Summary The research for this post was done sometime in January of 2022, I was diagnosed with Cancer in February of 2022, and have been struggling to find to the time to finally post it. Much of it was written in chunks, so hopefully it makes sense. In this post I will talk about what led me down the path of researching the security of IoT digital picture frames. My research on these picture frames and supporting mobile application led to the creation of four CVE’s. The vulnerabilities I discovered allowed me to access client information, clear-text credentials, bypass authentication and access controls of the frames. Merry Christmas Mimi! During our annual brainstorming of Christmas gift ideas for my wife’s elderly grandmother, we thought a digital picture frame would be perfect. Mimi is 94 years old, and lives in a local nursing home. Covid has made it difficult for family to visit her and for her to leave the home as much as she used to. We decided to look for a picture frame that
Summary In this post I will talk about how to make password cracking accessible to people who don't want to make the investment in video cards and GPU hardware resources. This post will mostly be a tutorial, geared toward people who are in a pinch and need to quickly standup a powerful hashcat environment. The problem that led me down this path I was recently working on an issue that required me to recover the password of a zip file. The zip file was created programmatically by a utility; which I had to the source code for. This meant I had the character set used and a fixed password length. I decided to fire up hashcat on my Mac Book Pro with my AMD Radeon Pro 560X. To my surprise, I was greeted with the error below; Against the advice of the error message, I used the --force syntax to override the error. This yielded no usable results, it ended up making hashcat unstable and produced some false positives (I thought I had cracked the hash quickly). After trying the to borrow s