Three months have passed since the last issue of 2600: The Hacker Quarterly was released. Despite their best efforts the delay caused by COVID-19 and the cancellation of HOPE 2020 have not been reduced. But that is a matter for another time, right now the winter edition of 2600 has landed on my doorstep: by way of my own printer. And that means I will get my regular dose of articles on hacking, privacy, surveillance and that odd woman who always wants a new pen pal from prison. But it gets better, near the end of this edition there is a full page dedicated to the upcoming Hacker on Planet Earth, 2021. HOPE 2020 became solely an online event, with much success. However, I and many like myself would like to visit conferences in the flesh. Right now HOPE 2021 is in the planning stage, pending COVID-19 issues.
2600 The Hacker Quarterly – the articles
So, what can readers expect from this issue? My favorite article is entitled “Work from Home through P2P Network” by 0xc0000156. It details the commands necessary to set up a reverse proxy from a laptop to a computer you may be running at home. It starts simple, I have done plenty of times, but the author does have useful tips on creating a little script to do this regularly. Considering that I myself am still working from home this will come in handy when I want to use the power of my Desktop. But the author goes further. If your Desktop does not have a static IP address you can use a relay proxy. The desktop will connect to the proxy and you will connect to the proxy from your laptop. It is a neat little article for practicing your SSH foo as well RSA keys and Linux scripting.
“Thinking in AI – Can AI Wake Up?” written by Duran is a neat article on the dangers of artificial intelligence and the moment it becomes sentient. The author gives a rough outline on the conditions that need to be necessary for that to happen. Instantly I was triggered through my near decade long experience with Machine Learning. The author claims that besides learning self-renewal is also a necessity. An A.I. needs to be able to update its own code or intelligence models. Another article I read with interest is “How One “S” Can Make a Difference” by aestetix. The author discusses the basic difference between HTTP and HTTPS. Through a few GET requests he shows why it is necessary for server and client to complete the TLS handshake immediately after a connection is made to a domain and before the path and other data are exchanged.
Windows love – using PowerShell to create a RAT
This edition of 2600: The Hacker Quarterly is a little light on technical articles. Two others that I enjoyed give background information the working of phone systems in far away places. The first is “The Brazilian Phone System Revisited” by Derneval Cunha. In it the author explains the endemic corruption in Brazil and the Byzantine length people have to go to get a landline. This is thus compensated by mobile usage, except that the costs prevent many people to surf the internet. Another article is “Telecom Informer” by The Prophet. It is a regular feature of 2600 and this time the author was working in Point Roberts, a little corner of the US surrounded on three sides by water and by Canada on the fourth. It is a small US exclave near Vancouver. Because of its location it is dependent on Canadian services to meet current demand.
A final article I want to highlight is “How to write Malware in PowerShell – Tips and Tricks” by David. In it the author explains some of the vulnerabilities of PowerShell and how a user can create a RAT (Remote Access Tool) to connect back to a C2 server, not unlike the reverse proxy discussed earlier. The author also highlights the necessity of obtaining persistence across boots and methods to execute command from the C2 server. This article easily has the most code in this edition of 2600. I like it and I will be adding it to my little toolbox of Pentesting apps. Just as with the other articles featuring tips and some code it comes with a warning. These tutorials are only allowed to be used legally.
Conclusion and past editions
And so there we have it, the winter issue of 2600: The Hacker Quarterly. It is an issue filled with articles on the post-Trump world and how it pertains to privacy and democracy. This issue was perhaps light on actual hacking articles, but the few there were good. All of them dealt with the internet: SSH, proxies, GPS geo-location, TikTok etcetera. For just $ 4.99 I think the digital version of this magazine is just a steal. You can purchase it directly from the 2600 website or you can get a subscription. I use both a digital and hardcopy when following up on tips I read. If you wan to know more about 2600: The Hacker Quarterly then read my pats review at ‘2600 2020 autumn issue‘ and ‘2600 2020 summer issue‘