DVID - Damn Vulnerable IoT Device

DVID - Damn Vulnerable IoT Device

Who ever wanted to learn about Hardware Hacking ? I found this small opensource IoT hacking learning board while I was in a security event. It is designed by @vulcainreo and cost around 45€, more than 300 units were shipped around the world.

Let’s dig into this awesome project and clone the git : https://github.com/Vulcainreo/DVID.git !

https://raw.githubusercontent.com/Vulcainreo/DVID/master/kit-contents.jpg

Challenges’ Writeup

Read More

HIP19 Writeup - Meet Your Doctor 1,2,3

Last wednesday I was in the Hack In Paris event for the 3rd time. As always there were some great conferences and challenges, and a new competition called “Hacker Jeopardy” which was very fun! During the Wargame I focused my time on Web challenges based on the graphql technology which was new to me, you will find below my writeups for the Meet Your Doctor challenges.

HIP Wargame 2019

Read More

SIGSEGV1 Writeup - MD Auth

Let’s talk about the “MD Auth” challenge, I admit I started with this challenge thinking it would be about “Markdown”. I was wrong but it was nonetheless interesting to solve.

Read More

An XSS Story

Last night I stumbled across an XSS in a bug bounty program, this was quite fun to exploit.

Read More

WHID Injector - Tips and Tricks

WHID Injector - Tips and Tricks

What is it ? The WHID Injector is USB Key which act as a remote keyboard. Basically it sets up a Wifi Access Point where you can connect and send whatever you want on the machine. It also has a Rubber Ducky payload converter, an exfiltrated data tab and many more.

What can I do ? Everything you could do with a keyboard plugged into a computer, for example : using WHID Toolkit you can spawn a reverse-shell :D

Where to buy a WHID Injector ? I got mine from Aliexpress, it’s also available on ebay around 15+ $ ;)

Read More

French Croissant - or why you need to lock your computer

Last year the first day of my internship I was given a computer and asked to install and secure it for two days. After that delay anyone can try to attack and compromise my machine, and if so I was welcome to buy some “French Croissants” to the team while the attacker explain his method to get access into your computer the next morning. There are some techniques you need to be aware of when you’re securing your machine, the list below is not exhaustive.

Read More