I need inspiration
#1
I need it because I have to realize a project (something related to security) , and present it at the end of October.
I'm totally lost, no idea of what to do, white mind...I create this post to share a bunch of ideas and see what comes out....
Basically I have a Raspberry Pi Zero W and want to use it to do something... I was thinking about a network mapper, like you plug the pi in and it scans the whole network in search of devices, vulnerabilities and so on, but not so sure......
Reply
#2
Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/
Reply
#3
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

That's pretty amazing, but I've got some questions about it:
  1. For how long is this project posted? (year)
  2. Quote:Upon this HTTP request, because all traffic exits onto the PoisonTap device, PoisonTap DNS spoofs on the fly to return its own address, causing the HTTP request to hit the PoisonTap web server
    This will still work since the use of HTTPS? Or it doesn't matter because of the priority of “LAN traffic” over “Internet traffic”?
Reply
#4
(09-18-2018, 07:38 AM)TheD0ctor Wrote:
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

That's pretty amazing, but I've got some questions about it:
  1. For how long is this project posted? (year)
  2. Quote:Upon this HTTP request, because all traffic exits onto the PoisonTap device, PoisonTap DNS spoofs on the fly to return its own address, causing the HTTP request to hit the PoisonTap web server
    This will still work since the use of HTTPS? Or it doesn't matter because of the priority of “LAN traffic” over “Internet traffic”?

The project is from November 2016.
And yeah, if you use https and force the use then you should be good to go.
Samy has a ton of great projects he’s amazing.

Also OP, must you use raspberry pi and security related?
I might have some ideas I can share to you.
Reply
#5
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

Must try, but can't use it for my project...

@enmafia2: the only restriction is that the project must be security related.
Reply
#6
(09-18-2018, 12:30 PM)overfl0wN Wrote:
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

Must try, but can't use it for my project...

@enmafia2: the only restriction is that the project must be security related.

Okay I'm going to throw some ideas here, they are crazy as I haven't done any research of them and were written while intoxicated/with sleep deprivation:
  • Car Bluetooth steal contact list
  • Metro card rfid check the security of it (for what I know they connect to a server so maybe intercept data?)
  • Spoof malware headers
  • arm rop exploitation
  • machine learning exploitation
  • blockchain security(?)
  • break some iot shit
  • fuck with people who say that their service is unlimited xd
  • embedded botnet
  • automatic analysis of play store malware
  • cold attack embedded system
  • kernel security, low level
  • netspectre
  • off grid isp
  • inject code in 
  • wpa3 security
  • graph vulnerabilities
  • javascript surprise excel for my boss
  • password manager security
  • visual studio plugin elevate privileges
  • imsi catcher
  • handheld console vulnerabilities
Enjoy the darkest parts of my head lol
Reply
#7
(09-18-2018, 08:31 PM)enmafia2 Wrote:
(09-18-2018, 12:30 PM)overfl0wN Wrote:
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

Must try, but can't use it for my project...

@enmafia2: the only restriction is that the project must be security related.

Okay I'm going to throw some ideas here, they are crazy as I haven't done any research of them and were written while intoxicated/with sleep deprivation:

    Car Bluetooth steal contact list
    Metro card rfid check the security of it (for what I know they connect to a server so maybe intercept data?)
    Spoof malware headers
    arm rop exploitation
    machine learning exploitation
    blockchain security(?)
    break some iot shit
    fuck with people who say that their service is unlimited xd
    embedded botnet
    automatic analysis of play store malware
    cold attack embedded system
    kernel security, low level
    netspectre
    off grid isp
    inject code in
    wpa3 security
    graph vulnerabilities
    javascript surprise excel for my boss
    password manager security
    visual studio plugin elevate privileges
    imsi catcher
    handheld console vulnerabilities


Enjoy the darkest parts of my head lol

Wow, there are a lot of great points for reflection. Thx enmafia2, going to dig into this week. Imsi catcher and car bluetooth steal contacts are awesome ideas Wink
Reply
#8
(09-24-2018, 09:09 AM)overfl0wN Wrote:
(09-18-2018, 08:31 PM)enmafia2 Wrote:
(09-18-2018, 12:30 PM)overfl0wN Wrote:
(09-18-2018, 12:14 AM)Insider Wrote: Isn't exactly a project that is your own. But I got a raspberry pi Zero. And one my plans have always been to create a so called "Poison Tap": https://samy.pl/poisontap/

Must try, but can't use it for my project...

@enmafia2: the only restriction is that the project must be security related.

Okay I'm going to throw some ideas here, they are crazy as I haven't done any research of them and were written while intoxicated/with sleep deprivation:

    Car Bluetooth steal contact list
    Metro card rfid check the security of it (for what I know they connect to a server so maybe intercept data?)
    Spoof malware headers
    arm rop exploitation
    machine learning exploitation
    blockchain security(?)
    break some iot shit
    fuck with people who say that their service is unlimited xd
    embedded botnet
    automatic analysis of play store malware
    cold attack embedded system
    kernel security, low level
    netspectre
    off grid isp
    inject code in
    wpa3 security
    graph vulnerabilities
    javascript surprise excel for my boss
    password manager security
    visual studio plugin elevate privileges
    imsi catcher
    handheld console vulnerabilities


Enjoy the darkest parts of my head lol

Wow, there are a lot of great points for reflection. Thx enmafia2, going to dig into this week. Imsi catcher and car bluetooth steal contacts are awesome ideas Wink

Nice to see that I helped, if you end up doing any of those and don't mind sharing your work I would love to see it Tongue
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Badly need seniors suggestion and help baldhead 3 647 05-10-2020, 07:34 PM
Last Post: Insider
  need help doxxing someone from a FB page QMark 1 4,939 10-30-2018, 02:04 AM
Last Post: WitheredEcho
  If you need a laugh ekultek 3 3,716 06-06-2018, 10:01 AM
Last Post: Vector
  Hello, I need some direction! Justcus 2 4,243 12-20-2017, 12:52 PM
Last Post: Justcus