Hacking the TalkTalk HUAWEI HG523a Router Part 1

I got my hands on a TalkTalk HUAWEI HG523a. This is one of the routers distributed to TalkTalk subscribers. This is my first attempt of doing any kind of embedded device analysis so i decided it would be beneficial to document the steps i take. As i progress i will write new posts detailing what…

Malware Analysis Part 2: First Attempt

Please read part 1 first if you would like to know how the analysis lab is set up. There are various sites you can use to download sample malicious software. The one i used is called openmalware.org. I wasn’t completely sure which sample to choose. I wanted one which was recent so i decided to…

Malware Analysis Part 1: Lab Setup

At this stage I know very little about the Malware analysis process. I recently purchased a book on the subject called “Practical Malware Analysis” by Michael Sikorski and Andrew Honig. My aim is to read through the book and practice the techniques taught on real examples of malicious code. Updating this blog as i progress….

True Random Number Generator using the Raspberry Pi

Last weekend i made my Raspberry Pi into a true random number generator using the static from a TV. Here in the UK we no longer receive analog terrestrial broadcasting so finding static on my TV is as simple as putting it on the analogue channel. The setup i was using is an eSecure USB…

Packet Sniffing using the Raspberry Pi

In this post i intend to detail how i setup the raspberry pi to perform packet sniffing between two network devices. I made a YouTube video in which i explain how it works and below you will find both the shell script and python script i used to setup the bridge and dump the packets…

Dumping Linux Password Hashes

In my push to keep learning the Python programming language i thought a next good step is to make a simple script that grabs the password hashes on a Linux device and dump them to a file. The dump is formatted so that it is easy to read unlike the formatting used in the shadow…

BBM Pin Aggregation from Twitter

I was trying to think of a good way to get some more practice with python especially in interacting with some kind of API. @wimremes on twitter gave me a good idea with this tweet. I made a simple python script using the python-twitter wrapper for the twitter API. It performs a search every 3…

SYN Flooding with Scapy and Python

What is a SYN flood? When a connection is made from client to server through TCP it is initialized with a three way handshake. Each of the 3 stages of the handshake sends a different type of TCP segment across the network. Client sends SYN (synchronize) to server Server sends SYN-ACK (synchronize Acknowledgement) back to…

Python and the Vigenere Cipher

The Vigenere cipher is a polyalphabetic substitution cipher system designed by Giovan Battista Bellaso and improved upon by Blaise de Vigenere. It functions very similarly to a Caesar shift cipher where a shift of lettering occurs. Unlike the Caesar shift cipher the Vigenere cipher performs different shift per character. For example the first letter may…

Frequency Analysis with Python

Frequency Analysis is commonly used in cryptanalysis on classical ciphers as a step in deducing the plain text from cipher text. It works on the principle that certain letters on average appear more frequently than others. For example the letters “E” and “T” in the English language are most common. This means in monoalphabetic ciphers…