Learn to hack RSS

Ever been stuck behind a login portal after connecting to supposedly "open" Wi-Fi? This can happen on airplanes, in hotels or airports, or even at coffee shops that force you to agree to a term of service. In order to get around these distractions, we can simply scan the area for devices that are already connected, and change our MAC address to look like theirs. This allows us to join the network without seeing the login portal. It's an awesome way to add an IoT device to an open network with a portal, as your device would otherwise get stuck...

Read more

Kismet can detect any nearby devices that use Wi-Fi, whether they are connected or not. This ability lets us scan the nearby area for both APs and client devices, and even watch small details about when a device or connection is in use. With this data, we can tell when people are home, what devices they own, and when they are using them.

Read more

Phishing is the most common attack most internet users face, but important users like business executives, journalists, activists, and government workers face additional risks. Sophisticated, targeted phishing and whaling attacks are the new norm for VIPs, and the advantage is stacked towards the attacker. The victim only needs to make one mistake to lose a password. If you use only a password to access your account, it's important you start learning about multi-factor authentication. While many users are familiar with two-factor authentication, SMS messages and push notifications can be phished by well-resourced attackers. For users where getting phished isn't an...

Read more

Networking is built largely on trust. Most devices do not verify that another device is what it identifies itself to be, so long as it functions as expected. In the case of a man-in-the-middle attack, we can abuse this trust by impersonating a wireless access point, allowing us to intercept and modify network data. This can be dangerous for private data, but also be fun for pranking your friends. In this case, we'll be intercepting and manipulating traffic from within a local area network, often times a Wi-Fi network connected to a wireless router. Keep in mind that a man-in-the-middle...

Read more

For celebrities, business owners, human rights workers, and other security-conscious users, the threat of phishing can be reduced substantially by mastering the use of U2F devices. Since you'll invariably be using both mobile and desktop devices at some point, it is critical to practice logging in with these tokens to ensure you can do so under stress. The process for accessing your Google account with Advanced Protection isn't the same for Windows, iOS, Linux, or Android, so depending on which operating system you use, you may be limited in the types of U2F devices you can use.

Read more