Hello friends. This blog post was supposed to be the second part of this re| evilsocket
I’m happy to announce, after quite some time, the new bettercap 2.4.0 major release. Other than including a plethora of long due fixes (additionally to what the recent 2.33.0 already fixed), it also packs a few new functionalities that extend its reach to car and industrial control system hacking. It’ll possibly take me some time to update the documentation on the official website so I’m here today to write a bit about the new features. Also remember that you can use the help, help ui, ...| evilsocket
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s| evilsocket
During the last few weeks I’ve been working on a new tool that started as a way for me to become more familiar with Rust and its| evilsocket
Some time ago I was using Logic Pro to record some of my music and I needed a way to start and stop the recording from an iPhone, so I found about Logic Remote and was quite happy with it. After the session, the hacker in me became curious about how the tools were communicating with each other, so I quickly started Wireshark while establishing a connection and saw something that tickled my curiosity even more: some of the data, such as the client and server names, were transmitted in cleartex...| evilsocket
Hello everybody, I hope you’ve been enjoying this summer after two years of Covid and lockdowns :D In this post I’m going to describe how| evilsocket
Long time no see friends! Despite this break period ended up not being as long as I hoped| evilsocket
Hey ya all! Since I’ve read around a| evilsocket
This is the story of a summer project that started out of boredom and that evolved into something incredibly fun and unique. It is also the story of how that project went from being discussed on a porch by just two people, to having a community made of almost 700 awesome people (and counting!) that gathered, polished it and made today’s release possible. TL;DR: You can download the 1.0.0 .img file from here, then just follow the instructions. If you want the long version instead, sit back, ...| evilsocket
In this post we’ll talk about two topics I love and that have been central elements of my (private) research for the last ~7 years: machi| evilsocket
In this post, I’ll talk about the new WiFi related features that have been recently implemented into bettercap, starting from how the EAPOL 4-way handshake capturing has been automated, to a whole new type of attack that will allow us to recover WPA PSK passwords of an AP without clients. We’ll start with the assumption that your WiFi card supports monitor mode and packet injection (I use an AWUS1900 with this driver), that you have a working hashcat (v4.2.0 or higher is required) install...| evilsocket
It’s been a while that i’ve been quite intensively playing with Deep Learning both for work related research and personal projects. More specifically, I’ve been using the Keras framework on top of a TensorFlow backend for all sorts of stuff. From big and complex projects for malware detection, to smaller and simpler experiments about ideas i just wanted to quickly implement and test - it didn’t really matter the scope of the project, I always found myself struggling with the same issu...| evilsocket
A few days ago I started playing with some idea I had from a few weeks already, using a Raspberry Pi Zero W to make a mini WiFi deauthenticator: something in my pocket that periodically jumps on all the channels in the WiFi spectrum, collects information about the nearby access points and their connected clients and then sends a deauthentication packet to each one of them, resulting in some sort of WiFi jammer on the 802.11 level. As an interesting “side effect” of this jammer (the initia...| evilsocket
After my last post and generally the kind of indirect advertising I’m doing to the Go programming language for a few months now, I heard about and talked with a lot of people who started being interested in the language, so for once I decided to write what I don’t like about it instead, to provide a more balanced perspective of what’s my experience so far and maybe let some of those people realize that Go is not the right choice for their projects after all. NOTE 1 It’s important to s...| evilsocket
It’s with immense pleasure that I announce the release of the second generation of bettercap, a complete reimplementation of the most complete and advanced Man-in-the-Middle attack framework. This release not only brings MITM attacks to the next level, but it aims to be the reference framework for network monitoring (we <3 blueteams too), 802.11, BLE attacks and more! :D ベッターキャップ!| evilsocket
For the last few days I’ve been working on a new project which I developed for very specific needs and reasons: I need to store safely (encrypted) my passwords, sensitive files, notes, etc. I need to access them from anywhere, with every possible device ( desktop, mobile, terminal ). I need those objects to be syncronized accros all my devices. I don’t want to use “the cloud”. I don’t want to pay for a server. I don’t want to enable port forwarding and host it myself with DynDNS o...| evilsocket
This is not a post about BLE, but rather on how to hack it … well, to be honest, BLE devices are usually very easy to hack, so it’s just a quick intro to it, I’ll also take the chance to open source one of the last tools I’ve made and that I kept private so far. I moved the features I thought to be dangerous ( aka: auto fuzzing all the BLE things and bring chaos ) in a private fork which will stay private, however it’s not that complicated to chain bleah with other tools ( cough …...| evilsocket
Tonight my brain decided, instead of sleeping (why even bother trying, right?), to start a new short adventure in the Bluetooth Low Energy world. I’m a happy Crafty vaporizer owner and as I discovered by chance, I can access it using my laptop.| evilsocket
It’s no secret I’ve been recently playing with the GPD Pocket 7, an ultra small laptop which can run GNU/Linux and has more than decent hardware. Tablets are cool and everything, but I’ve been a fan of ultra portable Linux devices since the Sharp Zaurus series. Considering that a lot of people were interested I decided to write this post to share my impressions, installation procedure and configuration tips.| evilsocket
Yesterday I released version 1.6.1 of bettercap and among other things, you can read in the changelog: * Huge improvement on HTTPS parser, now it parses TLS Client Hello messages with SNI extension in order to extract the real hostname. ... But what does this actually mean? And how can we protect ourselves from it? (Hint: we can’t, yet)| evilsocket
