|
CommieGIR posted:I got my thing, so now to copy everyone's access cards: if you get it to do anything interesting post about it, cause i set mine up to turn the tv on and then put it away v_v i already have a proxmark from alibaba though so nfc stuff isn't as new
|
#
?
May 4, 2022 22:52
|
|
|
|
| # ? Apr 26, 2024 16:04 |
|
|
Achmed Jones posted:if you get it to do anything interesting post about it, cause i set mine up to turn the tv on and then put it away v_v Already cloned a couple of my access cards, I'm digging through the source code to do some Automotive dongle capture stuff, already used it to ID the frequencies for my audi key fob. I'm really liking it so far. And yeah, this is replacing the little RFID cloner I made with an arduino previously that I'd use on engagements to grab keycards.
|
|
#
?
May 4, 2022 23:05
|
|
|
mine came in last week too. i think the proxmark will always have more capability and flexibility for lf and hf rfid, but obviously the flipper can do ibuttons and the ism radio stuff that you won't get off of the proxmark. i'll be interested to see what kind of development community forms around the flipper.
|
|
#
?
May 5, 2022 02:05
|
|
|
it just needs to work with a chamberlain garage door opener dang it! it'd be cool if it worked with my tv too instead of having to just replay signals but that's less important
|
|
#
?
May 5, 2022 02:08
|
|
|
I missed the first run and I'm mad
|
|
#
?
May 5, 2022 04:38
|
|
|
Achmed Jones posted:if you get it to do anything interesting post about it, cause i set mine up to turn the tv on and then put it away v_v how much do you want for it
|
|
#
?
May 5, 2022 04:38
|
|
|
Add another critical infrastructure RCE to the critical infrastructure RCE pile: https://www.bleepingcomputer.com/news/security/f5-warns-of-critical-big-ip-rce-bug-allowing-device-takeover/ No POC’s yet but it’s with iControl so I’m sure it’s very spicy
|
|
#
?
May 5, 2022 04:40
|
|
|
Crime on a Dime posted:how much do you want for it i don't wanna sell it, cause its still worth the purchase price to dick around with once a month to see if any improvements have been made. i guess i was one of the first people to get it or something, it showed up in like the second week of march the update i put on today added a bunch of sub-ghz frequencies so i'm hopeful that it'll get more useful as the community does cool stuff
|
|
#
?
May 5, 2022 04:45
|
|
|
Midjack posted:mine came in last week too. i think the proxmark will always have more capability and flexibility for lf and hf rfid, but obviously the flipper can do ibuttons and the ism radio stuff that you won't get off of the proxmark. i'll be interested to see what kind of development community forms around the flipper. It's an absolutely tiny chip that can fit on even the smallest circuit board, and can tune between 13 and 1864 MHz at 2.5 million samples / second.
|
|
#
?
May 5, 2022 09:12
|
|
|
Achmed Jones posted:i don't wanna sell it, cause its still worth the purchase price to dick around with once a month to see if any improvements have been made. i guess i was one of the first people to get it or something, it showed up in like the second week of march yeah they're sick, so it was worth an ask! the community stuff will be the good poo poo, but we will only use on devices we own etc 
|
|
#
?
May 5, 2022 10:30
|
|
|
looks like a bunch of people bought them to ᶠˡᶦᵖ on eBay for 400-1200 dollars and they can get flipped. I will wait.
|
|
#
?
May 5, 2022 10:35
|
|
|
Crime on a Dime posted:looks like a bunch of people bought them to ᶠˡᶦᵖ on eBay for 400-1200 dollars and they can get flipped. I will wait. Yeah this seems to be everything now days, getting sick of the flip economy.
|
|
#
?
May 5, 2022 14:41
|
|
|
https://twitter.com/jacobian/status/1522068542157246465
|
|
#
?
May 5, 2022 15:24
|
|
|
Yup, couple of my dev friends confirmed they got mandatory password and API key reset requests.
|
|
#
?
May 5, 2022 15:49
|
|
|
Welp, good thing I hadn't deployed my project yet. PythonAnywhere is looking better and better.
|
|
#
?
May 5, 2022 16:02
|
|
|
CommieGIR posted:I got my thing, so now to copy everyone's access cards: I've been going ham with mine, especially collecting infrared stuff: https://github.com/RooneyMcNibNug/Flipper-nil/tree/main/Infrared
|
|
#
?
May 5, 2022 16:46
|
|
|
Rooney McNibnug posted:I've been going ham with mine, especially collecting infrared stuff: https://github.com/RooneyMcNibNug/Flipper-nil/tree/main/Infrared My neighbor also keeps wondering why his Tesla's charger port keeps opening "out of nowhere" 
|
|
#
?
May 5, 2022 16:48
|
|
|
Rooney McNibnug posted:My neighbor also keeps wondering why his Tesla's charger port keeps opening "out of nowhere" Security Ghosts!
|
|
#
?
May 5, 2022 17:02
|
|
|
12-factor Ooops
|
|
#
?
May 5, 2022 17:09
|
|
|
good news everyone! https://twitter.com/alex_a_simons/status/1522209148288606208
|
|
#
?
May 5, 2022 17:10
|
|
|
Chris Knight posted:good news everyone! it's finally happening? neat
|
|
#
?
May 5, 2022 17:14
|
|
|
Chris Knight posted:good news everyone! loving finally.
|
|
#
?
May 5, 2022 17:22
|
|
|
interesting. I’m pretty familiar with the Secure Enclave on the Apple side but I need to check out how Windows is doing it and the whole hello thing. also curious what this does for Yubikeys used as a simple FIDO/2 token.
|
|
#
?
May 5, 2022 17:26
|
|
|
Chris Knight posted:good news everyone!
|
|
#
?
May 5, 2022 18:29
|
|
|
Rooney McNibnug posted:I've been going ham with mine, especially collecting infrared stuff: https://github.com/RooneyMcNibNug/Flipper-nil/tree/main/Infrared but can it interact with a game boy color? asking for a friend 
|
|
#
?
May 5, 2022 20:20
|
|
|
Crime on a Dime posted:looks like a bunch of people bought them to ᶠˡᶦᵖ on eBay for 400-1200 dollars and they can get flipped. I will wait. wtf who would even spend that much on one? people looking to flip for even more? like i'd expect anyone who has $600 to drop on the hacker toy to know they're worth $80 or so and that it's not really worth it, and for anybody who thinks they're oh-my-god-magic-hacking-tool to not have that kind of money because they're 16 then again dumbasses buy nfts so maybe im expexting too much
|
|
#
?
May 5, 2022 21:53
|
|
|
like many stupid ideas, it only has to work once to be worth it
|
|
#
?
May 5, 2022 21:55
|
|
|
only a matter of time for chinese clones to hit the market o suppose
|
|
#
?
May 5, 2022 22:24
|
|
|
Submarine Sandpaper posted:When I did the MSP stint our enterprise shared admin PWs were [company initial][company initial][year]**!! Our newest MSP has a lead security expert who had an entire onboarding conversation with me while a [presumably shared] generic password was written on the dry-erase board behind him. 
|
|
#
?
May 5, 2022 22:37
|
|
|
Hed posted:interesting. I’m pretty familiar with the Secure Enclave on the Apple side but I need to check out how Windows is doing it and the whole hello thing. also curious what this does for Yubikeys used as a simple FIDO/2 token. Yubikeys would still be useful as an alternative to carrying around an entire smartphone. Like as an emergency "break glass" second factor or login token. Yubikeys can also be used as a mechanism to encrypt FDE passwords, or at other times when it's not really feasible to connect to a computer to fetch the password.
|
|
#
?
May 5, 2022 22:39
|
|
|
Achmed Jones posted:wtf paging through sold items on ebay they seem to be going more for 4-500. there are a couple on offer with buy it now prices that are way higher but no takers so far. markups still suck though.
|
|
#
?
May 6, 2022 00:33
|
|
|
Dr_0ctag0n posted:Our newest MSP has a lead security expert who had an entire onboarding conversation with me while a [presumably shared] generic password was written on the dry-erase board behind him. it's a trap question, though: if you put a fake login on the whiteboard when interviewing someone for a red team role, would seeing that login being attempted count as positive or negative?
|
|
#
?
May 6, 2022 00:48
|
|
|
Dr_0ctag0n posted:Our newest MSP has a lead security expert who had an entire onboarding conversation with me while a [presumably shared] generic password was written on the dry-erase board behind him. you dont say... 
|
|
#
?
May 6, 2022 00:52
|
|
|
ymgve posted:it's a trap slight negative. good observation and initiative but didn't clarify the roes before beginning the test which is how you end up getting sued.
|
|
#
?
May 6, 2022 00:55
|
|
|
Dr_0ctag0n posted:Our newest MSP has a lead security expert who had an entire onboarding conversation with me while a [presumably shared] generic password was written on the dry-erase board behind him. Favorite past time: Screenshotting support members desktops when they are presenting and forget to leave all their plaintext passwords in notepad on their desktop.
|
|
#
?
May 6, 2022 01:43
|
|
|
emailing clients to tell them "passwords.txt" is not a password safe that should be published in the clear on a network where 100,000 people could read it it's called "system high" cause you'd have to be fuckin high to put anything you want to keep private on the system
|
|
#
?
May 6, 2022 02:41
|
|
|
CommieGIR posted:Favorite past time: Screenshotting support members desktops when they are presenting and forget to leave all their plaintext passwords in notepad on their desktop. Someone flashed their MFA QR code in a demo and a couple of us snapped pictures with our cameras because we couldn't believe what we were seeing.
|
|
#
?
May 6, 2022 03:17
|
|
|
MrQueasy posted:Someone flashed their MFA QR code in a demo and a couple of us snapped pictures with our cameras because we couldn't believe what we were seeing.
|
|
#
?
May 6, 2022 03:25
|
|
|
mystes posted:Were they creating a new account for the demo? Otherwise how did they even have the qr code lying around? It was worse... it was a shared mfa.
|
|
#
?
May 6, 2022 03:29
|
|
|
|
| # ? Apr 26, 2024 16:04 |
|
|
MrQueasy posted:It was worse... it was a shared mfa.
|
|
#
?
May 6, 2022 03:36
|
|