Image for post
Image for post
Cover image via Val Thoermer/Shutterstock

Search engines index websites on the web so you can find them more efficiently, and the same is true for internet-connected devices. Shodan indexes devices like webcams, printers, and even industrial controls into one easy-to-search database, giving hackers access to vulnerable devices online across the globe. And you can search its database via its website or command-line library.

Shodan has changed the way hackers build tools, as it allows for a large part of the target discovery phase to be automated. Rather than needing to scan the entire internet, hackers can enter the right search terms to get a massive list of potential targets. …


Raspberry Pi 4 model B
Raspberry Pi 4 model B
Cover photo by Kody/Null Byte

In 2019, the Raspberry Pi 4 was released with specs including either 1 GB, 2 GB, or 4 GB of memory, a Broadcom BCM2711B0 quad-core A72 SoC, a USB Type-C power supply, and dual Micro-HDMI outputs. Performance and hardware changes aside, the Pi 4 Model B runs Kali Linux just as well, if not better, than its predecessors. It also includes support for Wi-Fi hacking on its internal wireless card.

For hackers interested in a cheap Kali Linux computer capable of hacking Wi-Fi without a separate wireless network adapter, the Pi 4 Model B is a great way to run Kali without needing a virtual machine. …


Image for post
Image for post
Image by tokyoneon/Null Byte

With a cheap computer, smaller than the Raspberry Pi, an attacker can create a remote hacking device. The device can be attached to a target router without anyone’s knowledge and enable the hacker to perform a variety of network-based attacks from anywhere in the world.

As the name infers, network implants are small, physical devices (e.g., Raspberry Pi) that can be discreetly attached to computers and routers. These devices are typically implanted without anyone’s knowledge and disguised to blend into the environment.

Much like Hak5’s LAN Turtle, this attack requires a physical device on the target network or router. Without any port-forwarding, firewall exceptions, or interactions with the router settings, the implanted device will automatically connect to the internet. The device will act as a remote access tool (RAT), giving an attacker the ability to manipulate data on the network and all of the connected devices. …


Image for post
Image for post
Cover image by Gareth Halfacree/Flickr

The $35 Raspberry Pi is an amazingly useful single-board computer (SBC) with a good balance of price, performance, and connectivity options. But for some projects, it just isn’t enough. Whether you need more computing power, a smaller size, or better machine-learning capabilities, there are other options available.

For those unfamiliar, an SBC means that all of the components of the computer are on a single printed circuit board (PCB), including the CPU, GPU, and memory. …


Image for post
Image for post

When researching a person using open source intelligence, the goal is to find clues that tie information about a target into a bigger picture. Screen names are perfect for this because they are unique and link data together, as people often reuse them in accounts across the internet. With Sherlock, we can instantly hunt down social media accounts created with a unique screen name on many online platforms simultaneously.

From a single clue like an email address or screen name, Sherlock can grow what we know about a target piece by piece as we learn about their activity on the internet. Even if a person is careful, their online contacts may not be, and it’s easy to slip up and leave default privacy setting enabled on apps like Venmo. A single screen name can reveal many user accounts created by the same person, potentially introducing photos, accounts of family members, and other avenues for collecting further information. …


Image for post
Image for post

While modern browsers are robust and provide a lot of functionality, they can be unlocked to do some pretty spectacular things with browser extensions. For hackers and OSINT researchers, these tools can be used to defeat online tracking, log in to SSH devices, and search the internet for clues during an investigation. These are a list of my top ten favorite browser extensions for hackers — and how to use them.

What Are Add-Ons?

Browser extensions, or add-ons, are programs that expand what a browser can do. The easiest way to think about browser extensions is to picture them as apps for your browser, with specific extensions providing add-on functions that make the browser more useful for a particular use-case. …


Image for post
Image for post
Cover photo by Justin Meyers/Null Byte

Metadata contained in images and other files can give away a lot more information than the average user might think. By tricking a target into sending a photo containing GPS coordinates and additional information, a hacker can learn where a mark lives or works simply by extracting the Exif data hidden inside the image file.

For hackers or OSINT researchers gathering digital evidence, photos can be a rich source of data. Besides what’s visible in the picture itself, metadata about when and where the photo was taken can also be recoverable. …


Image for post
Image for post

Automating port scanners, directory crawlers, and reconnaissance tools can be complicated for beginners just getting started with Kali Linux. Sparta solves this problem with an easy-to-use graphical interface designed to simplify a penetration tester’s tasks.

Sparta, authored by Antonio Quina and Leonidas Stavliotis, is a Python-based GUI application that automates scanning, information gathering, and vulnerability assessment with tools like Nikto, WhatWeb, Nmap, Telnet, Dirbuster, and Netcat. It was designed with a simple point-and-click user interface and displays discovered services in an easy-to-navigate and intuitive way.

Save for a few minor updates, no significant changes or features have been added to Sparta since its inception. Still, it’s an excellent recon tool worth learning. This article pairs nicely with Kody’s Null Byte video below by focusing on Sparta’s brute-force module and Nikto web crawler, as well as coupling it with other tools to maximize its usefulness for pen-tests and white hat endeavors. …


Image for post
Image for post

KeePassX, 1Password, and LastPass are effective against keyloggers, phishing, and database breaches, but passwords managers rely on the operating system’s clipboard to securely move credentials from the password vault to the web browser. It’s within these few seconds that an attacker can dump the clipboard contents and exfiltrate passwords.

Two scenarios come to mind with a clipboard-dumping attack geared toward password managers, and both utilize the pbpaste command found in all versions of macOS. …


Image for post
Image for post

If you find yourself with a roommate hogging limited data bandwidth with video games or discover a neighbor has invited themselves into your Wi-Fi network, you can easily take back control of your internet access. Evil Limiter does this by letting you control the bit rate of any device on the same network as you, allowing you to slow or even stop data transfer speeds for them completely.

Generally speaking, the average user doesn’t have much visibility over who or what is on their network, so anyone with the password can slip in and start using bandwidth. In other situations, a roommate or family member may be hogging all the bandwidth unfairly to play video games or stream videos. …

About

Null Byte

The aspiring white-hat hacker/security awareness playground

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store