It’s a really cool and super-simple trick. The question is, “Will it help?” Continue reading Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security
The RomCom RAT has been making the rounds — first in Ukraine as it went after military installations, and now in certain English-speaking countries such as the United Kingdom. Initially a spear-phishing campaign, the RomCom attack has evolved to include domain and download spoofing of well-known and trusted products. In this piece, we’ll break down […]
I have been looking to do bluetooth hacking but my internal bluetooth adapters are not working on either of my laptops with spooftooph. I was seeing if I could get a used MultiBlue dongle but no one is selling theirs online (not a big surp… Continue reading What bluetooth dongle works with spooftooph?
Currently we are working to secure our internal LAN and due to this we are planning to stop mobile devices (such as personal laptops and mobile phones) to connect on corporate network. Our key area of interest is to counter such users who … Continue reading How to block personal devices on corporate network
Assume that I never check the server fingerprint when logging in to an SSH server. This means that certain configurations of SSH can be impersonated. For example, I can log into a server that only has my public key. Obviously this doesn’t … Continue reading Can an SSH server in password mode be impersonated if I ignore the fingerprint warning?
I will be publishing a fingerprinting app that shows its user how much access to their Android phone’s identifiers it has. I haven’t started writing it because I need to understand how can any Android phone be identified by using only its … Continue reading Retrieving Android phone’s identifiers
Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it:
On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center…
How can I send an email with a spoofed ‘from’ field with nodemailer and SMTP? I know that SMTP does not provide any authentication check to see if the ‘from’ field is actually correct, so why is it not as easy as just changing the ‘from’ h… Continue reading Send spoofed email with nodemailer
Would it be possible to broadcast one audio source to a group of bluetooth headphones to make it work like old-fashioned radio broadcasting? Could this be done similarly to spoofing? How much of a problem would bluetooth error correcton be… Continue reading reverse multipoint bluetooth earbuds with intentional spoofing [migrated]