Conferences
Improvements in Rogue AP attacks – MANA 1/2
At Defcon 22 we presented several improvements in wifi rogue access point attacks. We entitled the talk “Manna from heaven” and released the MANA toolkit. I’ll be doing two blog entries. The first will describe the improvements made at a wifi layer, and the second will cover the network credential interception stuff. If you just want the goodies, you can get them at the end of this entry for the…
DefCon 22 – Practical Aerial Hacking & Surveillance
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical Aerial Hacking & Surveillance‘. If you missed the talk the slides are available here. Also, I’m releasing a paper I wrote as part of the talk entitled ‘Digital Terrestrial Tracking: The Future of Surveillance‘, click here to download it. Whiskey shot! The Snoopy code is available on our GitHub account,…
Botconf 2013
Botconf’13, the “First botnet fighting conference” took place in Nantes, France from 5-6 December 2013. Botconf aimed to bring together the anti-botnet community, including law enforcement, ISPs and researchers. To this end the conference was a huge success, especially since a lot of networking occurred over the lunch and tea breaks as well as the numerous social events organised by Botconf. I was fortunate enough to attend as a speaker…
RAT-a-tat-tat
Hey all, So following on from my talk (slides, video) I am releasing the NMAP service probes and the Poison Ivy NSE script as well as the DarkComet config extractor. Rat a-tat-tat from SensePost nmap-service-probes.pi poison-ivy.nse extract-DCconfig-from-binary.py An example of finding and extracting Camellia key from live Poison Ivy C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi --script=poison-ivy.nse <ip_address/range) Finding Poison Ivy, DarkComet and/or Xtreme RAT C2’s: nmap -sV -Pn --versiondb=nmap-service-probes.pi <ip_range> If…
Offence oriented defence
We recently gave a talk at the ITWeb Security Summit entitled “Offense Oriented Defence”. The talk was targeted at defenders and auditors, rather then hackers (the con is oriented that way), although it’s odd that I feel the need to apologise for that ;) The talks primary point, was that by understanding how attackers attack, more innovative defences can be imagined. The corollary was that common defences, in the form…
44CON 2013
In one week, it’s 44CON time again! One of our favourite UK hacker cons. In keeping with our desire to make more hackers, we’re giving several sets of training courses as well as a talk this year. Training: Hacking by Numbers – Mobile Edition If you’re in a rush, you can book here. We launched it at Blackhat USA, and nobody threw anything rotting, in-fact some said it went pretty…
BlackHat Conference: Z-Wave Security
We are publishing the research paper and tool for our BlackHat 2013 USA talk on the Z-Wave proprietary wireless protocol security. The paper introduces our Z-Wave packet interception and injection toolkit (Z-Force) that was used to analyze the security layer of Z-Wave protocol stack and discover the implementation details of the frame encryption, data origin authentication and key establishment process. We developed the Z-Force module to perform security tests against…
Honey, I’m home!! – Hacking Z-Wave & other Black Hat news
You’ve probably never thought of this, but the home automation market in the US was worth approximately $3.2 billion in 2010 and is expected to exceed $5.5 billion in 2016. Under the hood, the Zigbee and Z-wave wireless communication protocols are the most common used RF technology in home automation systems. Zigbee is based on an open specification (IEEE 802.15.4) and has been the subject of several academic and practical…
Snoopy Release
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at ZaCon in South Africa. Whilst we’ve been promising a release for a while now, we wanted to make sure all the components were functioning as expected and easy to use. After an army of hundreds had tested it (ok, just a few), you may now obtain a copy of Snoopy…
Black Hat Training Classes Update
Hey All, We’re about locked and loaded down here in ZA – ready to tackle the looooong journey to Vegas for Black Hat. If you’re headed to Black Hat but haven’t yet booked training there’s still time, so I thought I’d push out a brief update on what’s still available from our stable of courses. As many of our courses have sold out we opened second classrooms and as a…