First Quarter in 2017 starts off with a bang
(Article from Q1 2017)
It has been an interesting few months in 2017 and we already have seen some really massive and interesting data breaches out there. Some of the areas that breaches are being seen are more extensively in vBulletin as well as other forum based websites. Other areas that we are seeing targeted are games websites and some interesting developments in IoT platform and eBilling and eMetering areas.
IoT, BotNets and Home devices remain a focus of various types of attacks
Just recently in one of our scans on the darknet we came across an anonymous author that discussed in detail issues and challenges in using various Electric Line based Lan and WLAN based devices. The synopsis of litter found on “powerline” exploitable devices is added below this text for your review and awareness. I did not create these scripts and am adding them here so that you can test and verify them yourself. Use the info to protect currently exploitable devices and harden them (manufacturers).
listMacs.py
listMacs.py is a script that grabs MAC addresses from the sniffer payload captures.
In test scans there can be two locations that contain a MAC address, so the script grabs both. There will be some invalid MAC’s along with the valid ones, although they don’t negatively affect the attack, these can be filtered out.
import sys
try:
# Import Scapy
from scapy.all import *
from scapy.utils import rdpcap
except:
sys.path.append( ‘Scapy’)
# Import Scapy
from scapy.all import *
from scapy.utils import rdpcap