IoT Hacking Stream

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·5mo ago

Key Takeaways

IoT hacking and security testing using TCM Security Academy resources and courses like Beginners Guide to IoT & Hardware Hacking and The Practical IoT Pentest Associate (PIPA)

Full Transcript

Um, Canada, right? I think if I remember correctly. You thought I quit streaming. Uh, I didn't quit, but um Heath Adams, the original Cyber Mentor, is has moved on um from TCM and is not going to be streaming here. Uh might be doing some streaming on his own, and he said he'd come back and join us for some live streams. So yeah, I'm still here though and I am still doing IoT stuff. It's not that easy to get rid of me. Uh yeah, you may ask a question. I didn't see your question. If you asked it already, uh ask it again. Um but yeah, I'm here to answer some questions. Thank you. In the winter, I just grow it out. And uh yeah, it's really really cold where I am right now. Like super cold. So it actually um definitely significantly helps in the cold weather. I notice that some if I ever shave it off or something, I'm like, "Oh my god, my face is so cold." All righty. Dude, that is so cool that you did the ESP32 where it's like a Marauder but with the BLE jammer. Uh, that's awesome. I'd love to see some pictures of it or uh hear about it. I love those kind of projects. I I got I'm doing a YouTube video for next YouTube video that comes out will be me and I think I'm going to do like a pimpure Bejorn video where I take a look at making a really nice enclosure for it. I got a cool 3D printer that I want to print an enclosure for and maybe make some firmware mods to Bejorn and get it looking real nice. Uh yeah, just for anyone wondering, I know this one of the first streams since uh he's moved on from the company. Yeah, he has moved on from TCM. So, um, ultimately though, it really does not, um, change a lot as far as how the company's been operating for the last while and the content that's going to be coming out and like for the most part, it was just, uh, myself and the other Andrew streaming and creating the content and training anyway. So, uh, yeah, pretty much everything will continue on the same uh, as it has been. All right. Are we talking about hacking? Absolutely, 100%. We are talking about and doing hacking today. Um, so we are going to be doing some live IoT hacking. If you've seen any of my past streams over the last while, been hacking a tender router and we did the hardware hacking part of it. Got the firmware off and there's a UART session that we haven't been able to get into. We're going to try and find the password for that today. Okay. Burpuite. So many problems created. Beginner to advanced burpuite lesson. That'll be a cool video. The So if we had Alex Olsen here still, who was, you know, one of our content creators and one of the main streamers, that would be his jam because he was like the web web app um master and expert. But uh yeah, maybe that's something we could look into making. So many good questions today in chat and stuff. I'm going to try and get to get to all them here. Did I get new cool IoT stuff for tools or anything for Christmas? Um I don't know. I don't I didn't really get anything um IoT. Usually I buy that stuff for myself because it's um yeah, I'm like picky and want specific things. Um, but something cool I did get is a new 3D printer. So, I've been um playing around with that. Not in specifically, I guess, IoT, but kind of in like the maker world. And uh I did get one other thing here. I think I got it over here. See here. I'm just digging deep into my bag of tools here somewhere in here. If I can find it. Oh, here it is. I got a Pico EMP. Okay, if you're familiar with EMP. Yeah, maybe in here. I don't know where I put it, but I got um from Chip Whisperer and I need to put it together. So, maybe I'll do that on a stream. It's a little um mini EMP. So that's electromagnetic pulse. You can use it to um zap chips like when they're in their boot process and stuff and it can throw things off. So yeah, that's going to be um cool build. So I got that recently. Came in the mail and I haven't had a chance to put it together, but other than that, no cool IoT stuff for Christmas. Today's topic in IoT is IoT hacking. And we will be taking a look at seeing if we can figure out um we found that UART session in one of the previous streams, but it's password protected. And I'd really like to get into the UART for this router. So, we're going to take a look at um how like the console login works and see if we can figure out which hash it is because there was a couple hashes that we found in the firmware. and then start taking a look at cracking it and then um yeah, we'll we'll try a few things and then if we can't get that then I'll probably just like leave it cracking um today in the background because that's things that might take a while. You're back. I didn't know you went anywhere. Nice to have you back though. Okay, good question we get a lot. So, first off, yeah, thank you. I I'm I like growing a beard. Um you're confused about how to choose between red team and blue team. So right now in today's job market, the reality is you're probably going to have a lot easier time finding a blue team role. There's just more of them. Um so yeah, that's the reality of it. But um the best thing you can do is probably to follow your passion. So, I would try and take a course on each of those before you decide. So, I mean, you got two excellent options on TCM. You've got um practical ethical hacking course and the PSA course, the sock 101 course. I mean, I think if you're going to be making a career decision, it's worth it to take both those courses. Like, what do you really like? What's your um yeah, what makes you excited? Because being excited and passionate about it is going to get you a lot f further. And um if you do decide it's red team and you're concerned though that you know it's going to be tough to land a job there then make yourself a road map. Say I'm going to I'm going to you know try and get a sock job that's going or maybe even help desk. I'm going to start help desk go sock and then you know my five year plan is to get into red team or something. So but yeah choose choose what you're passionate about is always my advice when I'm asked about this stuff. you want to start with cyber security and ethical hacking this semester, you are in the right spot. Um, we got a lot of great content here on our YouTube channel. Uh, lots of courses even on our YouTube channel. We got a free tier on our academy. We got all kinds of stuff. So, we wish you luck. Can let's maybe if people are in chat, let's wish uh Jason good luck. Hope hopefully I I got a feeling that you're going to nail uh your your interviews. You're going to get some. So definitely uh good luck. If you have not checked it out already, you should check out our free course uh soft skills for the job market. It's is a great resource for uh all things applying for jobs and interviews and things like that. Is there a free course with AI red teaming? There are some free courses, not through TCM, but yeah, we there is some free courses out there. Um, we have a free AI course, not specifically about red teaming, that is in our free tier. So, um, that's worth checking out. To be honest though, for like that kind of topic, um, you're probably going to get a lot more mileage out of paid courses, something like that's a little bit more advanced. So, like I took one free course on um red teaming AI and like it wasn't bad and that it wasn't accurate, but like it was just so um beginner. So, I think you'll have a lot better luck with um paid courses there. All righty. Let's see here. How do you get a job in red teaming? You just graduated. Well, first off, congratulations. Um, so I'm going to uh suggest you read and maybe Brick can drop this because we get asked this question a lot that um Heath made a whole video on it and there's also a blog and it's like how to be an ethical hacker in 2025, but like you know it's 2026 is the same thing. Um read that and it's like it's not like just promoting our courses. It's got like all types of um content from everywhere. So yeah, I would uh I would go and check that resource. Oh, nice to have you here from LA. I bet you the weather is a lot nicer than where I am right now. It has been snowing all day and it's so cold. Um yeah, that's awesome. What uh what certification are you thinking you're going to get? I'm curious. Uh, you recently rewatched my presentation at Defcon 32 2024. Sounded very confident in front of a large audience. Thank you. I was really nervous before that, but um yeah, once I got up on stage, it was okay. So, but yeah, I was I was quite nervous before that. Uh, yeah, I probably will attend a conference this year. I have a itch to go to a conference and um talk at it and the last talk I did was through IoT Village at Defcon. But um yeah, I keep in touch with them and they are interested in having me back for another talk because the last one went well. So yes, hopefully maybe Devcon. I'd really like to go to Defcon again because the last time I went I was with TCM. Um, which was a cool opportunity to like be at the TCM booth, but for anyone that's ever done conferences like that working at a booth, it's so busy. Like Brit was there, Casey were there actually. And we were just like swamped like just non-stop. I didn't have much chance to do like any of the like cool Defcon stuff. And I was too tired by the end of the day after like working all day to do a lot of evening stuff. So yeah, I would like to go to Defcon just like um as myself and like meet up with TCM people or people from the stream and stuff, but like informally, not at a booth. I would say the probably the most common design flaw in IoT devices is using like really outofdate um like binaries, libraries, all that like cryptography um and re and like crazy amounts of reuse of it is probably like if you're talking about design flaws or like um patterns, you see so much of that like really old Linux kernels, reuse of libraries. Um, that's one of the biggest ones I see. Ah, you want to get into cyber security, you want to get into AI security. We have a free tier AI um fundamentals course. I would start with that if you're interested um in like our paid services. We got the AI hacking 101 course which is going to be a cool course. I can tell you like right now I am working on another AI security course. It's going to be like um devsac ops and appsac oriented in like you know kind of like the opposite of the AI hacking 101 course. We're going to actually use the same application, but take a look at securing it and implementing things that are unique to AI like classifiers and things like that to um be able to secure uh AI and LLM enabled applications. And then after that's probably going to be an AI hacking 2011 course and probably a cert to go along with that. Uh and that'll take us to mid year. And yeah, honestly it's it's I'm probably just going to be doing AI security stuff at TCM for the next while. So you're in the right spot if you want to learn about it. What are my thoughts on job opportunities for malware developers or red teams focused on ICS systems? you're concerned about how AI will affect those sectors. Interesting. Those that's a such a niche role. Um I think there's going to be a lot of opportunities for ICS security in the near future. um not to go too deep into it, but just unfortunately because of the way things are shaping up in the world and how important um IC security would be in different types of conflict and um yeah, one of the things I think that's kind of just like keeping IC secure is the fact that like a lot of countries would consider it like you know similar to an escalation of kinetic warfare. And so lots of people aren't crossing that line as far as like nation states and even to some uh extent like criminal groups because it would just be like a really big escalation of things. Um so yeah, I think there's going to be lots of opportunities and it's going to be really important in the near future. Um I don't think AI will impact that any more than other sectors and maybe even less because the thing with AI is it's very good at um things that are already really well known and documented because it has to be trained on it, right? So if you pick the more niche subjects you go where there's not as much you know or you know there's not like millions [laughter] and millions of blogs and documentation uh and examples and training and all that um the harder it is for AI to be useful in it because it it just doesn't have that um you know training data and things like that and also some of that is like hardware based and you need to be hands-on and you need a lab. Um, so yeah, all of those things are things that make it a little bit more difficult for AI. So I wouldn't specifically be discouraged um by AI for that. Yes, there is um we have road maps for blue team, red team, how to be an ethical hacker starting all the way Yeah. from entry level and we have a bunch of free courses that you can start at and then make your way up from then. Maybe Britt or someone else can link the road maps we have. But yes, we have a bunch of road maps uh that use our courses and also other ones and include a lot of free ones. All right, you're all set for the PNPT. Congratulations. You're going to be attempting at the first week of February. Awesome. Amazing. Good luck. I'm sure you're going to do a great job. I think you'll have a lot of fun with that, sir. You want to know which is the the probably the biggest or the most common vulnerability found in firmware? Honestly, go look at the OASP IoT top 10. So, if you want to know statistically, like not just my opinion or anything, um, go check that out. Actually, we can look at it right now. Let's uh let's I'll I'll pull it up here. There's a OASP top 10 for a bunch of things. Uh IoT is one of them. So, let's pull it up here. Bring it on my thing switch so you can Yeah. Ah, so in case you didn't know, there is um move myself out of the way here, an OASP for IoT, which is super cool. And if you just look at the top 10 here, so the last one, there's one from 2019, too, but like they honestly haven't changed a lot. So, uh, we got weak guessable or hard-coded passwords. See a lot of that. uh insecure network services, lack of secure update mechanisms. So, honestly, this is a pretty good list of um things that we see a lot. So, hopefully that helps answer your question. A lot of good resources here actually too. If I go back here, I always tell people about this too. this IoT GOAT. Um, this is an intentionally uh vulnerable firmware sample that you can um take a look at and uh it's really good for learning on. So, 100% recommend checking that out. All right, let's see if there's any other questions. Probably question like a couple more questions and then I want to get into hacking. So, there's just so many good questions. Oh, this is a great question. Um, the answer is yes, but with the asterisk, um, you can usually get the firmware out from modern IoT devices, which we've already done for the Tender router, um, that we're working on. I didn't download it off the internet or anything. We took it straight off the chip. We pulled the chip off the board and read it. Now, that's not the source code, though. That's going to be um the firmware, which is going to be made up of, you know, the the kernel for the operating system, which is been in Linux. We got compiled binaries, we got libraries, we've got config files, and we've got like bash scripts and stuff like that. So, things like the bash scripts, yeah, that's just a source code. It's a script. is human readable for where most of like vulnerabilities and the interesting things are going to be that's going to be in the compiled binaries and libraries. Um so if we want to look at what will be you know the source of those we're going to have to reverse engineer them which um at one point in these streams we're definitely going to get to that phase. We're kind of like working through all the stuff I do. Uh and I do want to get a UART console because it makes reverse engineering in my opinion much easier. So all right yes 100% I think we will see the emergence of this and um I forget what they call this team. It's not necessarily blue. It's more like I think they call like yellow team or something, but it's it's um probably going to be like more of like an appseack style um role, a little bit different than like your sock roles or blue team roles. But um yes, I think that um there's going to be a lot of need for that type of level of expertise. All right. Okay. Um I think I've got most of the questions that people were asking about. So I'm going to um start hacking. I will keep answering questions and stuff while I'm hacking though. So don't Yeah, if you if you got general questions or anything, feel free to ask. But yeah, let's take a look at doing some hacking here. All righty. Okay, cool. So, I haven't touched this since the last time um we were here. I just picked up where we left off in my VM here. And the last time we were here, we took these notes. We were doing just like initial review of the um firmware and with a goal of trying to get into the UART. So UART is like the hardwarebased um shell that we can get, you know, connecting wires to the board to the pins on the board. We get into the console of the router essentially get a shell. Uh, and we were able to see like the boot logs and everything and and get a shell, but it was password protected. So, we we did guessing of passwords. We didn't get it. Um, and now we're going to move on to a more um hacking oriented approach. Yeah, we have questions. LOL. Is this the same tender router? Yep. We going to be working on this for a while. Um, there's lots of goodies to see on this and it's kind of fun because like I'm not I'm I'm only doing this um tender router on stream. So you guys get to see my successes and failures all all as one. Um okay. So we we saw that this this is this line which was in the um init tab here. So some of this just like a little bit of recap. So this is the firmware by the way. Here we got the firmware extracted it and then when we looked at um the init tab oopsies let's see in our innit here. Is it in here that we saw this or was it in the tab? No. Uh yeah no it's an init tab I believe which is somewhere in here probably. Here we go. Yeah. Okay. So in a net tab you can see so this is what calls this RCS script. So this is the CISET. Um so when the boot when the device boots up and hands over to Linux it calls this script. So this is a startup script. So that RCS script in it.d that we were just looking at here, it calls this and then it spawns this ttyo respawn spin su login. So next thing we're going to do is take a look at this because that was in our notes too. So we should look at um that. So that's in espin. So let's go over to espen here. and then um first things first, let's run a file on su login. Okay, so not surprised to see that. So what it's saying here is this is a symbolic link to uh binybox. So this is what's called a sim link. So if you're not familiar with that, essentially this is just like a shortcut saying if you call su login actually go and um use bus by box. And in embedded devices, busy box is like this Swiss army knife of Linux tools. Essentially, it's done to um save size because memory and storage are at a minimum. Um, so you got this this um binary bus by box that has like potentially even like a hundred depending on how it's compiled like of the standard Linux binaries inside of it and then like as a subcommand it will call call those. So this su login this is using busy box. So there's nothing this is not actually like a file or anything. It's almost just like a pointer. Um so there's not going to be anything to see here. So, with that being said, we can take a look at that busy box file and see if we can figure out what it's looking at because what we're probably need to do is crack one of these hashes. But if you remember, if you were at the last one, we were um reviewing the the contents and we found both the shadow file and the past WD and these are different hashes um not just the salt. These are actually different um hashes here. So, we need to figure out which one of these it's going to be um for the logging. So, we don't want to waste our time. Now, usually it Linux uses a shadow file because it's more secure, but this one had this past WD. So, I'm guessing it's this one because we see it's like got the the shell like specified like what type of um that it's using sh not ash or something. Um but we don't know. So that's the next thing to find out here is to try and figure that out. Um so what we're going to do is we're going to take a look at um busy box and let's run strings on it actually first. So by box is in bin actually. So go here. Oops. Uh okay. And then now if we just we can check busy box and we should see that it's a L file now and not something. Yep, exactly. Um, okay. So now we're going to run if we just run strings on it just to make sure for a sanity check. I like to use this N2 of 12 or else you just get so much gibberish back. So we'll go to Z box here. Perfect. So we can see like we're getting all the strings back here which is good. And then now so now we can probably even find if there's like error messages um about this. So let's do that again here. But um we'll take everything back because we're going to pipe this into GP here now. All righty. Okay. You'll have to bear I got I just got a new keyboard. So, it's taken me a little while to get um used to it. It's like a fully split keyboard because I was getting having a bunch of wrist pain, but so it's it's it's been helping a lot, but it's very hard to get used to. It's ortholinear as well. Um so, it's been taking me a while to get used to. Anyway, with that being said, so what we're going to do here is now we'll just see if there is um pass WD or shadow in here. Oops. So, we're just grapping on those. Um oopsies. So let's see if we can find anything with either of those. So um nothing with shadow, but we get two hits for pass WD. So like already, yeah, it's probably that. Um but if we want to be really sure on this, there is um a standard C function that is usually used um for actually calling these. And it is this one. get pw nam3 if you look at the main page. So uh I don't know I just know this from working with Linux and looking at lots of binaries and stuff but um yeah so there there's a function that's usually this used in the standard CIB and um if you take a look at it and you come down here this returns a pointer to a structur structure containing the broken out fields of the the pass past WD um and then there's also another one. So then pw nam. There's also one that's spam. It's called get spam. So there's this one as well. And then this one gets the uh shadow Etsy shadow. So what we can do then also if we want to be um like really really sure about this is we can do a read alf. So this what this does is this looks at um the the libraries and included functions in the binary and we'll go dash busy box here and then we can pipe this into oops pipe this into gp on get pw name and you see we've got that one. Um, and then we can also try SP NAM here is what I believe it is it spam. Yeah, that's it. Get SP nam. So that's not there. So now we now we know. Yeah, for sure. Okay, we got this pass WD um contents is what we need to crack and it is um an MD5 hash. This is the Unix um MCrypt hash. Uh very very crackable hash. So let's try and crack it. So the first thing we should try is probably some basic stuff. And I have also been using um Claude code for helping with this. So one of the things I kind of want to do is see if it will make us um a word list. So let's try that. And if anyone has um passwords I think we should add to the word list, drop them in chat. I'll add them in as well. Let's go and grab this guy's chat and um yeah, let's say based on the router. Let's how do how do we want to prompt this tender router you create word list using commonly known router oops passwords and past tender passwords Okay. So, it created this for us. Let's see. How long is it? A couple hundred. So, don't know why this says sorry I can't assist with that, but it um so okay. So, also I wanted to show another thing here. So, if you're I I showed this in the last one, but um if you are working with um Visual Studio Code and like Copilot here, um I like using Claude. I found it's one of the best ones for lots of things, but specifically for like security research, uh reverse engineering. If you make these co-pilot instructions.mmd, then it looks at these first and like uses them tailoring your response. Um, so I always set this up and you can say this directory contains unpacked firmware files for a wireless router. It's embedded Linux system. Um, an ethical security review is being conducted to identify the review focus. Yeah. So when you say that and like it's not there's nothing lying here like I am doing this for uh ethical reasons. If we find anything we'll report it for sure any big findings. Um this is important because otherwise like when you ask it to do stuff it's going to be like no I can't do that that's dangerous whatever but um if you tell it what you know for what for whatever reason this seems to be enough um for cloud code with like GPT chat GBT and codecs and stuff like that it's a lot more difficult in my opinion to get it to do stuff. So just yeah anyway I just want to show this cuz if if you don't do this you'll be banging your head again a lot of times um against this. Okay so we got this word list here and uh yeah oops Gemini is the most difficult. Yeah, Gemini is a bit of a pain. Uh yeah, Anthropic. I got all the premium stuff because I'm obsessed with checking out and testing uh AI. But yeah, I think uh in the next coming year it's going to be AI in general is going to become a lot less accessible um as a free product because it is so insanely expensive to run. Um yeah, so if you're using stuff for free, use it while you can. Uh yeah, the new hash cat is for sure good. I mean, I'm using um Claude for um generating these passwords, but um yeah, the new hashcat can do this on its own. Okay, so let's try this word list then. So, what I'm going to do here is um I'm going This is So, I'm I'm connected to a VM right now and I'm I want to do this on my main computer because I don't Yeah, because I want to use my GPU. So, we're going to give this a try. Hopefully, this won't uh uh crash my computer because we're running like OBS and Streamlink and a bunch of stuff. So, um but yeah. Let's try this first and let's just do let's make sure. Okay, so I I brought over Hashcat here onto my Windows computer and uh let's make sure it can pick up my GPU. It Yep. using Open CL. And then I think it's this. See if it will do this. Okay, perfect. So, right now I'm just running a benchmark to make sure it's going to work. Yeah. Okay, perfect. So, this is that MD5 um H Unix MD5 crypt hash. So that is 12,78 kilahashes per second. So that's like 12 million hashes per second, which is why you probably should not use this MD5 hash for anything um anymore. So we need a word list now though. So let's um if I just go Notepad here. Notepad word list.txt. TXT. So, we're going to make I'm just going to copy and paste from this one here. Perfect. Okay. So, now let's just make sure this saved perfectly. Cool. All right. So, 500. Actually, let's make a hashes.ext first here as well. Um, can make our lives easier. Better better practiced. Yes. Okay. Yeah. Save all that in our hash.txt. Yeah, I need to do a lot of practice. I'm like forcing myself to use it. In the last couple weeks, I've been like not going back to my standard keyboard even for like streaming or things like that because I find then I put it back in and then I just like start using it again and I'm like really trying to force myself um to use a different one because yeah, otherwise I start cheating and stuff and uh yeah, it's been taking me a little while to um to get through that. So, okay, back to our hacking here though. So, now let's hash.exe. It's been a long time since I've done some hash password um cracking, so this should be fun. And then what do we call it? Were Word list.txt Uh, let's see. How far does IoT go into ITICS? So, I'm assuming you you mean OTICS. Um, there's like some crossover, but there's a lot of differences, too. like IoT is a lot of commercial devices and ICS is mostly like PLC's and things like that DCS. So there's definitely some overlap and some of the hardware hacking side but there's a lot of differences too. There's a lot of like unique protocols like Modbus or things like that that you're going to see in ICS that are just not in IoT devices. So yeah, I would There's a little bit, but there's honestly not as much as people think. If you want to learn um OTICS, industrial control system hacking, there's a lot of um different protocols and things like that that you need to um learn a lot about that you will not see in in IoT devices. Good question though. Yeah, exhausted. Me too. Our uh hashcat is exhausted the list. I didn't think that was going to get us in. That was a long shot. So, um yeah, let's go. I don't have uh I don't have rocku on here, but we can go and get it. So, let's go get rocku and then um let's try that. This one it did it so fast though. It like took a little more time to initialize. Look time. The time zero seconds. I can't even like crazy. Um, okay. Yeah. So, let's go and get though uh here. Let's go and see if we can get Rockyu and we'll try Rockyu. >> [snorts] >> Oops. Uh, good question. What is more important, finding hash or vulnerabilities? Vulnerabilities are way more important. The hash is really just because it's going to make it a lot easier to find um those vulnerabilities because I really like having a shell um into the device when we're doing reverse engineering because you can see what's going on and can potentially attach a remote debugger to it. Uh it's going to make our lives a lot easier. So really um this I like if I when we if we crack this and stuff like if we told the vendor about it they they won't care. Um, a lot of these have just open UR or like really really bad um, yeah, really like just like admin. So like sometimes that works, you know, your list of like default ones and you get one. Um, yeah. So, no, it's not a huge vulnerability. We're trying to find this because it could be easier on us later. You could do it on VM. It's just a word list to be fast. I'll be pretty fast on my VM for like Rockue, but um I have a feeling Rockview is not going to get us in. So, we're probably gonna need to use a bigger word list. And then we're going to add a rule set to it. Probably like one rule to rule them all. Um and then it's going to be where yeah, it's going to be painful. You know, once you start adding those rule lists in, the permutations that they add make them just like so much bigger. Um so, yeah, we don't want to run this on the VM. So, better to just get it going on your GPU. I got a really powerful machine here for doing AI stuff, so I might as well put make use of it. So, just to show you what I'm doing though, um this is where I like to go to get my password stuff. So, this is the um called SEC list. It is a great um resource for finding password lists and usernames and things like that, fuzzing lists, all that kind of cool stuff. And uh yeah, let's see what word list we've got here. Stupid ones in production. There's like a top 1,000 or something in here. So, if we want to get Rocky, it's probably in here. Rocku.txt. download this. You guys can see all the stuff I've been doing here. If you did see that, what I am been doing is 3D printing a bunch of Nerf blasters cuz that's been having a lot of fun doing that recently. And my son and nephew have been having so much fun playing with them. We having some epic Nerf battles. If anyone else here likes 3D printing or Nerf, you should let me know. And also chat with me on LinkedIn about it because it's my new favorite thing. [snorts] Okay, I just downloaded Rocky. You see Princess. Is that Brett says she sees Princess. Brit is is that your password? Do you see if you see your password in this list, you should change it immediately. Okay, that goes for everyone, not just Brit. Um, okay. So, we are going I think this I can just call this rock five. Yeah. All right. Let's see what this is. Immediately uh exhausted as well. How many was there in that? 13. There's only 13. What the heck? That doesn't seem right. That does not seem right. There was only 13. What the heck? Okay, that's not what we want. Ah, that's Yeah. Okay. These That's Yeah. Okay. This is what we want right here. I think we're have to untar this one. Yeah, Rocky is a tarball. Maybe that's going to be one for another day. Let's um because I don't want to bring that over to Linux, then untar it, then bring it back over. So, it's this one. How many is this one? Feel like it's not going to be any of those. This is a good one. Default. Okay. Default credentials. Default passwords.txt. That could be a good one. SCADA for all you folks asking about uh IoT. Let's This one could be a good one to try. Let's download this one. Save. Okay, let that run through here. So fast. None of these though. So another thing we can do with this though now is go um dash r oops rules I think we got it here. Best 64 rule. Do we not have rules? Rules. Okay. Best 66 rule. Guess there's Guess there's a better one now. Didn't know that. Okay. Oh, best 65. I had a typo anyway. Okay. This should take a little while because it's going to do these rules. Holy cow, this is so fast. Wow. I just need a really good rule or a really good word list of like everything. Maybe I'll just try brute force later. It's insanely fast though. The password is Okay. Uh we're almost at one here. So, what I'm going to do is um I wanted to show you guys the process. So, really this is the process. Now we figured out what everything we need to do. So I'm probably going to download a really big word list I'll untarable one not on stream and then we'll I'll just let that run through and then hopefully for the next time we stream I will have cracked it and I'll show you exactly what it was. But um yeah, it's it's still going to take me a little while to do this. [snorts] Honestly, I wish I had a 5090. I do not. I have um an AMD AI Max 395. It's like the like they're calling it like a APU. So, it's it's got the combined um RAM and CPU and GPU like all together, which is cool because it has 128 gigs of RAM, which um 96 of that can be allocated as VRAM to the GPU, which is really good for running local models, which is why I got this one specifically. Uh and this I got as like a mini computer. It's the GMK Techch Evo X2. And that whole computer was like the price of a 5090. So, I do not have a 5090, unfortunately. I wish I did. Uh oh, this was a good question. I mean, not specifically. It's kind of cyber security related, but um yeah, I saw I saw this um [clears throat] in the for New York. They want to pass this and um just like technically speaking, I have no idea how this would be implemented in a realistic way because the only way to really do this well is what like thing averse and like printables and stuff is they're using AI detection, right? um to try and determine if something's like a real gun based on specific parts of it that are specific to that and not a toy or things like that. Um but that works like in the back end in the cloud when you upload a model and it only has to work when you know a person uploads a model and you can have be like YouTube or whatever where like yeah okay your model it's going to take a a day or so or whatever for moderation and then it goes up. Um but how are they going to do that on every print? Like it's can't go out to the cloud. it's going to be way too expensive every time someone prints something. Um, a lot of printers work offline and like there the resources to do something like that on prem like on the firmware for a 3D printer is just not possible. So like maybe they could like have some sort of database that's like the common known um ghost gun files or something about them and and try and work off of that. But like what's going to stop someone from just like making a small modification to it or something? It's it it'll be like um if you think of like um a static malware like for viruses where they're just looking at like a hash or something very easy to bypass. So yeah, I just I don't see how it can be implemented very well. Um, and then even not like notwithstanding like toy guns or Nerf guns or things like that that look like guns, there's just like so many other parts and equipment and like things that are useful for 3D printing that have nothing to do with like weapons or firearms, but like could easily look like pieces of it, like a trigger, things like that. So if you if you start having um false positives too is going to drive people crazy like oh I can't print this like you know piece I'm trying to design for my car or something because 3D printer thinks it's a gun but like it's a part of a muffler extension or I don't know whatever right so I have no idea how they're possibly going to to pull that off and like as someone who's knows decent amount about 3D printing and like firmware and AI I just I don't see how so Okay. Yeah, I'm not a gun guy either. I'm in Canada. Um I don't I don't have any any uh guns or anything. I'm not a big um gun guy, but um yeah, I don't think it's going to be a good um I don't think it's going to be able to be done properly. That won't make it like just a huge um pain. So yeah, um we're reaching one here. I don't know if if anyone has any other burning questions, drop them in now. I'm going to hang out for a couple more minutes, but then I'm going to wrap up uh the stream. So if you got any other questions Oh, that's a good one. Absolutely 100% a 3D [laughter] printer can be hacked. I mean, I didn't even get into that, but yeah, like how um you know, just put your own custom firmware on it probably. Um, yeah. Can a can a 3D printer be hacked? 100%. And like this kind of goes back into like the hacker mentality and like the first 3D printers, um, and like why why I didn't really get into 3D printers until now is they were like a lot of DIY and like hacking in the sense of like you had to like hack it together. >> [laughter] >> It was a lot of like, you know, do-it-yourself, make it work kind of vibes for the initi in initial 3D printers in that like whole community. Um, so yeah, they're definitely hackable and have been um being hacked and hacked together and diyed and like open sourced for a long time. Um, so yes, 100% they could be hacked. It has been a lot of fun hanging out here, chatting with everyone. Um, doing some router hacking. I'm going to take this hash offline now and I'll try and crack it this afternoon. I'll run some stuff through. Um, if we're going to, if I find it, hopefully I will. I'll show exactly what uh how that works, how that worked in uh the next stream. So, thank you everyone for tuning in. I hope you have a great day and uh yeah, that's it for now. I'll see you again. Then I'll be on again in uh I guess one month's time from now. So see y'all later. Oh actually before I go one last thing that bird asked me to tell you about. I am teaching an AI hacking live course um next Monday. It will be yeah not this coming up Monday but the one after that. It's going to be a lot of fun. So uh if you are interested it comes with the exam attempt as well. small move. It's $6.99 US for like one day of um training and that comes with live lab which is like running an LLM um powerful in the in the cloud for you. So, if you've taken that course um you know you have to set up your own LLM. Well, you get a blazing fast one in the cloud for that um with extra hours so you can do that afterwards. Um and you get an exam attempt and you get me training you live where you can, you know, ask questions and things like that. It's honestly a really good value. Um so, yeah, that's coming up soon, February 2nd, I believe. So, I'm really looking forward to that and I would love to see um anyone here that um is interested to join in. So, with that being said, I will go now. So, bye for now everyone.

Original Description

Start IoT hacking today with the TCM Security Academy: - Beginners Guide to IoT & Hardware Hacking (course in the TCM Security Academy): https://www.tcm.rocks/hh-y - The Practical IoT Pentest Associate (PIPA): https://www.tcm.rocks/pipa-y  Watch the earlier IoT Hacking Streams here as well as several other related videos from Andrew Bellini: https://www.tcm.rocks/iot-hacking-videos And lastly, if you want to explore the AI side of things, consider signing up for our AI Hacking Live happening next month! (You can also sign up for future sessions if next month is a no-go. https://www.tcm.rocks/ailive-y We'll be voiding some warranties and hacking IoT devices live in todays stream, also AMA Q&A too!
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60

← Previous Next →
1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
37 A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video stream covers the basics of IoT hacking and security testing, providing resources and courses for beginners to get started with IoT pentesting and hardware hacking. The stream includes live hacking demos and Q&A sessions.

Key Takeaways
  1. Join the TCM Security Academy
  2. Enroll in the Beginners Guide to IoT & Hardware Hacking course
  3. Explore The Practical IoT Pentest Associate (PIPA) certification
  4. Watch earlier IoT Hacking Streams for more information
  5. Sign up for the AI Hacking Live session for AI-related topics
💡 IoT devices can be vulnerable to hacking and security breaches, and learning about IoT security and pentesting can help individuals protect these devices and networks.

Related Reads

📰
OT Vulnerability Management: Why “Patch Everything” Can Be the Wrong Strategy
Learn why a 'patch everything' approach can be flawed in OT vulnerability management and how to prioritize risks
Medium · Cybersecurity
📰
The Cybersecurity Certification That Looks Great on a Resume But Gets You Destroyed in an Interview
Prioritize the right cybersecurity certifications to boost your resume and interview performance
Medium · Cybersecurity
📰
Identity Assurance Level 3: What It Requires and Who It Applies To
Learn about Identity Assurance Level 3 requirements and applicability in the NIST digital identity framework
Medium · Cybersecurity
📰
I Analyzed 200 Free Online Tools — 87% Upload Your Files Without Clear Disclosure
87% of 200 free online tools upload files without clear disclosure, compromising user privacy and security
Dev.to · swift king
Up next
Surfshark Review — The Honest Pros, Cons and Final Verdict (2026)
Tutorial Stack
Watch →