• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Week 02: TCP/IP and Network Architecture

Monthly Charges for Windows 7 Coming!

September 9, 2018 by Sev Shirozian 5 Comments

https://www-forbes-com.cdn.ampproject.org/c/s/www.forbes.com/sites/gordonkelly/2018/09/08/microsoft-windows-7-monthly-charge-windows-10-free-upgrade-cost/amp/

 

Looks like Microsoft might start charging users of Microsoft 7 sometime in the future a monthly subscription fee to keep their Operating Systems up-to-date.  This is not the first time a tech company has done this for older versions.  I believe Oracle does this too for Java.

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

September 9, 2018 by Connor Fairman 1 Comment

MikroTik routers have a security vulnerability that was revealed after a wikileaks report detailed a CIA hacking tool, known as Chimay Red. What I found immediately interesting was that someone reverse engineered Chimay Red and it is now available for cloning from someone’s github: https://github.com/BigNerd95/Chimay-Red

With Chimay Red, you can add a payload to the router. It also seems like you can use it to overload a thread’s stack, which traditionally contains variables, functions, pointers, etc. that are in local scope. This allows us to write POST date into ANOTHER stack after we overload the current one. How we know what the next stack is, though, is unclear to me because threads are asynchronous, or rather they are used to handle asynchronous tasks.

Back to MikroTik, the key important detail here is that hackers can hijack devices if they take advantage of this vulnerability. Moreover, hackers can reroute traffic from compromised routers to themselves. This allows them to monitor their victims.

https://thehackernews.com/2018/09/mikrotik-router-hacking.html

Riddles!! – Food for thought

September 9, 2018 by Jayapreethi Selvaraju Leave a Comment

I read an article titled “Problem solving is an essential hacker skill” at https://null-byte.wonderhowto.com/forum/problem-solving-is-essential-hacker-skill-0150882/. The article says that problem solving, along with persistence and creativity, is an essential skill in this profession. So, I am posting some riddles as food for thought for our brains. I will post the answers after couple of days.

Riddles:

1.       A 10-year-old child kicks the ball. The ball travels a distance of 10 feet and come back to the child. How?

2.       W is the father of M. But M is not W’s son. How?

3.       What is that which goes up and comes down but does not move?

4.       What is that thing that belongs to you but is used most by your friends and people who are familiar to you?

5.       What is it that is blind, that can neither speak nor hear but always tells the truth?

6.       The more I grow the less visible I am to you. Who am I?

7.       What is it that vanishes the moment you call for it?

8.       Feed me and I will thrive. Give me water, I will vanish. Who am I?

9.       What is it that can be broken without touching it?

10.   What is it that people always call for but are afraid of it?

11.   What is it that stays with you all day long and never leave your side?

12.   What is the word, when said, is always pronounced wrong?

DEF CON 2018: Hacking Medical Protocols to Change Vital Signs

September 8, 2018 by Raaghav Sharma 1 Comment

Doug McKee, senior security researcher at McAfee’s Advanced Threat Research team, has discovered a weakness that allows data on the patient’s condition to be modified by an attacker in real-time, to provide false information to medical personnel.

Medical devices use RWHAT protocol, to monitor a patient’s condition and vital signs. Using a small Raspberry device he could trick the nurse’s station monitor into thinking it’s communicating with something other than what it is.

The best defense for a hospital is to ensure that its networks are properly set up and isolated, and that devices are patched and that default passwords are changed.

https://threatpost.com/def-con-2018-hacking-medical-protocols-to-change-vital-signs/134967/

App of Apple App store caught Spying on users

September 8, 2018 by Sev Shirozian 3 Comments

https://thehackernews.com/2018/09/mac-adware-removal-tool.html

A popular adware removal tool in the Apple App store has been found stealing users browser history which is a violation of Apple’s terms and services agreement.  It’s breaking out of Apple’s typical sandboxing it makes it’s apps follow and steals the browser information.  This data is being exfiltrated to a server located in China.  An ex NSA staffer found this issue a while ago and notified Apple about it, but it took Apple over a month before they did anything about it.  Eventually they did remove it from the app store.

It’s interesting how people think Apple is immune to these types of issues, but this is evidence that nobody is immune.  Apple might do a better job than Microsoft or Google but they are just as susceptible as others.

Sev Shirozian

Interesting Article Describing Identifying a Vulnerability

September 7, 2018 by Wade Mackey 2 Comments

https://srcincite.io/blog/2018/08/31/you-cant-contain-me-analyzing-and-exploiting-an-elevation-of-privilege-in-docker-for-windows.html

Week 2 Class Recording

September 7, 2018 by Wade Mackey Leave a Comment

https://capture.fox.temple.edu/Mediasite/Play/ddf1f68cdb404efcb0e616fa3caa85cf1d

Week 2 Presentation

September 4, 2018 by Wade Mackey Leave a Comment

Intro to Ethical Hacking Week 2

  • « Go to Previous Page
  • Page 1
  • Page 2

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in