Dominic White
Wifi Hacking & WPA/2 PSK traffic decryption
When doing wireless assessments, I end up generating a ton of different scripts for various things that I thought it would be worth sharing. I’m going to try write some of them up. This is the first one on decrypting WPA/2 PSK traffic. The second will cover some tricks/scripts for rogue access-points. If you are keen on learn further techniques or advancing your wifi hacking knowledge/capability as a whole, please…
Client Side Fingerprinting in Prep for SE
On a recent engagement, we were tasked with trying to gain access to the network via a phishing attack (specifically phishing only). In preparation for the attack, I wanted to see what software they were running, to see if Vlad and I could target them in a more intelligent fashion. As this technique worked well, I thought this was a neat trick worth sharing. First off the approach was to…
T-Shirt Shell Competition
For our internal hackathon, we wanted to produce some shirts. We ran a competition to see who could produce a reverse shell invocation most worthy of inclusion on a shirt. Here are the submissions, which may be instructive or useful. But first; the winning t-shirt design goes to Vlad (-islav, baby don’t hurt me, don’t hurt me, no more): Funny story; the printer left out the decimal points between the…
Squinting at Security Drivers and Perspective-based Biases
While doing some thinking on threat modelling I started examining what the usual drivers of security spend and controls are in an organisation. I’ve spent some time on multiple fronts, security management (been audited, had CIOs push for priorities), security auditing (followed workpapers and audit plans), pentesting (broke in however we could) and security consulting (tried to help people fix stuff) and even dabbled with trying to sell some security…
Metricon 2011 Summary
[I originally wrote this blog entry on the plane returning from BlackHat, Defcon & Metricon, but forgot to publish it. I think the content is still interesting, so, sorry for the late entry :)] I’ve just returned after a 31hr transit from our annual US trip. Vegas, training, Blackhat & Defcon were great, it was good to see friends we only get to see a few times a year, and make…
Security Policies – Go Away
Security policies are necessary, but their focus is to the detriment of more important security tasks. If auditors had looked for trivial SQL injection on a companies front-page as hard as they have checked for security polices, then maybe our industry would be in a better place. I want to make this go away, I want to help you tick the box so you can focus on the real work.…
Threat Modeling vs Information Classification
Over the last few years there has been a popular meme talking about information centric security as a new paradigm over vulnerability centric security. I’ve long struggled with the idea of information-centricity being successful, and in replying to a post by Rob Bainbridge, quickly jotted some of those problems down. In pre-summary, I’m still sceptical of information-classification approaches (or information-led control implementations) as I feel they target a theoretically sensible idea,…
ITWeb Security Summit
The ITWeb Security Summit is creeping up on us again and will be happening on the 10-11th of May. This year ITWeb went with something slightly different, and are asking for people to suggest who they’d like to see on day 2. These suggestions will then be voted on. So, if there’s someone you’re dying to see present or a topic you really want someone to spend some time researching,…
Information Security South Africa (ISSA) 2010
Last week we presented an invited talk at the ISSA conference on the topic of online privacy (embedded below, click through to SlideShare for the original PDF.) The talk is an introductory overview of Privacy from a Security perspective and was prompted by discussions between security & privacy people along the line of “Isn’t Privacy just directed Security? Privacy is to private info what PCI is to card info?” It…
SensePost Corporate Threat(Risk) Modeler
Since joining SensePost I’ve had a chance to get down and dirty with the threat modeling tool. The original principle behind the tool, first released in 2007 at CSI NetSec, was to throw out existing threat modeling techniques (it’s really attack-focused risk) and start from scratch. It’s a good idea and the SensePost approach fits nicely between the heavily formalised models like Octave and the quick-n-dirty’s like attack trees. It…