…using a small python script!
What is Domain Fronting? How it works? How can be used to evade internet censorship?
DolphinAttack: inaudible voice commands allows attackers to control Siri, Alexa and other digital assistants
A research about supersonic voice command hacking
Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei.
Using a technique called “DolphinAttack”, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies that are too high for the human ear to hear, but perfectly decipherable by the microphones and software powering our always-on voice assistants.
How it works?
Frequencies greater than 20 kHz are completely inaudible to the human ear.
Generally, most audio-capable devices, such as smartphones, also are designed in such a manner as to automatically filter out audio signals that are greater than 20 kHz.
All of the components in a voice capture system in fact, are designed to filter signals that are out of the range of audible sounds which is typically between 20 Hz to 20 Khz, the researchers said.
As a result, it was generally considered almost impossible until now to get a speech-recognition system to make sense of sounds that are inaudible to humans,
Using an external battery, an amplifier, and an ultrasonic transducer, the team was able to send sounds which the voice assistants’ microphones were able to pick up and understand from up to 170cm away, a distance that an attacker could likely achieve without raising too much suspicion.
Here a video of the PoC:
Researchers proposes both software and hardware defense strategies.
- Microphone Enhancement: microphones shall be enhanced and designed to suppress any acoustic signals whose frequencies are in the ultrasound range.
- Inaudible Voice Command Cancellation: add a module prior to LPF to detect the modulated voice commands and cancel the baseband with the modulated voice commands.
Software-based defense looks into the unique features of modulated voice
commands which are distinctive from genuine ones. In particular, a machine learning based classifier could detect them.
Google hacking for fun and profit
We identify with “Google Dorking” the method for finding vulnerable targets using the google dorks in order to obtain usernames and passwords, email lists, sensitive documents and website vulnerabilities.
Ethical hackers can use the “Google Dorking” to improve system security, but also a black hat could use this technique for illegal activities, including cyber terrorism, industrial espionage, and identity theft.
A brief list
The original Johnny Long’s website
Hackers for Charity is a non-profit organization that leverages the skills of technologists. We solve technology…johnny.ihackstuff.com
Some dorks focused on SQLi vulnerabilities
Are you looking for Google Dorks List 2017? Don’t worry! I have got your back. In this article, you are going to get…howtechhack.com
Another list on Exploit-DB
Google Hacking Database (GHDB) By Offensive Securitywww.exploit-db.com
Google is a nasty search engine which just can’t stay away from its habit of crawling websites. After all, Google works…sguru.org
SCADA and IoT
Two Overlooked Cyber Risks BY JEREMIAH TALAMANTES, REDTEAM SECURITY Visual map of all SCADA systems recognized by…digital.power-grid.com
Some articles concerning Google Hacking
Google Dorking sounds harmless, but it can take your company down. Here’s what you need to know to avoid being hacked…www.darkreading.com
Me irlNot a day goes by in my life where I don’t use Google search. Nothing is easier than loading up the page, typing…www.alienvault.com
We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the…www.cybrary.it
13; For better understanding of the topic “Defense against Google hacking”, we will have a look into what exactly…securitycommunity.tcs.com
Some list found on github
Google-dorks – Common google dorks and others you prolly donn know :Pgithub.com
Some list found on github
Other resources? Suggestions are welcome!