Hacking WiFi with a 3$ Jammer

In this video for Cr0w’s Place we examine how we can modify a WiFi IoT device, into a powerful WiFi Jammer. A WiFi Jammer is a portable WIFI signal blocker that can disable the WIFI signal effectively. The module that we can use is the ESP8266, and I choose the NodeMCU v1.0 that you can easily find in ebay, for 3$ or so.

Keep in mind that this is NOT a frequency jammer. It is just a deauthing device.

The process of flashing the device is pretty simple. First of all, you download the current release of the firmware from here and upload using the ESP8266 flash tool of your choice. I recommend using the nodemcu-flasher. If this doesn’t work you can also use the official esptool from espressif. But for more information and problem solving just go to the creators github here, so a big shout out goes to spacehuhn. 🙂

Links to buy NodeMCU:

 

 

This project is a proof of concept for testing and education. Please act responsibly.

If you like my videos please Subscribe to my channel.

Thank You For Watching.:)

Cr0wTom

Advertisements

TROOPERS 17 – The Wrap Up

Greeting everyone,

A great week passed in TROOPERS and it is time for my review. As you may already know, TROOPERS is an hacking and infosec conference, taking place in Heidelberg Germany, and this year was the 10th anniversary of the event, with many surprises. So, let’s begin.

 

The NGI Event

The “Next Generation Internet” event aims to provide discussion on how to secure these core technologies by bringing together practitioners from this space and some of the smartest researchers of the respective fields. Taking place on March 20-21, 2017, NGI will blend of breaking, building, hands-on IoT.

These was my first two days in the whole TROOPERS event, and i really enjoyed the talks and the feel of the event. The first day there where a shared dinner, in a medieval restaurant, where I managed to meet and talk with some great people. Generally, it was a small event, because of the trainings that was taking place at the same time, that helped us talk more with the speakers, and make some great discussions.

 

The Main Conference

The main event was HUGE. A big variety of talks, with many great speakers, many great people, and some great stuff that we will see later. What took our attention in the first couple of minutes, was the conference badge (alongside some cool presents 😉 ) that was an arduino based board, custom made in the shape of the TROOPERS logo, with a Nokia 3310 powering and connected to the whole thing. But more about it in the GSM challenges section. 😀

Generally, it was an outstanding event, that I cannot describe to you, because you really have to live it. Really crowded (400 people), in one of the most beautiful places that a conference can take place (Print Media Academy Heidelberg), with many side events, and hacking all over the place. The only thing that  I can do is supply you with my TROOPERS movie, where I tried to capture the best aspects of the events, and you can find here:

 

 

PacketWars

So, the first day of the main conference we had the main shared dinner, where everyone from the conference gathered in a big brewery, where we ate and drank a LOT of beer. But after the food, 6 teams got their laptops in the table and started the PacketWars challenges. PacketWars is a kind of CTF, where every time a different set of challenges take place, and the teams try to hit the best score. I was in a great newbie team, we had a great time and we finished 4th. It was a great time, we had some great ideas but time got in our way, so I don’t really mind about the 4th place.

You can see more about PacketWars here!

 

GSM Challenges

As I told you earlier, the badge had a Nokia 3310 on it, which had a TROOPERS SIM card. Yes, troopers had its own GSM network, and we have to solve some pretty fun challenges with our badge. You can find more about the challenges on the TROOPERS website, but I have to tell you that there was a reason for these challenges.

With a number of successful solves, we acquired a ticket that was automatically printed and put into a box. In the closing keynote, there was a random choice of the tickets that won some presents, including an iPad Pro 😉

Really fun stuff, suddenly I didn’t managed to win a present but I managed to get in the 13th place.

 

Charity Run

What the TROOPERS is really into, is charity. Every year they have many events that they manage to gather money for charities, like an auction with things that the speakers generously donated.

I was proudly a part of the charity run, that we run 10 km in the city of Heidelberg and each of us donated 5 euros for each kilometer that he/she run. It was a great experience, with a marvelous landscape, and some great people! :D.

 

Wrap-Up

I don’t think that I have many things to add. I am clearly amazed and excited about it, and most of it comes from the comparison that I do with other conferences I attended, and the fact that many people, with more experience than me, told me it was the greatest event ever.

I wish to all of you that you will manage to attend the next TROOPERS, and I will see you there 😉

Cr0wTom

My road to BlackHat Asia 2017 and some updates!

Hello Everyone,

I know that it is getting a bit frustrating, but in this section I really need to update my blog about my academic work in the cyber security sector. The next couple of days I will write about my progress in my Ms program, but this post is all about another conference scholarship.

Just like BlackHat Europe, I recently got awarded with a student scholarship for BlackHat Asia 2017 in Singapore, 28-31 March 2017. It is a great honor to be selected for this event, but unfortunately I will not be able to attend it. The reason? Really expensive transport and accommodation, for a conference that will be more or less the same with BlackHat Europe that I attended earlier this year.

It was a great opportunity to visit Asia and meet people from this side of the world, but I think that in this time of my life I need to invest on other things and not in a similar conference.

The process is pretty similar with the one I presented you in the BlackHat Europe scholarship, and the support stays really great. They helped me a lot with the registration process, and in my questions about helping me cover transport and accommodation. Unfortunately, they couldn’t cover me these expenses so I will not attend the event.

To continue, this Sunday I will fly to Heidelberg for the TROOPERS conference, and I will keep you updated with posts and vlogs. Today, I received the following message with the last info about the event:

Dear TROOPERS,

We are now less than one week away from TROOPERS17! Just wanted to brief everyone on a few things to get your week of to a great start!

1. The trainings and Next Generation Internet (NGI) start on Monday, March 20 at 9:00am at the Print Media Academy

a. PMA Address: Kurfürsten-Anlage 60 69115 Heidelberg Germany

b. Registration will start at 8:00AM and light breakfast and coffee will be available.

c. There will be signs on site to guide you to the appropriate training rooms.

d. Please use this link to see where you can park at the Print Media Academy for those who are driving: http://parken.heidelberg.de/static/asset/parking/pdf/p18_bg-rci.pdf

e. The complete Training agenda is located at https://www.troopers.de/troopers17/trainings/

2. The trainings start on Tuesday 9:00am

a. Registration will be open at 8:00AM

b. Exception: TelcoSec Day will begin at 8:30AM on Tuesday.
https://www.troopers.de/troopers17/telcosec-day/

3. The Conference starts on Wednesday, March 22nd at 9:00 at the Print Media Academy, and will end at 1900 each day (there is an additional hour of talks each day to celebrate the 10th edition of TROOPERS).

a. Registration begins at 7:45AM. PLEASE come earlier rather than late.

b. You do not need a physical ticket. Just your name. Again please check-in at the Registration Desk to get all your TROOPERS goodies and agenda.

c. Don’t be late! Given the huge amount of the highest quality content and some special surprises for you, the doors of the keynote auditorium will close right at 9:00. We need to ask all late arrivals to watch the keynote through the streaming on the first floor.

d. The complete Conference Agenda is located at
https://www.troopers.de/troopers17/agenda/

e. There is a Shared Dinner Wednesday evening at Kulturbrauerei: Leyergasse 6, 69117 Heidelberg. We will arrange for buses to pick people up from the Print Media Academy starting at 6:30pm until 7:00pm. Please meet in the lobby of the PMA to catch your bus.
Dinner will start at 8:00pm.

4. Important Additional Information

a. 10k TROOPERS Run: Don’t forget your running shoes! We will meet at the Crowne Plaza Heidelberg hotel on Thursday March 23rd at 7:00AM.

b. PacketWars: BYOD! The Battle Briefing will be available on Monday March 20th here: https://www.troopers.de/troopers17/special-events/

c. TROOPERS GSM Network: As in the last years, we will have our own Troopers GSM network. Because there will be some challenges, it might come in handy to have a second cell phone with you. SIM cards can be picked up at the Reception Desk. This time you are also able to host your own SMS service. More information about this is published on our blog:https://insinuator.net/2017/03/troopers17-gsm-network-how-about-your-own-smpp-service/

d. Food: Monday – Thursday, starting at 8:30am, a light breakfast will be available, there will be 2 coffee breaks per day with nice snacks, and lunch will be provided onsite at the Print Media Academy.

e. Roundtables are on Friday from 9:30-13:00. The list of topics can be found here: https://www.troopers.de/troopers17/roundtables/

If you have any additional questions or concerns, please email us at info@troopers.de

Safe travels and see You soon!
Your Troopers Crew

So stay tuned! 😉

I want to close with the announcement of my new website, cr0wsplace.com, which is an attempt to start in the business security sector. So wish me luck and give me your feedback . 😀

Cr0wTom

My Road to TROOPERS Scholarship – Part 2

Hello Everyone,

Last week I talked to you about my scholarship adventures for TROOPERS conference and how I applied to it. So now it is time to see what the response was from the TROOPERS side, to us, the students that successfully acquired a scholarship for the event.

Immediatelly after my “motivation letter” email, I got a reply, that said:

Hi Thomas,

Thank you for writing us and for your interest in TROOPERS! We will be in touch later this year.

Best,
{name of representative goes here}

With this, I understood that until the end of 2016, I must have a response with the results of my application, but that was not the case. The whole December and January passed without any email from them, and no response to my emails, asking for an update on the results. Luckily, in the 8th of February, and once I had the scholarship idea let go, I received an email from them with the following message:

Dear all,

thank you very much for your interest in TROOPERS and your motivational
letters. We are stoked to let you know that your letter convinced us and
you are hereby INVITED to the amazing experience of participating in the
TROOPERS main conference and the NGI [1] event. The invitation means
that you can register yourself for participation without any fees for
those two events using the Booking Code

{booking code goes here}

Please use the regular registration form. Besides the participation in
the conference, the NGI event, and the shared dinner Wednesday night,
everything else is on you (in particular your travel organization [2]).

We’re looking forward to you being at TROOPERS! I’d also love to use the
opportunity and get to know you in person. If you are also interested in
that, I will hang out at the Student Information Desk on Thursday, 13:00
over lunch.

Have a great time & stay tuned,
{name of representative goes here}

[1] https://www.troopers.de/troopers17/next-generation-internet-ngi/
[2] https://www.troopers.de/troopers17/travel/

At first, when I saw the summary of the email on my Android device, I was sure that it was an automated response which rejected me from the selection. But I was wrong and as you can see the email concerned the opposite. Of course, I was a bit let down because of the automated email (in BlackHat Europe it was a personalized one, with personalized support fot each student) but this is just a minor thing, in the whole case.

cdvrufowwaabgg

I am now in the phase that I have my tickets and accommodation booked, and I will attend the Next Generation Internet event, the Conference and the Roundtables, in 20-24th of March in Heidelberg, Germany. I will be really happy to meet any of you, that will also attend the event, talk and hangout in the breaks, or after the scheduled hours. Feel free to contact me! I will be happy to meet you all!

Cr0wTom

P.S. I want to attend the PacketWars event(22nd March @ TROOPERS), but I don’t have a team. If you have a team and you are interested in including me, please contact me. 🙂

graphic-1

My Road to TROOPERS Scholarship! – Part 1

Hello Everyone,

It’s been a while since our last talk. You know, many things happening, a masters degree and a constant dream hunting. I think that the last time we talked, it was about my conclusion in the BlackHat Europe 2016 event, and my first vlog. Now, it is time for a new announcement, and my acquisition of a scholarship for the TROOPERS 17, which happens to be the 10 year anniversary of TROOPERS, which will be awesome, for sure!

For more, go here: https://www.troopers.de/troopers17/

As with BlackHat, TROOPERS gives some scholarships to students around the world, which are interested and involved into the security sector. The competition is big in such events, because you are attending for free, bypassing a big fee that others have to pay, to attend it. For TROOPERS the process is more simple than BlackHat, and you just have to sent a motivation letter. The instructions on the site are as follows:

STUDENTS@TROOPERS – MOTIVATION LETTER

Troopers is all about training, personal progression, and making the world a safer place. The limited budget of many students should not get in the way of this mission. Hence we offer students the opportunity to submit a short abstract to apply for their free Troopers attendance. As the available seats are limited and there are potentially a high number of students, we apologize if we cannot accept all student applications.

If you want to apply, please send us an abstract about why you in particular should be attending Troopers — keep in mind, you have to convince us! Including:

  • A short personal introduction
  • Current fields of work/degree programs
  • Experiences and activities in the area of IT security
  • Published work/research/white papers/write-ups
  • Expectations for the conference and expected personal progression
  • What you will contribute to TROOPERS

Send this letter to student@troopers.de.
The deadline for the submission of Student Motivation Letters is January 31st 2017.

I learned about it, in one of my work trips, that a friend of mine mentioned it, and I searched it immediately. I prepared my letter and sent it to the email stated above. My email was the following:

Dear TROOPERS,

My name is Thomas Sermpinis, and I am a Master’s student from Greece. I am 23 years old, with great passion for Cyber Security, from the age of 12 when I firstly started programming. I am currently studying for my master’s degree in “Informatics and Management” in the Aristotle University of Thessaloniki and I work in the security sector, preparing workshops for Hakin9 media, related to IT security topics. I have started working in this sector by the age of 18, where I worked in the biggest Greek Hacking Magazine, DeltaHacker. I am also, freelance in penetration testing, for an extra income, because of the difficult economic situation of Greece, but of course I really love what I do. Also, I have a personal YouTube channel, that I produce videos related to security, with a big fanbase.

As I wrote, my main field of work these last years, is presenting my knowledge to others, with workshop instructing, and article writing. By this, I have met many people, and acquired many experience in this field. I have also traveled to Germany this last year, for an opportunity in working with a Cyber Security firm, named Auxilium. Continuing, recently I acquired an academic scholarship for BlackHat Europe 2016, which I will attend in November and I hope that I will gain much from it.

Some of the topics that I have researched and presented in various ways are:

  • Penetration Testing with Android Devices (Hakin9, Google Developers Conference)
  • Android Malware Analysis (Hakin9)
  • Web Application Hacking: Data Store Attacks (Hakin9)
  • Penetration Testing with Kali 2.0 (Hakin9, DeltaHacker)

This is only a small part of my work in the security field, in which I want to work and offer my knowledge and experiences. This is also a reason why I want to attend TROOPERS. I want to meet new people, and acquire new knowledge, throughout the exceptional layout of this event. I thing that this is the way to my personal progression, and this is why I am continuously searching for new opportunities that will help me in this matter. Of course, my presence there will not go unnoticed. I want to be active and stand out of the crowd, by participating in competitions and discussions of TROOPERS. Finally, it will be a big and serious opportunity for me, that I will also be able to write about in my blog (cr0wsplace {dot} wordpress {dot} com) and let every reader know about TROOPERS conference and events, which will also be good advertising for you.

I look forward to hearing from you.

Best Regards,
Thomas Sermpinis

I am now selected as one of the scholarship holders, and I will attend the conference and the NGI event on March 20-24th of 2017. I will make a part 2 for the letter of acceptance and the registration process, so stay tuned. 😉

Cr0wTom

BlackHat Europe 2016 – Epilogue

Hello Everyone,

Here again, after two really succesful days in London. BlackHat Europe ended up with really good fealings, with new friends and contacts, with many presents from the event, and more knowledge.

During my time there, I tried to capture the most importand aspects of the event, to able to constract them in a mini-documentary, that it can pass you the spirit and for you to be able to feel it, despite you weren’t there.

The conclusion of the event is that it was a really good start in the security events for me, and I hope that it is the first of many to come. Finally, I want to tell you that I met Jeff Moss (the founder of BlackHat and DefCon events) in person, and we had a really good talk. His tweet after our talk was the following:

screenshot_20161110-113335

Hope to enjoy my video. Feel free to commend, like, dislike and subscribe to my channel.

Cr0wTom

Web Application Hacking Course by Cr0wTom

Hello Everyone,

As you already know, because of my early work on Cr0w’s Place, and your support of course, I have the opportunity to work in some of the biggest education providers in the security sector. One of them is Hakin9 Media SP. with whom I am starting a new four week course tomorrow, in the subject of Web Application Hacking, and specifically in DataStore attacks and Advanced SQL Injection. You can find my course here.

My intentions are not to phish for clients. It is a really advanced topic, that not anyone can attend. But if you are up to Security and Hacking and you have some knowledge in SQL Injection, you can find this really helpful.

To continue, I want to tell you that I am preparing a vlog for the upcoming BlackHat event, that I will attend in November. I want to call anyone that will attend too, to communicate me, and scheduled a meeting in the event. I will happy to meet all of you, and present you in my BlackHat videos.

Feel free to contact me with any contact way available. 🙂

Cr0wTom