SoldierX.com SquidBlackList - the world's largest porn blacklist! HAX Radio - The stream the FBI Listens to! Offensive Security Wireless Professional PWNIE 2012 Nominations The Hip-Hop Realm

Archive for the ‘In the Media’ Category

Harness Unused WiFi Signals for Power with Metamaterials

Tuesday, November 12th, 2013

I recently saw this article (http://tinyurl.com/ssrwifi) from a comment iBall made on FaceBook.

First, this isn’t that new. It’s been worked on for about a decade now and founded/hypothesized back in 1968. And yeah, from 1968 to about 1999 most of the work was “theoretical.” What I am talking about is a material designed to “catch” electro[magnetism].

In Physics, there is something called the “index of refraction” which is measured by how electro[magnetic] energy changes velocity in a new material. A simple example of refraction is in the case of light into glass or water. Have you ever seen a long rigid pole go into water and thought that it looked bent?

This refraction is the cause for that bend. Light bends as it enters a denser material. This is also true with other forms of electromagnetism including WiFi. If we have an orthogonal normal and send light straight down it from air into glass, we will see the light bend to the left, for example. This would be normal refraction. If the light bent in the opposite direction into a material away from the orthogonal normal, it is said to be a negative index of refraction since it bends into the negative side of our point of reference.

A lot more diffraction/refraction/reflection physics goes on behind the scenes, but for generalization purposes, let’s use these simple examples. Now for a negative refraction to occur, the permittivity and permeability BOTH need to be negative. This is unusual, and doesn’t occur naturally in nature. Some metal materials can have negative permitivity at lower wavelengths of radiation, but to achieve negative permeability, the “meta” material needs to be align and designed to do so. A material which has one, but not both of these negative refraction properties will not allow WiFi’s electro[magnetism] to pass through it.

Let’s not confuse refraction with reflection:

Refraction is a surface phenomenon, but remember the article I wrote addressing the leakage of WiFi and how that should NOT be labeled a “crime” to analyze incoming signals that seemingly trespass (technically it is a shared ISM/free band anyways.) into one’s own property? Well, this “Mylar” material I was speaking of, actually has an extremely low transmittance level due to it’s amazing ability to reflect radiation. In fact, if we analyze a curve or wavelength and transmittance with Mylar, we see that the closer we get to the smaller wavelengths of WiFi (2.4-5GHz) we see the transmittance percent drop completely. This means that mostly all radiation is reflected and nothing passes through. Refraction is a different concept and relies on the density and molecular structure of how the material the light goes into is structured. Permeability and Permittivity are different from refraction and are why i have outlined the word “magnetism” in “electromagnetism” in this article. They deal with how magnetism effects the internal molecular alignment. Lining a room with Mylar, or emergency blankets is a cheap way to keep radiation in and/or out using reflection!

Now, to make a material which is not affected by an external magnetic field (in our case from the electro[magnetism] within an a WiFi signal), we need to make the permeability level negative. This is done in the construction of the meta-material. The meta-material is a set, or aligned grid of SRRs, or “split ring resonators.”

These resonators are just copper split-rings that when affected by electromagnetism generate an internal looping current which in turn generates it’s own magnetism which perfectly opposes the field from the WiFi signal’s electromagnetism. These “rings” are not rings. They are non continuous with a small section removed. This small gap is not visible in the article’s image because they have the SRRs in foam to brace them, but they are there. These rings with small gaps in them allow the SRR to accept a variable of wavelengths larger than the ring itself. If the ring were closed, it would only accept a tiny amount of frequencies.

The rest of the small circuit is just a DC doubler which utilizes the bias of the diodes to direct each portion (negative and positive from the wave) of the AC current into the twin capacitors. This is an extremely simple concept and design. The paper is mostly about how they are optimizing the captured current from the current loops in the SRRs when any RF at around 900MHz is received. WiFi has been used at 900MHz, and will more openly be used at 900MHz with the new 802.11 amendment “ah” The authors are able to harness 7.4VDC at 104mA at the load. Now, if you’re thinking, “great! I could use one of these, I have a WiFi router!” You may be missing the whole picture. This is low power we are talking about here, even if we are to swallow up a large charge into, say, a battery. It would cost less to harness the power to charge that battery directly from your power source at the wall outlet. Let’s take a look at why.

Your router, by default, most likely came equipped with a dipole antenna and is spraying signal at a higher TX than needed for your application. The whole time the little batteries that the authors have designed are filling up with energy from the signal, your router is most likely using 5-12VDC at .250-3A! If we are to lower the amount of low power material our router is spraying, such as beacons which are sent out every 100ms usually, and lower our TX, or transmit power in the router, then use a proper antenna for applications which are wireless but stationary, or close to stationary – we can save more energy – obviously. Also, RF doesn’t necessarily mean 802.11 packets. It can be any radiation at 900MHz or even below (higher wavelengths) due to the simple, yet efficient design of the SRRs. Now, if you thought, “wow! I can harness the power from all RF at 900MHz” – that makes more sense!

Now, let’s scare ourselves. Imagine a low powered trolling drone equipped with a switched GPS radio that searches for a BSSID, or MAC of a phone or station that is powered by leaked RF? :) Next article up: a few WiFi device patents that I can’t afford!

~Douglas

InfoSec Institute Interview

Thursday, April 4th, 2013

Recently I was interviewed about WNL by Jay Turla from the InfoSec Institute. If you are new here and wanna read about the beginnings of WNL, check it out:

~Douglas

Hakin9 IT Security Magazine Partnership

Monday, August 6th, 2012

Today WeakNet Labs has accepted a partnership with Hakin9 Magazine! Wikipedia

Hakin9 is payable weekly magazine totally devoted to IT security. It covers techniques of breaking into computer systems, defense and protection methods, tools and latest trends in IT Security.

Back when I was a technician for my university, I was following hakin9 magazine closely and would pick it up in the local book store. Their articles on malware analysis were the absolute most technical and thorough at the time. Disassembling exe files, network analysis of running malware, and much more, their articles took me on a long never ending adventure. It was a sad day when I couldn’t find the latest issues any longer in the store. Along with this partnership, I will be writing something for them in the future as well.

~Douglas.

Ninja Security

Monday, October 17th, 2011

One of my Beta testers hosts his own infosec training course called “Ninja Security.” I had the pleasure of taking some of the course materials (Real world Penetration Testing) and, even though they were in Arabic language, the OS, presentations, and configuration files were all in English, so it wasn’t hard to follow along at all. He attacks vulnerabilities very creatively and his presentation is very clear. He even uses WEAKERTHAN 3.6 for the WPA(2) Phishing Attack, and WiFiCake-ng! :D The Ninja Security Teams Penetration testing to the Max course is completely in English and his their latest course release.

http://ninja-sec.com/

Ninja Security Syllabus

Information Intelligence Techniques

• Open Source Intelligence Gathering
• Stealth Auditing and Network Scanning
• Advanced Network Reconnaissance
• Enumerating Internal Network From Outside

Web Exploitation Techniques

• Advanced SQL Injection Exploitation (MYSQL + MS-SQL + ORACLE )
• Advanced Blind SQL Injection Exploitation (MYSQL + ORACLE )
• Exploiting File Uploads to Full System Access
• Exploiting Remote File Include to Full System Access
• Exploiting Local File Include to Full System Access
• Exploiting XSS Reflected to Full System Access
• Exploiting XSS Stored to Full System Access
• Exploiting Command Injection to Full System Access
• Exploiting CSRF to Full System Access

Attacking and Owning Techniques

• Owning FULLY PATCHED systems with ( un-guessable/un-crackable passwords and OS protections like ASLR and DEP )
• Owning Windows Domain Controller from Outside
• Owning Windows Domain Controller from Inside
• Owning MS-SQL-Oracle-MySQL Databases
• Attacking and Owning VOIP Systems

Privilege Escalation Techniques

• Privilege Escalation in Windows ( from Guest to System )
• Privilege Escalation in Linux ( from nobody to Root )

Tactical Post Exploitation Techniques

• Tactical Windows Post Exploitation
• Tactical Linux Post Exploitation
• Tactical Mac OS X Post Exploitation

Bypassing and Defeating Techniques

• Bypassing and Escaping Restricted Environments
• Bypassing Group Policy
• Evading Anti-Virus ( 100% clean )
• Defeating PHP security
• Defeating (XSS , Sql Injection , File Upload ) Protections
• Defeating Web Application Firewall (mod security)
• Bypassing Port Security and NAC solutions
• Prerequisites: Students should be familiar with Metasploit, and VMWARE.
• Pricing: 1,500 USD
• what is included : Course Guide , Videos , Tools and Vmware Images are provided.

I’d fully recommend it, [Real World Penetration Testing] even to those who do not speak Arabic, simply for the clear demonstrations, huge amount of hard work planted into the course materials, and for his support. And again, the latest course by the Ninja Security team is completely in English: Penetration testing to the Max. :)

Thank you Ninja Security Team!!

~Douglas.

Metasploit Tshirt Contest

Monday, April 18th, 2011

Well, I made an entry into the contest and some people actually liked it! So head over to: http://blog.rapid7.com/?p=6156 and make a vote! You don’t necessarily have to vote for my entry (Which is #44) but it would be nice! If I win, for some reason, I am giving the winnings over to http://johnny.ihackstuff.com/ :)

It’s so fitting, I mean think about it! To vote you can post it to your Twitter account with the hash tag: I’m voting for Metasploit T-shirt design #[number]! http://bit.ly/e4wsPt #metasploitswag