CBSNews has a segment of 60s minutes covering how DARPA “the creator of the Internet” is fighting cyber crime (found HERE). They claim Dan Kaufman aka Darpa Dan and his team have built a application that can monitor the military’s network for compromised hosts. They continue to claim “any device that is breached will show up as red dots so you know EXACTLY whats going on”. Uhhhhh sure … is this malware / breach detection mixed with behavior analytics or is it just smoke and mirrors to look impressive on TV?
Next they say they can shut down or quarantine an infected system. Ok well at least that sounds reasonable since technology like NAC is around so just add a desktop management application and that is accomplished. I guess it sounds reasonable when DARPA Dan’s team gets a half of billion dollars a year to develop technology according to this report. With that budget, they better be able to accomplish something. Continue reading →
My buddy Aamir Lakhani from dcchaos.com put together a list of the best cyber security talks of 2014. The rankings and opinions are purely his own. Some of these were based on technical knowledge, others were entertaining, and lastly some of these are a shout out to my friends and colleagues. You can find the original post HERE.
Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading →
Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing
Emily Williams and Robin Sage
Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using EmilyWilliams. Continue reading →
Today’s highlight – WIFI Pineapple Mark III Wireless Penetration Testing Tool.
There are many cool tools sold at conferences. One tool to check out is the WIFI Pineapple Mark III for around $100 dollars. Basically it’s a wireless honeypot using a man-in-the-middle attack to access data. The way it works is it listens for devices calling out for known wireless networks / SSIDs. The WIFI Pineapple will hear the request and clone the requested SSID so the device believes its connecting to a known trusted network. Continue reading →
People lock their doors at night and feel protected from criminals. The scary thing most people are not aware of is locks are easy to bypass with inexpensive tools. You may think these tools are hard to obtain however I watch lock pick kits sellout at security conferences each year with attendance in the thousands. If you search the Internet for terms like “lock picking, bump keys or impressioning” you’ll find hundreds of results including video tutorials. It’s not hard for criminals to break into doors and safes. In most cases, they can do it in under a minute without leaving behind evidence the average users will notice.