The Internet of Stuff and Things

*** DON'T TRY THIS AT HOME/WORK**** Today I got a wonderful Phisihng email, the attacker sent me a DHL bill for an account I don't have so that's the first red flag, then the attachment was an HTML instead of a PDF as stated in the email So I decided to take a look... I downloaded the attachment and took a pick form my WSL Linux console Very interesting:   The HAKWELOTANIYDEK variable contains my email address The Stivenkalvin variable has a base64 value that decoded becomes  hXXp://ocbpremium.org/app/loi1hn.php so this website has been probably hacked and now host this PHP creds collector. BTW, I try putting HAKWELOTANIYDEK in Google translate and the best match was a romanization of Arab  When trying that URL we get redirected to office.com, probably because we don't have the right parameters to give the PHP, making people think this is a legit website. With curl -L we can follow any redirects, HTTP code 302 indicates a redirection and the Location where are we goi...

The Tolkein Ring As we walk into the Talkain Ring area we found our old friend Sparkle Redberry, and like always, he needs our help. We download the PCAP through the link he provides and we enter the terminal to find more instructions First question We open the PCAP with Wireshark and go to the menu File --> Export Objects and choose HTTP ... (that's the answer, HTTP) We immediately see the files downloaded, this also give us the answer to the next question HTTP Objects Downloaded Using the screenshot above we can answer question 2. and 3 Now for question 4 we have to go a bit deeper and choose one of the HTTP streams to see that the responding HTTP headers says Server: Apache And there we can see the IP address to answer the question Now for question file, we can save the app.php file to our computer from the Wireshark File menu using the same Export Object option as above. To look at the last few lines of the file we use the tail command and we can see there's a blob being...

Once again Santa has invited as to his cyber security conference, KringleCon at the North Pole, and once again... something weird is going on. Santa has lost his 5 rings of power, he's definitely a lord of some rings 😉, at it seems that without this rings the holidays will be ruin for all those kids that get gifts from him for some reason 🤷 When you get to the North Pole you are given a cryptocurrency wallet while interacting with the teller machine, it seems all the businesses at the North Pole have been persuaded to use KringleCoin, so we're going to need it as we go and try to collect some coins along the way. This is KringleCoin Wallet Feel free to donate if you figure out how :D The first Cranberry Pi terminal we encountered is a pretty simple one, just to give us a sense of how things work, so we just do as it says and get that out of the way. As we walk we find wholes on the floor, like those homes from that epic stories about small, big hairy foot beings.  So we go d...