Glenn
Maltego Webinar Series: Episode 01, Introduction
Hello Internet,
We’re going to be hosting monthly Maltego webinar sessions, and our first one is this Friday (24th April)! Being our first episode we’re going to start with the basics of the basics. Our agenda is as follows:
What is Maltego? Why Maltego? Where can I get it? How does this user interface work? What are these Maltego terms and buzzwords? What’s a transform and how I can run one? Bonus round! Sign up here if you’d like to join us:
Lovely Pwnies – Twitter Monitor
Recently there were revelations about a GHCQ initiative called ‘Lovely Horses’ to monitor certain hackers’ Twitter handles. The guys over at Paterva quickly whipped up a Maltego Machine to replicate this:
Building your own LovelyHorse monitoring system with Maltego (even the free version) – it’s easy!
We’ve wrapped some supporting transforms around that Machine to allow you to create and manage your own set of lovely horses (Twitter accounts), and dubbed it ‘Lovely Pwnies’. You can obtain the transforms and original Machine via the new Maltego Transform Hub.
Commercial Snoopy Launch! [ ShadowLightly ]
Hello world!
We’ve been busy squireling away on a much requested project – a commercial Snoopy offering. We’ve called it ShadowLightly, and we’d like to invite you to join the beta explorer program. We’re going to offer ten 3-month trials to the site (you’d need to buy sensors / build your own), and in return we’d ask that you help us debug any issues. To apply, please email explorer@shadowlightly.com – introduce yourself, and tell us a little about why you’d like to join the program.
DefCon 22 – Practical Aerial Hacking & Surveillance
Hello from Las Vegas! Yesterday (ed: uh, last week, my bad) I gave a talk at DefCon 22 entitled ‘Practical Aerial Hacking & Surveillance‘. If you missed the talk the slides are available here. Also, I’m releasing a paper I wrote as part of the talk entitled ‘Digital Terrestrial Tracking: The Future of Surveillance‘, click here to download it.
Whiskey shot!
The Snoopy code is available on our GitHub account, and you can join the mailing list here. Also, congratulations to @AmandersLPD for winning our #SnoopySensor competition! You can see the output of our *amazing* PRNG in action below: I’ll update this post to point to the DefCon video once they’re released. In the meantime, the specifications of my custom quadcopter I had on stage are below:
Release the hounds! Snoopy 2.0
Friday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in a rush, you can download the source from GitHub, follow the README.md file, and ask for help on this mailing list. For those who want a bit more information, keep reading.
What is Snoopy? Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary signals from various devices via Python plugins.
Using Maltego to explore threat & vulnerability data
This blog post is about the process we went through trying to better interpret the masses of scan results that automated vulnerability scanners and centralised logging systems produce. A good example of the value in getting actionable items out of this data is the recent Target compromise. Their scanning solutions detected the threat that lead to their compromise, but no humans intervened. It’s suspected that too many security alerts were being generated on a regular basis to act upon.
Channel 4 – Mobile Phone Experiment
This evening we were featured on Channel 4’s DataBaby segment (link to follow). Channel 4 bought several second hand mobile phones that had been “wiped” (or rather reset to factory default) from various shops. Our challenge was to recover enough data from these seemingly empty phones to identify the previous owners.
After a long night of mobile forensics analysis, we had recovered personal data from almost every phone we had been provided with. This information included:
BlackOps Hacking Training – Las Vegas
BlackOps you say?
At SensePost we have quite a range of courses in our Hacking by Numbers series. We feel each one has its own special place. I’ve delivered almost all the courses over the years, but my somewhat biased favourite is our relatively new BlackOps Edition. Myself (Glenn) and Vlad will be presenting this course at BlackHat Vegas in July.
Where Does BlackOps fit in?
Our introductory courses (Cadet and Bootcamp) are meant to establish the hacker mindset – they introduce the student to psychological aspects of an attacker, and build on that to demonstrate real world capability. BlackOps is designed for students who understand the basics of hacking (either from attending Bootcamp/Cadet, or from other experience) and want to acquire deeper knowledge of techniques. We built the course based on our 12 years of experience of performing security assessments.
Black Hat Europe – Bootcamp Training
SensePost will be at Black Hat Europe 2013 to deliver the Bootcamp module of the Hacking by Numbers series. This method based introductory course emphasizes the structure, approach, and thought-processes involved in hacking (over tools and tricks). The course is popular with beginners, who gain their first view into the world of hacking, as well as experts, who appreciate the sound, structured approach.
A break down of what will be covered during this course:
Snoopy Release
We blogged a little while back about the Snoopy demonstration given at 44Con London. A similar talk was given at ZaCon in South Africa. Whilst we’ve been promising a release for a while now, we wanted to make sure all the components were functioning as expected and easy to use. After an army of hundreds had tested it (ok, just a few), you may now obtain a copy of Snoopy from here. Below are some instructions on getting it running (check out the README file from the installer for additional info).
Page 1 of 2
Next