Many organisations consider performing phishing tests against their own staff; whilst this can be a great way to determine your risk exposure and to determine the effectiveness of security awareness training, it can actually introduce problems into your security strategy too. In this episode I talk about a few common issues with company phishing campaigns: 1. Vanity Metrics – where company perform biased testing (unintentionally or otherwise) which cause a positive shift in their metrics but not necessarily the same positive shift in their security. 2. Repetitive Scenarios – there’s a lot of different scenarios a phisher could try, if …
In my job as a security tester I often have the weird task of physical access penetration tests. That’s breaking into buildings for a living. So here I give a little introduction to what they are and some of the aims customers have when they procure a test of this nature. Whether it’s involves lock-picking or social engineering, it’s a weird job.
Red Teams are a romanticised part of security testing; and whilst red team engagements are usually amongst the most fun to deliver – but being fun to deliver doesn’t mean they’re always the most effective from a security point of view. A lot depends on the target organisation’s maturity, defensive capability, and engagement goals.
The Demystifying Tech Podcast invited me back as a guest, and during the conversation the security of elections was discussed. It was given only a few minutes between other items which is a real shame, so I thought I’d expand on some of the points I made here and give a little bit of an introduction to the prior art of election hacking.
Introduction I wanted to talk a little bit about the British Airways breach; I won’t be focusing on the intention to fine from the ICO. I’ll just be talking a little about vulnerabilities, how they can be addressed, and the issues mitigations may bright. I’ll also be talking about a security incident that hit the ICO and how it was potentially very similar to what happened to British Airways.
I previously mentioned dumping memory contents using SPI, with a BusPirate. Sometimes that’s not feasible – such as if the flash memory module is a little inaccessible and you’re not feeling like deconstructing the board just yet. An alternative is to pull memory over JTAG. I talked about accessing JTAG and interacting with a chip using OpenOCD previously, however this time around I’d like to go a step further. The board I’m using in this example is a Netgear DG834Gv1, which has an exposed JTAG, shown below on the bottom right of the board (in red):
So I’m playing around with a device right now and I’m currently pulling out the contents of its flash memory over SPI – so I figured I’d write a few notes about how to do just that! Here’s what I’m playing with, in case you’re curious:
Cloning basic Keyfobs using GNURadio and an SDR! Introduction In my introduction to hardware hacking, I mention that radio systems may be part of the attack surface for a hardware device penetration test. So I thought I’d give a gentle introduction to hacking with an SDR here! Firstly, what’s an SDR? It stands for software-defined radio, and refers to a category of devices which allow you to interface with radio. There are a lot of SDR devices on the market to choose from when you first get started – a RTL-SDR can be picked up for £15 and devices from …
Introduction I’m currently writing up a series on hardware hacking fundamentals, and before I get into the specifics – I thought it sensible to add a piece on why hardware security is important and to lay out the major themes of what I’ll be discussing.
Getting up and running with PulseView and reading pin output with an Analyzer! Introduction Logic Analyzers are inexpensive devices that allow you to just take a look at what a small number of pins on a chip are up to. They can be hooked into software like PulseView to read pin output and decode it into something more useful. Many decoders are available, but in this introduction we’ll have a quick look at PulseView and reading (decoding) UART data. I’ve previously written about UART and how to find them with a JTAGulator, but here’s a different approach.