This article was first published at Hackers-Arise in April 2022, just 2 months after the Russians invaded in Ukraine.
At the request of the IT Army of Ukraine, we were asked to help the war efforts by hacking a large number of IP cameras within Ukrainian territory. In this way, we can watch and surveil the Russian army in those areas. Should they commit further atrocities (we certainly pray they will not), we should be able to capture that on video and use it in the International Criminal Court. At the very least, we hope the word goes out to the Russian soldiers that we are watching and that constrains their brutality.
In a collaborative effort, our team (you all) has been able to hack into a very large number. We have nearly 500, and we are working on the remainder.
Here is a sampling of some of the cameras we now own for surveillance in Russia and Ukraine.
To learn more about hacking IP cameras, become aSubscriber Pro and attend our IP Camera Hacking training.
As we enter 2026, cybersecurity will be among the most important issues your organization, and our society, will face. Let’s take moment to review the most important issues we will be facing to help you better prepare.
Rather than leveling off or declining, cyber attacks continue at an unprecedented pace. Recent trends and technological developments can help to inform us as to the nature of attacks in 2026.
Let’s take a look.
AI as Both Weapon, Shield, and Force Multiplier
Artificial intelligence is changing the way all of us work and that applies to your cyber adversaries as well. Hackers are quickly adapting to the new AI environment, leveraging its speed and scale to enhance their attacks. At the same time, organizations are deploying AI to detect threats, predictive modelling, and automated responses. In both cases, Artificial Intelligence (AI) becomes a force-multiplier enabling both sides to do more with less.
In 2026, we will certainly see more AI generated threats and those organizations who refuse to use AI to defend their networks and assets will likely not be here to enjoy 2027.
SCADA/ICS/OT Vulnerabilities
Industrial systems (SCADA/ICS/OT) will continue to be key targets in 2026. These systems have benefited from security through obscurity for decades, but now that the attackers understand how poorly secured these systems are, the attacks will accelerate.
Some of the key issues identified by this industry include:
47% SCADA/ICS/OT companies cite gaps in the skillsets and resources necessary to protect their systems.
41% identify lack of network segmentation between OT/IIoT and IT environments as key challenges.
Critical infrastructure systems remain particularly vulnerable to sophisticated attacks. Over 200 proprietary protocols not found among the TCP/IP stack makes this field particularly challenging, while being among the most important to national security.
Internet of Things (IoT)
IoT is growing exponentially while the security of these devices is stuck in a crawl. In 2026, these devices will be increasingly used as a vector to compromise devices within the home network (phones, computers, other IoT) and as an element of a larger botnet, used to perpetuate the largest DDoS attacks in history (this is an easy prediction to make as IoT every year is responsible for the largest DDoS attacks in history). IoT increases every person’s attack surface and the greater the attack surface, the greater the probability of compromise.
Unless the IoT industry implements some basic standards of security, in 2026 the world will become a much more dangerous place.
Identity Management
Identity management is crucial in cybersecurity because it controls who has access to your systems and data.Without strong identity management, you’re essentially leaving the keys under the doormat—even the best perimeter security becomes ineffective when you can’t verify and control who’s inside your system. Artificial intelligence (AI) will make identity management even more challenging in 2026 as attackers use;
Deep fakes and synthetic identities including fake voices, videos, images. This will make such identity management systems as biometrics less reliable.
Social engineering will be enhanced by enabling the attacker to personalize phishing attacks by replicating the writing style, voice, or social media presence of a trusted colleague.
As AI-generated content becomes increasingly ubiquitous, it will become harder and harder to distinguish between AI agents and real humans.
2026 may be the year you will need to implement AI to determine if someone is actually a human.
Cloud Security Complexity
Cloud is the top cybersecurity threat organizations feel least prepared to manage. Multi-cloud environments face sophisticated malware, insider threats, mis-configurations, and supply chain vulnerabilities. Organizations are struggling with “tool sprawl”—managing dozens of separate security tools that create blind spots and conflicting configurations.
Quantum Computing Threats
Quantum computing is coming! Probably not in 2026, but on the near horizon the threat looms of quantum computing breaking your encryption. Quantum computers can easily break the most widely used asymmetric cryptography and 2026 should be the year you begin to prepare with quantum-resistant devices and cryptography.
Geopolitical Impact
Wars are raging around the planet and these conflicts will lead to additional geopolitical risk. Some 60% of business and tech leaders rank cyber risk investment in their top three strategic priorities in response to ongoing geopolitical uncertainty. State-sponsored cyberattacks, disrupted supply chains, fractured alliances, and telecom infrastructure vulnerabilities are reshaping threat landscapes and business strategies.
Ransomware Evolution
Ransomware-as-a-Service (RaaS) is making sophisticated attacks more accessible. AI-driven ransomware can instantly detect vulnerabilities with increased focus on vital industries like finance, healthcare, and energy. The average data breach cost has reached $4.4 million in 2025.
Multi-stage ransomware with data theft, harassment, and long‑tail extortion remains the most disruptive form of cybercrime, and we predict record incident volumes projected into 2026.
Cybercrime ecosystems are moving more of their infrastructure and monetization on‑chain (crypto, mixers, DeFi), making take-down and attribution harder and enabling more resilient RaaS affiliate models.
Talent and Skills Shortages
Workforce gaps remain a critical barrier. Knowledge and skills shortages are the top obstacles to implementing AI-enabled cyber defense. Over half of all organizations are turning to AI tools and managed security services to compensate for missing expertise.
Remote Work Security
With hybrid work as the default, securing remote access has become paramount. Cyber criminals are exploiting remote sessions through phishing, credential theft, and AI-powered impersonation attacks, expanding the attack surface of your organization significantly.
Proactive resilience and continuous adaptation are no longer optional but essential for survival in 2026’s threat landscape.
Physical Security
If you attacker is within your perimeter defenses, GAME OVER! An attacker who can enter your facility and sit down to a computer may be one of the least anticipated attacks. This applies to the disgruntled insider as well. You can have the very best perimeter defenses, but if the attacker is inside your walls, that will all be for naught.
In 2026, make certain to secure your physical perimeter and test all your systems against such as attacks as RFID smart card attacks and social engineering.
Summary
We predict that 2026 will be another very challenging year for those of us cybersecurity. It is essential that you understand the coming threats and the methods to the thwart them. Hackers-Arise will address each of these issues in 2026 both in this blog and in our 2026 trainings.
New technological developments in recent years has made it possible to build a private cellular network at very low cost. This can be useful to many organizations who place their privacy at a premium such as firms engaged in research and development of intellectual property (IP) or law firms, to name but a few.. You can read here how the Mexican drug cartels built their own private cellular network to evade both law enforcement and competitors snooping.
This article was written by one of our most advanced students, Astra. Astra is an ardent supporter of Ukraine’s freedom and an advanced student of low cost cellular networks.
If you want to learn more about setting up a private 4G LTE network, enroll in our SDR for Hackers: Building a Private 4G Network!
In this article, he will demonstrate how to build your own 4G LTE network!
LTE Networks
The concept of private LTE itself is not new. There are ready-made solutions that allow you to lease frequencies and deploy such network at your enterprise. But, of course, all this equipment is not suitable for a one-time testing experience, so we will launch a network based on SDR.
If in the world of open-source stacks GSM is ruled by Osmocom, then here in 4G LTE the undoubted leader is srsRAN. This is a completely open-source software that with minimum configuration, allows us to launch this kind of network.
srsRAN can be built from source, but I recommend using DragonOS, which has already been mentioned many times by OTW, where this software is already included in the distribution.
There is also another similar project which is LibreCellular that uses slightly different hardware, but the key concept is the same of srsRAN.
How LTE works
Let’s understand how this network (RAN, Radio Access Network) works.
It is a network that utilizes frequencies more efficiently and provides much faster performance compared to GSM and 3G.
It consists of three key components:
EPC (Evolved Packet Core)
This the operator’s core network. Its main component is the MME (Mobility Management Unit), through which all signaling traffic from UEs (User Equipment) passes. This node is responsible for service transfer, calling, authentication and many other operations. Its other parts are the billing service and gateways (service and packet), which provide data exchange between parts of the network and other networks. Connected to the core network is the HSS (Home Subscriber Server), a secure database where encryption keys and subscriber information are stored. In a GSM network, the role of this node is played by the home register (HLR).
eNBs (eNodeB).
These are the base stations. LTE operates in a wide range of frequencies, from 450 to 2600 MHz. Their use varies from country to country, as some of these frequencies are already reserved for something else. Like GSM, there are channel numbers here too – the E-UTRA Absolute Radio Frequency Channel Number (EARFCN).
The whole spectrum of frequencies is divided into broad sections (LTE bands), the choice of which differs from country to country.
UE (User Equipment).
These are the devices that connect to the network such as phones and modems.
What does it take to get your own LTE network up and running?
In order to reproduce everything that I will be describing below, you will require some specific hardware and specific configuration.
For this test you will need:
1) A Linux and a Windows machine.
2) A full duplex SDR with proper antennas. B210, BladeRF, and LimeSDR are suitable.
3) A sim card reader
4) Programmable LTE USIM cards
5) An android smartphone
Let’s start
Boot into DragonOS and plug in the SDR.
Navigate to the /etc/srsran folder.
dragonos> cd /etc/srsan
You’ll find the configuration files there.
dragonos > ls -l
In the enb.conf file we will modify two parameters: MCC and MNC
These parameters are identical to those used in GSM networks – they are country code and network code. Normally, we should use some arbitrary values, but the problem is that most phones refuse to work when they see strange values for network. That’s why we need to specify the MCC of the country you live in or use the 999, which is the value for private enterprise networks. With regards the network code (MNC) make sure to set one that doesn’t belong to any operator working in your country.
[enb]
enb_id = 0x19B
mcc = 999
mnc = 01
mme_addr = 127.0.1.100
gtp_bind_addr = 127.0.1.1
s1c_bind_addr = 127.0.1.1
s1c_bind_port = 0
n_prb = 50
#tm = 4
#nof_ports = 2
Then, modify the epc.conf file in the same way:
[mme]
mme_code = 0x1a
mme_group = 0x0001
tac = 0x0007
mcc = 999
mnc = 01
mme_bind_addr = 127.0.1.100
apn = srsapn
dns_addr = 8.8.8.8
encryption_algo = EEA0
integrity_algo = EIA1
paging_timer = 2
request_imeisv = false
lac = 0x0006
full_net_name = astra00011
short_net_name = astra00011
Now in two separate terminals, run first sudo srsepc and then sudo srsenb.
Next, take your phone and go to search for networks manually. If we are lucky we’ll see a network, depending on which values you set, starting with 99913. If we try to connect to this network, we will surely fail – the phone will connect a bit and then give a sad “No service”.
It’s all about authentication. That is what we are going to deal with now.
Fire up a windows machine and plug in the sim card reader. Insert a blank sim into the reader.
I am using a non open source software to read/write on sims. There are other options such as pysim.
Once the sim card is read, we can proceed writing the required parameters.
The key parameters required by srsRAN are the IMSI, KI and OPC.
The first field to fill in is to write value for ICCID. The ICCID number should be a unique 19 digit identifier for the SIM card itself. It should composed by the following:
Field
Description
Example
Major Industry Identifier
Always set 89 for telecommunication purposes
89
Country Code
2 or 3 digit country code as defined by by ITU-T recommendation E.164.
Account identifier (usually the same as the one in the ICCID but chopped here to stay in the 15 digit limit)
0000000001
Next step is to generate the KI value (subscriber key), which is known only by the subscriber and network and used to authenticate the device on the network. We also need to generate a OPC (operator code derived) value.
I used the following script to generate 128-bit values for both Ki and OPC:
Then fill in the last parameters which consists of:
PLMNwAct: A user-managed list of preferred Public Land Mobile Networks (PLMNs) ranked by priority, along with the corresponding access technologies (2G/3G/4G/5G, etc.).
OPLMNwAct: An operator-controlled version of the user-preferred PLMN list mentioned above.
HPLMNwAct: The Home PLMN, including the specified access technology, identifies the network associated with the subscriber’s identity, represented as a combination of Mobile Country Code (MCC) and Mobile Network Code (MNC) with the access technology included.
EHPLMN: A list of Equivalent Home PLMNs. Networks in this list are treated as equivalent to the home network, meaning the device won’t consider itself roaming when connected to them. This field can be useful, for example, when operators merge, allowing each to include the other’s
PLMN in this list (though the original source for this suggestion could not be verified).
FPLMN: A list of forbidden PLMNs that the device should not automatically attempt to register with. This can be used to avoid all specified local public mobile networks.
If everything was correctly set up, once you insert your programmed sim card in your smartphone, you should be able to see something like this in the network parameters:
Notice that we still don’t have any mobile connection (top right corner icon)
Lastly, we need to choose the radio frequency for transmission and reception, which is conveniently represented by an EARFCN (Evolved-UTRA Absolute Radio Frequency Number). srsRAN supports exclusively FDD (Frequency Division Duplexing), where the mobile device’s downlink and uplink operate on separate frequencies. By specifying the downlink EARFCN, srsRAN can determine the corresponding downlink frequency. This can be done in the /etc/srsran configuration folder in the rr.conf file.
The final step to complete the whole configuration is to edit the user_data.csv file. This file includes the SIM card identity that we previously configured. This file is utilized by the Home Subscriber Service (HSS). The information programmed into the SIM cards is now necessary for operation.
Keep in mind that srsRAN does not support calls and SMS, only internet connectivity. Calls are possible with VoLTE, but this involves additional components such as the IP Multimedia Subsystem (IMS) that srsRAN does not natively include.
Now’s the time to raise our 4G LTE network:
In two separate terminals type:
>sudo srsepc
followed by
sudo srsenb
Success! We have our own private 4G LTE network!
Summary
It is now possible to create your own 4G LTE network with low cost components and a bit of expertise! These networks can be invaluable to those who place a high priority upon privacy and confidentiality. This is key in a era where competitors or nation state actors may be inside your mobile carrier’s system.
To learn more about SDR (Signals Intelligence), join our SDR (Signals Intelligence) program or our Subscriber Pro training package. Look for our SDR (Signals Intelligence) for Hackers for Mobile Systems, June 9-11.
Smart homes are increasingly becoming common in our digital world! These smart home devices have become of the key targets of malicious hackers. This is largely due to their very weak security. In 2025, attacks on connected devices rose 400 percent, with average breach costs hitting $5.4 million
In this three-day class, we will explore and analyze the various security weaknesses of these smart home devices and protocols.
Course Outline
Introduction and Overview of Smart Home Devices
Weak Authentication on Smart Home Devices
RFID and the Smart Home Security
Bluetooth and Bluetooth LE vulnerabilities in the home
Wi-Fi vulnerabilities and how they can be leveraged to takeover all the devices in the home
LoRa vulnerabilities
IP Camera vulnerabilities
Zigbee vulnerabilities
Jamming Wireless Technologies in the Smart Home
How attackers can pivot from an IoT devices in the home to takeover your phone or computer
How to Secure Your Smart Home
This course is part of ourSubscriber Pro training package
Hello world of Hackers Arise, in this post, we delve into the complex world of Russian disinformation campaigns on the internet. As Master OTW clearly established in his interview with Yaniv Hoffman (watch the video below), the disinformation campaign carried out by the high-ranking Russian authorities is not something new. It has been developed for decades, and they have truly become extremely adept at it, especially now with the use of the internet and social media. Throughout the years, they have dedicated themselves to spreading hatred, envy, and resentment worldwide, which we could classify as Psychological Warfare Operations, but taken to the extreme, as they not only aim to misinform or influence to achieve specific strategic targets but also intend to divide and confront the entire world.
However, we do not say this capriciously; there are foundations and information that support our arguments, we also do not intend to hide or minimize the fact that all nation-states carry out this type of operations, but in the case of the Russian authorities, their intention redefines the concept of pure malevolence.
https://www.youtube.com/watch?v=t2P6iADGnpE
With the rise of social media and interconnected platforms, information dissemination has become a powerful tool for shaping public opinion. Russia, among other countries, has been at the forefront of exploiting these channels to advance its strategic goals. This article aims to shed light on the methods, motives, and implications of Russia’s disinformation campaigns while underlining the importance of critical thinking and media literacy in navigating the digital landscape.
Understanding Disinformation:
Disinformation is the dissemination of false or misleading information with the intention to deceive or manipulate the public. Russia has become notorious for employing sophisticated techniques to influence global narratives on a wide range of issues, from political events to social debates and international relations. Understanding the multifaceted nature of disinformation is crucial in recognizing and countering its effects.
The following link leads to a study whose key points I will list below with the aim of understanding the main characteristics of this type of operations carried out by the Russian authorities.
Russia employs an array of methods to propagate disinformation effectively. These include the use of bots and troll farms to flood social media with false narratives, the creation and distribution of deceptive content, and the manipulation of search engine algorithms to amplify biased information. By utilizing these methods, Russia can create an illusion of consensus and spread narratives that align with its geopolitical interests.
“The Russian Federation has engaged in a systematic, international campaign of disinformation, information manipulation and distortion of facts in order to enhance its strategy of destabilisation of its neighbouring countries, the EU and its member states. In particular, disinformation and information manipulationhas repeatedly and consistently targeted European political parties, especially during the election periods, civil society and Russian gender and ethnic minorities, asylum seekers and the functioning of democratic institutions in the EU and its member states.
In order to justify and support its military aggression of Ukraine, the Russian Federation has engaged in continuous and concerted disinformation and information manipulation actions targeted at the EU and neighbouring civil society members, gravely distorting and manipulating facts.” Source (Picture below)
The mass media outlets mentioned above are either state-owned or corporations serving the state. However, Putin does not like independent journalism doing its job, and that’s why he took actions against them. Source Take a look at the amount of budget allocated by the Russian high command for those platforms to deploy disinformation.
Motives Behind the Campaigns:
The motives driving Russia’s disinformation campaigns are diverse and can be linked to political, economic, and security-related goals. Destabilizing rival countries, sowing discord among allies, discrediting political opponents, and undermining democratic processes are some of the key objectives pursued through t
hese campaigns. Understanding these motives is essential in formulating an effective response.If you still don’t believe that they spread hate all over the internet, take a look at these myths whose explanations are debunked in the source we provided.
And what about the Russian troll farm?
Implications and Impact:
The impact of Russian disinformation campaigns is far-reaching. They can polarize societies, erode trust in democratic institutions, and exacerbate existing divisions within nations. In international affairs, disinformation can escalate tensions between countries and influence public opinion on foreign policy matters. Moreover, the erosion of trust in media sources can lead to a decline in accurate information and the rise of echo chambers. Russian officials and pro-Russian media capitalized on the fear and uncertainty caused by the COVID-19 pandemic, actively spreading conspiracy theories. Among these theories, they focused on false U.S. bio-weapon infrastructure claims. One notable example is an article published by New Eastern Outlook on 20th February, available in both Russian and English, alleging that the U.S. deployed a biological weapon against China.
Fighting Back:
Countering Russian disinformation requires a comprehensive approach. Governments, tech companies, and civil society must collaborate to identify and expose false narratives, invest in media literacy programs, and enhance cybersecurity measures to protect against information warfare. Educating the public on critical thinking and fact-checking is a powerful tool in combating the spread of disinformation, but it is also our responsibility as hackers and advocates of freedom within the cyberspace; we must make this responsibility our mission, our duty, to ensure free access to information.
Conclusion:
The internet has opened up new frontiers for information dissemination, but it has also become fertile ground for disinformation campaigns. Russia’s approach to shaping narratives on a global scale requires a vigilant and proactive response from the international community. By fostering media literacy and promoting responsible online behavior, we can safeguard the integrity of information and fortify our societies against the perils of disinformation.
As smart homes become ever more common in our digital world, they have become a favorite target for hackers around the world. We have seen SO many smart home devices compromised and then the hackers use those devices to pivot to other devices connected to the local area network such as phones and laptops.
Smart home devices now include so many devices, such as;
Each of these smart devices has a small CPU, small amount of RAM, and a Linux operating system, most commonly BusyBox, due to its very small size. These systems are very often shipped with little aforethought regarding security. This makes it relatively easy to hack these devices.
In addition, these devices are often connected to your Wi-Fi, Bluetooth, or Zigbee network. Each of these network types are vulnerable to multiple attack vectors making the entire home and the devices therein vulnerable.
To learn more about Smart Home Hacking, consider attending our Smart Home Hacking training, January 13-15.
Here are the most significant security risks documented in recent research and threat reports:
Common Smart Home Vulnerabilities
Weak or Default Credentials
Many smart home devices ship with weak, default, or hardcoded passwords, which attackers can easily guess or find online.
Credential stuffing and password reuse across multiple devices leads to widespread compromise.
Outdated and Unpatched Firmware
A high proportion of smart devices run old firmware with known vulnerabilities and rarely receive updates or security patches, leaving them open to exploitation.
Supply chain vulnerabilities can introduce malware before devices even reach the consumer (such as Badbox 2.0).
Vulnerable Network Services and Open Ports
Devices expose unnecessary or insecure services to the local network or internet (e.g., Telnet, UPnP, poorly secured web interfaces), facilitating remote exploitation.
Automated scanning for open ports is a dominant attack method, accounting for over 93% of blocked events in recent studies.
Poor Encryption and Data Protection
Many smart devices transmit sensitive data (e.g., audio, video, sensor readings) without proper encryption, enabling eavesdropping and privacy breaches.
Weak or flawed cryptographic implementations allow attackers to decrypt captured traffic or manipulate device functionality.
Device Hijacking and Botnets
Attackers can take over smart devices, using them as proxies for further attacks (DDoS, ad fraud, credential theft) or as part of large-scale botnets (Mirai, EchoBot, PUMABOT).
Compromised devices may serve attacks on other systems without user awareness—sometimes even posing physical safety risks (e.g., hijacked locks or thermostats).
Privacy and Data Exposure
Insecure cameras, microphones, and voice assistants can be used for covert surveillance or to steal sensitive data.
Exposed cloud APIs and device “phone home” features can leak data to third parties or attackers.
Weak Access Controls
Poor onboarding, lack of two-factor authentication, flawed pairing mechanisms, and weak authorization checks let attackers gain access to devices or sensitive controls.
Real-World Examples (2025)
Smart TVs, streaming devices, and IP cameras are currently the most exploited categories, often running on Linux/Android with outdated kernels.
Malicious firmware (such as BadBOX) pre-installed on consumer devices has led to huge botnets and residential proxy abuse, sometimes before devices are even plugged in by the end user.
Large-scale privacy violations include attackers publicly streaming home camera footage due to default credentials or unpatched vulnerabilities.
Summary Table
Vulnerability Type
Example Consequence
Default/weak credentials
Easy unauthorized access
Outdated firmware
Exposure to known exploits
Open network services
Remote code execution, botnets
Poor encryption
Data interception, manipulation
Device hijacking/botnets
DDoS, fraud, lateral movement
Weak access controls
Device takeover, privacy breaches
Privacy/data exposure
Surveillance, data theft
Summary
Smart homes are becoming increasingly popular in industrialized countries particularly among higher income households. These smart homes offer the user convenience while offering an enticing target for hackers. If the attacker can compromise even one device within the home, then all of the devices on the home network are at risk!
To learn more about Smart Home Hacking and Security, consider attending our upcoming Smart Home Hacking training in January 2026.
You have likely heard of the company NVIDIA. Not only are the dominant company in computer graphics adapters (if you are gamer, you likely have one) and now, artificial intelligence. In recent weeks, they have become the most valuable company in the world ($5 trillion).
The two primary reasons that Nvidia has become so important to artificial intelligence are:
Nvidia chips can process data in multiple threads, in some cases, thousands of threads. This makes doing complex calculations in parallel possible, making them much faster.
Nvidia created a development environment named CUDA for harnessing the power of these powerful CPU’s. This development environment is a favorite among artificial intelligence, data analytics, and cybersecurity professionals.
Let’s a brief moment to examine this powerful environment.
What is CUDA?
Most computers have two main processors:
CPU (Central Processing Unit): General-purpose, executes instructions sequentially or on a small number of cores. These CPU’s such as Intel and AMD provide the flexibility to run many different applications on your computer.
GPU (Graphics Processing Unit): These GPU’s were originally designed to draw graphics for applications such as games and VR environments. These GPU’s contain hundreds or thousands of small cores that excel at doing the same thing many times in parallel.
CUDA (Compute Unified Device Architecture) is NVIDIA’s framework that lets you take control of the GPU for general computing tasks. In other words, CUDA lets you write code that doesn’t just render graphics—it crunches numbers at massive scale. That’s why it’s a favorite for machine learning, password cracking, and scientific computing.
Why Should Hackers & Developers Care?
CUDA matters as an important tool in your cybersecurity toolkit because:
Speed: A GPU can run password hashes or machine learning models orders of magnitude faster than a CPU.
Parallelism: If you need to test millions of combinations, analyze huge datasets, or simulate workloads, CUDA gives you raw power.
Applications in Hacking: Tools like Hashcat and Pyrit use CUDA to massively accelerate brute-force and dictionary attacks. Security researchers who understand CUDA can customize or write their own GPU-accelerated tools.
The CUDA environment sees the GPU as a device with:
Threads: The smallest execution unit (like a tiny worker).
Blocks: Groups of threads.
Grids: Groups of blocks.
Think of it like this:
A CPU worker can cook one meal at a time.
A GPU is like a kitchen with thousands of cooks—we split the work (threads), organize them into brigades (blocks), and assign the whole team to the job (grid).
Coding With CUDA
CUDA extends C/C++ with some keywords. Here’s the simple workflow:
You write a kernel function (runs on the GPU).
You call it from the host code (the CPU side).
Launch thousands of threads in parallel → GPU executes them fast.
Example skeleton code:
c__global__ void add(int *a, int *b, int *c) {
int idx = threadIdx.x;
c[idx] = a[idx] + b[idx];
}
int main() {
// Allocate memory on host and device// Copy data to GPU// Run kernel with N threads
add<<<1, N>>>(dev_a, dev_b, dev_c);
// Copy results back to host
}
The keywords:
__global__ → A function (kernel) run on the GPU.
threadIdx → Built-in variable identifying which thread you are.
<<<1, N>>> → Tells CUDA to launch 1 block of N threads.
This simple example adds two arrays in parallel. Imagine scaling this to millions of operations at once!
The CUDA Toolchain Setup
If you want to try CUDA make certain you have the following items:
1. an NVIDIA GPU.
2. the CUDA Toolkit (contains compiler nvcc).
3. Write your CUDA programs in C/C++ and compile it with nvcc.
Run and watch your GPU chew through problems.
To install the CUDA toolkit in Kali Linux, simply enter;
kali > sudo apt install nvidia-cuda-toolkit
Next, write your code and compile it with nvcc, such as;
kali > nvcc hackersarise.cu -o hackersarise
Practical Applications of CUDA
CUDA is already excelling at hacking and computing applications such as;
Password cracking (Hashcat, John the Ripper with GPU support).
As a beginner, start with small projects—then explore how to take compute-heavy tasks and offload them to the GPU.
Summary
CUDA is NVIDIA’s way of letting you program GPUs for general-purpose computing. To the hacker or cybersecurity pro, it’s a way to supercharge computation-heavy tasks.
Learn the thread-block-grid model, write simple kernels, and then think: what problems can I solve dramatically faster if run in parallel?
Welcome back, my aspiring SCADA/ICS security engineers!
SCADA/ICS hacking is one of the most important areas of cybersecurity and one of the least understood. SCADA/ICS systems power our entire industrial infrastructure and are critical to the every day functioning of our economy and lives. These systems include;
Electrical generation and transmission
Chemical processing
Oil refineries
Food processing
Pharmaceutical manufacturing
Water and wastewater systems
Cellular and mobile communication systems
Without any of these systems, an economy can be crippled. Hackers-Arise is one of the leaders in SCADA/ICS cybersecurity, and next month we are offering a new class in this discipline, SCADA/ICS Forensics.
If we are to protect these systems, we need to understand how hackers can access these systems and how we can detect their presence and actions.
SCADA/ICS Forensics Training Outline
1. Introduction to ICS/SCADA Systems
Overview of industrial control systems (ICS) and SCADA architecture
Key components: PLCs, RTUs, sensors, actuators, HMIs, data historians
Differences between IT and OT environments
2. ICS/SCADA Protocols and Communications
Common industrial protocols (Modbus, DNP3, OPC, PROFIBUS, etc.)
TCP/IP and fieldbus network topologies
Protocol vulnerabilities and forensic implications
One of the key tasks for those defending a country’s, institution’s or corporation’s assets is to understand what threats exist. This is often referred to as Cyber Threat Intelligence or CTI. It encompasses understanding what the threat actors (hackers and nations) are doing and which are threats to your organization. In that regard, we have a new tool to identify and track command and control servers, malware and botnets using telltale fingerprinting from Shodan and Censys.
Command and Control Servers: History, Development & Tracking
In the fast-changing world of cybersecurity, Command and Control (C2) servers have been crucial. These servers are central to many cyber attacks and play a big role in the ongoing fight between offensive and defensive sides. To appreciate modern tools like C2 Tracker, let’s look back at the history and development of C2 servers.
Early days
The story of C2 servers starts in the early days of the internet, back in the 1990s. Hackers used Internet Relay Chat (IRC) channels as their first basic command centers. Infected computers would connect to these IRC channels, where attackers could send commands directly. The malware on the compromised systems would then carry out these commands.
The following figure shows the Hoaxcalls bot’s C2 communication with its C2 server over IRC.
The Web Era and the Art of Blending In
As detection methods got better, attackers changed their tactics. In the early 2000s, they started using web-based C2 systems. By using HTTP and HTTPS, attackers could hide their C2 traffic as regular web browsing. Since web traffic was everywhere, this method was a clever way to camouflage their malicious activities.
Using basic web servers to manage their command systems also made things simpler for attackers. This period marked a big step up in the sophistication of C2 methods, paving the way for even more advanced techniques.
Decentralization: The Peer-to-Peer Revolution
In the mid-2000s, C2 systems saw a major change with the rise of peer-to-peer (P2P) networks. This shift addressed the weakness of centralized servers, which were easy targets for law enforcement and defensive security teams.
In P2P C2 systems, infected computers talk to each other to spread commands and steal data. This decentralized setup made it much harder to shut down the network. Examples like the Storm botnet and later versions of the Waledac botnet showed how tough this model was to tackle, pushing cybersecurity experts to find new ways to detect and counter these threats.
Machines infected by Storm botnet:
Hiding in Plain Sight: The Social Media and Cloud Era
In the 2010s, the rise of social media and cloud services brought a new shift in C2 tactics. Cyber attackers quickly started using platforms like Twitter, Google Docs, and GitHub for their C2 operations. This made it much harder to spot malicious activity because commands could be hidden in ordinary tweets or documents. Additionally, using major cloud providers made their operations more reliable and resilient.
The Modern C2 Landscape
Today’s C2 systems use advanced evasion techniques to avoid detection. Domain fronting hides malicious traffic behind legitimate, high-reputation websites. Fast flux networks constantly change the IP addresses linked to C2 domains, making it difficult to block them. Some attackers even use steganography to hide commands in images or other harmless-looking files.
One of the latest trends is blockchain-based C2 systems, which use cryptocurrency networks for covert communication. This approach takes advantage of blockchain’s decentralized and anonymous features, creating new challenges for tracking and identifying these threats.
Blockchain transaction diagrams used by Glupteba botnet
The Rise of C2 Tracking Tools
With C2 servers being so crucial in cyber attacks, developing effective tracking tools has become really important. By mapping out how different attackers set up their C2 systems, these tools provide insights into their tactics and capabilities. This helps link attacks to specific groups and track changes in methods over time.
Additionally, this data helps with proactive threat hunting, letting security teams search for signs of C2 communication within their networks and find hidden compromises. On a larger scale, C2 tracking tools offer valuable intelligence for law enforcement and cybersecurity researchers, supporting takedown operations and the creation of new defense strategies.
C2 Tracker
C2 Tracker is a free, community-driven IOC feed that uses Shodan and Censys searches to gather IP addresses of known malware, botnets, a
nd C2 infrastructure.
This feed is available on GitHub and is updated weekly. You can view the results
Add your Shodan API key as the environment variable SHODAN_API_KEY, and set up your Censys credentials with CENSYS_API_ID and CENSYS_API_SECRET.
kali> python3 -m pip install -r requirements.txt
kali> python3 tracker.py
In the data directory, you can see the results:
Let’s take a look at some of the IP addresses of GoPhish servers.
Shodan shows that the default port 3333 is open.
When opened, we can see the authorization form.
Now, let’s move on to our main objective, finding command and control (C2) servers.
For instance, let’s look at the cobalt Strike IP addresses.
We have 827 results!
Each of these IP addresses represents a Cobalt Strike C2 server.
Summary
Cyber Threat Intelligence is crucial to stay ahead of the bad guys. Tools like C2 Tracker are essential to providing you a clear picture of the threat landscape. They help by spotting threats early, aiding in incident response, and supporting overall security efforts. These tools improve our ability to detect, prevent, and handle cyber threats.
In an earlier post, I introduced you to logic. Logic is one of the most under-rated skills in cybersecurity. Without it, you are destined to fail or underperform. In this tutorial, I will attempt to advance your knowledge of logic by introducing you to propositional logic.
Propositional logic is used in AI, cybersecurity, mathematics, and data science but here we want to focus on propositional logic in cybersecurity.
Why Hackers Need Logic
Propositional logic is the backbone of cybersecurity – it’s how firewalls make decisions, how access controls work, and how attackers reverse-engineer your defenses. If you can’t think logically, you’ll get outmaneuvered. Period.
Propositional logic is a branch of logic that studies ways of combining or altering entire statements (called propositions) that have definite truth values—either true or false. It focuses on the logical relationships between these propositions and the rules for forming complex statements (compound propositions) using logical connectives like AND, OR, NOT, IF-THEN, and IF-AND-ONLY-IF.
Let’s break it down like a hacker dissecting a firewall rule.
Core Concepts: The Hacker’s Toolkit
Propositions are statements that are either true (1) or false (0):
P = "Port 22 is open"
Q = "User is admin"
R = "Malicious payload detected"
Logical Operators – Your Attack Vectors:
Operator
Symbol
Real-World Example
NOT
¬
¬P = "Port 22 is closed"
AND
∧
P ∧ Q = "Port 22 open AND user is admin" (Privilege escalation)
OR
∨
P ∨ R = "Port 22 open OR malware detected" (Alert condition)
IMPLIES
→
Q → R = "If user is admin, THEN check for malware" (Access policy)
IFF
↔
P ↔ Q = "Port 22 open IFF user is admin" (Hardened SSH rule)
Truth Tables: Your Exploit Blueprint
Every firewall rule, IDS signature, or access policy boils down to truth tables. Here’s how to weaponize them:
Example: Phishing Detection Rule
(User_clicks_link ∧ Untrusted_domain) → Alert
User_clicks_link
Untrusted_domain
Alert
0
0
0
0
1
0
1
0
0
1
1
1
Attack insight: Evade detection by making either condition false (e.g., hijack trusted domain).
SOC Automation: Code SIEM rules with propositional logic: pythonif (unusual_login_location and not mfa_used) or (impossible_travel): trigger_alert()
The Bottom Line
Propositional logic turns vague security policies into hackable equations. Master truth tables, operator precedence, and real-world mappings – then weaponize them to expose flaws or harden systems.
Remember: In cybersecurity, logic isn’t philosophy – it’s your exploit roadmap.
“The difference between a script kiddie and a pro? The pro knows WHY the rule failed.”
Challenge: Take any firewall rule from your network. Convert it to propositional logic. Find one combination that breaks it. Report back.
Cryptography is a fundamental skill to cybersecurity!
Cryptography is what keeps our systems and data secure. Without it, all of our information is at risk.
This class to designed to give you a strong background in cryptography further enhancing you knowledge and skill in this key field making you even more valuable in the cybersecurity marketplace.
With quantum computing and quantum cryptography emerging on the near-term horizon, a strong background in cryptography will help your organization prepare and keep your data secure.
If you are a cybersecurity professional or manager, you will want to attend this training!
1. Foundations & Mathematical Background
Probabilistic and computational security
Number theory basics (modular arithmetic, cyclic groups)
In this series, we will detail how an individual or small group of cyberwarriors can impact global geopolitics. The knowledge and tools that YOU hold are a superpower that can change history.
Use it wisely.
To begin this discussion, let’s look at the actions of a small group of hackers at the outset of the Russian invasion of Ukraine. We will detail these actions up to the present, attempting to demonstrate that even a single individual or small group can influence global outcomes in our connected digital world. Cyber war is real and even a single individual can have an impact on global political outcomes.
Let’s begin in February 2022, nearly 3 years ago. At that time, Ukraine was struggling to throw off the yoke of Russian domination. As a former member state of the Soviet Union (the successor to the Romanov’s Russian Empire), they declared their independence, like so many former Soviet republics (such as Estonia, Latvia, Lithuania, Georgia, Armenia, Kazakhstan, and others) from that failed and brutal alliance in 1991 (this is the moment that the Soviet Union disintegrated). This union failed primarily due to the inability of the Soviet Union to address the needs of their citizens. Simple things like food, clean water, and consumer goods. And, of course, the tyranny.
Russia, having lost absolute control of these nations, attempted to maintain influence and control by bending their leaders to Putin’s will. In Ukraine, this meant a string of leaders who answered to Putin, rather than the Ukrainian people. In addition, Russian state-sponsored hackers such as Sandworm, attacked Ukraine’s digital infrastructure repeatedly to create chaos and confusion within the populace. This included the famous BlackEnergy3 attack in 2014 against the Ukrainian power transmission system that blacked out large segments of Ukraine in the depths of winter (for more on this and other Russian cyberattacks against Ukraine, read this article).
In February 2022, the US and Western intelligence agencies warned of an imminent attack from Russia on Ukraine. In an unprecedented move, the US president and the intelligence community revealed, (based upon satellite and human intelligence-) that Russia was about to invade Ukraine. The new Ukrainian president, Volodymyr Zelenskyy, publicly denied and tried to minimize the probability that an attack was about to take place. Zelenskyy had been a popular comedian and actor in Ukraine (there is a Netflix comedy made by Zelenskyy before he became president named “Servant of the People”) and was elected president in a landslide election as the people of Ukraine attempted to clean Russian domination from their politics and become part of the free Europe. Zelenskyy may have denied the likelihood of a Russian attack to bolster the public mood in Ukraine and not anger the Russian leader (Ukraine and Russia have long family ties on both sides of the border) .
We at Hackers-Arise took these warnings to heart and started to prepare.
List of Targets in Russia
First, we enumerated the key websites and IP addresses of critical and essential Russian military and commercial interests. There was no time to do extensive vulnerability research on each of those sites with the attack imminent, so instead, we readied one of the largest DDoS attacks in history! The goal was to disable the Russians’ ability to use their websites and digital communications to further their war ends and cripple their economy. This is exactly the same tactic that Russia had used in previous cyber wars against their former republics, Georgia and Estonia. In fact, at the same time, Russian hackers had compromised the ViaSat satellite internet service and were about to send Ukraine and parts of Europe into Internet darkness (read about this attack here).
We put out the word to hackers around the world to prepare. Tens of thousands of hackers prepared to protect Ukraine’s sovereignty. Eventually, when Russian troops crossed the border into Ukraine on February 24, 2022, we were ready. At this point in time, Ukraine created the IT Army of Ukraine and requested assistance from hackers across the world, including Hackers-Arise.
Within minutes, we launched the largest DDoS attack the Russians had ever seen, over 760GB/sec (as documented later by the Russian telecom provider, Rostelcom). This was twice the size of any DDoS attack in Russian history (https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/) This attack was a coordinated DDoS attack against approximately 50 sites in Russia such as the Department of Defense, the Moscow Stock Exchange, Gazprom, and other key commercial and military interests.
As a result of this attack, Russian military and commercial interests were hamstrung. Websites were unreachable and communication was hampered. After the fact, Russian government leaders estimated that 17,000 IP addresses had participated and they vowed to exact revenge on all 17,000 of us (we estimated the actual number was closer to 100,000).
This massive DDoS attack, unlike any Russia had ever seen and totally unexpected by Russian leaders, hampered the coordination of military efforts and brought parts of the Russian economy to its knees. The Moscow Stock Exchange shut down and the largest bank, Sberbank, closed. This attack continued for about 6 weeks and effectively sent the message to the Russian leaders that the global hacker/cyberwarrior community opposed their aggression and was willing to do something about it. This was a
first in the history of the world!
The attack was simple in the context of DDoS attacks. Most DDoS attacks in our modern era involve layer 7 resources to make sites unavailable, but this one was simply an attack to clog the pipelines in Russia with “garbage” traffic. It worked. It worked largely because Russia was arrogant and unprepared without adequate DDoS protection from the likes of Cloudflare or Radware.
Within days, we began a new campaign to target the Russian oligarchs, the greatest beneficiaries of Putin’s kleptocracy (you can read more about it here). These oligarchs are complicit in robbing the Russian people of their resources and income for their benefit. They are the linchpin that keeps the murderer, Putin, in power. In this campaign, initiated by Hackers-Arise, we sought to harass the oligarchs in their yachts throughout the world (the oligarchs escape Russia whenever they can). We sought to first (1) identify their yachts, then (2) locate their yachts, and finally (3) send concerned citizens to block their fueling and re-supply. In very short order, this campaign evolved into a program to capture these same super yachts and hold them until the war was over, eventually to sell and raise funds to rebuild Ukraine. We successfully identified, located, and seized the top 9 oligarch yachts (worth billions of USD), including Putin’s personal yacht (this was the most difficult). All of them were seized by NATO forces and are still being held.
In the next few posts here we will detail;
The request from the Ukraine Army to hack IP cameras in Ukraine for surveillance and our success in doing so;
The attacks against Russian industrial systems resulted in damaging fires and other malfunctions.
Look for Master OTW’s book, “A Cyberwarrior Handbook”, coming in 2026.
Login
– 
The mass media outlets mentioned above are either state-owned or corporations serving the state. However, Putin does not like independent journalism doing its job, and that’s why he took actions against them. 
And what about the Russian troll farm? 
