David Sopas

web security researcher

David Sopas – Web Security Researcher
START READING
15/11/17 Donations

Together we’re strong

A few months ago, me and Luis had the idea to help the firefighters (true heroes) with a donation that could make their job more secure.
More than 210 thousand hectares of forest burned in Portugal only this year so this was the right thing to do.

After talking with João we thought about bringing more people together, specially in the infosec community. The objective was to bring more cash to the bucket.

The decision was unanimous, donate as much as we can to Associação dos Bombeiros Voluntários da Figueira da Foz.
Currently they’re asking for an acquisition of a new car.
This operation requires a huge amount of money. Other donations are applied in tires, car repairs, fuel, water, IT equipment and firefighters special clothes.

So if you want to help out…

The IBAN is PT50 0045 3050 4024 7032 1811 2.
Also don’t forget to send an email to geral at bvff.com.pt with the wire transfer confirmation and your NIF so they can also send you the receipt.

I will update this post with the list of guys who join us in this precious help and the total amount donated.

Thanks!

0 likes no responses
13/11/17 My Events # , , ,

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was awesome

BSides Lisbon 2017 was great \o/
It was my second BSides Lisbon (both as a speaker) and it’s amazing that the organization keeps improving this con.

It had awesome talks, and with the help of my great friend Duarte – we hosted a mini lockpicking village which had a great success.

I didn’t saw as many talks I wanted – because I was in the hallway cons with my mates but still I took some pictures:

Also I have the pleasure of working for three companies that sponsored this event – Checkmarx, Char49 and Cobalt. Thanks guys!

BTW you can download my presentation slides at Github » https://github.com/dsopas/talks/blob/master/Desktop/bsides_gtfo_pdf.pdf

Cya next year guys!

0 likes no responses
11/10/17 Meetings , My Events

Guess who’s coming to BSides Lisbon 2017?

… you’re right! This guy 🙂

After my presentation last year, I decided to submit again a talk to the best infosec event in Portugal – BSides Lisbon. My talk GTFO Mr. User will be about:

In this talk, the author will present real case scenarios (aka hacking to PoC) showing the danger of large organizations ignoring high and critical security issues, with repercussions that would affect millions should the security threats fall into the wrong hands. Additionally, this talk will share tips on how to properly disclose bugs to companies without being a real Trump.

I’ll also bring some hardware to play during the event, specially for BLE hacking, and other few surprises in my talk (say what?!).
Don’t forget to check out the other speakers and buy your ticket!

0 likes no responses
30/09/17 Papers , Tips and Tricks # , , , , ,

My notes on Hacking BLE – list of resources

My notes on Hacking BLE – list of resources

In the last few weeks I went for a drive into the Bluetooth Low Energy (aka BLE) topic.
There are many articles on the web on “how to hack BLE” and stuff like that, so this is just a compilation of the things I wrote on my notepad and my decision of sharing it with the community.

In a nutshell, what I did… Bought some cheap BLE devices and played around.

I start by scanning the device. Do some recon on it and then check what I can get from it. Sniffing, RE the mobile app, MiTM, etc.
At first I always scan for devices and enumerate the services and characteristics. BLEAH could be a good choice.

I tried different techniques but the one that I got better results was MiTM.
Sniffing in my opinion you need luck. Even if you have three Ubertooth covering all three advertisement channels – Uberteeth 🙂 you still need lots of luck and a faraday cage

For MiTM I use GATTacker. My lab is powered by a laptop with Kali installed and a Raspberry, with Raspbian installed. One is the central and the other is the peripheral. The rest is quite simple:

  1. Start the central
  2. Scan for devices
  3. Grab the device ID and scan the services and characteristics
  4. Send advertisements
  5. Turn on the bluetooth on your phone and run the mobile app
  6. Modify the dump file
  7. Replay
  8. Gameover

Eg of a smart lock showing the master key and my own key (in plaintext):

I’m still learning but I’m enjoying every step.

Some tips I learned along the way:

  • Start by reading specification (core and GATT) and learn how it works
  • Sometimes you need to change your bdaddr (MAC addr) to match the original device
  • Study the hardware and check what kind of approach is better (sniffing, MiTM, brute-forcing, etc)
  • You learn a lot by RE the mobile application
  • By reversing don’t forget to search for specific keywords – liked password, CMD, secret and stuff like (sometimes you get some low hanging fruits)
  • For alternative sniffing, use Android Bluetooth HCI snoop log
  • Be persistent, don’t give up on first sign of fail

Resources

Must read

Hardware

Tools

Talks

I hope this article helps out newcomers in this BLE hacking and also help pros with a list of interesting material.
Feel free to send me more resources, I’ll keep updating.

Meanwhile follow me on Twitter – @dsopas to get the latest updates on my work.

0 likes no responses
21/06/17 Meetings # ,

Speaker at C-Days 2017

Speaker at C-Days 2017

I was invited by AP2SI to represent them in this year C-Days event. I talked about “Hacking for fun and profit – bounty style” and the room was packed. It was a pretty cool event specially because I was able to join a couple of friends to trade some new ideas.

0 likes no responses
10/04/17 Donations , Inspiration , Life Style

Why working in application security makes me a better man?

In the last couple of years I was blessed with a good job at application security that made my life much easier. Above all things, I now have more opportunities to help others and provide my family and friends with small things that makes a lot of difference. Sometimes just being happy that day will contribute to the ones that surround you with a smile in their faces. It’s contagious 🙂

Last Sunday I received a warm hug from the lady who runs the animal local shelter. I delivered some food to feed their more than 400 cats and dogs – they really needed. That hug and sincere eyes of the lady made my week. I thought to my self – It’s just a little help but if everyone helps a little, the world will be a better place right?

In the past I tweeted that when I reached 3k reputation points at Cobalt.io I would donate $500 USD to a open-source security project. I got to that goal and donated to sqlmap project. Cobalt helped me on this and had more $500. 1k to a project that is maintained by only two developers. One of the replies I got from this was that I was a inspiration… That’s one of my life goals. To inspire more people to application security and to GIVE to others that need or deserve.

I really love what I do. Hacking is in my blood and without it I would be incomplete.
I have more than 10 years experience in application security and I’m still learning every single day. The day that I’ll stop learning I’ll quit for good.

0 likes no responses
11/01/17 Tips and Tricks # , , , ,

Meter HTML5 XSS filter bypass

I was playing around with some new HTML5 features and noticed a funny one.

Meter gives you a cool progress bar on-the-fly – https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meter

Immediately I thought about using it to bypass some WRONG blacklist tags XSS filter and add a event to it:

<meter onmouseover="alert(1)"

You can check it on https://jsfiddle.net/btksfbbx/

Nowadays this doesn’t make any advantage to a researcher because you can use arbitrary tags:

<sopas style=font-size:200px onmouseover=alert(1)>Sopas

Online – https://jsfiddle.net/thnwcjcx/

0 likes no responses
12/11/16 Bug Bounty , Meetings # , ,

BSides Lisbon – The way of the bounty

BSides Lisbon – The way of the bounty

Hey guys for those who want to download my presentation at BSides Lisbon you can do it right here.

Also you can watch the 50min video of the talk – https://www.youtube.com/watch?v=6cWHt-h78yY

I had lot’s of interesting questions at the end of the talk which showed me lots of interest in the bug bounty industry.

I also I would like to thank the BSides Lisbon organization because it was a awesome event. I met so many interesting people and got the opportunity to be with my great friends.
Awesome talks in both tracks and lot’s of networking and hacking on the lounge areas.

Next year I’ll be there again for sure!

0 likes no responses
24/10/16 Advisories , Bug Bounty

OLX and Adobe full-disclosures on HackerOne

OLX Stored XSS
https://hackerone.com/reports/152069

Adobe Reflected XSS
https://hackerone.com/reports/50389

I asked for full-disclosure of this reports so other users can learn something from it.
The OLX security report was also mentioned on a portuguese media site- Future Behind. If you know portuguese language feel free to read it.

0 likes no responses
1 2 3 4 9