Joomla 2.51 Blind SQL Attack
<responsible_disclosure> Before i discuss this, let me just say that the bug has been patched (was in 2.5.1) and at the time of writing this Joomla is already 2 increments away - 2.5.3 is...
View ArticlePasteLert v2!
The Quick and dirty: New PasteLert lives at http://andrewmohawk.com/pasteLertV2/ Downloads: » Interface -> http://andrewmohawk.com/pasteLertV2/src/pastelertv2_Interface.zip » Cron Tasks ->...
View ArticleAlternate DNS Names in Certificates
I know, its been forever since I posted, but I do have two things i’m working on (there are drafts, but they need to be finished) – Its just the effort to actually finishing. Its on Magstripe spoofing...
View ArticleMagnetic stripes Part 1
Intro So its been nearly a month since I last put a blog post up and I have been working on some stuff in my free time between work (been traveling to the US and took a weekend off to visit some...
View ArticleRTLSDR: My First SDR!
A few weeks ago (I’ve been meaning to do this post for ages, few weeks ago is give or take 2 months) there was a post on reddit regarding a new software defined radio that cost around $20. After...
View ArticleArduino Watering System: Update
This is just an update on the Arduino watering system, everything seems to be going well whilst I am away (I am away for ~a month, till the end of Blackhat / Defcon). In winter the plants don’t require...
View ArticleHacking fixed key remotes
Previously I discussed using my RTL-SDR to merely listen for analog audio signals. In this entry I’ll discuss using it to decode digital signals (this example on fixed remote signals often used for...
View Articlezacon wrap-up!
Hi Guys, I see I haven’t update this blog in ages, I’d love to say I didn’t have enough time, but it was mostly just me being.. well lazy. Zacon IV was on the 27th of October (...
View ArticleBypassing LF Entry Systems
Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things with...
View ArticleMagnetic Stripes: Part 2 (Attacking)
I really should have written this after ZaCon (november last year), but I’m lazy. However I have been asked to give a brief overview of the same talk at ITWeb this year so I figure I may as well finish...
View ArticleKingphisher: Semi-automated phishing
It has been absolutely ages since I have written a blog post – genuinely I really havent simply been slacking off, i’ve just been busy! Anyway, figured it was time to do a writeup on some stuff I have...
View ArticleZaCon V: Badge Sneak Peak *update*
UPDATE: For those people that missed the friday night the code and slides are here: Slides: https://www.andrewmohawk.com/Badger Badger Badger.pptx Code: https://github.com/AndrewMohawk/zaconv/...
View ArticleZaCon V Badge [1/2]: Build Time
I realise I should have done this entry a little sooner, but as everyone should be well aware of by now, I am lazy. Also I moved to Cape Town just after ZaCon V which proved rather time consuming!...
View ArticleZaCon V Badge [2/2]: How they work
The ZaCon badges were a ton of work on the hardware side (see ZaCon V Badge [1/2]: Build Time), however they provided their own challenges on the software side as well. Since my knowledge of chipsets...
View ArticleHacking fixed key remotes with (only) RFCat
Introduction Its been absolutely ages since I’ve posted anything on the blog, not that I havent been doing things, just really not many things I felt good enough to write an entry about. I got a lot of...
View ArticleBypassing Rolling Code Systems
This blog post will discuss the implementation of Codegrabbing / RollJam, just one method of attacking AM/OOK systems that implement rolling codes (such as keeloq) — these systems are commonly found on...
View ArticleHackFu 2016 Writeup
First off let me just say a big thank you to the MWR guys who put this CTF together, usually I don’t partake in CTFs because the skillset required is usually out of my grasp (IANAP). To have developed...
View ArticleBSides Badge Config
Badges At some time in the next 6 billion years I will complete the writeup for the badges about how they were put together. For now this is just how to get your badge working at home as well as how to...
View ArticleRemote jamming “detector” on the cheap
Recently, I’ve seen a number of posts on Facebook groups for South African communities about people having their car remotes jammed and the contents of their cars cleaned out while they are at petrol...
View ArticleBSides CPT Badge 2016
After the fairly successful ZACon badges I did in 2014, the BSides team in Cape Town (where I now live) asked if I’d like to be involved in building another one. Naturally my response was...
View Article
More Pages to Explore .....