Kali Purple, Linus Tech Tips, SDR - March 18th - 24th, 2023 - F5 SIRT - This Week in Security



Hello again, Kyle Fox here.  This week we have some big news from the tools people over at Kali Linux, a major YouTube channel takeover, a short look into the Software Defined Radio scene, and an extra large helping of news in the roundup.

Kali Linux Turns 10 and Releases Enterprise Security Distribution Kali Purple

Ten years ago Kali Linux brought us all the offensive security tools under one roof, with everything setup so that you could dive into using them.    Before then putting together an offensive security Linux installation involved downloading gzipped-tar files and a bit of compiling, not exactly an easy start.    While it was heralded as a danger to all of information security, the walls did not fall and it turned out to be a really helpful tool in the security toolbox.
Kali Linux provides a number of important tools, from the expansive Metasploit framework and the Armitage GUI, to password crackers like Hashcat and John, scanners like Nessus and Nmap, memory tools like Volatility, data analysis tools like Maltego and so much more.    Kali can be installed on any x86 computer from the last 10 years and a handful of ARM platforms like the Raspberry Pi and the BeagleBoard/BeagleBone.  It is based on Debian Testing and provides Debian compatible repositories which can be used to install tools from Kali on other Debian based distros like Ubuntu with varying success.
To celebrate this 10 year anniversary, Kali has introduced Kali Purple, a enterprise security and "SoC in a box" distribution aimed to bring enterprise and defensive tools to the Kali community.    Some of these tools include the powerful Arkime packet capture and analysis platform, Elastic Security SIEM, Suricata and Zeek IDSes, CyberChef data analysis swiss army knife and other tools to help defensive teams analyze activity and respond to incidents.
Side Trek:  As the Raspberry Pi shortage continues, lots of makers and tinkerers have been looking for alternatives.    You may note that I linked to a platform called the BeagleBone Black above, this is a platform that may be more suited for many Linux + MCU style setups.  While the Raspberry Pi runs on a set-top-box series of embedded processors, the BeagleBone series runs on the TI Sitara AM335x series of chips.    These chips are designed to be embedded application processors and come with all the IO you would expect from a microcontroller, including a pair of dedicated microcontroller cores called Programmable Realtime Units (PRUs) as well as application processor interfaces such as Ethernet and HDMI.  The BeagleBone Black runs Linux pretty well.

Linus Tech Tips has its YouTube Channel Taken Over by Crypto Scammers

Despite a push by Google to get large YouTube channel managers to transition to MFA, the LTT channel was taken over by crypto scammers.   The attackers used specialized malware that is set up to steal the session cookies for YouTube from targets.    This presents a fairly big weakness for YouTube creators because any channel manager can navigate from their own YouTube account to a managed channel in three clicks  (Click on your avatar, click on Switch Account, click on the desired account) without any sort of re-authentication.   And because this is available to normal users, it is also available to anyone who has stolen those users session cookies.
Hopefully this incident can serve as a warning for creators that they need to up their defensive security game, including using unique accounts for large channel managers and deploying more endpoint security.    But one can also argue that Google needs to provide more security for YouTube creators, including the option to force re-authentication on an account switch as well as more granular permissions, enhanced backstops on channel actions and perhaps more audit tools.

Software Defined Radio Keeps Chugging Along Behind the Scenes

While the massive popularity of the Flipper Zero continues to keep it out of stock (I managed to order one in the latest drop but it hasn't shipped yet), its wide availability has people opening Tesla charge doors and finding vulnerabilities in EV chargers.  Other options continue to be available, like the Portapack expansion for the HackRF One.  This expansion allows the HackRF One to operate independent of a computer and with the Mayhem firmware, a port of the now unmaintained Havok firmware, you can use it in a handheld form factor on the go, or load up a computer with GNU Radio for deep dives like testing LoRa security.
Other software packages include the Windows based tool HDSDR.  The GNU Radio powered Qt frontend Gqrx.  Other hardware options include the NI Ettus USRP line, the KiwiSDR cape for BeagleBone.  Of course, you can still get RTL-SDR devices like the RTL-SDR Blog unit or the Nooelec RTL-SDR line if you want to try it out for cheap.


Published Mar 30, 2023
Version 1.0

Was this article helpful?

No CommentsBe the first to comment