31May, 2020

GoHacking Demo

I was invited to speak at Go Hacking, a Brazilian cyber security community and training provider. If you have never heard of them, check out the great content on their YouTube page. Given their recent training on Command and Control, I did a talk and demonstration on performing a high-value adversary emulation. I used MITRE ATT&CK for obtaining Cyber Threat Intelligence on APT19. Then I leveraged VECTR to create an adversary emulation plan. Lastly, I used Empire3 with Starkiller, a free command and control framework, and then SCYTHE, an enterprise grade command and control framework to perform the adversary emulation.

30May, 2020

CredGuard + VMware + Windows10

Credential Guard + VMware + Windows 10 Vmware Workstation 15.5.5 now has support for Credential Guard enabled on the latest Windows 10 (Windows 10 20H1 build 19041.264 or newer)! This is big news for enterprises and individual users given the security controls we had to disable to be able to run virtual machines on our […]

25May, 2020

New website

New website, who dis? Welcome to my new website! I hope to use this site much more than in the previous 10 years as I am now in a new, innovative, and community driven company: SCYTHE.  This is my personal site so I plan to use it to share the events I will be attending. As you know, […]

07Jan, 2014

Missing Security Features in Windows Phone 8

As I have spent some time researching and developing a WP8 application security testing methodology and process, I have come up with three key security features that are missing from Microsoft’s Windows Phone 8. From an offensive security perspective, these feature are good to have for testing but from an end user perspective, they are […]

31Dec, 2013

WP8 App Security – Part 3 XAP File

This is the third part of a series on testing WP8 Apps. The first post introduced you to the WP8 platform and the second post had you install the prerequisites. This post will focus on the XAP file and side loading it onto your device or emulator. Side loading is the act of installing an […]

30Dec, 2013

WP8 App Security – Part 2 Prerequisites

This is the second post of a series on WP8 App Security and is focused on setting up the environment where you will test WP8 apps. You should already have a basic understanding of how the WP8 platform works. We will focus on the prerequisites for the tools and methods required to test WP8 apps. […]

30Dec, 2013

WP8 App Security – Part 1 WP8 Platform

In this post and series we will dive into the process and methods used to test the security of Windows Phone 8 (WP8) app. Let’s say you are tasked with performing a security assessment, ethical hack, vulnerability assessment, or a penetration test of a WP8 app, where do you begin? This is where! WP8 Platform Before […]

30Dec, 2013

Preparing iOS 7 to test iOS apps

Now that evad3rs released evasi0n to jailbreak iOS 7 we may begin testing iOS apps on iOS 7! This post will cover the steps and tools to set up your jailbroken iOS 7 device for testing mobile apps. From the Cydia app on the device, search and install the following: OpenSSH MobileTerminal BigBoss Recommended Tools […]