My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.
Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading →
Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing
Emily Williams and Robin Sage
Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using EmilyWilliams. Continue reading →
Today’s highlight – WIFI Pineapple Mark III Wireless Penetration Testing Tool.
There are many cool tools sold at conferences. One tool to check out is the WIFI Pineapple Mark III for around $100 dollars. Basically it’s a wireless honeypot using a man-in-the-middle attack to access data. The way it works is it listens for devices calling out for known wireless networks / SSIDs. The WIFI Pineapple will hear the request and clone the requested SSID so the device believes its connecting to a known trusted network. Continue reading →
People lock their doors at night and feel protected from criminals. The scary thing most people are not aware of is locks are easy to bypass with inexpensive tools. You may think these tools are hard to obtain however I watch lock pick kits sellout at security conferences each year with attendance in the thousands. If you search the Internet for terms like “lock picking, bump keys or impressioning” you’ll find hundreds of results including video tutorials. It’s not hard for criminals to break into doors and safes. In most cases, they can do it in under a minute without leaving behind evidence the average users will notice.