Forwarded from BlackBox (Security) Archiv
Anonymous hacks 83 websites belonging to Azerbaijani government in support of Armenia
Anonymous Greece hacked 83 Azerbaijani government websites in solidarity with Armenia.
The hacktivist group Anonymous hacked 83 state websites of Azerbaijan government, including 73 sites in just an hour, in support of Armenia. The hacktivists not only hacked the websites, but also downloaded information, the group shared from their official page on Twitter.
👀 👉🏼 https://news.xiaomi-miui.gr/anonymous-greece-attacking-sites-from-azermpaitzan-51055-2/
👀 👉🏼 https://www.nuceciwan54.com/en/2020/10/03/anonymous-hacks-83-websites-belonging-to-azerbaijani-government-in-support-of-armenia/
#anonymous #hacktivist #hacking #greece #azerbaijan #armenia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Anonymous Greece hacked 83 Azerbaijani government websites in solidarity with Armenia.
The hacktivist group Anonymous hacked 83 state websites of Azerbaijan government, including 73 sites in just an hour, in support of Armenia. The hacktivists not only hacked the websites, but also downloaded information, the group shared from their official page on Twitter.
👀 👉🏼 https://news.xiaomi-miui.gr/anonymous-greece-attacking-sites-from-azermpaitzan-51055-2/
👀 👉🏼 https://www.nuceciwan54.com/en/2020/10/03/anonymous-hacks-83-websites-belonging-to-azerbaijani-government-in-support-of-armenia/
#anonymous #hacktivist #hacking #greece #azerbaijan #armenia
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
News by Xiaomi Miui Hellas
Anonymous Greece : Πραγματοποίησαν επίθεση σε 159 κυβερνητικά sites του Αζερμπαϊτζάν!
Επίθεση σε 159 κυβερνητικά sites του Αζερμπαϊτζάν πραγματοποίησαν οι “Anonymous Greece“, εκφράζοντας τη συμπαράστασή τους στην Αρμενία.
Forwarded from BlackBox (Security) Archiv
We Hacked Apple for 3 Months: Here’s What We Found
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.
As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).
👀 👉🏼 https://samcurry.net/hacking-apple/
#apple #hacking #hacked #bugbounty
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.
As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).
👀 👉🏼 https://samcurry.net/hacking-apple/
#apple #hacking #hacked #bugbounty
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
samcurry.net
We Hacked Apple for 3 Months: Here’s What We Found
Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program.
Forwarded from BlackBox (Security) Archiv
German government decides on intelligence surveillance like in Snowden times
The German Federal Intelligence Service is to hack into mobile phone and Internet providers and monitor the communications of all customers. The German government has passed a bill to this effect. A new body, not the Federal Data Protection Commissioner, is to be responsible for oversight.
The German government today decided to again massively expand the powers of the Federal Intelligence Service. The cabinet approved the bill to amend the BND law, which will then go to the Bundestag.
The grand coalition had passed the current BND law in 2017 in response to the revelations by Edward Snowden and the intelligence investigation committee. At the time, our conclusion was, "Everything the BND does will simply be legalized. And even expanded." In May, the Federal Constitutional Court ruled the law unconstitutional and overturned it. Now the federal government is making a new attempt, which is likely to end up in court again.
We published the first draft in September and the second draft in November. Experts criticized the drafts: think tanks, journalists, press freedom NGOs, Internet associations and the Federal Data Protection Commissioner. Despite the opportunity to comment, the government did not change much.
Hacking, mass surveillance, metadata
Because the current BND law is based on unconstitutional basic assumptions, the Chancellor's Office has almost completely rewritten the law. We had already reported on many of the details. In the future, the foreign intelligence service will be allowed to legally hack not only individuals and devices, but also servers and service providers, including entire mobile and Internet providers.
https://netzpolitik.org/2020/bnd-gesetz-bundesregierung-beschliesst-geheimdienst-ueberwachung-wie-zu-snowden-zeiten/
#mass #surveillance #germany #secretservice #goverment #privacy #hacking #metadata #mobilfunk #isp #thinkabout #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
The German Federal Intelligence Service is to hack into mobile phone and Internet providers and monitor the communications of all customers. The German government has passed a bill to this effect. A new body, not the Federal Data Protection Commissioner, is to be responsible for oversight.
The German government today decided to again massively expand the powers of the Federal Intelligence Service. The cabinet approved the bill to amend the BND law, which will then go to the Bundestag.
The grand coalition had passed the current BND law in 2017 in response to the revelations by Edward Snowden and the intelligence investigation committee. At the time, our conclusion was, "Everything the BND does will simply be legalized. And even expanded." In May, the Federal Constitutional Court ruled the law unconstitutional and overturned it. Now the federal government is making a new attempt, which is likely to end up in court again.
We published the first draft in September and the second draft in November. Experts criticized the drafts: think tanks, journalists, press freedom NGOs, Internet associations and the Federal Data Protection Commissioner. Despite the opportunity to comment, the government did not change much.
Hacking, mass surveillance, metadata
Because the current BND law is based on unconstitutional basic assumptions, the Chancellor's Office has almost completely rewritten the law. We had already reported on many of the details. In the future, the foreign intelligence service will be allowed to legally hack not only individuals and devices, but also servers and service providers, including entire mobile and Internet providers.
https://netzpolitik.org/2020/bnd-gesetz-bundesregierung-beschliesst-geheimdienst-ueberwachung-wie-zu-snowden-zeiten/
#mass #surveillance #germany #secretservice #goverment #privacy #hacking #metadata #mobilfunk #isp #thinkabout #netpolitics
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
netzpolitik.org
BND-Gesetz: Bundesregierung beschließt Geheimdienst-Überwachung wie zu Snowden-Zeiten – netzpolitik.org
Der Bundesnachrichtendienst soll Mobilfunk- und Internetanbieter hacken und die Kommunikation aller Kunden überwachen. Die Bundesregierung hat einen entsprechenden Gesetzentwurf beschlossen. Der Geheimdienst wächst weiter und bekommt nächstes Jahr erstmals…
Forwarded from BlackBox (Security) Archiv
Web Security and Web Hacking for Beginners
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Welcome to the course on “Web Security and Web Hacking for Beginners”. This course is designed for beginners who wants to start their journey in web security and web hacking.
👉🏼 Part 1 (Introduction - 4 videos)
👉🏼 Part 2 (Deeper understanding of Web Security - 2 videos)
👉🏼 Part 3 (Various attacks on Web Security - 9 videos)
👉🏼 Part 4 (Conclusion - 1 video)
💡Each video comes with additional (English) subtitles
This course is basically designed by taking into account that you don’t have idea about web security and you want to learn basic concept and then directly jump into action. Concepts like URL, HTTP, HTTPs etc. are explained to make student comfortable with the concept that we are going to use and then jump directly to action content like SQL injection, XSS, DDoS, etc. We want to make sure that you learn basics at the same time you don’t miss action while learning basics.
#video #tutorial #web #security #hacking #beginners #part1#part2 #part3 #part4
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
Hackers have broken into Verkada, a popular surveillance and facial recognition camera company, and managed to access live feeds of thousands of cameras across the world, as well as siphon a Verkada customer list. The breach shows the astonishing reach of facial recognition-enabled cameras in ordinary workplaces, bars, parking lots, schools, stores, and more.
The spreadsheet, provided by one of the hackers to Motherboard, shows more than 24,000 unique entries in the "organization name" column. Verkada's cameras are capable of identifying particular people across time by detecting their faces, and are also capable of filtering individuals by their gender, the color of their clothes, and other attributes.
"It's so abysmal," Tillie Kottman, one of the hackers claiming responsibility, told Motherboard in an online chat, referring to the ease of access to the cameras once they discovered a username and password online. Bloomberg first reported the news of the breach on Tuesday, and reported that the hackers had managed to access live video feeds from companies such as Tesla and Cloudflare, as well as jails and hospitals.
https://www.vice.com/en/article/wx83bz/verkada-hacked-facial-recognition-customers
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
#US #face #recognition #surveillance #privacy #hacker #hacking
Vice
Hacked Surveillance Camera Firm Shows Staggering Scale of Facial Recognition
A hacked customer list shows that facial recognition company Verkada is deployed in tens of thousands of schools, bars, stores, jails, and other businesses around the country.
0xor0ne@infosec.exchange - Very cool research on Laser-Based Audio Injection on Voice-Controllable Systems
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Website: https://lightcommands.com
Paper: https://arxiv.org/pdf/2006.11946.pdf
Light Commands is a vulnerability of MEMS microphones that allows attackers to remotely inject inaudible and invisible commands into voice assistants, such as Google assistant, Amazon Alexa, Facebook Portal, and Apple Siri using light.
In our paper we demonstrate this effect, successfully using light to inject malicious commands into several voice controlled devices such as smart speakers, tablets, and phones across large distances and through glass windows.
#hacking #infosec
Testing a new encrypted messaging app's extraordinary claims – https://crnkovic.dev/testing-converso/
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
#exploit #encryptedMessenger #Converso #hacking #SoftwareBreach
Awesome Cellular Hacking – Curated List - Woot3k /Github
#Cellular #Hacking
Awesome-Cellular-Hacking
Please note multiple researchers published and compiled this work. This is a list of their research in the 3G/4G/5G Cellular security space. This information is intended to consolidate the community's knowledge. Thank you, I plan on frequently updating this "Awesome Cellular Hacking" curated list with the most up to date exploits, blogs, research, and papers.
The idea is to collect information like the BMW article below, that slowly gets cleared and wiped up from the Internet - making it less accessible, and harder to find. Feel free to email me any document or link to add.#Cellular #Hacking
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away | Ars Technica –
Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
Researchers have devised a novel attack that recovers the secret encryption keys stored in smart cards and smartphones by using cameras in iPhones or commercial surveillance systems to video record power LEDs that show when the card reader or smartphone is turned on.
The attacks enable a new way to exploit two previously disclosed side channels, a class of attack that measures physical effects that leak from a device as it performs a cryptographic operation. By carefully monitoring characteristics such as power consumption, sound, electromagnetic emissions, or the amount of time it takes for an operation to occur, attackers can assemble enough information to recover secret keys that underpin the security and confidentiality of a cryptographic algorithm.Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED – https://eprint.iacr.org/2023/923
#Hacking #Crypto #mobile
PhoneSploit Pro
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.
https://github.com/AzeemIdrisi/PhoneSploit-Pro
#kali #nethunter #hacking #Metasploit #Android #ADB
Ransomware Hackers Steal Millions From Vegas Casinos | Mental Outlaw
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
In this video I discuss how MGM and Cesar's Entertainment Resort/Casinos were hacked by a ransomware group and had sensitive customer data and company data exfiltrated from their servers. So far Cesar's Entertainment has paid half of the 30 million dollar to keep files from being released by MGM has paid nothing and the hackers are threatening to ruin MGM's reputation with a data leak
#Hacking #Casino #LasVegas
#Ransomware
Media is too big
VIEW IN TELEGRAM
How Sim Swap Hackers Steal Millions | Mental Outlaw
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
In this video I explain how hackers are able to steal millions of dollars and access sensitive data in peoples accounts that are secured with #SMS 2 factor authentication and how you can defend yourself from sim swapping attacks by using 2 factor authentication
#Hacking #Hackers #Sim #2fA
Media is too big
VIEW IN TELEGRAM
Iridium Satellite Decoding Part 2: The Tutorial That Goes Over Your Head, Literally!
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand
Recently I experienced an influx of emails in my inbox requesting help with Iridium decoding. So, I thought I would throw together a one or two part series on how to get started with receiving L-band signals from Iridium satellites using relatively cheap hardware and a couple of free software tools for Linux.
Iridium! It is a low earth orbiting constellation of communication satellites providing voice and data services to the surface of the Earth. Typical applications of the Iridium network are satellite phones and internet connectivity for aircraft and marine vessels.
Towards the end of the video, I demonstrate the ability to decode Iridium voice and SMS transmissions. But, be sure to watch the entire video, because there is heaps of other cool data we can extract with Iridium-Toolkit!
SOFTWARE: DragonOS FocalX R35 - Iridium-Toolkit - PyPy3- GoogleEarth- #Wireshark/#TShark
#Iridium #Interception #Hacking #LBand
Forwarded from 🇵🇸 Automated Apartheid in Palestine
🇵🇸 Here’s how a collective of tech professionals shut down the Israeli army’s extortion website — twice | Mondoweiss
An international collective called The Zionism Observer, took down an IDF extortion website and reverse-engineered its evacuation map website. And it was easier than you might think.
In May this year, as part of its psychological torture campaign on the Palestinians of Gaza, Israel’s army rained down yet another batch of leaflets on the besieged population of Gaza. The leaflets stood out for many reasons, but most of all for the extortion website associated with them.
The Zionism Observer collective, made up of software developers, cartographers, translators, and archivists, traced the website’s registrar to NameCheap and the hosting service to Webflow. They immediately lodged a complaint with both companies.
Webflow removed the IDF’s extortion website within 24 hours.
https://zionism.observer/
#Gaza #Genocide #Hacking #Website #Leaflets #ZionismObserver
An international collective called The Zionism Observer, took down an IDF extortion website and reverse-engineered its evacuation map website. And it was easier than you might think.
In May this year, as part of its psychological torture campaign on the Palestinians of Gaza, Israel’s army rained down yet another batch of leaflets on the besieged population of Gaza. The leaflets stood out for many reasons, but most of all for the extortion website associated with them.
The Zionism Observer collective, made up of software developers, cartographers, translators, and archivists, traced the website’s registrar to NameCheap and the hosting service to Webflow. They immediately lodged a complaint with both companies.
Webflow removed the IDF’s extortion website within 24 hours.
https://zionism.observer/
#Gaza #Genocide #Hacking #Website #Leaflets #ZionismObserver
Can You Get Root With Only a Cigarette Lighter? | Blog – da.vidbuchanan
A while back I read about using a piezo-electric BBQ Igniter coupled to an inductor as a low-budget tool for electro-magnetic fault injection (#EMFI), and I was captivated. I wondered, how far can you take such a primitive tool? At the time, the best thing I could come up with was exploiting a software implementation of AES running on an #Arduino, using #DFA—it worked!
#Hacking #Exploit
A while back I read about using a piezo-electric BBQ Igniter coupled to an inductor as a low-budget tool for electro-magnetic fault injection (#EMFI), and I was captivated. I wondered, how far can you take such a primitive tool? At the time, the best thing I could come up with was exploiting a software implementation of AES running on an #Arduino, using #DFA—it worked!
#Hacking #Exploit
Evil Crow RF: A Portable Radio Frequency Device | Mobile Hacker
As mobile hackers, we often find that our smartphones, while powerful in many ways, lack the essential radio frequency (RF) features needed for wireless security testing. These limitations can be frustrating when trying to explore wireless signals directly from our mobile devices. However, with the Evil Crow RF V2, these limitations can be easily overcome. This tool expands your smartphone’s capabilities, allowing you to dive into RF analysis, penetration testing, and signal manipulation—bringing mobile hacking to a whole new level.
The #EvilCrow RF V2 allows users to perform a variety of tasks and attacks, including:
Receive signal
Transmit signal
Replay attacks
Bruteforce
Jamming
Scanner
Mousejacking
Rolljam attack
Rollback attack
Kaiju analyzer (online rolling code analyzer and generator)
#RF #Mobile #Hacking
As mobile hackers, we often find that our smartphones, while powerful in many ways, lack the essential radio frequency (RF) features needed for wireless security testing. These limitations can be frustrating when trying to explore wireless signals directly from our mobile devices. However, with the Evil Crow RF V2, these limitations can be easily overcome. This tool expands your smartphone’s capabilities, allowing you to dive into RF analysis, penetration testing, and signal manipulation—bringing mobile hacking to a whole new level.
The #EvilCrow RF V2 allows users to perform a variety of tasks and attacks, including:
Receive signal
Transmit signal
Replay attacks
Bruteforce
Jamming
Scanner
Mousejacking
Rolljam attack
Rollback attack
Kaiju analyzer (online rolling code analyzer and generator)
#RF #Mobile #Hacking
HackRF PortaPack H4M with Mayhem Firmware – A Powerful Handheld SDR Toolkit | Mobile Hacker
In the Q4 of 2024, a new #SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether you’re a hobbyist, hacker, ham radio enthusiast, or security researcher, this compact device brings a full-featured radio lab to your pocket.
In this blog, we’ll walk you through the essentials of the new H4M, flashing Mayhem firmware, copy necessary files and apps, including its differences from other tools like its predecessors, specifically H2, its hardware updates, and how to get the most out of it with both standalone and PC-connected use. If you’re new to SDR, just like me, and looking to dive deep, I recommend following YouTube creators like sn0ren, Talking Sasquach, Jeremiah of All Trades, who consistently provide excellent #RF content.
#Hacking
In the Q4 of 2024, a new #SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether you’re a hobbyist, hacker, ham radio enthusiast, or security researcher, this compact device brings a full-featured radio lab to your pocket.
In this blog, we’ll walk you through the essentials of the new H4M, flashing Mayhem firmware, copy necessary files and apps, including its differences from other tools like its predecessors, specifically H2, its hardware updates, and how to get the most out of it with both standalone and PC-connected use. If you’re new to SDR, just like me, and looking to dive deep, I recommend following YouTube creators like sn0ren, Talking Sasquach, Jeremiah of All Trades, who consistently provide excellent #RF content.
#Hacking
Millions of #Cars Exposed to Remote #Hacking via PerfektBlue #Bluetooth Attack
https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
Comments
https://www.securityweek.com/millions-of-cars-exposed-to-remote-hacking-via-perfektblue-attack/
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
Comments
SecurityWeek
Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack
PCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems.