Nifty Stories and Tools from the Cyber World

HaveIBeenPwned
check if you have already been hacked (passwords and emails) for real

True People Search
search for public records of people, anyone you know, including yourself

Password Manager
use a password manager, it is time (there are many out there, this one is just an example)

YubiKey
the best 2-factor authentication is a physical security key (there are a few out there, this one is just an example)

Hacking Tools Used to Get into an Office
a video talking about stealing key cards through the air, getting into hotel, NFC spoofers

Pentesters Strike Back
a fun video describing pentesting analysis of Star Wars Episode IV

StrandHogg Android Vulnerability
malware that can be disguised as any android app to read SMS, steal photos, hijack social media accounts, GPS location, listen to the microphone, intercept credentials and 2 FA

Hacking an Andoird TV under 2 minutes
a short article about hacking any Android TV with a video at the end

Eavesdropping on Google Home and Alexa
video demos of third-party apps eavesdropping on your conversations without you knowing it

Iron Geek
Video archive of past security conference presentations

Pentesting a Power Grid
16-min video on breaking into a power grid

Danger Drone
compromising a wireless mouse and keyboard on a drone

Protect Ya Passwords
a rapper's view on passwords in a 3-min video

Live Social Engineering
a hack of your phone account through your provider

What is Your Password
Jimmy Kimmel's show: asking for passwords on the street

Dolphin Attack
initiating inaudible voice commands to an iPhone

Rubber Ducky to Bypass Lockscreen
a story about a rubber ducky

Remotely Stealing a Tesla
an attack against a passive keyless entry

DARPA Cyber Grand Challenge
AI supercomputers are hacking each other and patching unknown bugs on the fly

Wardriving
captured WiFi networks around the globe

Modlishka
the most dangerous phishing tool that acts as a smart reverse proxy

MASSCAN
Mass IP port scanner - can scan entire Internet in under 6 minutes

Critical Infrastructure Intelligence Gathering
using tools to analyze and access cameras, printers, and Industrial Control Systems (ICS)/SCADA infrastructure terminals

Phishing Users Walk-Through
evilginx is deployed on AWS to capture username & password and EditThisCookie is used to bypass 2FA

State Hackers Use IoT to Breach Networks
hackers break into IoT devices, commonly through default passwords, and compromise networks through them

Instagram $30K Bug Bounty hack
a researcher found a vulnerability on Instagram, earning $30K as a bug bounty

Tricking Cylance's AI Antivirus
shows how simple it could be to bypass antivirus with AI and still run malware

Car Hacking at DefCon
a car hacking village

SIM Hijackers
sophisticated attacks using just phone numbers via SIM hijacking

Creative Phishing
a write-up about a very creative phishing attack on Steam and others

Vigilante Botnet
a botnet that removes another cryptocurrency malware

Naked Security
attackers breached a bank through a LinkedIn job ad and Skype call

Spying with Raspberry Pi
a Raspberry Pi was found in the network closet

Twitter was Broken
how Twitter was broken because of SMS

Cybersecurity Horror Stories
real stories from red and blue teams

One Laptop Leads to a Full Pwn
a laptop used in a coffee shop led to a full network attack

Drone Hacks
a list of vulnerable drones and attack tools

Voicemail Attack on WhatsApp
attackers used voicemail hack to steal WhatsApp accounts

Security Keys
a story about how Google used security keys to defeat phishing

Reddit Hack
SMS 2FA verification codes were intercepted, leading to the Reddit hack