https://systemoverlord.com/tags/hacking.htmlRecent content in Hacking on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Wed, 22 Nov 2017 00:00:00 +0000https://systemoverlord.com/2017/11/22/2017-hacker-holiday-gift-guide.htmlWed, 22 Nov 2017 00:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2017/11/22/2017-hacker-holiday-gift-guide.html<p>I&rsquo;ve been thinking about gifts for Hackers and Makers lately as the holiday season arrives. I decided I&rsquo;d build a public list of some of my favorite things (and perhaps some things I&rsquo;d like myself as well!) I&rsquo;ll break it down into a few categories for different kinds of hackers (and different kinds of gifters as well). Prices are current as of writing, but not something I&rsquo;ll be updating.</p>https://systemoverlord.com/2014/07/13/passing-android-traffic-through-burp/Sun, 13 Jul 2014 20:57:18 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/07/13/passing-android-traffic-through-burp/<p>I wanted to take a look at all HTTP(S) traffic coming from an Android device, even if applications made direct connections without a proxy, so I set up a transparent Burp proxy. I decided to put the Proxy on my Kali VM on my laptop, but didn&rsquo;t want to run an AP on there, so I needed to get the traffic to there.</p> <h3 id="network-setup">Network Setup</h3> <p><img src="https://systemoverlord.com/img/blog/wifitap.png" alt="Network Topology Diagram"></p> <p>The diagram shows that my wireless lab is on a separate subnet from the rest of my network, including my laptop. The lab network is a NAT run by IPTables on the Virtual Router. While I certainly could&rsquo;ve ARP poisoned the connection between the Internet Router and the Virtual Router, or even added a static route, I wanted a cleaner solution that would be easier to enable/disable.</p>https://systemoverlord.com/2014/05/21/book-review-the-hacker-playbook/Wed, 21 May 2014 01:10:54 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/21/book-review-the-hacker-playbook/<p><a href="http://www.amazon.com/gp/product/1494932636/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=390957&amp;creativeASIN=1494932636&amp;linkCode=as2&amp;tag=systemovecom-20">The Hacker Playbook: Practical Guide To Penetration Testing</a> is an attempt to use a continuous series of football metaphors to describe the process of a network penetration test. Maybe the metaphors would work better for someone who actually watches sports, but I felt they were a bit strained and forced at times. That being said, the actual content and techniques described are solid and generally useful information. It&rsquo;s arranged in the stages of a good penetration test, and reads like a strong guide for those relatively new to penetration testing. Unfortunately, it doesn&rsquo;t set up general guides for each area as much as describing specific &ldquo;plays&rdquo; for each area, so once those techniques start to fall flat, it doesn&rsquo;t leave you with a lot of depth.</p>https://systemoverlord.com/2014/04/16/a-brief-history-of-the-internet-security-wise/Wed, 16 Apr 2014 04:55:14 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/04/16/a-brief-history-of-the-internet-security-wise/<p>I originally posted this to the <a href="http://dc404.org/">DC404 Mailing List</a>, but got some positive feedback, so I thought I&rsquo;d post it here as well. The broad strokes should be correct, but there might be some inaccuracies here — if you&rsquo;re aware of one, please let me know and I&rsquo;ll correct it.</p> <p>There was a thread ongoing about Heartbleed, and it turned into a question of why security on the Internet is so complicated, and couldn&rsquo;t it be any simpler? Well, the truth be told, security on the Internet is a house of cards.</p>https://systemoverlord.com/2014/01/18/weekly-reading-list-for-11714/Sat, 18 Jan 2014 05:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/01/18/weekly-reading-list-for-11714/<p>I&rsquo;ve decided to start posting a weekly reading list of interesting security-related articles I&rsquo;ve come across in the past week. They&rsquo;re not guaranteed to be new, but should at least still be relevant.</p> <h4 id="using-a-beaglebone-to-bypass-8021x">Using a BeagleBone to bypass 802.1x</h4> <p>Most security practitioners are already aware that NAC doesn&rsquo;t provide meaningful security. While it&rsquo;ll keep some random guy from plugging in to an exposed ethernet port in the lobby (shouldn&rsquo;t that be turned off?), it won&rsquo;t stop a determined attacker. You can just MITM the legitimate device, let it perform the 802.1x handshake, then send packets appearing to be from the legitimate device. To make it easier, <a href="http://shellsherpa.nl/nac-bypass-8021x-or-beagle-in-the-middle">ShellSherpa has put together a BeagleBone-based device to automatically MITM the NAC connection</a>.</p>https://systemoverlord.com/2014/01/13/ld_preload-for-binary-analysis/Mon, 13 Jan 2014 02:18:16 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/01/13/ld_preload-for-binary-analysis/<p>During the BreakIn CTF, there were a few challenges that depended on the return value of of libc functions like <code>time()</code> or <code>rand()</code>, and had differing behavior depending on those return values. In order to more easily reverse those binaries, it can be nice to control the return values of those functions. In other cases, you have binaries that may call functions like <code>unlink()</code>, <code>system()</code>, etc., where you prefer not to have those functions really called. (Though you are running these untrusted binaries in a VM, right?)</p>