July 30, 2012
Katana v3.0 Beta
will be available to download for ONE WEEK ONLY! Sept. 26 - Oct. 3rd, There are plenty of updates from the previous version, so have fun. Remember though, this is a beta and may still have some bugs. ...
Sept. 4, 2012
As part of working on the HIDIOUS
keystroke injection library, I began designing a special purpose Arduino compatible hacking board called The Glitch
. This board offloads user configuration to a MicroSD card instead of needing to modify code for the firmware to perform new tasks. It also has a DIP switch to allow users select from multiple payloads on-the-fly.
In order to make this hardware available, a Kickstarter
project was launched on Aug 7th and will continue through to Oct. 3rd. Help support the project
and be one of the first to get The Glitch.
July 30, 2012
A Katana v3.0 beta release is going to happen though Hackers for Charity at DefCon XX. Drop by and say hi at the booth and find out what Hackers for Charity is all about, plus get a copy of Katana 3.0 Beta at this exclusive release at DefCon. This is fresh off the press, so DVDs will be scarce. Bring a flash drive or laptop along to copy the files. There are several major updates to the distros and portable applications. ...
July 11, 2012
HIDIOUS (HID Injection Over Usb Suite)
is an Arduino/Teensy library for Keystroke injection. The library provides functions to run user defined commands, scripts, or binaries against Windows, Linux, and OSX.
May 24, 2012
(as in teeth) is a Bash script which utilizes several methods of assessing the capabilities of Bluetooth devices. Most of the information can be gathered without pairing with the target device or alerting the end user. CavitySearch will report running services, Device Name, Device Address, Device Type, open RFCOMM Channels "ports", open L2CAP PSMs "ports", device manufacturer, supported protocols, and more. It is also able to help find "hidden" services running on the device.
Apr. 04, 2012
is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory).
Mar. 13, 2012
released. Fixed a few bugs in the code. Added some new features including a man-in-the-middle mode. Some of the parameters have been changed from previous versions. Current users should consult the ChangeLog for a list of the parameters changes.
Feb. 17, 2012
Yet another device now Ubertooth compatible. This guide will help users get the Ubertooth up and running on PwnPhone
(Nokia N900) and possible other Maemo devices. Most of this documentation is from
. This is specifically for the bluetooth_rxtx tools. (NOTE: This does not install the Kismet plug-in or specscan.) ...more here
June 10, 2011
This guide will help users get the Ubertooth up and running on Backtrack 5. Most of this documentation is from http://ubertooth.sourceforge.net/usage/start/. This in not a "How To" guide for using the Ubertooth. It is simply a tutorial on configuring the Backtrack environment for use with the Ubertooth. Read the documentation on the Ubertooth website and the READMEs accompanying the software for more information on usage. This guide was developed on Backtrack 5, KDE, 32-bit. ...more here
May 14, 2011
I have posted an article on the forum about how to update from Backtrack 4 to Backtrack 5. I plan to include this into Forge some time soon. See guide here
Mar. 24, 2011
SpoofTooph has been updated with some major bug fixes and new features. The new version runs scans MUCH faster, which also allows for more Device Names to be resolved during scans. There are some new features, including a Man-In-The-Middle mode which makes it easier to clone the Device Profile of two targeted devices. The updates also fixes a major bug, which caused SpoofTooph to crash after a few hundred unsuccessful scans. ... more here
Oct. 31, 2010
Happy Hack-O-Ween everyone! Katana v2.0 is now out
Finally, after a three month hiatus from it's pre-release at Defcon 18, the full release is
This version has a bunch of new stuff all around. One major addition to the project is
. This tool offers a simple point-and-click interface for users who wish to customize Katana by installing more Live Operating Systems, like Samurai, Pentoo, Knoppix, and BitDefender. Users can select their distro of choice or run the installation through the command line.
This new version also adds the Computer Aided Investigative Environment (CAINE) for a live forensics environment and Kon-Boot for authentication bypassing. A lot of effort was put into the addition of some new applications to the Katana Tool Kit, such as Metasploit, NMAP, Cain & Abel, John the Ripper, and Cygwin ... more here
Katana Call For Mirrors
Oct. 27, 2010
Katana is in need of some additional mirrors.
If you are willing to host a mirror please make contact
How to meet a US Senator
Oct. 15, 2010
Ever want to meet a US Senator. Attach some Pringles cans to a NERF gun and you may just get your wish. This past summer I had the unique experience of explaining Bluetooth and WiFi hacking to Delaware Sen. Tom Carper at the US Cyber Challenge
. I guess I can check off "Describe hacking to a US Senator while carrying sketchy looking NERF gun
" from my Bucket List.
Image from CommunityPub.com
Katana on Hak5
Oct. 14, 2010
It looks like Katana made to the big time. Episode 806 of Hak5 features a segment on Katana. See the video posted on the Media
Identify Devices by Bluetooth Class of Device
Aug. 23, 2010
I was updating the bluetooth_profile_list
earlier today and noticed something interesting about the Bluetooth Class of Device (CoD) of some Apple product; specifically Apple laptops. (The Bluetooth Class of Device is used in Bluetooth to identify the type of device (Phone, Computer, etc) and services (Telephony, Networking, etc.)). As far as I can tell, all Apple laptop models (and only the Apple laptops) have the CoD of 0x38010c
Apple products are not the ones where this relationship applies. When I get the time, I plan to compile a list of Classes and any corresponding devices models. This could prove useful (along with the Device Address and Device Name) in profiling specific device models. When this list matures it will be added to the Bluetooth Profiling Project
Katana 2.0 Coming Soon ... ish
Aug. 10, 2010
The DefCon 18 release of Katana has been a great success. I have gotten some great feedback on features o add to the upcoming v2.0 release of Katana.
Some new things to expect in the new versions include a forensics specific distribution, a new GUI tool for point-and-click installation
of additional distros, and additional tools in the Katana Tool Kit;
, and Cain & Abel
The reason there is an "...ish"
in the title of this post is that I have not yet set a hard deadline for the upcoming Katana release. I am still taking in feedback
for ideas / comments / bugs / fixes for the new version. Hopefully the new release should be available late Sept. or Oct.
Backtrack fix for Katana 2.0 DEFCON Release
Aug. 04, 2010
I hope people are pleased with the new features in the Katana 2.0 DEFCON Release
For those who attended my talk, you may have heard of all the mishaps leading up to the creation of the DEFCON release (failed thumb drives,
old backups, and limited copies). One major flaw found so far was a corruption of the Backtrack file system in the Katata RAR.
I have posted a fix on the forum page here
. More news on the new
release of Katana coming soon.
Katana 2.0 Pre-Release @ DEFCON 18
July 28, 2010
For all those attending Defcon 18, you are in luck. The Katana 2.0 Pre-Release will be available exclusively at the Hackers for Charity
booth at Defcon.
I will also be giving two presentations at Defcon; one on the new Version of Katana
(Saturday, 12:00 @ Track 5) and the second on Breaking Bluetooth
(Sunday, 14:00 @ Track 4).
April 24, 2010
VERA-NG has been posted on Hack-A-Day as "the WiFi and Bluetooth sniffing rifle"
. Thanks to the guys at Hack-A-Day
for posting the article.
April 15, 2010
I finally got around to posting the information on building VERA-NG
. Being mostly a software person, it should something anyone could put together with some pretty basic skills and some spare time.
April 12, 2010
This was my first time at Carolina Con
and I was happily surprised at the quality of talks for being one of the smaller Cons.
Among my favorites were the The Evolution of Social Engineering
by Chris Silvers & Dawn Perry and You Spent All That Money and You Still Got Owned
by Joe McCray.
I decided to bring VERA-NG with me to the Con for fun and to do a little nibbling. After about 15 or 20 people approached me about this crazy cantenna Nerf gun someone mentioned
that maybe I should give a talk of the gun... more here
March 3, 2010
automates the process of spoofing or cloning Bluetooth device information (Name, Class, & Address). Users can have SpoofTooph scan for devices to clone, specify device information, or randomly generate a new profile.