cyph3rPunk
- DEF CON 32 - Inside the FBI's Secret Encrypted Phone Company 'Anom' - Joseph Cox
YouTube Video
Click to view this content.
- Hackers hope to democratize laser-based processor hacking — $500 RayV Lite relies on 3D printing, a laser pen, and a Raspberry Pi to bring costs down
cross-posted from: https://lemmy.world/post/18283290
> … "The first of two versions of the RayV Lite will focus on laser fault injection (LFI). This technique uses a brief blast of light to interfere with the charges of a processor’s transistors, which could flip them from a 0 value to a 1 value or vice versa. Using LFI, Beaumont and Trowell have been able to pull off things like bypassing the security check in an automotive chip’s firmware or bypassing the PIN verification for a cryptocurrency hardware wallet. > > The second version of the tool will be able to perform laser logic state imaging. This allows snooping on what’s happening inside a chip as it operates, potentially pulling out hints about the data and code it’s handling. Since this data could include sensitive secrets, LSI is another dangerous form of hacking that Beaumont and Trowell hope to raise awareness of." …
- hacker 'ghost' on githubwww.wired.com A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub
Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.
cross-posted from: https://lemmy.dbzer0.com/post/24829826
- new vulnerability in your motherboard
YouTube Video
Click to view this content.
The headline was bit sensationalist. So, I shortened it.
- XenoRAT | Malware of the Day
YouTube Video
Click to view this content.
> A video summary by Faan Rossouw of the Malware of the Day - XenoRAT///
> 🔗 Blog post located here: https://www.activecountermeasures.com/malware-of-the-day-xenorat/
- 3D-Printed USB Dead Man Switch (Prototype Demo)www.buskill.in 3D-Printable BusKill Prototype Demo - BusKill
Demo of our DIY USB Dead Man Switch (prototype) with a 3D-Printable Case triggering a lockscreen when the kill-cord's connection is severed.
Today we're ecstatic to publish our first demo showing a homemade BusKill Cable (in the prototype 3D-printed case) triggering a lockscreen.
| [!3D-Printed USB Dead Man Switch (Prototype Demo)](https://www.buskill.in/3d-print-2024-05/) | |:--:| | Watch the 3D-Printed USB Dead Man Switch (Prototype Demo) for more info youtube.com/v/vFTQatw94VU |
In our last update, I showed a video demo where I successfully triggered a lockscreen using a BusKill prototype without the 3D-printed body for the case and N35 disc magnets. I realized that the N35 disc magnets were not strong enough. In this update, I show a demo with the prototype built inside a 3D-printed case and with (stronger) N42 and N52 cube magnets.
What is BusKill?
BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.
| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |
If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
Why?
While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.
We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.
Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, BusKill doesn't have any circuit boards, microcontrollers, or silicon; it's trivial to print your own BusKill cable -- which is essentially a USB extension cable with a magnetic breakaway in the middle
Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In this article, we hope to showcase her progress and provide you with some OpenSCAD and
.stl
files you can use to build your own version of the prototype, if you want to help us test and improve the design.Print BusKill
[!Photo of the 3D-Printed BusKill Prototype](https://www.buskill.in/3d-print-2024-05/)
If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:
Iterate with us!
If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!
- Is there anything stopping this set up from being deployed else where?
YouTube Video
Click to view this content.
- Malicious Backdoor in xz liblzma
YouTube Video
Click to view this content.
> Backdoor found in xz liblzma specifically targets the RSA implementation of OpenSSH. Story still developing.https://openwall.com/lists/oss-security/2024/03/2...
- Broadcast LoRa packets WITHOUT a radio
YouTube Video
Click to view this content.
AI summary of transcript:
> groundbreaking exploration into transmitting LoRaWAN signals via unconventional means—utilizing microcontrollers lacking native radio functionalities. By tweaking GPIO pins on devices like the CH32V203, ESP32-S2, and ESP8266, OP demonstrates how to generate RF signals strong enough to communicate with commercial LoRaWAN gateways and access the internet. This method deviates from traditional approaches that rely on specific radio chips or RF capabilities. The experiment not only surpasses expectations in terms of signal transmission distance but also showcases a novel blend of ingenuity and technical prowess. Through this project, the resilience and adaptability of LoRa technology are put on full display, proving its capability to facilitate long-range communications under inventive conditions. The venture into RF technology and signal generation through hardware manipulation opens new avenues for utilizing microcontrollers in ways previously deemed impractical, marking a significant achievement in the field.
- 'Lessons Julian taught me' - Yanis Varoufakis Speech | Night Falls In The Evening Lands: The Assange Epic | 9th March 2024
YouTube Video
Click to view this content.
- Penetration Testing with Nmap: A Comprehensive Tutorial
YouTube Video
Click to view this content.
- How To Get Arrested In 30 Minutes: Cracking A GSM Capture File In Real-time With AIRPROBE And KRAKEN
YouTube Video
Click to view this content.
DO NOT try this EVER.
The feds will show up at your house and arrest you in less than 30 minutes.
- Advanced Meshtastic Series
YouTube Video
Click to view this content.
> Welcome to the Advanced Meshtastic Series. We'll be getting into some of the more advanced things you can do with Meshtastic.
- LoRa Meshtastic networks were labeled a threat by Rutgers. Now I am interested.
YouTube Video
Click to view this content.
- True Random Numbers - Computerphile (12:15)
YouTube Video
Click to view this content.
> Programs aren't capable of generating true random numbers, so how can we? Are they even useful? Dr Valerio Giuffrida demonstrates how to get a true random number from most computers.
- Intell-dragonfly: A Cybersecurity Attack Surface Generation Engine Based On Artificial Intelligence-generated Content Technology. (arXiv:2311.00240v1 [cs.CR])
cross-posted from: https://infosec.pub/post/4424216 >Intell-dragonfly: A Cybersecurity Attack Surface Generation Engine Based On Artificial Intelligence-generated Content Technology. (arXiv:2311.00240v1 [cs.CR])
- Darknet Diaries: True stories from the dark side of the Internet
I just learned about this podcast today. Enjoy!
- TETRA Vulnerability (TETRA:BURST) - Computerphile (18:43)
YouTube Video
Click to view this content.
TETRA vendors caught breaking a basic rule: don't roll your own bespoke cryptographic primitives.
- Why a true privacy tool can’t be built to comply with the State w/ Alan Szepieniecodysee.com Why a true privacy tool can’t be built to comply with the State w/ Alan Szepieniec
TODAY'S 🎙SHOW: Douglas Tuman interviews Alan Szepieniec, a cryptography researcher and libertarian.
cross-posted from: https://monero.town/post/554820
> The two discuss the prominent blockchain privacy paper co-authored by Vitalik Buterin, the future of blockchain privacy vs surveillance coins. Alan explains why there’s a need to stop putting the state on a pedestal in the privacy debate in order to defend privacy in the future, the reason the US government doesn’t care as much about money laundering as long as it happens in US banks. >
- All cops are broadcasting: Obtaining the secret TETRA primitives after decades in the shadows (47:30)
YouTube Video
Click to view this content.
In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and security analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, prisons, emergency services and military operators. Besides governemental applications, TETRA is also widely deployed in industrial environments such as factory campuses, harbor container terminals and airports, as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. For over two decades, the underlying algorithms have remained secret and bound with restrictive NDAs prohibiting public scrutiny of this highly critical technology. As such, TETRA was one of the last bastions of widely deployed secret proprietary cryptography. We will discuss in detail how we managed to obtain the primitives and remain legally at liberty to publish our findings.
- "Formally Verifying Everybody's Cryptography" by Mike Dodds, Joey Dodds (Strange Loop 2022) (40:30)
YouTube Video
Click to view this content.
- Public Key Cryptography - Computerphile (6:19)
YouTube Video
Click to view this content.
> Spies used to meet in the park to exchange code words, now things have moved on - Robert Miles explains the principle of Public/Private Key Cryptography > > note1: Yes, it should have been 'Obi Wan' not 'Obi One' :) > note2: The string of 'garbage' text in the two examples should have been different to illustrate more clearly that there are two different systems in use.
- Let's Discuss the Potential for Vulnerability Here: Why you should check your secrets into Git | Warren Parad (55:08)
YouTube Video
Click to view this content.
> Slides - https://authress.io/l/codemotion > > Conference: > Codemotion Madrid 2023 > https://talks.codemotion.com/why-you-...
Can someone recommend a more secure method? I've been told many times that using git for secret management would present a potential vulnerability.
- Video-Based Cryptanalysis [3:00]
YouTube Video
Click to view this content.
- Veilid: A secure peer-to-peer network for apps that flips off the surveillance economy, created by Cult of the Dead Cow [DEFCON_31]www.theregister.com Cult of the Dead Cow unveils Veilid peer-to-peer project
‘It’s like Tor and IPFS had sex and produced this thing’
> DEF CON Infosec super-band the Cult of the Dead Cow has released Veilid (pronounced vay-lid), an open source project applications can use to connect up clients and transfer information in a peer-to-peer decentralized manner. > > The idea being here that apps – mobile, desktop, web, and headless – can find and talk to each other across the internet privately and securely without having to go through centralized and often corporate-owned systems. Veilid provides code for app developers to drop into their software so that their clients can join and communicate in a peer-to-peer community. > > In a DEF CON presentation today, Katelyn "medus4" Bowden and Christien "DilDog" Rioux ran through the technical details of the project, which has apparently taken three years to develop. > > The system, written primarily in Rust with some Dart and Python, takes aspects of the Tor anonymizing service and the peer-to-peer InterPlanetary File System (IPFS). If an app on one device connects to an app on another via Veilid, it shouldn't be possible for either client to know the other's IP address or location from that connectivity, which is good for privacy, for instance. The app makers can't get that info, either. > > Veilid's design is documented here, and its source code is here, available under the Mozilla Public License Version 2.0. > > "IPFS was not designed with privacy in mind," Rioux told the DEF CON crowd. "Tor was, but it wasn't built with performance in mind. And when the NSA runs 100 [Tor] exit nodes, it can fail." > > Unlike Tor, Veilid doesn't run exit nodes. Each node in the Veilid network is equal, and if the NSA wanted to snoop on Veilid users like it does on Tor users, the Feds would have to monitor the entire network, which hopefully won't be feasible, even for the No Such Agency. Rioux described it as "like Tor and IPFS had sex and produced this thing." > > "The possibilities here are endless," added Bowden. "All apps are equal, we're only as strong as the weakest node and every node is equal. We hope everyone will build on it." > > Veilid > > Big launch ... medus4, left, and DilDog at DEF CON > > Each copy of an app using the core Veilid library acts as a network node, it can communicate with other nodes, and uses a 256-bit public key as an ID number. There are no special nodes, and there's no single point of failure. The project supports Linux, macOS, Windows, Android, iOS, and web apps. > > Veilid can talk over UDP and TCP, and connections are authenticated, timestamped, strongly end-to-end encrypted, and digitally signed to prevent eavesdropping, tampering, and impersonation. The cryptography involved has been dubbed VLD0, and uses established algorithms since the project didn't want to risk introducing weaknesses from "rolling its own," Rioux said. > > This means XChaCha20-Poly1305 for encryption, Elliptic curve25519 for public-private-key authentication and signing, x25519 for DH key exchange, BLAKE3 for cryptographic hashing, and Argon2 for password hash generation. These could be switched out for stronger mechanisms if necessary in future. > > Files written to local storage by Veilid are fully encrypted, and encrypted table store APIs are available for developers. Keys for encrypting device data can be password protected. > > "The system means there's no IP address, no tracking, no data collection, and no tracking – that's the biggest way that people are monetizing your internet use," Bowden said. > > "Billionaires are trying to monetize those connections, and a lot of people are falling for that. We have to make sure this is available," Bowden continued. The hope is that applications will include Veilid and use it to communicate, so that users can benefit from the network without knowing all the above technical stuff: it should just work for them. > > To demonstrate the capabilities of the system, the team built a Veilid-based secure instant-messaging app along the lines of Signal called VeilidChat, using the Flutter framework. Many more apps are needed. > > If it takes off in a big way, Veilid could put a big hole in the surveillance capitalism economy. It's been tried before with mixed or poor results, though the Cult has a reputation for getting stuff done right. >
---
Veilid Source
> > > The first matter to address is the question "What is Veilid?" The highest-level description is that Veilid is a peer-to-peer network for easily sharing various kinds of data. > > --- > > Veilid is designed with a social dimension in mind, so that each user can have their personal content stored on the network, but also can share that content with other people of their choosing, or with the entire world if they want. > > > --- > > The primary purpose of the Veilid network is to provide the infrastructure for a specific kind of shared data: social media in various forms. That includes light-weight content such as Twitter's tweets or Mastodon's toots, medium-weight content like images and songs, and heavy-weight content like videos. Meta-content such as personal feeds, replies, private messages, and so forth are also intended to run atop Veilid.
- My Adventures as the World's Most Wanted Hacker | Kevin Mitnick | Talks at Google [52:11]
YouTube Video
Click to view this content.
> Kevin Mitnick (RIP) visits Google's NYC office to discuss his book "Ghost in the Wires: My Adventures as the World's Most Wanted Hacker" with Eran Feigenbaum, Google's Director of Security for Google Apps. This event took place on August 17, 2011, as part of the Authors@Google series. > > Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn't just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information. > > Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI's net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. > > Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.
- Secrets Hidden in Images (Steganography) - Computerphile [12:13]
YouTube Video
Click to view this content.
Secret texts buried in a picture of your dog? Image Analyst Dr. Mike Pound explains the art of steganography in digital images.
- DEF CON 31 Trailer
YouTube Video
Click to view this content.
- Cypherpunks Write Code
YouTube Video
Click to view this content.
> In the early 1990s, a group of mathematicians, misfits, hackers, and hobbyists calling themselves "the cypherpunks" came together around a shared belief that the internet would either demolish society's artificial walls or lay the groundwork for an Orwellian state. They saw cryptography as a weapon against central planning and surveillance in this new virtual world. > > The philosophical and technical ideas explored on the cypherpunks' widely read email list, which launched in 1992, influenced the creation of bitcoin, WikiLeaks, Tor, BitTorrent, and the Silk Road. The cypherpunks anticipated the promise and the peril that lay ahead when the internet went mainstream, including new threats to privacy and the possibility of building virtual platforms for communication and trade that would be impervious to government regulators.
- Cicada 3301: An Internet Mystery
YouTube Video
Click to view this content.
>In this video I explore an elaborate cryptographic internet puzzle orchestrated by a mysterious individual or group known as Cicada 3301. > >Puzzle: The puzzle I hid in this video has been solved.
- Hackers Testifying at the United States Senate, May 19, 1998 (L0pht Heavy Industries)
YouTube Video
Click to view this content.
L0pht Heavy Industries testifying before the United States Senate Committee on Governmental Affairs, Live feed from CSPAN, May 19, 1998. Starring Brian Oblivion, Kingpin (Joe Grand), Tan, Space Rogue, Weld Pond, Mudge, and Stefan von Neumann.
This is the infamous testimony where Mudge stated we could take down the Internet in 30 minutes. Although that's all the media took from it, much more was discussed. See for yourself.
- Hacker interview-Gummo with follow-up
YouTube Video
Click to view this content.
Soft White Underbelly interview and portrait of Gummo, a computer hacker from Jacksonville, Florida.
Here’s a link to a follow up interview with Gummo: Black Hat Hacker-Gummo (follow up)