Category: Software Topics

PenTest Edition: Using Shodan to Locate Internet-Connected Devices (Webcams, Servers, Routers, and More)

With Shodan, there's no hiding on the Internet. Shodan is a search engine that allows users to locate devices that are connected to the Internet, such as webcams, routers, servers, traffic lights, baby monitors, SCADA systems, Internet of Things (IoT) devices, and so forth. Shodan began back in 2009 as a small project created by ...

The Recent 4G LTE Network Vulnerabilities and Attacks

In this blog post, I'll discuss the design and operation of a 4G LTE network. In hindsight, I realize topics such as these can get extremely lengthy. For that reason, I'll limit this discussion down to only the necessary technical details required to understand these new LTE attacks, while excluding any complicating, non-essentials. These new ...

PenTest Edition: Cracking Strong WPA2 Wi-Fi Passwords Using Fluxion

Fluxion Is The Future! Fluxion is accurately just a Wi-Fi analysis tool that comes with a list of very useful penetration testing programs, such as Aircrack-ng, Aireplay-ng, Airodump-ng, awk, bully, curl, dhcpd, hostapd, lighttpd etc. It is a remake of linset by vk496, available on Github. Unlike many other Wi-Fi analysis tools that use a dictionary ...

PenTest Edition: Capture Images That Network Users Are Looking at Using Driftnet and WebSploit

WebSploit is an advanced MitM framework of penetration testing tools used to assess wired/wireless network security, web vulnerabilities, and exploitation techniques. This demonstration uses the network/mitm module to set up a Man-in-the-Middle (MitM) attack between the target and the gateway in addition to using Driftnet to steal any unencrypted (and possibly encrypted) images that the ...

Over 3,000 iOS and Android Apps Leak 100 Million User Sensitive Records via Misconfigured Firebase Backends

When building an app that needs to store and share data from a server, software developers can rely on Google's Firebase Realtime cloud-hosted database. This Infrastructure as a Service (IaaS) removes serious time constraints by providing app developers with maintenance and support, offline support, and real-time synchronization of data with clients in real-time. And, since ...