26th draft, based on previous LinkedIn posts.
Published and updated since 15th Jan 2024.
Available also as PDF by Google Drive link.
Il darkweb per principianti
Il darkweb è una dimensione pericolosa per i principianti e il rischio di imbattersi in attività criminali o di essere loro vittima aumenta di molto rispetto al surface web e al deep web.
La differenza fra il surface web e il deep web è l'indicizzazione: tutto il materiale che in qualche modo si può reperire con una ricerca sui vari motori di ricerca. Nel deep web, manca l'indicizzazione e quindi se non si ha il link diretto non si può accedere ai contenuti.
Il dark web invece è tutt'altra cosa. Prima di tutto non è accessibile con un normale browser web connesso a Internet ma serve accedervi tramite, ad esempio le reti TOR che comunque da sole non forniscono il 100% della garanzia di essere anonimi o non tracciabili.
Sul dark web si possono trovare link il cui contenuto non è indicizzato e magari è protetto da una password per garantire che non venga indicizzato. Il link e la password possono essere entrambe pubbliche ovvero esposte sul dark web. Anche se il contenuto è accessibile dal deep web non significa che sia sicuro o che sia legale o che corrisponda alla descrizione.
Già questo dovrebbe farvi capire che non è una dimensione per principianti ma non si diventa senior o esperti stando seduti sul divano a guardare Netflix. Quindi se si vuole esplorare questa dimensione occorre prudenza, un po' di paranoia e ovviamente coraggio.
Ma anche strumenti e accorgimenti specifici per questa attività:
non usare MAI-E-POI-MAI il computer di casa o di lavoro per accedere la dark e neanche al deep web ad esso relativo.
Dal punto #1 deriva la necessità di dotarsi di un laptop dedicato SOLO-ED-ESCLUSIVAMENTE per quelle attività.
Dai primi due punti deriva la conclusione che MAI-E-POI-MAI si devono trasferire contenuti dal computer di casa o lavoro a quello di esplorazione e viceversa.
Perciò tutte le unità dati esterne che si usano per l'esplorazione DEVONO-ASSOLUTAMENTE essere contrassegnate con un bel nastro adesivo ROSSO per evitare pericolosi errori.
Un laptop da esplorazione può essere comprato spendendo da €150 (T460) a €300 (X280) e i ThinkPad sono i più adatti perché garantiscono la massima compatibilità hardware con Linux scordatevi Windows e anzi radetelo subito al suolo meglio ancora se all'inizio togliete anche lo SSD.
La distribuzione più adatta all'esplorazione è TAIL Linux [1] da usare via USB (suggerita: Sandisk Ultra USB 3.0 130Mb/s) [2], inizialmente senza possibilità di salvare dati in modo permanente. Poi con la sua partizione dati e una volta raggiunta una certa seniority potete rimontare lo SSD.
Quando o se decidete di usare lo SSD interno, procuratevi una chiavetta USB di wiping [3] e testatela sulla SSD come prima cosa. Se avete la sensazione che qualcosa stia andando storto o scaricate del materiale che ASSOLUTAMENTE-NON volete conservare - reboot & erase - piallate tutto senza esitazione.
Trust your gut and never panic.
Links
[1] tails.net
[4] wikileaks.org
PhotoRec, Digital Picture and File Recovery
PhotoRec is file data recovery software designed to recover lost files including video, documents and archives from hard disks (Mechanical Hard drives, Solid State Drives...), CD-ROMs, and lost pictures (thus the Photo Recovery name) from digital camera memory. PhotoRec ignores the file system and goes after the underlying data, so it will still work even if your media's file system has been severely damaged or reformatted.
Signal App + /e/OS for TOR encrypted messages
Signal is an end-to-end encrypted instant messaging service for instant messaging, voice, and video calls. The application uses a centralized computing architecture and is cross-platform software. It is developed by the non-profit Signal Foundation and its subsidiary Signal Messenger LLC. Signal's software is free and open-source. It uses mobile telephone numbers as identifiers for users and includes mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel. --Wikipedia
Using TOR and faking the GPS position.
/e/OS is a fork of LineageOS, an Android-based mobile operating system, and associated online services. /e/ is presented as privacy software that does not contain proprietary Google apps or services, and challenges the public to "find any parts of the system or default applications that are still leaking data to Google." --Wikipedia
Advanced Privacy is using an implementation of the Tor project. We extracted the core functionality from the Orbot application, and added a user interface on the top of it. When Hide My IP is activated, all the device’s internet traffic, or just the one of some selected app, is redirected through the Tor network. In the end, the user’s primary (and read) IP address is masked by a random IP address that belongs to the TOR network
In Advanced Privacy, Fake my location takes advantage of existing low-level operating system features that we have connected to the Advanced Privacy User Interface to make it easy to use and hidden from applications. Fake my location bypasses the real location provided by the satellite radio navigation system or the network, and instead sends the one set by users to applications that are requiring location.
Smartphones /e/OS compatibili
Scegliere in preferenza quelli contrassegnati con l'etichetta STABLE e dotati di Easy Installer preferibilmente anche di Roll Back (opzionale) oppure i Murena Smartphone che arrivano già preinstallati.
Per facilitare la selezione queste impostazioni mostrate nello screenshot ridurranno la lista a quelli preferiti come sopra.
In ordine secondo il più recente rilasciato sul mercato troviamo:
TeraCube 2e, Fairphone 4, OnePlus 8 and 8 pro, Google Pixel 4a, Gigaset GS290, OnePlus Nord, Google Pixel 5 -- before 2020 -- Fairphone 3 and 3+, OnePlus 7 pro and 7T, Google Pixel 4 and 4XL, Samsung Galaxy S9, S9+ S8, S7 and S7 edge.
Operatori 4G suggeriti
in Italia con EU roaming, Iliad - www.iliad.it
internazionale, giffgaff - www.giffgaff.com
100 free Cyber Security Tools
For ethical hackers and forensic investigators
The Hacker Manifesto
Il Manifesto Hacker di Loyd Blankenship presentato in un video sul canale youtube di Red Hot Cyber.
Era una giornata fredda dell'8 gennaio 1986 quando The Mentor scrisse il breve saggio dal titolo "the hacker manifesto". Si tratta di un altro pezzo fondamentale della cultura hacker, che tra poco comprerà 35 anni. Un manifesto, preso in prestito da tutti gli hacker, vecchi e nuovi e che rappresenta una descrizione scritta della filosofia hacker che la raffigura sia dal punto di vista ideologico, psicologico che sociale. Ed è questo che vi racconterò oggi.
Steganografia
La steganografia è una tecnica che si prefigge di nascondere la comunicazione tra due interlocutori. [...] Generalmente, i messaggi nascosti sembrano essere (o fanno parte di) qualcos'altro: immagini, articoli, liste della spesa o un altro testo di copertura.
Ad esempio, il messaggio nascosto può essere un inchiostro invisibile tra le linee di una lettera privata. Alcune implementazioni della steganografia che non utilizzano un segreto comune sono forme di security through obscurity, mentre gli schemi steganografici a chiave dipendono dal principio di Kerckhoffs.
La steganografia, a differenza della crittografia, consente di nascondere un messaggio all'interno di un vettore che possa consentirne il trasporto senza destare sospetti.
Ad esempio, un mittente potrebbe inviare un file di immagine innocuo e regolare il colore di un pixel ogni cento per farlo corrispondere a un carattere alfabetico. La modifica è così lieve che è improbabile che qualcuno la noti, a meno che non la stia cercando in modo specifico.
Plausible deniability
The plausible deniability is the ability of people, typically senior officials in a formal or informal chain of command, to deny knowledge of or responsibility for actions committed by or on behalf of members of their organizational hierarchy.
Combinando queste diverse tecniche, ad esempio mediante errori ortografici o declinazioni di verbi in tempi incorretti rispetto al contesto si possono inviare brevissimi messaggi (hook codes) che oltre a passare generalmente inosservati hanno il beneficio di essere plausibilmente negabili di essere messaggi di comunicazione.
Hook codes
Hooking code that handles such intercepted function calls, events or messages is called a hook. Hook methods are of particular importance in the Template Method Pattern where common code in an abstract class can be augmented by custom code in a subclass.
Gli hook codes possono servire a molti scopi quali:
informare e/o validare un messaggio
determinare mittente e/o destinatario
indicare la tipologia di codifica usata
indicare dove si trova il messaggio
Gli hook codes più efficaci sono quelli non strettamente codificati ovvero quelli che sono diretti alle persone e non a degli algoritmi. La combinazione di questo tipo di hook codes con altre tecniche permette di creare un sistema di comunicazione che può essere, anche se scoperto, decifrato solo dalle persone che ne conoscono i meccanismi e le informazioni di contesto relative.
Breve articolo divulgativo riguardo a un progetto che permette di salvare files dentro a dei video di youtube e la struttura frattale dei numeri primi.
Bare conductive electric paint
There are many version of it. Another one is Liquiwire™. However, making this product as DIY is quite simple and requires two ingredients: graphite powder and Elmer's glue, mixed together.
Here two interesting links about DIY conductive painting:
Combining the instructions from these two links, it is possible to produce large quantities of this conductive paint for a small amount of money: BBQ charcoal briquettes $16 for 5lb + Elmer's glue $21 per gallon.
Please notice that the briquettes need to be broken in small fragments before being put into the blender and the blender should be designed for crushing ice. Such blender starts to be priced from $25. While a press-on refillable pen can be bought for $1 each.
Prices collected on Amazon as reference.
Advanced electronic devices
Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like. --source: flipperzero.one
amazon.it/gp/product/B0BFXKSFNT (ref. price: €200 c.a.)
Wifi Deauther, deauthing a network means to forcibly disconnect all the devices connected to a network. This is possible as the Management frames used to administrate a WiFi connection are unencrypted. So a 3rd party can inject false Management Frames into a network, disconnecting clients.
Portable products and prepared kits based on ATMega 32 are available. Using Amazon Italia as price reference, starting from €23 up to €140.
Radio frequency gadgets
Moreover, about the radio frequency hacking and signal analyzing, there are nice OSHW/SW projects as much interesting as the Flipper Zero.
HackRF One FROM Great Scott Gadgets in a €170 - €340 range
HackRF One is a Software Defined Radio (SDR) peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies, HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed for stand-alone operation.
HackRF Portapack H4M with mayhem firmware from $152
HackRF Portapack H4M is a Receiver and Spectrum Analyzer based on HackRF One but assembled with other stuff to made it portable. Because it is an Open Hardware and Open Software project many forks and producer are available but not all of them are necessarily deserve our attention or money. Revisions and models variety is explained in this video.
Quansheng UV-K5 or UK-K6 with F4HWN custom firmware from €16
Quansheng UV-Kx radios are not professional quality transceivers, their performance is strictly limited. The RX front end has no track-tuned band pass filtering at all, and so are wide band/wide open to any and all signals over a large frequency range.
Despite this limitations, they can offer also a basic spectrum analyser and considering the very very cheap price on Chinese online market places, it is a great starting point.
Quansheng UV-K5 out-of-band spurious harmonics explanation:
YouTube video (04m22s - 08m24s)
List of the most common antennas available:
Antenna SRH805 city range UHF only
Abbree AR-805S city range VHF also
Antenna NA-771 outdoor range
Antenna NA-F30 72cm long range
Note that some antennas can create spurious harmonics also out side the legit bands even when used in combination with FCC compliant ham radios transmitting on the legit bands.
The most wide-spread ham radio is based on the Baofeng UV-5R model:
This PDF file collects some interesting resources based mainly on YouTube videos about how to start using them, how to deal with all the config and also how to unlock extended features.
Secret Radio Aerials (image)
A pictures that shows many different ways to hide your antennas for radio frequency covered transmissions and receptions, old but gold.
WARNING
Please, pay attention to not create interference or transmitting on forbidden bands. Remove the antenna for your hacked ham device or do not use cheap unregulated devices and antennas. Unless, you are knowing what you are doing.
Customized wi-fi routers
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Alternative for penetration testing over WiFi networks
The specific tool is name airgeddon:
The airgeddon is a menu driven 3rd party tools wrapper to audit wireless networks with many features and can be installed on many distributions.
Clockwork uConsole
Clockwork uConsole R-01 is a kit easy to DIY assembly (12+ y.o.) that equipped with 4G + WiFi module and based on RISC-V architecture can provide a full features mobile GNU/Linux device. The peculiarity of this board is being emancipated by ARM or INTEL architectures. However, ARM64 core modules can be bought separately.
Disaster radio
The disaster radio is an idea based on carrying on communications off the traditional network grids during natural disasters. The idea is to deploy a grid of nodes that can be powered by small batteries and recharged by small solar panels in order to be completely independent and self sufficient.
The disaster radio architecture is based on the LoRa (Low Energy Radio) mesh networking technology and a grid of low costs embedded device acting as nodes that can receive, transmit and repeat the data on that network.
Reticulum - is a cryptography-based networking stack for building local and wide-area networks with readily available hardware. Reticulum can continue to operate even in adverse conditions with very high latency and extremely low bandwidth.
RNode - is a handheld device that can be assembled DIY with easily to find components and embedded within a 3D printable case. When bought read-to-go, it is priced €139 or the equivalent in some cryptocurrencies.
MeshTastic - is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. It enables you to use inexpensive LoRa radios as a long range off-grid communication platform in areas without existing or reliable communications infrastructure.
T-Echo - is a MeshTastic LoRa handheld module ($54) for Arduino (not included) that can be coupled with a T-keyboard ($19) to DIY a dedicated mobile device.
A LoRa board with LCD and antenna can be bought for a price between €24 and €40 while a MeshTastic T-beamer can be priced upto €90 but a RF module is priced between €7 and €12. Instead, a BlackBerry like mobile device is available for $53 or €56 in Europe.
Amazon as e-commerce platform and LilyGo e-shop are used as price reference.
3-3-3 Radio SHTF Communications
The 3-3-3 Radio Plan for SHTF Communications resources:
The SHTF communications and plans are ways to communicate and prepare for situations when conventional communication methods fail. Ham Radio isn't discussed much on survival websites, but it plays a crucial role in preparedness during these times. Knowledge is the most valuable asset in a survival situation.
Radio Frequency Bands
Here below a list of bands and their names:
In extreme brief syntheses
Focusing on low-power IoT and LoRA radio frequencies:
915MHz in USA & CA, regulated by FCC/IC and might reguire a license
868MHz in UE & UK, regulated by CEPT/OFCOM and almost without a license
These two bands are part of a broader set used for civil telecommunications:
Rationale about common usage
In the European Union (and UK), the use of 433 MHz and 868 MHz frequencies for LoRa devices is generally allowed without a specific license, but there are important regulations and limitations to consider.
Like 868MHz in Europe (and UK), 915MHz is a commonly used frequency band for Internet of Things (IoT) applications in North America. Its low-frequency characteristics allow for stable long-distance communication, especially in areas with dense building structures because its relatively low frequency and ability to penetrate obstacles.
Due to these advantages, plus due to their low power consumption and reliability, 868MHz or 915MHz frequency bands play a crucial and indispensable role in modern communication, primarily applied in the Internet of Things (IoT) and wireless sensor networks, such as smart home devices, industrial automation, smart cities for applications like energy management, parking, and environmental monitoring or systems for monitoring and collecting highway tolls in the US.
The 915 MHz frequency is part of the Industrial, Scientific, and Medical (ISM) radio bands. These are portions of the radio spectrum reserved internationally for industrial, scientific, and medical purposes other than telecommunications.
Regulation and allocation
Following consultation, OFCOM (Office of Communications in UK, like the FCC in USA) decided that the bands 870-876 MHz and 915-921 MHz should be made available on a licence exempt basis subject to the CEPT's harmonised technical measures so long as those include sufficient technical constraints to permit the efficient use of the spectrum.
It is quite easy to break the regulations, but most regulators will only act on complaint (i.e. the device is interfering with someone else’s systems) i.e. in theory all equipment used MUST be CE marked as a whole, so adding a HAT to a Raspberry Pi would mean the “product” would need to go through CE marking, even if the HAT and Pi are CE marked themselves.
The 868MHz band actually goes from 865MHz - 870MHz and is split into several sub-bands:
865.000-868.000 MHz is limited to 25mW and a 1% duty cycle so you can only transmit 36s every hour. This band is also used by RFID devices.
868.000-868.600 MHz is also 25mw with 1% duty cyvle
868.700-869.200 MHz is 25mW, but duty cycle on 0.1%, good for few data exchange with low collition rate
869.300-869.400 MHz is only 10mW but no duty cycle limits, so can be good for localised transmissions.
869.400-869.650 MHz is 500mW with a 10% duty cycle so can transmit significant distances.
869.700-870.000 MHz is also 25mw with 1% duty cyvle
Both Sigfox and LoRa use these band with Sigfox using the first two band and LoRa able to spread over all the bands. Sigfox radios are very simple as they use a chirp protocol while LoRa uses spread spectrum.
Source of images
The images has been taken from the article title What is 915 MHz used for? published on LinkedIn by RF PCB which are screenshot of another unknown source.
Urban warfare and sabotage
John W. Spencer is a retired United States Army officer, researcher of urban warfare, and author. [...] During the Russian invasion of Ukraine in 2022, he started to give "how to resist the Russian invasions" through Twitter. This culminated in him releasing "The Mini-Manual for the Urban Defender: A Guide to the Strategies and Tactics of Defending a City", which was translated in more than 10 languages.
The CIA’s Simple Sabotage Field Manual: A Timeless Guide to Subverting Any Organization with “Purposeful Stupidity”. It has been distributed in 1944 by the Strategic Services for the information and guidance of all concerned and will be used as the basic doctrine for Strategic Services training for this subject.
Simple Sabotage Field Manual on Gutenberg Project
Questo manuale è stato scritto nel 1944 ed è stato de-secretato nel 2008.
Si vis Pacem, para Bellum
Si vis pacem, para bellum - se vuoi la pace, prepara la guerra - è una locuzione latina. Usata soprattutto per affermare che uno dei mezzi più efficaci per assicurare la pace consiste nell'essere armati e in grado di difendersi, possiede anche un significato più profondo che è quello che vede proprio coloro che imparano a combattere come coloro che possono comprendere meglio e apprezzare maggiormente la pace. --Wikipedia
Allievo: maestro perché parli di pace e mi insegni a combattere?
Bruce Lee: perché preferisco avere un guerriero in un giardino che un giardiniere in un campo di battaglia.
Oppure detto in altre parole: un popolo inerme è un popolo già sconfitto.
Interesting works
Hacking a Smart Home Device - How I reverse engineered an ESP32-based smart home device to gain remote control access and integrate it with Home Assistant.
BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico. The key can be sniffed when using an external TPM. The youtube video presents some others links.
labs.withsecure.com/publications/sniff-there-leaks-my-bitlocker-key
secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
ssh-chat, a chat over SSH. Custom SSH server written in Go. Instead of a shell, you get a chat prompt. Just an working PoC as example rather than a product.
Search Engines for Pen-testers
List provided by Hacking Articles in a public post
shodan.io (Server)
Google Dorks (Queries)
wigle.net (WiFi Networks)
grep.app (Codes Search)
app.binaryedge.io (Threat Intelligence)
onyphe.io (Server)
viz.greynoise.io (Threat Intelligence)
censys.io (Server)
hunter.io (Email Addresses)
fofa.info (Threat Intelligence)
zoomeye.org (Threat Intelligence)
leakix.net (Threat Intelligence)
intelx.io (OSINT)
app.netlas.io (Attack Surface)
searchcode.com (Codes Search)
urlscan.io (Threat Intelligence)
publicwww.com (Codes Search)
fullhunt.io (Attack Surface)
socradar.io (Threat Intelligence)
binaryedge.io (Attack Surface)
ivre.rocks (Server)
crt.sh (Certificate Search)
vulners.com (Vulnerabilities)
pulsedive.com (Threat Intelligence)
OSINT tools and engines
Experts can often collect significant artifacts related to the authors behind the analyzed scenarios during cybersecurity exercises, including details such as emails, usernames, IP addresses, domains, and so on. This article will provide you with a list of online tools to help you discover and track criminals’ identities, their secrets, or even geolocation.
Articoli correlati
Linux, Thinkpad e altri gadgets (9 ottobre 2024, aggiornato 13 novembre 2024)
Share alike
© 2024, Roberto A. Foglietta, licensed under Creative Common Attribution Non Commercial Share Alike v4.0 International Terms (CC BY-NC-SA 4.0).