Dagah: Mobile Penetration Testing Software

Penetration Testing is a key part of any corporate security plan, but are you testing the system that the majority of employees are using to access corporate systems: Mobile?

Shevirah is the only technology that can measure the whole security posture of an enterprise’s mobility program: the users, the device, the applications, and the infrastructure.

Dagah Product Information

Given only a phone number, Shevirah can phish mobile users via SMS, QR Codes, NFC or send client-side attacks to simulate how hackers would exploit users

Given the installation of a simulated malicious application, Shevirah measures the potential impact of malicious applications on users’ devices and corporate management settings

Simulated phishing attacks can gather basic information, user credentials, or attempt to side-load a simulated malicious application

Works against Android and iOS smartphones and devices

Available now in Community and Professional versions.  Enterprise version coming soon.

Supporting Services for Dagah

Shevirah offers services to help customers directly using our Dagah software and for consultants who wish to use Dagah for their customers.

Penetration Testing

  • Companies without standing penetration testing teams can still get the value of the Dagah software by hiring Shevirah to run it
  • Shevirah conducts a week-long penetration test of customer’s mobile device infrastructure
  • Shevirah security professionals run multi-faceted attack on mobile devices simulating methods used by modern hackers

Security Awareness/Remediation Training

  • Shevirah offers on-line, short training modules on the risks of mobile device attacks and how to maintain good security hygiene with mobile
  • Proven to improve user resilience against phishing and client-side attacks

Mobile Penetration Test Training

  • Shevirah offers a 3-day class on how to conduct penetration testing of mobile devices and the Internet of Things using Dagah
  • Instructor Georgia Weidman covers all the methods used by the Shevirah Red Team in conducting penetration tests of mobile systems including phishing, man-in-the-middle, rogue access point, rogue cell tower, client-side, and remote attacks

Social Engineering Penetration Testing

  • Companies without the resources to run a social engineering test can still get the value of the Dagah software by hiring Shevirah to run the Dagah Software
  • Shevirah conducts a simulated phishing attack against customer’s mobile users
  • Shevirah authors real-world phishing messages, texts, messaging-application messages, and payloads and sends them using simulated methods used by modern hackers

Get Product updates, white papers, and news about Shevirah.


Company Overview

Famed security researcher and author Georgia Weidman founded Shevirah in 2015 to commercialize software for penetration test teams to assess mobile security solutions leading to more secure enterprise endpoints: smartphones, tablets, wearables, and the Internet of Things. As hackers shift methods from traditional remote network attacks to social engineering and new endpoint attacks a gap in enterprise testing has emerged. Shevirah closes that gap with software for internal test teams and services for businesses without their own standing team.

In 2012, Weidman recognized that there was a parallel between where mobile security was and where network security was in the early 1990s.

In the early days of network security, Firewalls and Intrusion Detection Systems emerged and enterprises quickly deployed them against hackers. But hackers knew how to evade them through fragmentation, and Christmas Tree Attack. Once the first penetration testing software was available for enterprises to test their own defenses, these hacker techniques were discovered, simulated against network protections, and gaps were discovered. The network security solutions got better and more resilient. Weidman knew that Mobility needed a similar renaissance. She applied for and won a DARPA Cyber Fast Track grant to build what became the Smartphone Pentest Framework, which she released to the open source community.

Her company Bulb Security provided training and support for mobile penetration testing until the formation of Shevirah.

Weidman joined with inventor and entrepreneur Mark Longworth to bring Shevirah’s software and services to market. Longworth is a veteran of the 1990s network security market where he invented the NetWitness network forensics analysis tool, now RSA Security Analytics.

 

Shevirah Measures

Our Team

Georgia Weidman, CTO

Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She has provided training at conferences such as Blackhat USA, Brucon, and CanSecWest. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions and is a graduate of the Mach37 cybersecurity accelerator. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance. See Georgia’s past and upcoming appearances.

Mark Longworth

Mark Longworth, CEO

Inventor, software developer, security expert, systems engineer, and intelligence officer: Longworth has demonstrated his versatility and ingenuity in his 25 years of professional experience in and around the National Security Community.

After leaving the government, Longworth formed Forensics Explorers as a vehicle to market and advance his patented invention: NetWitness, now RSA Security Analytics. Longworth served as Forensics Explorers’ General Manager growing it from $0 to $4m in revenue until its sale to ManTech International in 2002. The NetWitness company spun off from ManTech and later sold to RSA in 2011. In May of 2005, Longworth joined Tenacity Solutions, a cyber security services firm. As Chief Strategist, Longworth led the growth from $2m to over $35m in revenue, lead the capture of a $100m prime contract, and grew the sales pipeline to $1.2b. In 2014, Tenacity sold to CSC. In January 2016, Longworth joined Shevirah Inc. to commercialize mobile device security testing solutions.

Contact

For more information on Shevirah’s testing solutions to mobility risks, or to purchase the Dagah Software, please contact us using the form on this page.

Your Name (required)

Your Email (required)

Subject

Your Message