Nyt OS/tool til Mester hak og VPNfilter.

HakkeriPosted by Harleyman Sat, June 02, 2018 21:45:22
Har bygget mig en virtual dojo, hvor jeg kan lege med forskellige tools.
Et af de OS / tools jeg for tiden roder med er BlackArch.( )
Med 1981 tools og flere kommer til hele tiden kan det ikke gå helt galt smiley
Mere info :

Det ser ud til VPNfilter Malware har ramt flere routere.
Der er et rygte om det er http-serveren,BusyBox eller Dropbear der har sikkerhedsproblemer.

info :

De sårbare routere... (Liste Opdates IKKE)

Linksys E1200,Linksys E2500, Linksys WRVS4400N,

Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072

Netgear DGN2200,Netgear R6400,Netgear R7000,Netgear R8000,

Netgear WNR1000,Netgear WNR2000,QNAP TS251,

QNAP TS439 Pro,Other QNAP NAS devices running QTS software

TP-Link R600VPN

Jeg må vel heller kigge på den Telenor router igen ! smiley

  • Comments(0)//

MimiKatz vs Win10 @ MS TechSummit.

HakkeriPosted by Harleyman Sat, April 01, 2017 11:17:43
Så var jeg til Microsoft Tech Summit Copenhagen 2017.

En af de ting jeg bed mærke i var de "nye" IT-sikkerhed tiltag og skal vi sige manglen på samme.

Der var et foredrag hvor de viste at mimiKatz (fra : )
ikke virker med Windows 10 og frem. Men der kommer sikkert en opdatering fra mimikatz smiley
(de er opmærksom på problemet : )

Mange af de foredrag der var på Tech Summit ligger på MS-YouTube eller på Channel9.

Fuld program : Kilde :

Tech Summit Keynote

11:30 am - 12:45 pm

An Overview of the Microsoft Application Platform for Developers

Challenges and opportunities in Building Global, ultra-scale SaaS Business Applications

Improve decision-making with Business Analytics in Microsoft Excel 2016

Make your app a native part of Office with Office Add-ins

Modernize your Data Platform with SQL technologies

Move all your communications to Skype for Business Online

Powering IT Transformation with Office 365

Reinventing IT infrastructure for business agility

Secure and manage your digital transformation

The future is closer than you think; broadly deploying Windows 10 for business

1:45 pm - 3:00 pm

Azure SQL Database – A Managed Intelligent Cloud Database for App Developers

Deep dive in the technology stack of Dynamics 365 for Operations

Defend Windows clients from modern threats and attacks with Windows 10 security

Dive into PowerApps, building apps that mean business without writing code

Explore Microsoft Azure Stack “State of the Union” – Foundation 1

Let your apps and services take a front seat in Outlook with Actionable Messages

Moving from legacy on-premises Exchange: upgrade to Exchange 2016, or Exchange Online?

Protect and share data securely with Azure Information Protection

Redefine productivity with the latest Microsoft Office 2016 Features on Windows 10

Running Line of Business Apps on Azure

Take your management and security strategy to the cloud

What's new in Office 365 management: Usage reporting, change management and service health

Windows 10: Deploy and manage Windows as a service (Instructor Led Lab)

3:15 pm - 4:30 pm

Administering Office 365 with PowerShell (Instructor Led Lab)

Build microservices and container solutions using Azure Service Fabric and Azure Container Service

Drive transformative change with advanced analytics in Cortana Intelligence Suite and Microsoft R

Enhance Windows 10 deployment: what's new with Windows 10 deployment?

Explore Microsoft Windows Server 2016 Security

Explore OneDrive for Business key features and roadmap

Explore the new, cross-platform .NET Core 1.0

Get close up with the new Microsoft SharePoint Developer Framework

Microsoft Dynamics 365 – the vision and strategy

Office 365 Groups – Overview & Administration

Protect your business and empower your users with cloud Identity and Access Management

Take advantage of new capabilities in System Center 2016

Turn your users into raving fans of Skype

4:45 pm - 6:00 pm

Bring visibility, control and protection to your cloud apps with Microsoft Cloud App Security

Build modern cloud based web and mobile applications on Azure App Service

Connect your company with Yammer - a vision and roadmap update.

Deploy Microsoft Office 2016 the right way

Discover what's new and what's coming to the SharePoint Mobile and Intelligent Intranet

Dive deep into Operations Management Suite for applications and infrastructure

Engineering for the Cloud at Microsoft CRM

Explore Microsoft Windows Server 2016 Application Platform

Fix web app compatibility with Enterprise Mode

Innovate with Modern BI in the enterprise

Migrating to Exchange Online via Hybrid – over the long haul

SQL Server 2016 Security (Instructor Led Lab)

Understanding Cloud networking planning and troubleshooting with Office 365

Use Azure Infrastructure-as-a-Service (IaaS) as a starting point on your cloud journey

6:00 pm - 7:00 pm

Ask the Experts

Day 2:

10:00 am - 11:15 am

An Overview of the Microsoft Application Platform for Developers (repeat)

Make your app a native part of Office with Office Add-ins (repeat)

Modernize your Data Platform with SQL technologies (repeat)

Move all your communications to Skype for Business Online (repeat)

Powering IT Transformation with Office 365 (repeat)

Reinventing IT infrastructure for business agility (repeat)

Secure and manage your digital transformation (repeat)

The future is closer than you think; broadly deploying Windows 10 for business (repeat)

What's new in TypeScript?

11:30 am - 12:45 pm

Accelerating Office 365 deployment and user adoption

Architecting robust Big Data Solutions with Azure Data Lake

Connect your applications to the cloud through Azure Logic Apps and API Management

Deploy and manage Microsoft Office 365 ProPlus using Configuration manager

DevOps, Microservices and containers - from hype to reality with Red Hat OpenShift and Azure

Enterprise Mobility + Security (EMS) (Instructor Led Labs)

Implement Windows as a Service: understanding how to do it

Introducing Microsoft Teams

Learn about Mobile DevOps with Xamarin, HockeyApp and Visual Studio Team Services

Learn how Microsoft Advanced Threat Analytics combats persistent threats

Microsoft Social Engagement : High performance Java service on Azure

Port your AWS knowledge to Azure

Protect your data with a modern backup, archive and disaster recovery solution

1:45 pm - 3:00 pm

Configuring your heterogeneous environment with PowerShell and DSC

Create a Lab Environment in Azure and LOB Apps in Azure (Instructor Led Labs)

Deliver high scale and low cost solutions with Azure Tiered Cloud Storage

Dive deep into Azure Container Service

Enable a new world of work with Office 365 Identity

Get to know the Skype Operations Framework

How Renault Formula Sport One and Real Madrid C.F. are winning with Microsoft Dynamics 365

Intelligence throughout Office 365: Delve, MyAnalytics, and Microsoft Graph-powered experiences

Keep your OneDrive and SharePoint content safe

Learn about the future of Microsoft PPM

Manage your mobile devices and apps with Microsoft Intune

Microsoft Azure networking: getting things connected

Plan your Cloud PBX deployment

SQL Server v.Next with Support on Linux, Windows and Containers

3:15 pm - 4:30 pm

Building serverless applications with Azure Functions

Detect and respond to advanced and targeted attacks with Windows Defender ATP

Discover Implementation Best Practices, Monitoring & Diagnostics tools for your Azure applications

Dive into the power of the Microsoft Graph API

Explore cross-platform mobile development end-to-end with Xamarin

Explore Microsoft SharePoint Server 2016 and beyond

Get the most out of the Office 365 security solutions

Join your Windows 10 devices to Azure AD for anywhere, anytime productivity

Microsoft Dynamics 365 for Operations

Protect your business with Azure, a secure and trusted cloud

SQL Technologies for Cross-platform Developers

Take control of your data with intelligent compliance in Office 365

Understand the future of software development in the cloud with the Azure Application Platform.

  • Comments(0)//

Demo/Hax0r konf i 2017

HakkeriPosted by Harleyman Wed, February 22, 2017 09:14:16
I år er der flere Demo/hax0r konf./camps der kunne være spændende, men jeg står lidt med overvejelserne om det er noget jeg vil bruge tid på.

De events der er kig på er :

Invite :
"Revision takes place from April 14th to 17th 2017 in Saarbrücken, Germany."

Twitter :

"SHA2017 is a non profit outdoor Hacker camp/conference taking place in The Netherlands from the 4th to 8th of August 2017. It is the successor of a string of similar events happening every four years. These are GHP, HEU, HIP, HAL, WTH, HAR and OHM. Similar events are EMF Camp 2016 in the UK, CCC Camp and congress in Germany. The location is the Scoutinglandgoed in Zeewolde, 55km east of Amsterdam."
  • Location: Scoutinglandgoed in Zeewolde, 55km east of Amsterdam.
  • When: 4 - 8 August 2017
  • Buildup from: ±26st of July*
  • Teardown until: ±11 of August*
Billet :

Twitter :

"Bornhack 2017 will be the second BornHack. It will take place from August 22nd to August 29th 2017 on the Danish island of Bornholm. The tagline of this event will be Make Tradition."

  • Comments(0)//

At finde huller i Hardware..

HakkeriPosted by Harleyman Tue, July 19, 2016 14:39:53
Brugte min sommerferie på at finde "sjove" bugs i forskelligt D-link udstyr.
Det er sådan at det meste af det udstyr der kommer på marked i dag er under GPL
og det betyder source koden skal online. NB! bemærk at noget er under BSD!

Jeg har tidligere haft held til til at "hacke" min Router fra Telenor - ved at kigge i firmwaren og de backup funktioner routeren understøtter. Dog har de(telenor) slået funktionerne fra -ØV! smiley
Mere info :

Men hvor starter man så? Start med noget simple, som en NAS eller wifi router.( self. din egen!)

1. Find model nummeret på det Dlink udstyr du vil undersøge for sikkerheds-huller.
Går man ind på og finder den model man vil "kigge" på.
Rigtig mange routere og switches er under GPL og har dermed source koden liggende frit.

2. Hent Linux distro'en Kali fra :

3. Se video'en "kim guldberg hacking 101":

Det næste man kunne kigge på var Smart-fjernsyn ,overvågningskamera , biler (Tak Blå tand ) og HD-optagere. Flere af dem understøtter direct-WIFI og har en simple nøgle eller ingen smiley

Ja sku! Der er kommet en opdate til min DNS-320.....NAS box.
WebSite :
Firmware :
Google gruppe:!forum/alt-f

  • Comments(0)//

CCC camp 15 er NoGo!

HakkeriPosted by Harleyman Tue, August 11, 2015 10:35:50
Der er totalt udsolgt til CCC camp 2015 - Bobbi,kim og Thomas var så heldige at få billeter.

Heldigvis er der en del streamning :

Vel ankommet og tid til en lille lur ...

Sådan ser setup ud... ikke så langt fra OSAA

CCC camp 2015 Badge :

  • Comments(0)//

Password problemer?

HakkeriPosted by Harleyman Thu, June 18, 2015 08:42:30
Så skete det alle ventede på... LASTpass blev hackede og der er adgang til alle de sjove steder smiley

Mailen fra LastPass:

LastPass Security Notice

Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately

blocked suspicious activity on our network. No encrypted user vault data

was taken, however other data, including email addresses and password

reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently

protect our users. To further ensure your security, we are requiring

verification by email when logging in from a new device or IP address, and

will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will

better protect LastPass users. Thank you for your understanding, and for

using LastPass.


The LastPass Team

Kilde : og

MAC er ikke så sikker som sælgeren siger i butikken.... Patch your shit!

"Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks." Kilde :

  • Comments(0)//

Du bliver overvåget! (VPN?)

HakkeriPosted by Harleyman Tue, May 12, 2015 18:05:14
Fik lige set DR's program om overvågning...
Du bliver overvåget!:

Med Nikolaj Sonne ( )

Man kunne bruge VPN'er.... (men hvem sidder i den anden ende og lytter til din trafik?)
De nævner TOR i programmet :
Listen over gratis VPN'er: (2015)

HotSpot Shield Free [Windows Only, asked for my Phone Number!]

Private Tunnel Free [Just 100mb data only]

OkayFreedom VPN Free [Free, Ad supported]

CyberGhost Free [Completely Free]

JustFreeVPN Free [Completely Free]

VPNBook Free [Completely Free, No registration required]

AnchorFree HotSpot Shield Elite Free [Free, Ad supported]

proXPN Free [Completely Free]

TorVPN Free [1 GB Free]

VPNGate Free [Hosted at University of Tsukuba, Japan. Completely Free

  • Comments(0)//

Lenovo Adware? SuperFishy!

HakkeriPosted by Harleyman Fri, February 20, 2015 08:31:47
Endnu engang er det bevist at de pre-installed windows der ligger på maskiner man køber er fyldt med crap-ware. Denne gang er det Lenovos maskiner der er undermistanke.
Sådan ser man om man er sårbar og maskinen indeholder Superfish :

Lenovo skriver :

Mere om problemet her :

"Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections".

Lenovo has released a list of models that may have had Superfish installed.

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45

U Series: U330P, U430P, U330Touch, U430Touch, U530Touch

Y Series: Y430P, Y40-70, Y50-70

Z Series: Z40-75, Z50-75, Z40-70, Z50-70

S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch

Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10

MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11

YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW

E Series: E10-30]

Kilde :

"Superfish-adwaren, der har været præinstalleret på Lenovo-computere, laver reelt set et man-in-the-middle angreb for at indsætte reklamer på ellers betroede sider. Lenovo afviser sikkerhedsproblem."
Kilde :

  • Comments(0)//

Hack din TG788vn !

HakkeriPosted by Harleyman Tue, July 22, 2014 09:54:18
Jeg har her i min sommerferie rodet lidt med min nye Technicolor TG788vn v2 DSL router fra Telenor.
Spørgsmålet var primært :
Hvor sikker er den? (kan det gøres bedre?)
Kommer senere.... tænker Nessus/Nitro og Kali-linux smiley

Kan man ændre de skjulte funktionerne ? (hvad med VOIP?)

Det viser sig at man kan ændre config filen (hente -> ændre -> oploade)
Man finder config filen : Home > MediaAccess Gateway > Configuration > Backup & Restore
Start med : Backup current configuration

Du modtager en : user.ini - Man kan søge efter disable og enable og dermed styre hvad din router kan smiley Når du nu er færdig med at ændre dit setup : Restore saved configuration
Man man også ændre alle service porte og dermed lukke/ændre services...

Jeg fandt sjove ting som:

server config url=

server config username=tacsuser1

server config password=_DEV3_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Det er desværre ikke lykkes at cracke passwordet smiley
En af de mere mystiske settings jeg faldt over i user.ini-filen var under "webfilter.ini"

standard category create id=0 name=Pornography type=category

Det er i skrivende stund uvist hvordan den bruges.... Opdateres når jeg ved mere !

Update :
*Et eksempel på user.ini filen(ikke telenor) :
*Ved at kigge i log-filen kan man se der er 2 brugere der ikke står andre steder i systemet. Brugerne : TR69 og support. som man kan se under "Home > MediaAccess Gateway > Event Logs"
"LOGIN User support logged in on TELNET ("

  • Comments(16)//
Next »