So I have a cisco Room Kit, which is a conferencing bar that is now EOL/EOS that i'd love to re-purpose but it's completely locked down. It's an expensive piece of kit, with a 4k camera, decent sound capabilities, Wifi, IR and Ultrasonic sensors.

It's been sitting in a cupboard for the last couple of years and is not patched for at least a handful of CVEs that it's vulnerable to.

It runs linux on an nVidia Tegra X1 (specifically the Jetson TX1 module), which conveniently is the same processor as a Nintendo switch. The Switch has been exploited, and technically this device is vulnerable to the same attack.

I've spent the last few days researching and trying various methods used in the switch community to be able to get access to the OS drive so I can get it to boot into something other than the locked down UI without success. It seems to work, but so far I have not been able to see any evidence of unauthorised code running on it.

Unfortunately, all of the CVEs it's vulnerable to (about 10, on it's current firmware) were discovered by Cisco's own internal team, so none of them appear to be published but all of them effectively allow a user to gain root privileges! I've been searching for '<CVE> PoC' but nothing is giving me hits other than cisco themselves or CVE sites.

The great disadvantage I have here is that these are not really consumer items - You don't find them in an average house, so the user base is small, and those that have one, probably don't care if it goes to landfill due to forced obsolescence.

As much as I have an electronics and programming background, this is not something I normally do so I'm not sure what sort of places around the internet might help me discover a means to unlock this great device and prevent it from becoming landfill.

The final option may be to replace the Jetson TX1 module, as they can be obtained somewhat cheap, but without the supporting software, a bulk of the hardware features may not be functional so probably makes it pointless.

Any helpful links/hints/resources before I put this back in the cupboard for another few years?

I’m studying for my OSEP, which has various methods talked about regarding word macros.

I wanted to bring it a little further though, and test around in my own environment with full AV enabled (including behavioral).

Writing and compiling my own python stager, I have it download, decrypt, and execute a sliver implant (c shellcode format) in memory. This runs fine with no detections if I execute it directly.

However, as soon as I try to mangle this into a word doc, trying various execution methods, AV really freaks out.

Are there general roads that are better to go down for further development for my VBS macro code?

Ex, instead of focusing on direct binary download and execution, use powershell execution.

Or move the binary into a scheduled task.

Or try more creative methods of separating the word doc from the binary, including lolbas

Etc?

I've been thinking a lot about the ethics concerning the sharing of information in the info-sec field lately and while I've come to my own conclusions I'm interested to hear your opinion.

First: Hacking tools/information can be used by ethical/unethical hackers basically the same way, because the difference between a blackhat/whitehat is often just the intent behind the action and the consequences for the involved parties.

Many people just brush questions like this of by saying things like "I'm just putting the knowledge out there it's the people's responsibility to act ethically" or "Are roads unethical, because they are used for human trafficking?".

I feel like responses like these oversimplify the situation a lot. Roads obviously aren't unethical because they are used by everyone, are a necessity and most people aren't human traffickers. Building a row for 100 human traffickers so 2 people can get to the city... idk.

This argument also falls apart if you look at other, more extreme examples like the NSO-Group or 0-day brokerages like zerodium. Most people(i think) agree that the way they act is unethical. Their clientele is often law enforcement and government to "fight crime and terrorists", but in reality tools like this are mostly used to attack journalists and political opposition, sometimes enabling violence and murder of innocent people.

But why is what they do any more unethical than other tools. After all "they're just putting the info/tools out there" and the governments have the ethical responsibility to choose if they use it for good or bad.

The conclusion I've come up with is a utilitarian one. If the knowledge/tools one shares cause more harm than good it is unethical unless the absence of the tool will lead to more harm than good.

But this has a lot of problems and I'm not sure if I believe that this is always applicable. And how does one measure the harm/good something causes? Is it automatically ethical to share tools/knowledge if there are more ethical hackers than unethical one's; if so are there more ethical or unethical hackers in the world? How would you even measure that because:

ethical != law-abiding necessarily.

Basically the same thing applies to anonymity tools(probably even more) like tails/tor.

Don't get me wrong, I appreciate everyone who is sharing knowledge/tools in the hacking/anonymity space and it is without question that it is necessary for such tools to exist, but still curious.

Thanks for any answers!

Is there any place where i can send my Code to be hacked, i want to know how safe and well structured It is

Thanks

Hello everyone! In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting fuzzing paths.

https://blog.includesecurity.com/2024/04/coverage-guided-fuzzing-extending-instrumentation/

A domain admin had to change a local setting on my office pc and left notepad open with admin rights. Is there a way to get admin rights on my computer via notepad? Can I change any settings or files to get more privileges?

From a real bug bounty program.

Just happened to me and i dont know what to do. Should I try to do a system restore? Or can it be fixed? Also, is my bluetooth headphone i was using at the time compromised?

Hi all, looking for a recommendation on the best database explorer out there. I have recently started grabbing some older leaked databases to peruse and I am wondering what supports the most common file types? What has no issues with LARGE files? The few databases I have grabbed have all been in CSV and several gigs. I am on a windows machine and excel and notepad refuses to try opening something that large.

First problem is I can use the tool but won't work properly using ngronk if I have a vpn enabled. Also I am no expert but I'm pretty sure anything involving port forwarding is going to reveal your network or put you at risk. So how would you go about using the tool seeker safely?

Brand new to general hacking as opposed to specific devices.

If I can access a WiFi network can I see/record the content that is transmitted?

Corollary question—-is there a way I can protect my wifi aside from a strong password from such attempts?

Thank you

I recently started studying on HTB and one of the lessons gave a brief overview of Docker. It got me thinking if I could use Docker containers to run Parrot OS rather than virtual machines. Parrot has pre-configured docker images ready to go. It sounds like it would be a lot easier to run than a virtual machine. But I may be overlooking security aspects because I'm not familiar at all with that side of things as far as Docker is concerned. Any opinions?

A friend of mine bought a software that costs ~4000$. It is highly specialized domain which I think allows them to apply such prices. The software only opens when the USB key is plugged in.

My friend will now move frequently between two cities and he needs to work from his laptop. He asked me to install the software on it. Which I did and works well. But what if the key is lost or breaks? The company doesn't want to give a pair.

Is it possible to duplicate this USB key? I was thinking of using dd command in linux to make a copy and put it on another key. But when I plug the USB in Windows, it doesn't show anywhere. So that is where I thought that it was some kind of special USB devices, and maybe it's copy-protected? Like will it block itself if I try to duplicate it?

I've never seen or heard of anything like that, which I find interesting.

So, I was cracking my wifi to see if it can happen or not. I have zero knowledge of coding. I took help from YT and successfully done WPA handshake and obtained a .cap file but I am not able to crack it. How can i find password from it. Anyone who has knowledge in this field in welcomed. I can't attach the file here. Please tell me a solution 🙂

Without using external/third-party such as uploading to any social media or cloud, how does one prove that the data exist in the past and cannot be made up later?

It is possible to prove that a data is from present and not from before by attaching unpredictable data source such as bitcoin block id or latest news headline but trying to do the opposite seems impossible.

Just curious. Wargames, sneakers and obviously matrix I've seen

https://preview.redd.it/ioojoq8nvcwc1.jpg?width=1546&format=pjpg&auto=webp&s=35d09150c97f8d240deb79ffdcf239f94a1f4970

https://preview.redd.it/35ex5jjivcwc1.jpg?width=584&format=pjpg&auto=webp&s=7a5fa08692536ee78ef3007caa25fb0cd91e188d

https://ripitapart.com/2024/04/20/dispo-adventures-episode-1-reverse-engineering-and-running-windows-95-on-a-disposable-vape-with-a-colour-lcd-screen/

https://github.com/ginbot86/ColorLCDVape-RE

​

I bought the book about 1997, it had a manhole cover on the front cover and was about assembly language, more or less hacking assembly, bought the book in new jersey at a borders if it matters. didn't get to far in reading it until the book went missing hoping someone else remembers the name

So, for example lets say i got banned from an app and i can't log in from my device {A} but I can login from device {B} so from this as we can say my "account" is not banned but the device is and most probably its IMEI so if I have a rooted device with custom rom with magisk+zygisk is there any workaround to bypass a IMEI ban ?? [you guys know which app i am talking about ryt 😂]..

I’ve heard a lot about them recently, not for any specific reason rather I just went on a deep dive after seeing a video about them. The one thing I can’t find is: Are they legal? On one hand it is a virus that can potentially destroy a computer. However on the other it doesn’t actually steal any data or do anything particularly malicious as it is just an insane amount of files. The way most people talk about it is as if it’s just nothing, but then I’ve seen others say it is highly illegal. Figured here was the best place to ask. Cheers

I am trying to reverse engineer a server for an application of which I only have the client side. I have never done anything like this before and it's just a learning project but I have been stuck for some time and need help. The client makes several calls to the server, whose IP is resolved to the local network and the packets are sent to 192.168.0.1, 192.168.5.1 and 10.200.5.55, all on port 1900. Is it possible to run a server on the same machine that accepts the tcp connections to these addresses on that port? I have been told to use a hook but I don't really know how. It may be a dumb question but it has me quite confused.

I've been looking everywhere but nothing works so can I host the BeEF demo page so that I can access it outside the home network? It doesn't need to be a different page, just the demo page because I am only testing it.

Hey all

I did try w proton and nord on DO and AWS. Loosing connection to the VM in both cases(tho required some additional movement w proton). It does add records to routing table. I remember proton wasn’t adding right entries to the table. And after manual adjustments I’d loose connection to the machine the same way I loose it with nord. Machine becomes fully unreachable. And only restart helps. I have no idea how networking with these vms is done on the cloud provider side. So appreciate if someone shares their knowledge. And another question. Has anyone successfully connected to any vpn from any cloud provider? Also do you know if DO monitors port scans a lot? I know gcp does.

A disclaimer tho. I’m not doing anything illegal. All with an explicit consent. Just want to speed up the scan. Thanks in advance.

I was wondering, how worried are folks in the community about their own operational security - and what sort of tricks do you engage in to keep yourself more safe from exploits we know exist? I started to wonder about RFID enabled credit cards and having worked on them for years was troubled by how casually insecure folks were about them. So I figured what better place to ask.