Dagah: Mobile Penetration Testing Software
Penetration Testing is a key part of any corporate security plan, but are you testing the system that the majority of employees are using to access corporate systems: Mobile?
Shevirah is the only technology that can measure the whole security posture of an enterprise’s mobility program: the users, the device, the applications, and the infrastructure.
Given only a phone number, Shevirah can phish mobile users via SMS, QR Codes, NFC or send client-side attacks to simulate how hackers would exploit users
Given the installation of a simulated malicious application, Shevirah measures the potential impact of malicious applications on users’ devices and corporate management settings
Simulated phishing attacks can gather basic information, user credentials, or attempt to side-load a simulated malicious application
Works against Android and iOS smartphones and devices
Available now in Community and Professional versions. Enterprise version coming soon.
Supporting Services for Dagah
Shevirah offers services to help customers directly using our Dagah software and for consultants who wish to use Dagah for their customers.
- Companies without standing penetration testing teams can still get the value of the Dagah software by hiring Shevirah to run it
- Shevirah conducts a week-long penetration test of customer’s mobile device infrastructure
- Shevirah security professionals run multi-faceted attack on mobile devices simulating methods used by modern hackers
Security Awareness/Remediation Training
- Shevirah offers on-line, short training modules on the risks of mobile device attacks and how to maintain good security hygiene with mobile
- Proven to improve user resilience against phishing and client-side attacks
Mobile Penetration Test Training
- Shevirah offers a 3-day class on how to conduct penetration testing of mobile devices and the Internet of Things using Dagah
- Instructor Georgia Weidman covers all the methods used by the Shevirah Red Team in conducting penetration tests of mobile systems including phishing, man-in-the-middle, rogue access point, rogue cell tower, client-side, and remote attacks
Social Engineering Penetration Testing
- Companies without the resources to run a social engineering test can still get the value of the Dagah software by hiring Shevirah to run the Dagah Software
- Shevirah conducts a simulated phishing attack against customer’s mobile users
- Shevirah authors real-world phishing messages, texts, messaging-application messages, and payloads and sends them using simulated methods used by modern hackers
Georgia Weidman, Founder/CTO
Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She has provided training at conferences such as Blackhat USA, Brucon, and CanSecWest. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions and is a graduate of the Mach37 cybersecurity accelerator. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance. See Georgia’s past and upcoming appearances.
Michael W. Wellman, Director/Advisor
Michael W. Wellman is the CEO and co-founder of Virgil Security. Virgil delivers cryptographic “building blocks” to software developers around the world enabling them to quickly and easily build passwordless authentication, encryption, and other cryptographic functionality into their products without their having to become security experts themselves.
Some of Michael’s previous products include early commercial Internet software, Apple’s eWorld web browser, AOL’s Macintosh web browser, the first two generations of Apple’s Airport, and other market-defining Wi-Fi products. Michael has also led DARPA-funded research and development projects in Cognitive Radios, Dynamic Spectrum Access (DSA), mobile ad hoc networks (MANET), and MIMO. He is a mentor at the Mach37 cybersecurity accelerator and the RelevantHealth.md health tech accelerator, an advisor to cybersecurity startups NS8, Shevirah, and ThreatCare, and a Venture Partner at NextGen Venture Partners.
Peter Laitin, Advisor
Peter is co-founder of Washington D.C. based cybersecurity startups 202 Partners and RunSafe Security. Two decades of Federal IT sales has made Peter a well-known go-to person in the areas of cybersecurity, mobility and IoT around the 495-loop, representing companies like RSA (acquired by Dell), Verisign, Invincea (acquired by Sophos), Good (acquired by Blackberry), Thursby Software and Kaprica Security (acquired by Samsung). Peter is a native Washingtonian with an established federal and private network with a proven track record in some of the most notable IT security and mobility deployments in the federal government, including DISA, USDA and the FBI.
He is a second generation DC insider, beginning his career by interning for the Chairman of the House Budget Committee, following in the footsteps of his father Joe Laitin who served 18 years in government under five presidents, beginning as a Whitehouse Press Secretary. Peter holds BA degrees in Public Relations & Marketing from Ashford University, as well as Political Science & Government from Indiana University Bloomington.
Simon Hartley, Advisor
Simon is an expert in cybersecurity, mobility and IoT, co-founder of Washington DC-based cybersecurity startup RunSafe Security. He is a member of the SAE’s IoT Cybersecurity Committee and a contributing author in their new book “Cybersecurity for Commercial Vehicles“. RunSafe was developed as part of DARPA’s program of cybersecurity for DoD vehicles, drones and medical devices. Simon also worked with Apple and Samsung in hardening their mobile devices for government use.
Previously, he was VP of Sales at Kaprica Security (acquired by Samsung), Mobile Program Director, DMI, market leader in managed mobility and Sales Director at Thursby Software, market leader in Apple security. Prior executive roles include Red Hat, HP, Capgemini, a $9B hedge fund, a $50MM dot com and a background in nuclear software engineering. He holds a BS in Physics from U-Manchester, a MS in Law & Cybersecurity from U-Maryland Carey Law, CISSP, CEH and CIPP/US.
Monique Morrow, Advisor
Monique was Cisco’s CTO/Evangelist for New Frontiers Development and Engineering as well as Cisco’s first CTO Services. Monique is a technology strategist and is focused on the intersections of Blockchain, cybersecurity, digital identity, ethical computing, and IoT/mobile. She is currently the co-founder of The Humanized Internet, an Associated Researcher with the Alexander von Humboldt Institute for Internet and Society, and an Advisor at the Rising Star Cybersecurity Accelerator and to Procivis AG and VALID. Among Monique’s numerous accolades, she was the 2017 recipient of the DECA International Entrepreneurial Spirit Award, Business Worldwide Magazine’s 2016 Visionary of the Year for Technology, Social Change and Ethics, and has been named a Top Ten Influential IT Women in Europe.
Gaige Paulsen, Advisor
Gaige B. Paulsen is the CTO of Haste and an experienced entrepreneur. Haste specializes in improving network performance for interactive experiences. Over the past three decades, he’s guided technical and business decisions for a variety of technology and internet-focused businesses. Gaige has experience in all phases of business, from founding through growth and sale. His technical experience is focused on internet technologies from low-level protocol and embedded systems development to facilities-based internet service providers. He advises a number of companies, including Shevirah, Virgil Security, AIS Network, and Storybook.
For more information on Shevirah’s testing solutions to mobility risks, or to purchase the Dagah Software, please contact us using the form on this page.