Yearly Archives: 2017

/2017

Dagah case study – Sasakawa USA institution

Automated mobile device vulnerability assessment, penetration testing, and mobile security awareness training

 

 

Situation

Sasakawa USA is a non-profit, non-partisan institution devoted to research, analysis, and better understanding of the US-Japan relationship in the areas of security, diplomacy, economics, business, trade, technology, and other matters of common concern.  Given the former role of Adm. Dennis C. Blair, U.S. Navy (Ret.), current Chairman and CEO of Sasakawa Peace Foundation USA as the US Director of National Intelligence and the think tank’s ongoing contact with high-level officials in the US Government, the organization is a target for sophisticated adversaries looking to use it as a stepping stone into government targets.

Solution

At Sasakawa USA’s request, Shevirah ran a campaign of social engineering attacks against Sasakawa USA’s employees using the Dagah Mobile Penetration Testing software.  This simulation of real world attacks that Sasakawa USA could face evaluated the mobile hygiene of employees and provided teaching points on how to identify and respond to actual mobile phishing attacks.  The vast majority of cyber attacks begin with phishing.

Results

“Shevirah’s mobile pen testing tool is truly cutting edge,” said Adm. Dennis C. Blair, U.S. Navy (Ret.), Chairman and CEO of […]

By |December 9th, 2017|Uncategorized|0 Comments

Shevirah announces new version of Dagah mobile and IoT pen testing and phishing tool and personnel additions

 

Ashburn, VA, November 21, 2017, Shevirah, a cybersecurity startup offering mobile and IoT device penetration testing and simulated phishing solutions, today announced the availability of a new and improved version of its popular Dagah tool.  The new version is available immediately from the company website, as an update for existing subscribers, or as a free enterprise trial.  Admiral Blair, Ex. Director of National Intelligence, describes the Dagah tool as “truly cutting edge”.  Early testers include the DoD, government agencies, and financial institutions. 

Shevirah founder and CTO, Georgia Weidman, the well-known cybersecurity expert and conference speaker, author of the textbook, “Penetration Testing – A Hands-On Introduction to Hacking”, long-time Director, Michael W. Wellman, Wi-Fi and Internet pioneer, CEO and co-founder of Virgil Security, Inc., and long-time advisors,  Monique Morrow, previously Cisco’s CTO-Evangelist for New Frontiers Development and Engineering, and Gaige Paulsen, CTO at haste.net,  are joined by two new advisors, Peter Laitin and Simon Hartley, co-founders of 202 Partners, North Bethesda, MD.

202 is a boutique enterprise software sales advisory company focusing on the commercialization of emerging technology in cybersecurity, mobility and IoT.  202’s recent successes include large mobile cybersecurity wins […]

By |November 20th, 2017|Uncategorized|0 Comments

Shitsco CTF Problem Walkthrough

I started my career doing security research. I guess technically I had a government red team job before that, but to really get where I wanted to go in the industry I did some research, gave some talks, and went from there. But for the past couple of years I’ve mainly been focusing on building my consulting practice, commercializing my mobile security research, and build a product startup. So I haven’t had as much time for research as I would have liked. With the release of our first pro product Dagah I’ve made a resolution to change that. 

I’ve decided to start this blog to post some of my work. My goal is to make everything understandable to someone who has read the exploit development chapters in my book and/or did the exploit development exercises in the OSCP course and exam. I find that even with years of study I sometimes fall into the gaps of assumed knowledge and skipped steps on vulnerability write-ups. What I’ll try and do different here is make everything I post go step by step and include all the background. That might make it really boring to some of […]

By |July 11th, 2017|Uncategorized|0 Comments