David Sopas

web security researcher

David Sopas – Web Security Researcher
START READING
23/08/19 Hardware , Tools , Travel # , , ,

My Red Team assessment hardware

My Red Team assessment hardware

Many friends and colleagues are asking me what I use for red team assessments so I decided to write a post with my arsenal – which will could not reflect others Red Team approach.

Also, the hardware is task specific. For example, if you’re going on a Wifi hunt you might not need a set of lockpicking tools – well you never know 🙂

Other people lists can be found here:

Feel free to Tweet @dsopas with new lists or even recommend stuff for me to buy 🙂

no responses
22/08/19 Hardware # , ,

Pointer hijack and portapack testing

When I was in Casa das Artes – venue for an event that I would give a talk – I was discussing some RF topics with my pal Zezadas. One of them was to play with RF pointers… I went home the next day and did a small prank which involved the hackrf replay of a windows (works in 7 or 10) shutdown – video -> here!

If you want to have real fun with pointers – check our mame82 LOGITracker research.

BUT not happy with that, I finally got a portapack for “portability” of hackrf. What should be the first video for showing off portapack? My cat’s RF mouse 😀

Video? -> here!

no responses
22/08/19 Interesting Readings # , ,

Checkmarx Security Research Team latest work

We’ve got a lot of new research in our hands but so far only one got disclosed to the public.

I’m talking about the LeapFrog LeapPad Ultimate research. It got a few hits on the media (CNET, The TelegraphZDNET, BleepingComputerThreatpost, Fortune, …) and I’m very proud of this work specially because it keeps children more secure.

You can see a small PoC video here and the full research at the Checkmarx blog.

no responses
18/03/19 Advisories , Hardware # , , , ,

Popular wireless Logitech mouse vulnerable to keystroke injection

One of the things that keeps me on the security path is the opportunity to learn new things each day.
After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks.

I went throught the affected devices list and didn’t have any on my own to test it. BUT I had a Logitech M185 wireless mouse which is very popular because… it’s cheap comparing to other models.

I grabbed the CrazyRadio dongle – which was waiting for better usage on my lab –  and put it into action.

I opened Bettercap and turn on the HID recon:

sudo bettercap -eval="net.recon off;hid.recon on"

After a while I detected my Logitech M185 and also other stuff:

Just to make sure it was really my device, I did a simple HID.sniff ADDR and pressed a few buttons. Don’t want to pop shells anywhere 🙂

Next, I created a simple DuckyScript to show the Windows calcultator on the desktop:

GUI r
DELAY 200
STRING calc
DELAY 200
ENTER

What we have so far:

  • Bettercap running with HID module on
  • Detected my Logitech M185 2.4Ghz mouse
  • Created the DuckyScript to use (ducky.txt)

The only thing missing is to inject our payload and see what happens:

hid.inject ADDR PT ducky.txt

You can see the end result of this proof-of-concept video – https://www.youtube.com/watch?v=TdPRYWkYarM

Don’t want to be a spoiler but… yeh it’s vulnerable 🙂

no responses
01/03/19 IoT # , , , , , , ,

BLE Surfing an Orienteering event

BLE Surfing an Orienteering event

It was 2pm and more than 1500 individuals were getting ready to start an international Orienteering event. To me it was opportunity to test my new BLE tool and at the same time, know more about the number of sports wearable’s people use nowadays – to know what to break next 🙂

So I positioned my crappy Android phone on the center of the event and just hit play.

After a couple of hours, I decided to check it out and I got a 701 devices detected – crazy number. Just by curiosity I made the Top5 brands and devices:

  1. Garmin – 542 devices
  2. Polar – 86 devices
  3. Fitbit – 28 devices
  4. TomTom – 21 devices
  5. Samsung – 17 devices

Around 77% of the devices detected were Garmin. Huge market share.

With that percentage, the Top5 devices were all Garmin:

  1. Forerunner 235 – 180 devices
  2. Forerunner 735 XT – 67 devices
  3. Forerunner 35 – 46 devices
  4. Forerunner 920 – 43 devices
  5. Fenix 3 HR – 30 devices

I already did some research on Garmin and TomTom, also played with someForerunner models and they show the real bd_addr (Bluetooth Address) which could be used to… track people. But this wasn’t the case.
My real goal was to test large data into my app and see how it handles on rendering them on a map. No information or connection was made to any device.

Just by curiosity, you know that only the Garmin watches had a value of around 180k?

no responses
08/12/18 IoT , My Events # , , , , ,

Exfiltrate all the things at BSidesLisbon18

Last week BSidesLisbon was legendary. More than 400 attendees, beer, “pastel de nata” and of course – amazing talks.
This was my third participation as a speaker and first time co-presenting a talk with my friend and colleague Pedro Umbelino.

We worked very hard on this topic during the last year and we wanted to show two live demos on the event. It wasn’t easy, specially when few hours earlier we scanned for BLE and NFC devices and there was so much noise 🙂

Credits: https://twitter.com/bsideslisbon

In the end, the smart bulb and NFC exfiltration demos went very well /* btw – we prayed a lot to the demo gods */ and we got nice feedback.
I would like to thank all the people that saw our presentation, which was packed as you can see on Coopers’ photo:

Credits: https://twitter.com/Ministraitor

You can see the all presentation here – https://www.youtube.com/watch?v=3UJBAkl8Y2A.

To be honest, I didn’t watch many talks because I was always on the hallway con, brainstorming with my friends – but the ones I saw they were very interesting.
Again the organization was on their top game and it’s pleasure for me to be there each year.

In the end I said goodbye to BSidesLisbon in an amazing Cantonese restaurant.
Cya next year!

no responses
23/11/18 IoT , My Events # , ,

Part of my research shown on DEFCON 26

Part of my research shown on DEFCON 26

The video got public and I needed to share this with all my followers.

It was, that I know of, the first time my research was presented on DEFCON. It was presented on the IoT Village by Erez Yalon, who I have the pleasure to work with.
It covers Privacy on IoT devices and that any user is vulnerable to that.

Personally it was another thing I can take from my bucket list… Checked!

no responses
23/10/18 Meetings , My Events # , , , ,

Semana Informática and BSides Lisbon

So I scheduled my last talks for this year.

At 31 October, I’ll be at FEUP in Semana Informática to present – Breaking IoT!
And for the third time, I’ll have the honor to be at BSides Lisbon on 29th and 30th November giving a talk with my friend and collegue Pedro Umbelino – Exfiltrate all the things!

If by any chance you’ll be in one of these events feel free to approach me and say Hi!

no responses
1 2 3 4 10