Search results for King Edward
Ransomware Kingpins LockBit Disrupted
In a landmark operation, the notorious LockBit ransomware gang, which has dominated the cybercrime landscape for over three years, faced a significant disruption. This breakthrough was achieved through a collaborative effort between the National Crime Agency (NCA) and the FBI. But what led to this pivotal moment, and what implications does it hold for the future of LockBit and ransomware operations globally? Dive into the details with Ryan Chapman, a leading SANS Institute course author, instructor, and an expert on ransomware, along with other guests, as they dissect the recent events and forecast the ramifications for cybersecurity. #ransomware #LockBit #cybersecurity
CTF- Beginner Guide
This article will show you the roadmap to start playing CTFs. Prerequisites: Basic Knowledge of Linux commands, Networking, VAPT , Cryptography.What is CTF?In cyber security, capture the flag (CTF) is a popular competition and training exercise that attempts to thoroughly evaluate participants' skills and knowledge in various subdomains. The goal of each CTF challenge is to find a hidden file or piece of information (the “flag”) somewhere in the target environment. The goal is to solve these challenges and capture as many flags as possible within a given time frame.CTF challenges cover a wide range of topics within cybersecurity, including:Web Security: Challenges related to web applications, web servers, and their vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).Reverse Engineering: Participants are tasked with analyzing and understanding the functionality of binary executables or firmware to find hidden flags.Binary Exploitation: Involves finding and exploiting vulnerabilities in compiled programs, often dealing with concepts like buffer overflows and stack smashing.Forensics: Challenges related to digital forensics, where participants analyze files, network traffic, or system logs to uncover hidden information.Cryptography: Participants may encounter challenges involving encryption and decryption, deciphering encoded messages, or breaking cryptographic algorithms.Network Security: Challenges that require participants to analyze and manipulate network traffic, find vulnerabilities in network configurations, or exploit weaknesses in network protocols.Steganography: Tasks involving the discovery of hidden information within files, images, or other media.Common types of CTFs:Jeopardy-style CTFs: In this format, challenges are categorized based on different aspects of cybersecurity, such as cryptography, reverse engineering, web exploitation, and more. Participants choose challenges from different categories and attempt to solve them to earn points.Attack-Defense CTFs: In this format, teams are provided with identical systems or networks that they need to defend while simultaneously attacking the systems of other participants. Teams earn points for successfully defending their infrastructure and exploiting vulnerabilities in other teams' setups.King of the Hill (KotH): In a King of the Hill CTF, participants compete to maintain control over a designated system or resource. The longer a team maintains control, the more points they accumulate. Other teams attempt to take over and defend the hill, leading to a dynamic and competitive environment.Starting PointBelow mentioned platform are enough to start CTF and they all contains beginner level challenges .OverTheWire: Learn and Practice linux commands here. Rest information can be found on site.TryHackMe: Search for CTF here. Start from the easy -> medium -> hard level. If got stuck in any particular challenge, try looking for walkthrough's, it can be on Google or YouTube and find what you missed and learn from that.Hacker101: It has web type CTF challenges, try solving that.Root-me: It is wholesum ,it contains all the types challenges asked in CTFs, each challenge contain point according to the difficulty level. After solving a challenge respective point is awarded. It also has a ‘CTF all the day' option , check that also.PicoCTF: It also covers most of the categories of the CTF challenges. Its solution can also be found YouTube in case you stuck. It's good place to start.It is not necessary to solve all the challenges on every platform than go to next step e.g Live CTFs . Solve the challenges on above platforms untill you feel little confident to participate in live CTFs.Live CTFsIt refers to the CTF that happen in realtime. They also contains the reward for the rank holders. Information about the live CTFs can be obtained from the below mentioned platforms:CTFtime: One-stop portal for upcoming CTF events, team info, and much more.HackTheBox: It also hosts ctf events time to time, one can check for that also.Dreamhack: Use google translate browser extension , if you find different language type in the site. It has live CTFs, writeups, saved challenges for practice.ADworld: Use google translate browser extension , if you find different language type in the site.Levelling UpFollow the steps mentioned below to level up your CTF skills:Programming/ Scripting: Familiarity with scripting languages, such as Python, can help us solve problems and automate tasks. For example solving Cryptography challenges, knowledge of programming language like Python is required that helps in automating tasks like bruteforcing, cracking etc. To most important languages Python and bash.Tools: Tools like BurpSuite, Wireshark, nmap, hashcat, john, exiftool, steghide and others can be of immense help solving certain challenges. Keep yourself updated with theses kind of tools, use google for tool searching. Check this for tools.Blogs/YouTube: Follow YouTubers like JohnHammond, ippsec etc. to know about know cool tips and tricks. Read CTF writeups like from CTF_Time etc. it helps in learning new tools and techniques. You can also search for writeups here.Continuous Learning: Last but not least, the world of cybersecurity is in perpetual motion. To keep up, continuous learning is essential. Engaging with like-minded individuals or joining Discord communities focused on regular CTF challenges can help in staying motivated and updated.Note: If you want to improve fast, always review the writeups after a CTF competition closes. Understanding what you missed is key to recognizing patterns and tackling similar challenges in the future.Important Points to RememberWhile participating in Live CTFs don't forget to solve the challenges mentioned in starting point.Always read the writeups after CTF is over.Try to keep yourself updated with OWASP top 10, CVE's etc.Other Useful CTF Resourceshttps://zaratec.io/ctf-practice/https://github.com/apsdehal/awesome-ctfCTF- Beginner Guide was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
Who is Alleged Medibank Hacker Aleksandr Ermakov?
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the Medibank data while working with one of Russia's most destructive ransomware groups, but little more is shared about the accused. Here's a closer look at the activities of Mr. Ermakov's alleged hacker handles.
UK says AI will empower ransomware over the next two years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...]
UK says AI will empower ransomware over the next two...
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial...
Cybersecurity As Relatable As Possible — ARAP Series #1 The Shield: Understanding the CIA Triad as…
Cybersecurity As Relatable As Possible — ARAP Series (#1) The Shield: Understanding the CIA Triad as Your Digital Fortressimage from: https://www.nist.govIn a world full of technical mumbo jumbo, not everyone speaks the language of computers. Whether it's a regular Joe on the street, an engineer specialized in oil rigs but clueless about tech, or even a 6-year-old enjoying some snacks, tech talk often sounds like gibberish to them.Imagine asking the bricklayer about encryption — he will be likely met with a puzzled expression. Or explaining data breaches to an engineer fixated on drill components (even though he's a technical professional in his field). As for the kid, well, biscuits are far more appealing than digital security lessons.Because the goal of cybersecurity is awareness for safety and making everyone understand why they need to stay on guard every time. We need to find a common ground for simplifying things.image from: https://www.istockphoto.comThat's where analogies swoop in as superheroes. They're the language that bridge the gap between the tech universe and our everyday world.Analogies are the secret sauce to deciphering complex stuff like cybersecurity by linking it to relatable experiences or fictions.Welcome to the ARAP series — an adventure into demystifying cybersecurity through analogies, aiming to enlighten newcomers and entertain the enthusiasts.ARAP series; well, I don't know how that sounds to a native but… you get the point, we are just trying to make things fun here.Our journey today starts with the CIA Triad — a fundamental concept in cybersecurity. For enthusiasts, you definitely know what that means.And for the layman, I promise it has nothing to do with undercover agents.Let's use castle's defense: walls, gates, and guards to break down concepts.Confidentiality — Safeguarding SecretsImage from: https://www.cardiffcastle.com/rooms/libraryIn a majestic castle, housing a Royal Library. This library has sections accessible to everyone, but behind a secret bookshelf lies a chamber holding the kingdom's classified secrets — trade agreements, confidential treaties, and more. Only the trusted few have access.That's confidentiality ! The cloak of secrecy around sensitive data. Encryption and access controls act as vigilant guards, allowing entry only to those with the right keys.Beyond the castle walls, let's relate this to everyday life. Think of your personal files — bank statements, private messages, or medical records — shielded by passwords and encryption. Just like the secret chamber in the castle, confidentiality ensures that only authorized users can access this sensitive information, safeguarding it from prying eyes.Now, you get. The whole catch about confidentiality is this:I SEND YOU A MESSAGE, AND NO ONE ELSE KNOWS WHAT THAT MESSAGE IS.Integrity — Unaltered TrustworthinessNow, picture a castle messenger, Bronne, entrusted with delivering a sealed message from the king to an ally.waxed ! image from: https://www.pinterest.comTampering with the seal would mean altering the message — a breach of integrity.Similarly, in the digital realm, integrity ensures data remains unadulterated. It's the safeguard against tampering, using checksums and hashing to act as digital seals, detecting any unauthorized changes.Let's bring this closer to home. Consider sending an important email. Integrity ensures that the recipient receives the exact content you sent, free from alterations during transmission. It's like a digital fingerprint ensuring the message's authenticity, just as the royal seal on Bronne's letter guarantees its integrity.If we want to wrap up the idea of integrity. It will come like this:I SEND YOU A MESSAGE, AND YOU RECEIVE EXACTLY WHAT I SEND YOU (WITHOUT ANY MODIFICATION).Availability — Bridging Time and Demandimage from: istockNow, picture the castle's drawbridge — a crucial link between the fortress and the world outside. That's it ! The drawbridge for availability.Similarly, in cybersecurity, availability ensures digital services and data remain accessible to authorized users, even during chaos or potential cyberattacks. Just as the drawbridge adapts to threats, digital mechanisms like load balancers and redundant servers ensure continued access.In our digital world, think of online services — banking, shopping, or streaming — reliably accessible round the clock. Availability ensures these services remain uninterrupted, akin to the castle gates remaining open for loyal subjects despite external challenges.So, the information is available to authorized users when needed. Which means:I SEND YOU A MESSAGE, AND YOU ARE ABLE TO REICIEVE ITThe EssenceTo safeguard these vital elements, it's important to heed a few key practices for preventing data breaches, loss, or any roadblocks in accessing your information.You've probably heard it a hundred times, but it's worth repeating: opt for 2-Factor Authentication whenever possible. It's like an extra lock on your digital door, ensuring your confidentiality stays intact.Maintain the integrity of your data by being cautious with system settings that might expose technologies like checksums and digital signatures. These are the digital safeguards ensuring your data stays unaltered and trustworthy.And when it comes to availability, here's the golden rule: back up, back up, and back up again! Think of it as your safety net against data unavailability. It's a great place to start securing your digital assets.To sum up, the CIA Triad serves as the cornerstone of cybersecurity — Confidentiality, Integrity, and Availability. These principles are the yardstick for gauging any system's security.They empower individuals and organizations, making cybersecurity less of a puzzle and more relatable. Think of them as the secrets in the castle, royal seal, and the accessible drawbridge.Armed with this knowledge, you're equipped to build your digital fortress. Just like a ruler fortifies their castle, you too can defend your digital dominion, leveraging the wisdom of the CIA Triad.Cybersecurity As Relatable As Possible — ARAP Series #1 The Shield: Understanding the CIA Triad as… was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
Credentials are Still King: Leaked Credentials, Data...
Learn how threat actors utilize credentials to break into privileged IT infrastructure...
SysWings - Cloud & Managed services
Founded in 2017 to support startups in their IT strategy, in France and abroad, SysWings has extended its activities to the cloud and managed services. The team is made up of heterogeneous profiles, mixing employees and consultants, scaled according to your projects.
SysWings - Cloud & Managed services
Founded in 2017 to support startups in their IT strategy, in France and abroad,...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, the threat actor used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files. The post New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs appeared first on Microsoft Security Blog.
New TTPs observed in Mint Sandstorm campaign targeting...
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm...
Source: Microsoft Security Blog
The Ultimate Guide / CheatSheet to Flipper Zero
Table of ContentsSection 0: Introduction0.1 What Is the Flipper Zero?0.2 Unique Features of Flipper ZeroSection 1: Unveiling Flipper Zero1.1 Description of the device controls1.2 Initial Setup and first use.Section 2: Basic Functionality and Maintenance2.1 Exploring Basic FunctionsSection 3: Hands-on with Flipper Zero3.1 Step-by-step guides for Common Use Cases seen in the wild.3.1.1 Capturing and replaying Sub-GHz signals such as signals from Garage Door Remotes3.1.2 Use the Flipper Zero as a BadUSB — Emulate a keyboard3.1.3 RFID Fuzzing with Flipper Zero3.1.4 Exploiting Insecure NFC Cards used with Access Controls with Flipper Zero3.1.5 Turn on/off or interact with Screens or HVAC Systems to Create distractions or meet you objectives during a Red Team Engagement3.1.6 Read, Write and Emulate DS199A, Cyfral, and Metakom protocols for iButtons. These keys are used for access control, temperature measurements, humidity measurements, storing cryptographic keys, etc.3.2 Video Links with Common Flipper Zero AttacksSection 4: Extending Functionality4.1 Customizing the Firmware of Flipper Zero4.2 External Plugins and ResourcesSection 5: Resources5.1 References and Additional Resources5.2 Additional Hardware for Flipper ZeroSection 0: Introduction0.1 What Is the Flipper Zero?Flipper Zero is a small, handheld device that combines the features of various hardware tools into one pocket-sized gadget. It's built primarily for interacting with digital and radio protocols, physical access systems, and various wireless devices. With its open-source nature and community-driven development, Flipper Zero stands out as a tool that evolves continuously, adapting to the latest trends and needs in the cybersecurity landscape. Flipper Zero is primarily designed for penetration testers, security researchers, and IT professionals, but its intuitive design makes it accessible even for hobbyists and tech enthusiasts.0.2 Unique Features of Flipper ZeroMulti-Protocol Support: Flipper Zero's most striking feature is its ability to handle a wide array of protocols such as RFID, NFC, Infrared, Bluetooth, and more. This makes it a Swiss Army knife for wireless communication and hacking.User-Friendly Interface and Gamified UX: Despite its advanced capabilities, Flipper Zero boasts an intuitive user interface with a simple navigation button and a small OLED screen, making it approachable for users of all skill levels.Built-In Radio Modules: The device is equipped with a variety of radio modules that allow it to interact with different wireless systems, making it perfect for real-world applications in penetration testing and red teaming.Customization and Modding: Being open-source, Flipper Zero can be customized extensively. Users can write their own scripts, develop plugins, or even modify additional compatible hardware to suit specific needs.Portability and Durability: Designed to fit in your pocket, Flipper Zero is the epitome of portability. Its robust build quality ensures that it can withstand the rigors of fieldwork.Community-Driven Development: The Flipper Zero community plays a vital role in its evolution, contributing to its firmware, developing new features, and providing comprehensive support to users.Battery Life: With its long-lasting battery, Flipper Zero is designed for extended use, making it a reliable tool for on-the-go operations.Legal Compliance and Ethical Use: The creators of Flipper Zero emphasize its use within the bounds of law and ethics, making it a tool for learning and responsible security testing.Section 1: Unveiling Flipper Zero1.1 Description of the device controlshttps://docs.flipper.net/basics/controlInput ControlsYou can control your Flipper Zero using a directional pad consisting of four buttons (UP, DOWN, LEFT, and RIGHT), the OK button located in the center of the pad, and the BACK button positioned beside the pad.Main MenuThe Main Menu provides access to various features, settings, and apps. To access the Main Menu, press the OK button while on the Desktop.Access apps in the Main MenuDesktopThe Desktop is your digital pet's home. It's the place to see what your dolphin pet is doing and how it's feeling. You can view different indicators at the top of the desktop, including battery level, charging status, Bluetooth connectivity, microSD card status, and others.Your digital pet lives on the DesktopLock MenuIn the Lock Menu, you can lock your Flipper Zero with and without a PIN code, activate Dummy Mode, and mute the device. To enter the Lock Menu, press UP while on the Desktop.View all options by pressing the UP buttonDummy modeIn this mode, Flipper Zero disables most of its functions. You can customize the controls by assigning quick-access apps of your choice to the LEFT, RIGHT, DOWN, and OK buttons.In Dummy mode, your Flipper Zero turns into a gaming deviceArchiveThe Archive app lets you quickly access and manage saved tags, keys, remotes, payloads, and other apps.Easily access your tags, keys, and remotes from the DesktopFavorite AppsThe Favorite App feature allows you to set up to 4 apps for quick access directly from the Desktop. After that, you will not need to look for them in the Main Menu whenever you want to run them.Access your favorite apps by pressing the LEFT and RIGHT buttons while on the Desktop1.2 Initial Setup and first use.Initial SetupFlipper Zero does not come with a microSD card and it also cannot operate without one. So, you'll need to purchase one seperately.Note: Use a high-quality microSD card.It is important to use high-quality, branded microSD cards such as SanDisk, Kingston, Samsung, or others to ensure the proper performance of your Flipper Zero. Using low-quality microSD cards may not only result in poor performance but can also brick or even damage your device.Initial Firmware UpdateBefore getting to know more your device more in-depth and discover your exact needs so you can may choose a custom firmware later, you may need to proceed with a stock firmware update before starting to play with the tool.For a quick start I would recommend connecting Flipper Zero with your mobile device via Bluetooth and Update it via the Flipper Mobile Apphttps://docs.flipper.net/mobile-appYou can update your Flipper Zero via the Flipper Mobile AppWhat to do if your Flipper Zero FreezesIf your Flipper Zero freezes and fails to respond to button presses, reboot the device by pressing and holding the LEFT and BACK buttons for 5 seconds.Section 2: Basic Functionality and Maintenance2.1 Exploring Basic FunctionsSub-GHzhttps://docs.flipper.net/sub-ghzSub-GHzThe built-in module of Flipper Zero allows it to transmit and receive radio frequencies between 300 and 928 MHz. This capability enables it to read, store, and replicate remote controls. Such functionality is crucial for interacting with various devices like gates, barriers, radio-controlled locks, remote switches, wireless doorbells, and smart lighting systems. By using Flipper Zero, you can assess the robustness of your security systems, gaining insights into potential vulnerabilities.Sub-GHz hardwareFlipper Zero has a built-in sub-1 GHz module based on a CC1101 transceiver and a radio antenna (the maximum range is 50 meters). Both the CC1101 chip and the antenna are designed to operate at frequencies in the 300–348 MHz, 387–464 MHz, and 779–928 MHz bands.125 kHz RFIDhttps://docs.flipper.net/rfidFlipper Zero is equipped with support for low-frequency (LF) radio frequency identification (RFID) technology, commonly utilized in systems for access control, animal identification, and supply chain management. LF RFID technology, which is generally found in items like plastic cards, key fobs, tags, wristbands, and animal microchips, typically offers lower security levels compared to NFC cards. The device includes a LF RFID module, enabling it to perform functions such as reading, storing, emulating, and writing to LF RFID cards.Flipper Zero has a built-in RFID support with a low-frequency antenna located at the back of Flipper Zero. The STM32WB55 microcontroller unit is used for the 125 kHz RFID functionality.125 kHz RFID hardwareThe low-frequency 125 kHz antenna is placed on the Dual Band RFID antenna next to the high-frequency 13.56 MHz antenna.Dual Band RFID antennaNFChttps://docs.flipper.net/nfcFlipper Zero is equipped with Near Field Communication (NFC) technology, widely used in various applications such as smart cards for public transportation, access control cards or tags, and digital business cards. These cards often involve intricate protocols and provide features like encryption, authentication, and comprehensive two-way data exchange. The device incorporates a built-in NFC module operating at 13.56 MHz, which allows it to read, store, and replicate NFC cards.Flipper Zero has a built-in NFC module based on a ST25R3916 NFC chip and a 13.56 MHz high-frequency antenna. The chip is used for high-frequency protocols and is responsible for reading and emulation of cards.Infraredhttps://docs.flipper.net/infraredFlipper Zero is capable of interfacing with devices that communicate via infrared (IR) light, such as televisions, air conditioners, and multimedia systems. Thanks to its integrated infrared module, the device can capture and store signals from infrared remotes, enabling it to function as a universal remote to control various devices.Flipper Zero has a built-in Infrared module consisting of an IR light transparent plastic window, three transmitting infrared LEDs, and a TSOP-75338TR infrared receiver.GPIO & moduleshttps://docs.flipper.net/gpio-and-modulesFlipper Zero serves as a versatile tool for hardware exploration, firmware flashing, debugging, and fuzzing. It can be linked to other hardware through its integrated GPIO pins, allowing you to manage hardware using its buttons, execute your custom code, and display debug messages on its screen. Additionally, Flipper Zero can function as a converter for USB to UART/SPI/I2C interfaces.Flipper Zero has 18 pins on the top side, consisting of power supply pins and I/O pins. Power supply pins can be used to power your external modules. Input/output (I/O) pins are +3.3 V tolerant for input and output. For more information, see 3.3 V and 5 V tolerance.I/O pins connect external modules to the I/O pins of the STM32WB55 microcontroller through 51 Ohm resistors. All pins are electrostatic discharge (ESD) protected. For information on the basic functionality of Flipper Zero pins, see the picture below.Flipper Zero's pinsNote: If your Flipper Zero is in a silicone case, insert the module all the way in, so there is no gap in the middle between the silicone case and the module.Make sure there is no gap in the middleiButtonhttps://docs.flipper.net/ibuttonFlipper Zero is compatible with the 1-Wire communication protocol, often used in compact electronic keys, commonly referred to as iButton keys. These keys have a range of applications, including access control, temperature and humidity measurements, and storage of cryptographic keys.Equipped with an integrated iButton module, Flipper Zero is adept at reading, writing, and emulating iButton access control keys. This module is versatile, supporting key protocols such as Dallas, Cyfral, and Metakom.Note: Not all iButton devices can be detected by Flipper ZeroVarious iButton devices may have the same form factor, however, only access control keys can be detected by Flipper Zero.Flipper Zero has a built-in iButton module consisting of an iButton pad and three spring-loaded pogo pins that are located on the iButton PCB.iButton module's pinsTwo pins are assigned to data transfer and have output to the GPIO pin 17. The remaining middle pin is ground.iButton data pins have output to the GPIO pin 17The flat part of the pad allows connecting an iButton key (Slave) with Flipper Zero (Master). The left data pin and the middle ground pin are used for reading and writing iButton keys.Pins used for reading and writingThe protruding part of the pad allows connecting Flipper Zero (Slave) with an iButton reader (Master). The right data pin and the middle ground pin are used for emulation of iButton keys.Pins used for emulationBad USBhttps://docs.flipper.net/bad-usbFlipper Zero has the capability to function as a BadUSB device, which computers identify as a Human Interface Device (HID), similar to a keyboard. As a BadUSB, it can modify system settings, open backdoors, extract data, initiate reverse shells, or perform any task achievable through physical access. This is executed through a series of commands written in Rubber Ducky Scripting Language, commonly known as DuckyScript. These specific commands are referred to as a payload.Flipper Zero scripting languageBefore using your Flipper Zero as a BadUSB device, you need to write a payload in the .txt format in any common ASCII text editor using the scripting language. Flipper Zero can execute extended Rubber Ducky script syntax. The syntax is compatible with the classic Rubber Ducky Scripting Language 1.0 but provides additional commands and features, such as the ALT+Numpad input method, SysRq command, and more.Both n and rn line endings are supported. Empty lines are allowed, as well as spaces or tabs for line indentation. The Bad USB application can execute only scripts in the .txt format. No compilation is required.Uploading new payloads to your Flipper ZeroOnce the payload is created, you can upload it to your Flipper Zero via qFlipper or Flipper Mobile App to the SD Card/badusb/ folder. The new payloads will be available in the Bad USB application.Note: When uploading, files with the same names will be overwritten without warning.U2F (Universal 2nd Factor)https://docs.flipper.net/u2fFlipper Zero can act as a USB universal 2nd-factor (U2F) authentication token or security key that can be used as the second authentication factor when signing in to web accounts. A security key is a small device that helps computers verify that it is you when signing in to an account. The use of this feature increases the security of your accounts.Signing in with your Flipper ZeroNote: Do not delete, edit, or move U2F files to another Flipper ZeroEach Flipper Zero has a unique cryptographic key that generates unique encrypted U2F files. If you reinsert your microSD card with U2F files into another Flipper Zero, you'll not be able to sign in to your web accounts with the new device.If you delete U2F files, edit U2F files, or insert a new microSD card into your Flipper Zero, the device will generate a new set of U2F files. In this case, you'll be required to re-register Flipper Zero as a security key in all of your web accounts.If you delete the u2f/assets folder or the u2f folder entirely, your Flipper Zero will not be able to use the U2F application, as the assets folder contains the cryptographic certificate that is used for registration and authentication. You can restore this folder by updating your Flipper Zero's firmware.Appshttps://docs.flipper.net/appsThe Apps catalog is a collection of tools and games created by the Flipper Zero community. This diverse range of apps enhances the functionality of Flipper Zero, making the user experience with the device even more gamified and enjoyable.Access to the Apps catalog is available through the Flipper Mobile App and Flipper Lab, which are compatible with Google Chrome, Microsoft Edge, and other Chromium-based browsers that support the Web Serial API.Section 3: Hands-on with Flipper Zero3.1 Step-by-step guides for Common Use Cases seen in the wild.3.1.1 Capturing and replaying Sub-GHz signals such as signals from Garage Door RemotesReference: Derek Jamison's YouTube Channel — https://www.youtube.com/@MrDerekJamisonIMPORTANT DISCLAIMER:- These guides are for EDUCATIONAL PURPOSES ONLY.- Never bypass an access control or unlock anything you do not own or have not given permission from the owner to access or unlock.- Never try to fuzz or replay signals to devices that are in use or that you rely on.- Please don't try this guide on car keyfobs that you rely on because you risk desynchronizing your key, or damaging the receiver and ending up paying a lot of money to restore it.Simple Remotes (No Rolling Codes)Use the Sub-Ghz module.Go to “Frequency Analyzer” option to determine the exact frequency the remote is working (example: 433.88 MHz). Push the button of the remote and the frequency will be displayed in the Flipper Zero screen.Go to “Read Raw” option and push the LEFT button to edit the configuration.Set the frequency to 433.92 Mhz. Note: this is the closest option to the “433.88MHz” result we got from the “Frequency Analyzer”, don't expect to find an exact match from the frequency analyzer.Set the “RSSI Threshold” to -75.0Press BACK go to the Read Raw screenPress REC and then press the button from your remote.Press Stop.Press RIGHT button to Save the recording and give it a name.Navigate to “Saved” Signals. Choose the one you named in the previous step.Go near to the your Garage Door and press SEND button.Enjoy!More complex Remotes (Use of Rolling Codes)Take the remote somewhere out of range so it can't communicate with the receiver (garage door). Our goal is to press the button on the remote and capture the signals without the signals actually making their way to the receiver.Repeat steps 1–11 from above.Remember that each captured signal will only work once with the receiver on your Garage Door.Why should you care about this type of attack?There are many products selling online currently that are susceptible to replay attacks and don't even offer basic protection mechanisms such as rolling codes. Being able to assess your own hardware before actually using it as a home appliance can dramatically improve you home security posture.3.1.2 Use the Flipper Zero as a BadUSB — Emulate a keyboardRecommended resources for this type of attack:Flipper Zero Xtreme Firmware — https://github.com/Flipper-XFW/Xtreme-Firmwarehttps://github.com/Zarcolio/flipperzerohttps://www.youtube.com/watch?v=G9wTr5EOxpUhttps://github.com/FalsePhilosopher/badusbhttps://www.reddit.com/r/FlipperZeroDev/comments/zxcy84/badusb_payloads/https://github.com/aleff-github/my-flipper-shits/3.1.3 RFID Fuzzing with Flipper ZeroReference: https://www.youtube.com/watch?v=EcWTFZovNTEInstall the RFID phaser app from the app store onto your Flipper Zero device.Familiarize yourself with the Flipper Zero's functionality and interface.Choose from four popular low-frequency protocols available in the app. These should match or be relevant to the system you are testing.Understand the protocols: EM4100, HID, Indala, and T55xx.Configure two critical values in the app. Time Delay (TD): The idle time between UID submissions. Emulation Time (EMT): The transmission time of one UID. For the example in the video, set TD to 0.4 and EMT to 0.5.Select the mode of operation within the app. Options include: Default values (using the app's dictionary), BF Customer ID (iterates over selected byte), Load file (from Flipper format key file), Load custom IDs (from SD card).Use Default Values and fuzzing list.Observe the system's response to the fuzzing. Look for any irregularities or unexpected behaviors.Identify if the system enters a ‘weird state' allowing unauthorized access.Experiment with different cards (right and wrong) to test the system's reaction.Finish the batch of tests and check if the system's state has changed.Confirm if a wrong card is now accepted as a right card, indicating a successful fuzz.Understanding Limitations and Ethical UseRecognize the limitations of RFID fuzzing, including time consumption, potential for not finding all vulnerabilities, expertise needed, false positives, hardware/software limitations, and the necessity of physical proximity.3.1.4 Exploiting Insecure NFC Cards used with Access Controls with Flipper ZeroReference: https://www.youtube.com/watch?v=hZMU4kPJ_zQGear:Gather different types of NFC cards/tags: an official UniFi Access NFC card, a UV key, and a cheap NTAG 215 tag.Process:On your Flipper Zero, navigate to the NFC function and select ‘Read'.Test reading the official UniFi Access card. Note that it reads as an unknown ISO tag, displaying the UID.Try to emulate the UID of the official UniFi card and the UV key using Flipper Zero.Observe that the system does not respond to these emulations, indicating a level of security.Read the NTAG 215 tag using Flipper Zero, which identifies it correctly.Use Flipper Zero to emulate the NTAG 215 tag.Test this emulation with the UniFi Access system and observe that it grants access.3.1.5 Turn on/off or interact with Screens or HVAC Systems to Create distractions or meet you objectives during a Red Team EngagementObjective:The primary goal in a red team exercise might be to test the physical security measures, response protocols, and the overall resilience of an organization against intrusion or security breaches. By interacting with screens or HVAC systems, a red team can assess how staff respond to unexpected changes or distractions, and how quickly they can identify and rectify such situations.How Flipper Zero Comes into Play:Interacting with Screens:Digital Signage and Monitors: Many modern offices and facilities use digital signage or monitors for information display, alerts, or advertisements. Flipper Zero, with its ability to transmit various signals (like infrared), can be used to change the content being displayed, switch screens on or off, or otherwise manipulate these devices.Creating Distractions: By changing what's displayed on screens or turning them off, the red team can create distractions. This can help in assessing how staff members react to unexpected technical issues or how they follow protocols in such situations.2. Manipulating HVAC Systems:Temperature and Airflow Changes: HVAC systems in a building can often be controlled remotely. With Flipper Zero, you might be able to interact with these systems to change temperature settings or airflow, creating a noticeable environmental change.Testing Responses to Environmental Changes: By altering the HVAC settings, the red team can evaluate how staff respond to discomfort or unexpected changes in the environment. This could be crucial in understanding the preparedness of the facility management team and the effectiveness of their response strategies.Scenario Execution:The red team would use Flipper Zero to identify and interact with the signal systems of screens and HVAC controls.Once access is gained, they would execute predefined actions like turning off screens, displaying alternative content, or adjusting HVAC settings.The team would then observe and record how the staff and security personnel react to these changes. Do they investigate the issue? How long does it take them to respond? Do they follow established protocols?3.1.6 Read, Write and Emulate DS199A, Cyfral, and Metakom protocols for iButtons. These keys are used for access control, temperature measurements, humidity measurements, storing cryptographic keys, etc.Reference: https://www.youtube.com/watch?v=q8CFM4_mgS0Step 1: Reading an iButtonSelect ‘Read' and bring the iButton into contact with the two captors on the back of the Flipper Zero.Ensure one captor touches the side and the other the middle part of the iButton.Step 2: Saving iButton DataAfter reading, press ‘More' for additional options and select ‘Save' to store the iButton data.Name the dump for future reference, emulation, or writing.Step 3: Emulating an iButtonChoose the ‘Emulate' function to make Flipper Zero act as the iButton.Keep the captors in direct contact with the iButton reader during emulation.Verify the emulation accuracy by comparing with the original iButton.Step 4: Writing to an iButtonSelect ‘Write' to copy the data onto a writable iButton.The Flipper Zero will vibrate to indicate successful copying.Verify the copied iButton to ensure accuracy.Step 5: Adding iButton Data ManuallyChoose ‘Add Manually' to input an iButton key directly.Select the appropriate protocol and manually enter the key.Step 6: Managing Saved iButton DataGo to ‘Saved' to access previously stored iButton dumps.For each dump, you have options to emulate, write, edit, delete, or get more information.Editing allows modification of the keys, while information provides details like the protocol used.Basic Flipper Zero iButton Workflow ExamplesExample 1 (Read and Save): Read an iButton, save the dump, name it for later emulation or copying.Example 2 (Emulate iButton): Either read an iButton and emulate it or use a saved dump for emulation.Example 3 (Copy iButton): Open a saved dump, select ‘Write,' and copy the data onto a writable iButton.Advanced iButton Use Case Scenario — Emulate and Bruteforce Dallas iButton DS1990AYT Video link: https://www.youtube.com/watch?v=tt1bnbN87Nw3.2 Video Links with Common Flipper Zero AttacksApple BLE Spam — https://www.youtube.com/watch?v=pD8jze5fCHAiOS 17 Lockup Crash — https://www.youtube.com/watch?v=7FPx5L3xsdUOpen Garage Doors — https://www.linkedin.com/posts/rapper_this-is-how-a-hacker-can-access-your-house-activity-7149523721018376193-6KnJ?utm_source=share&utm_medium=member_desktopHacking Gas Prices — https://www.youtube.com/watch?v=wtHr7x_wT40Controlling Traffic Lights — https://www.youtube.com/watch?v=wtHr7x_wT40Replaying Car Key Fobs Rolling Codes — https://www.youtube.com/watch?v=SVmxhTl49SYFlipper Zero Jamming Signals — https://www.youtube.com/watch?v=aHXx3niWDnYWireless Mouse and keyboard Hijacking Flipper Zero — https://www.youtube.com/watch?v=actbJx7oEZUFlipper Zero Hacking in Public Compilation — https://www.youtube.com/watch?v=u1GDUapHdUwSection 4: Extending Functionality4.1 Customizing the Firmware of Flipper ZeroTwo of the most popular and feature-rich firmware are the following:Xtreme Firmware: This firmware is known for being feature-rich, stable, and customizable. It includes a wide array of apps, an extensive reservoir of features, and offers high stability due to the rewriting of most core parts of the firmware. Additionally, it provides significant customization options, allowing users to change animations, icons, the Flipper's name, level, or mood directly on the device. Key features include asset packs for easy installation and switching between animation and icon sets, expanded Bluetooth functionality, support for many protocols including rolling code devices, a completely redesigned interface, and an advanced level system. Link: https://github.com/Flipper-XFW/Xtreme-Firmware , Installation: https://www.youtube.com/watch?v=Zj_PWkWxUEwUnleashed Firmware: The Flipper Zero Unleashed Firmware is another popular choice, characterized by its extensive list of features and strong community support. Link: https://github.com/DarkFlippers/unleashed-firmware , Installation: https://www.youtube.com/watch?v=THnMSSXC3mo4.2 External Plugins and ResourcesAwesome FlipperZero Collection: A comprehensive collection of resources for the Flipper Zero device, including various scripts, tools, and applications. Link: https://github.com/djsime1/awesome-flipperzeroFlipper Zero WiFi Scanner Module: A module for FlipperZero based on ESP8266/ESP32, designed for scanning WiFi networks. Link: https://github.com/SequoiaSan/FlipperZero-WiFi-Scanner_ModuleFlipperZero-Wifi-ESP8266-Deauther-Module: A module that performs WiFi deauth attacks using ESP8266. Link: https://github.com/SequoiaSan/FlipperZero-Wifi-ESP8266-Deauther-ModuleFlipperZero IR Xbox Controller: This plugin enables Flipper Zero to function as an IR controller for Xbox. Link: https://github.com/gebeto/flipper-xbox-controllerFlipper Zero Barcode Scanner Emulator: Emulates a barcode scanner for testing cash registers, demonstrating the versatility of Flipper Zero in various practical applications. Link: https://github.com/polarikus/flipper-zero_bc_scanner_emulatorCustom Animations and Graphics: There are various plugins and resources available for customizing Flipper Zero with unique animations and graphics. These include Lab401 Animation Video, Kuronons Graphics, Flipper Animation Manager, zip2Animation utility, H4XV's Gif2Anim Converter, and more. Link: https://github.com/Kuronons/FZ_graphicsModules and Cases: There are several 3D printable cases and modules available for Flipper Zero, enhancing its functionality and customization. Examples include the Ultimate Flipper Zero Case, FlipperZero-Hardware 3D-Printable cases, WiFi Scanner Module, and WiFi Deauther Module Flasher.Off-device & Debugging Tools: Various tools and scripts are available for managing Flipper Zero animations, converting file formats, and debugging applications. These include the Official Web Interface, csv2ir script, Marauder for Wifi Dev Board, and Flipper File Toolbox.Section 5: Resources5.1 References and Additional ResourcesFlipper Zero DocumentationOfficial Documentation, https://docs.flipper.net/HackTricks, https://book.hacktricks.xyz/todo/radio-hacking/flipper-zeroFlipper Zero Popular CommunitiesReddit, https://www.reddit.com/r/flipperzero/Discord, https://discord.com/invite/y5E5m8jbgbOfficial Flipper Forum, https://forum.flipper.net/5.2 Additional Hardware for Flipper ZeroExternal CC1101 Antenna for Flipper Zero — Sub-Ghz GPIO Board Attachment — https://www.reddit.com/r/flipperzero/comments/13a31wz/external_cc1101_antenna_for_flipper_zero_subghz/The Ultimate Guide / CheatSheet to Flipper Zero was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested...
A 29-year-old Ukrainian national has been arrested in connection with running a...
Source: The Hacker News
Black Hat Europe 2023 Highlights
Check out all the highlights from Black Hat Europe 2023 at the ExCel London, United Kingdom. December 4-7. Visit our Flickr page for the event photos: https://www.flickr.com/photos/blackhatevents/albums/72177720313208624 Visit the event website: https://www.blackhat.com/eu-23/ #cybersecurity #infosec #blackhat