Tools
WiFi De-authentication Rifle:
Wireless: it’s everywhere these days and yet owning it never gets boring. As part of our annual SensePost hackathon, where we get time off projects and get to spend a week tinkering with tech and ideas, the team I was in, consisting of Dominic, Nathi and myself, decided on creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi. The idea was simple: simulate some…
Commercial Snoopy Launch! [ ShadowLightly ]
Hello world! We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it ShadowLightly, and we’d like to invite you to join the beta explorer program. We’re going to offer ten 3-month trials to the site (you’d need to buy sensors / build your own), and in return we’d ask that you help us debug any issues. To apply, please email explorer@shadowlightly.com –…
Demonstrating ClickJacking with Jack
Jack is a tool I created to help build Clickjacking PoC’s. It uses basic HTML and Javascript and can be found on github, https://github.com/sensepost/Jack To use Jack, load Jack’s HTML,CSS and JS files using the method of your choice and navigate to Jack’s index.html. Jack comes with three additional pages; sandbox.html, targetLogin.html and targetRead.html. targetRead.html can be used to demonstrate Clickjacking that reads values from a page and sandbox.html is…
Associating an identity with HTTP requests – a Burp extension
This is a tool that I have wanted to build for at least 5 years. Checking my archives, the earliest reference I can find is almost exactly 5 years ago, and I’ve been thinking about it for longer, I’m sure. Finally it has made it out of my head, and into the real world! Be free! Be free! So, what does it do, and how does it do it? The…
Never mind the spies: the security gaps inside your phone
For the last year, Glenn and I have been obsessed with our phones; especially with regard to the data being leaked by a device that is always with you, powered on and often provided with a fast Internet connection. From this obsession, the Snoopy framework was born and released. After 44con this year, Channel 4 contacted us to be part of a new experimental show named ‘Data Baby‘, whose main goal is to…
Snoopy Release
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at ZaCon in South Africa. Whilst we’ve been promising a release for a while now, we wanted to make sure all the components were functioning as expected and easy to use. After an army of hundreds had tested it (ok, just a few), you may now obtain a copy of Snoopy…
Mobile Security Summit 2011
This week, Charl van der Walt and I (Saurabh) spoke at Mobile Security Summit organized by IIR (http://www.iir.co.za/detail.php?e=2389). Charl was the keynote speaker and presented his insight on the impact of the adoption of mobile devices throughout Africa and the subsequent rise of security related risks. During his talk, he addressed the following: Understanding the need for mobile security to be taken seriously in Africa Analysing the broader implications for…
The Yeti is here
After several months of dedicated … uh dedication, our new network footprinting tool is being made available to the masses. It’s called Yeti and it is a cross-platform, Java application. It’s predecessor, BidiBlah, was only available on Windows platforms and hopefully with Yeti we can now offer Internet intelligence gathering to everyone. So what does Yeti do: Top level domain expansion (tld expand) Forward lookups (mx,ns,a,cname and zone transfers) Reverse…
Happy New Year gift: source code!
If you use the Gregorian Calendar, then Happy New Year! Down here in South Africa, we’ve also ushered in a new year and in celebration SensePost is releasing source code for our in-house web proxy, Suru, under a BSD-style license. When released in 2006, Suru introduced a number of unique features to the world of inline proxies including trivial fuzzing, token correlation and background directory brute-forcing. Further improvements include timing…
BlackHat Write-up: go-derper and mining memcaches
[Update: Disclosure and other points discussed in a little more detail here.] At BlackHat USA last year we spoke about attacking cloud systems, while the thinking was broadly applicable, we focused on specific providers (overview). This year, we continued in the same vein except we focused on a particular piece of software used in numerous large-scale application including many cloud services. In the realm of “software that enables cloud services”,…