Hey everyone yesterday I was at a grocery store and I noticed suspicious WiFi networks and Bluetooth networks. I am quite tech savvy so I decided to investigate thinking it was probably just some skid. But when I opened Wireshark I saw the mac addressees for Cisco Merkari (A relatively advanced DPI program) , along with multiple other enterprise grade tools such as Fortinet and VMware. I have collected pcaps for both my Bluetooth and WiFi interfaces with Wireshark(available upon request). Does anyone have any idea could this be a government contractor? Or could it just be spoofed cause its relatively easy to spooph Mac addresses.

I really don't know how to explain but hacking is difficult to understand. Like I watched tutorials on Youtube, took courses and read many books but still I feel like I know nothing. Watching Mr Robot and other documentation made feel even worse, you might say Mr Robot doesn't portray the real world but the documentation do. Like this video I was completely baffled at how I didn't have a single clue how they did it what techniques they used.

After all that though, I don't want to give up on hacking, I want to learn more advanced stuff. If you have an recommendations please dm me or comment.

Sorry for my bad english learning to write too.

Hi as per above , Any1 have experience? Was given this bluray, it's still running old firmware, hesistant to upgrade, but was hoping for some kung fu firmware hack on the new firmware to be installed, to make this so 🤷. Have checked online and nada.

https://org.downloadcenter.samsung.com/downloadfile/ContentsFile.aspx?CDSite=UNI_AU&OriginYN=N&ModelType=N&ModelName=BD-D5300&CttFileID=3864250&CDCttType=FM&VPath=FM%2F201307%2F20130726182311156%2FB-BRCM53BSP.zip

Tx 4 reading

cross-posted from: https://lemmy.dbzer0.com/post/36237226

Hi folks, not sure if this is the right place but so please lmk if there is a better place to put this:

I'm currently attempting to reverse engineer yealink t41p IP phone firmware since the device is out of support for some years and but works very well imo. For security reasons and keeping the devices out of the trash, I would like to provide open source firmware for it. I recently learned how the process with clean room reversing works but I'm stumbling at the first step already. Here is what I attempted so far:

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk --signature T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -E T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
16384         0x4000          Rising entropy edge (0.984980)
20480         0x5000          Falling entropy edge (0.783278)
32768         0x8000          Rising entropy edge (0.992664)
45056         0xB000          Falling entropy edge (0.601562)
65536         0x10000         Rising entropy edge (0.991434)
815104        0xC7000         Rising entropy edge (0.992069)
2945024       0x2CF000        Falling entropy edge (0.668870)
2949120       0x2D0000        Rising entropy edge (0.993514)
8155136       0x7C7000        Falling entropy edge (0.843171)

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -BE T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------


DECIMAL       HEXADECIMAL     ENTROPY
--------------------------------------------------------------------------------
16384         0x4000          Rising entropy edge (0.984980)
20480         0x5000          Falling entropy edge (0.783278)
32768         0x8000          Rising entropy edge (0.992664)
45056         0xB000          Falling entropy edge (0.601562)
65536         0x10000         Rising entropy edge (0.991434)
815104        0xC7000         Rising entropy edge (0.992069)
2945024       0x2CF000        Falling entropy edge (0.668870)
2949120       0x2D0000        Rising entropy edge (0.993514)
8155136       0x7C7000        Falling entropy edge (0.843171)

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -y T41-36.83.0.160.rom 
haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -e T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -I T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
12622         0x314E          BFF volume entry, AIXv3, file name: "iX2jÅ

haui@TowerPC:~/Downloads/t41p-firmware$ binw^C

haui@TowerPC:~/Downloads/t41p-firmware$ binwalk -G T41-36.83.0.160.rom 

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------

https://inscaptions.com/how-to-see-private-accounts-on-instagram-using-inspect/

https://techcult.com/how-to-access-private-instagram-inspect-element/

I don’t know anything about programming, and sadly I can’t differentiate between rubbish webpages and the real deal when it comes to stuff like that..

I also read about a couple of ios shortcuts that claim to be able to download private Instagram posts if you have the link to it.. is it true?

Apologies is this seems somewhat weird, I was using the reddit app on my iphone when I clicked on a tag in my search history and at the same time I noticed my flash go off on my phone. I suppose this could have been some strange hardware issue in my phone, but I suspected it took a photo. I checked my photo stream and there was nothing new. There is no log of events on my phone I know of, but I wondered if it was intentional. Curious if anyone here has any idea if it could have been something intentional (it taking a photo), or maybe some log info source I could check to see if it was legitimate hack.

I'm trying to find a good fuzzing tool for testing my web applications and was wondering what people would recommend. I'm trying to find one that is open source, free, and doesn't use proprietary stuff. It seems like Google's OSSFuzz is the closest option to what I'm looking for, but it uses Google cloud :/

Security researchers have discovered new Bluetooth security flaws that allow hackers to impersonate devices and perform man-in-the-middle attacks.

The vulnerabilities impact all devices with Bluetooth 4.2 through Bluetooth 5.4, including laptops, PCs, smartphones, tablets, and others.

Users can do nothing at the moment to fix the vulnerabilities, and the solution requires device manufacturers to make changes to the security mechanisms used by the technology.

Research paper: https://dl.acm.org/doi/pdf/10.1145/3576915.3623066

Github: https://github.com/francozappa/bluffs

CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-24023

Hey all,

I am looking into hacking TVs. Its well known they run linux most of the time, so we should be able to do some fun stuff with them.

I've found some guides, clips and other reference material online, but it isn't much. Do any of you guys have some reference material to help me on my learning journey?

A 3rd set of data has been published on the dark web, site says, as OPP continue investigation

does anyone have any idea what the new breach forums onion is? or why tor taxi and such don't share it anymore? is tor taxi or breech sussy?

I'm a big fan of Darknet Diaries and Smashing Security. I'm all the way caught up on them though so I'm wondering if there are any others out there I'm missing out on?

If this post gets a decent number of comments I'll create a list here of every podcast recommended.

You had me at BlackBerry keyboard!

I have repeatedly fund security concerns when working on internal applications. Simple things like sql injection, hard coded credentials, and privileged containers being run as the standard. I brought these up with my team lead, but he says that since its in the dev environment, it does not matter. To me, that is the totally wrong attitude to have about security. We should teach our developers how to not make these mistakes and fix them as we find them. Should I go over his head to report it to other managing parties? I want to say more, but am being as vague as possible just in case. How do I go about reporting internal vulnerabilities in a responsible way that won't make everyone hate me? I honestly believed that people would be happy to hear about their problems from me rather than get exploited but it does not seem to be the culture here.