Hosted by Darren Kitchen and Shannon Morse. New episodes Tuesdays.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a... Read More
This week Darren is joined by Rob Fuller.
This week Darren is joined by Rob Fuller, aka Mubix for a little fun with Man-in-the-middle javascript keylogger using the Middler, and pwning with the Social Engineering Toolkit. Plus using Spotify in the US without a proxy, Mac Address spoofing in Linux or Windows, Virtual Appliances for VirtualBox, and much more! Take an hour lunch and prepare to feed your technolust!
Mahmoud, as well as many others, wrote in to ask about the cross-platform compatibility of the encryption set setup on Hak5 episode 620 using cryptsetup.
The short answer is, no, it's just for Linux. If you're looking for something both open source and cross platform look no further than Truecrypt
Following up on last week's question about IP spoofing so users in the US can try out Spotify, we've got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it's just a matter of having them sign up for you. The only limitation is that you'll need to have your account signed into from your "home country" every 14 days. On the other hand if you decide to spring for the $9.99/mo premium account you, supposedly, don't have such limitations. Thanks to Jouni in Finland for hooking me up. I'll be sad when its game over in two weeks. Or will it?
If you're a fan of VirtualBox then you'll love VirtualBoxImages.com. They've got pre-packaged VirtualBox VDI's ready for your enjoyment.
When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.
Hacking isn't just about remote code execution. Well, I mean, that's fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)'s tool, The Social Engineering Toolkit. Despite some challenges with clients that weren't setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.
@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).
Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.
8 days ago
Employers want social media passwords, US gets a #CPO, and #TheOnion! All that and more this time on #ThreatWire! http://t.co/SrZpicvnt6
11 days ago
#Installing #Solar panels, #Google #Chrome #extensions, and more on @Hak5! http://t.co/QppYLgZpi5
11 days ago
Legalizing #Internet eavesdropping, #LivingSocial is #hacked, and more on this weeks #ThreatWire! http://t.co/xyIxzy8kes
11 days ago
@thescribe I didn't! They were disabled and enabled throughout the segment. Each one has a different icon. - @Snubs
11 days ago
@myraitnetwork thank you!
26 days ago
#PGP #Encrypt your email, back up your #Gmail Account with #Ubuntu, text #messaging your #WiFi #Pineapple On #Hak5! http://t.co/KSZeO4GEPU
