2013
Goodbye to 2013, hello to 2014
With 2013 coming to a close, I thought it pertinent to look back at the year we’ve had and also forward to what’s promising to be an incredibly exciting 2014 for us. 2013 for SensePost, was a year of transition. With a new leadership structure in myself, Shane and Dominic, we had a chance to stamp our style and vision and also learn from Charl and Jaco. One of the…
Botconf 2013
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together the anti-botnet community, including law enforcement, ISPs and researchers. To this end the conference was a huge success, especially since a lot of networking occurred over the lunch and tea breaks as well as the numerous social events organised by Botconf. I was fortunate enough to attend as a speaker…
Mobile Hacking on the West Coast
December sees SensePost presenting Hacking by Numbers: Mobile at BlackHat West Coast Trainings. This course was first presented at BlackHat Vegas 2013 and 44Con 2013, growing in popularity and content with each iteration. For more information continue reading below or visit https://blackhat.com/wc-13/training/Hacking-by-Numbers-Mobile.html. The mobile environment has seen immense growth and has subsequently seen organisations racing to be the first to market with the next best app. The rapid increase in mobile…
RAT-a-tat-tat
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor. Rat a-tat-tat from SensePost nmap-service-probes.pi poison-ivy.nse extract-DCconfig-from-binary.py An example of finding and extracting Camellia key from live Poison Ivy C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi --script=poison-ivy.nse <ip_address/range) Finding Poison Ivy, DarkComet and/or Xtreme RAT C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi <ip_range> If…
Never mind the spies: the security gaps inside your phone
For the last year, Glenn and I have been obsessed with our phones; especially with regard to the data being leaked by a device that is always with you, powered on and often provided with a fast Internet connection. From this obsession, the Snoopy framework was born and released. After 44con this year, Channel 4 contacted us to be part of a new experimental show named ‘Data Baby‘, whose main goal is to…
A new owner for a new chapter
We’re pleased to announce our acquisition today by SecureData Europe. SecureData (www.secdata.com) is a complete independent security services provider based in the UK and was also previously part of the SecureData Holdings group before being acquired by management in November 2012. The strategic acquisition complements SecureData’s vision for enabling an end-to-end, proactive approach to security for global customers by assessing risk, detecting threats in real-time, protecting valuable assets and responding to…
Offence oriented defence
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders and auditors, rather then hackers (the con is oriented that way), although it’s odd that I feel the need to apologise for that ;) The talks primary point, was that by understanding how attackers attack, more innovative defences can be imagined. The corollary was that common defences, in the form…
44CON 2013
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to make more hackers, we’re giving several sets of training courses as well as a talk this year. Training: Hacking by Numbers – Mobile Edition If you’re in a rush, you can book here. We launched it at Blackhat USA, and nobody threw anything rotting, in-fact some said it went pretty…
BlackHat Conference: Z-Wave Security
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol security. The paper introduces our Z-Wave packet interception and injection toolkit (Z-Force) that was used to analyze the security layer of Z-Wave protocol stack and discover the implementation details of the frame encryption, data origin authentication and key establishment process. We developed the Z-Force module to perform security tests against…
Hacking by Numbers – The mobile edition
West Coast in the house, well actually more like an African visiting Seattle for Blackhat’s West Coast Trainings. We’ve had a great year delivering the latest course in our amazing Hacking by Numbers training series: Mobile. What’s cool about this course, is like the others, we teach a hacking methodology rather than punting a tool or a magic, do it all solutions. Mobile was created to match the continuous growth in…
Page 1 of 3
Next