Rogue Access Points, a how-to
This is republished from the original on the SensePost blog.In preparation for our wireless training course at BlackHat Vegas in a few weeks, I spent some time updating the content on rogue/spoofed...
View Articlehostapd v2.0 KARMA edition
DigiNinja wrote a set of patches for hostapd that allow it to operate in KARMA mode (i.e. respond to any probe in an attempt to fool wifi devices into joining it). His last set of patches were for...
View ArticleA quick view on IBM's approach to mainframe security disclosures
At DerbyCon I made a point about IBM's security response procedures. It's a complex and subtle issue that won't carry well over Twitter. Here's my quick attempt at clarifying my personal view,...
View ArticleAdmission of illegally obtained evidence in ZA courts; hacked FB messages
There's a story that's been doing the rounds in the ZA press entitled; "Your private Facebook messages can be used in court against you even if you were hacked" It details a case "Harvey v Niland and...
View ArticleClik here to view.
Too Easy – Adding Root CA’s to iOS Devices
With the recent buzz around the iMessage crypto bug from the John’s Hopkins team, several people pointed out that you would need a root CA to make it work. While getting access to the private key for a...
View ArticleClik here to view.
Universal Serial aBUSe
Last Saturday, at Defcon 24, we gave a talk entitled “Universal Serial aBUSe: Remote Physical Access Attacks” about some research we had performed into USB attacks. The talk was part of a research...
View ArticleClik here to view.
Snoopy with Mana
In 2011 Glenn and Daniel released Snoopy, a set of tools for tracking and visualising wireless client activity. However, the Snoopy project is no longer maintained. This blog entry is about how I got...
View ArticleClik here to view.
BSides Cape Town Secret Squirrel Challenge Write-Up
Last weekend was the BSides Cape Town conference, currently ZA’s only hacker con. It’s a cool little con with big dreams that get a little closer each time. This year was a lot a fun and well put...
View ArticleThoughts on Bureaucracy
After seeing PaulG's tweet on bureaucracy it kicked off some quick thoughts.The dangerous thing about letting your company become bureaucratic is that when the smart people leave, they won't tell you...
View ArticleClik here to view.
Propagation of 7MHz signals & ionospheric refraction
I’ve long been interested in the physics of RF, but never had a chance to play with it until recently. This post covers my experiments with the propagation of 7MHz signals; the equipment, the setup,...
View ArticleCracking Efficiency Measurements & Common Substring Attack
This was an epic week for password cracking, we had lots of new hashes and lots of competition to see who could crack the most the fastest.BLUF: I put together a cracking technique, and tested it...
View ArticleClik here to view.
Making Your Own LinuxKit With Docker For Mac
Docker For Mac (and Windows) has done some interesting tricks to bring Docker to non-Linux platforms. It took me a while to figure it all out, and even longer to work out how to make change to the...
View ArticleIntroduction to WebAssembly
I’ve started seeing WebAssemly (WASM) stuff popping up in a few places, most notably CloudFlare’s recent anti-container isolated v8 workload stuff and I wanted to understand it a little better, but...
View ArticleClik here to view.
Understanding PEAP In-Depth
tl;dr We reported a long standing PEAP bug in all Apple devices that would allow an attacker to force any Apple device (iOS, macOS or tvOS) to associate with a malicious access point, even if the...
View ArticleClik here to view.
Fast NTCracking in Rust
When I got a new MacBook with an M1 Pro chip, I was excited to see the performance benefits. The first thing I did was to fire up hashcat which gave an impressive benchmark speed for NT hashes (mode...
View Article
