Capture the flag codeql challanges

The future of CodeQL





External links:

https://lgtm.com/  

https://github.com/pwntester  

https://neovim.io/

https://en.wikipedia.org/wiki/Language_Server_Protocol    

https://en.wikipedia.org/wiki/Semgrep



Covid 19 tracing app

- https://securitylab.github.com/research/securing-the-fight-against-covid19-through-oss/

- https://threatpost.com/german-covid-19-contact-tracing-vulnerability-rce/161419/



Github Security Lab web site: https://securitylab.github.com/



Join Github Security Lab Slack Channel: 

https://join.slack.com/t/ghsecuritylab/shared_invite/zt-120w4vby8-_O9u9k2hPfgbju1tddBPcg



https://twitter.com/pwntester

Bounty program: https://securitylab.github.com/bounties/

https://codeql.github.com/

https://codeql.github.com/docs/codeql-overview/  

http://www.pwntester.com/

https://en.wikipedia.org/wiki/Abstract_syntax_tree  

https://en.wikipedia.org/wiki/Control_flow_analysis

https://github.com/github/codeql-learninglab-actions

https://github.com/anticomputer/emacs-codeql/   



Special thanks too:

We want to give a huge thanks to Github's Security Lab Team for making this episode a reality!

In this episode of Hacker Talk, we are joined by the Hacker and SecBSD contributor: The BSDBandit!

Tune is as we deep into secbsd, the penetration distribution for the BSD community.



In this episode we cover:

Video games

Kali linux meets bsd

Started to hack in college

mandraka linux

FreeBSD 4.8 and beyond   

BSD vs Linux   

Reading the RFC's

IRIX

Learn from developer mailing lists  

OpenBSD's mailing 

The start of SECBSD - BSD based Penetration testing distribution        

SecBSD, release cyckle

Documentation in the BSD world  

NetBSD on toasters and sega dreamcast   

Comparing the BSD's   

Porting ruby Beef to BSD   

Web applications as houses   

Webb application api's   

Security    

Penetration testing  

Management vs Security Researchers and developers     

The adventures of Hacking and learning  

The state of Hacking  

Tinkering with FreeBSD    

ManPages

Unix Powertools book  

Vi Editor  

Having fun with Technology  

People code computers   

Time allocation and having a good schedule    

Rust programming   

Visual code studio   

Pentesting with Rust   

Mental health  

Taking brakes, allocating  

discord and Internet Relay Chat     

Libera.chat irc  

Irssi irc client    

Phreakers going into VoIP

OpenBTS   

IceCast

Future of IT-Security   

Moving everything to the browser   





Challenge of the episode: 

The BSDBandit challenges you to read one man page per day for one year      



Links:    

https://en.wikipedia.org/wiki/Mandriva_Linux    

https://www.freebsd.org/releases/4.8R/announce/    

https://secbsd.org   

https://twitter.com/SecBSD   

https://rfcs.io/http     

https://www.rfc-editor.org/rfc/     

https://en.wikipedia.org/wiki/IRIX     

https://en.wikipedia.org/wiki/Sub7     

https://marc.info/?l=openbsd-misc&r=1    

https://www.openbsd.org/faq/ports/guide.html    

https://twitter.com/CryptoBanshee_   

https://beefproject.com/   

https://www.oreilly.com/library/view/unix-power-tools/0596003307/    

https://www.amazon.com/UNIX-PowerTools-Jerry-Peek/dp/1565922603   

https://en.wikipedia.org/wiki/Vim_(text_editor)   

https://en.wikipedia.org/wiki/Vi   

https://twitter.com/bsdbandit    

https://crates.io/   

https://www.rust-lang.org/    

https://github.com/bsdbandit   

https://crates.io/crates/pledge   

https://en.wikipedia.org/wiki/Ghostscript    

https://en.wikipedia.org/wiki/Discord   

https://en.wikipedia.org/wiki/Irssi   

https://en.wikipedia.org/wiki/2600%3A_The_Hacker_Quarterly   

https://libera.chat/   

https://en.wikipedia.org/wiki/OpenBTS   

https://icecast.org/   

Hacker Talk is back! Stronger than ever with a new episode, in this episode we are all about Podman!

Joining us today is Dan Walsh. One of the main people behind Podman! Dan is very knowledgeable in the (oci)container security world. We are super happy to have him on Hacker Talk and hear about Podman.

Topics:
Podman
Podman in action book
Dan's journey into Unix and Linux
Following Paul cormia to redhat, CEO of redhead
Redhat, working on pre-vpn
Working on se-linux
Container technology
Security for openshift
Being integrated with docker
Oci images and runtimes
Fork and exec
Security in containers
Docker daemon
Design behind podman
Better security in podman
Combining podman with kubernetics
Docker Vs systemd

Full integration with systemd
Buildah, docker build with podman
Background story of buildah
Overhead in containers
Get started with migrating infrastructure to podman
Gitlab runners with podman
Podman on non-linux systems
Docker starting to charge for Windows and Mac
Podman desktop gui
Linux security
Sec-comp
Land lock security mitigation in the Linux kernel
SE-linux
Encrypted virtual machines
Intel-sgx with KVM virtual machines
Trusting proprietary CPU encrypted environments
Encrypted workloads
Security at the hardware level




Links
https://www.manning.com/books/podman-in-action
Se-linux
Podman
Docker
https://www.youtube.com/watch?v=MmUwrP791sI

Replacing docker with Podman
Buildah
Docker starts to charge for usage

Read Dan's book:
https://www.manning.com/books/podman-in-action



Find more episodes of Hacker Talk at:
https://anchor.fm/hacker-talk



Subscribe to Hacker Talk's RSS feed:

https://anchor.fm/s/7984c230/podcast/rss