David Sopas – Web Security Researcher

27/08/20 Hardware , Tools # , , , , , ,

I printed a 3D box for my bettercap arsenal and I liked it

I printed a 3D box for my bettercap arsenal and I liked it

Looking at the title you might think that it’s Katy Perry new hit… It isn’t… I’m sorry…

One of my favourite tools when doing security assessments is bettercap. Its like “one tool to rule them all”. With that in mind, I needed something to carry my bettercap arsenal when going to a client. Using my self-taunted 3D skills (btw n00b level) I decided to design my own box.

I needed something to pack the following:

The first version I encounter some issues. It was too big; alfa card was a bit tight; lid didn’t closed correctly and not very appealing.

So I started working on my second version which I would reduce a bit by putting the slot for the two antennas (Alfa card and the CrazyRadio) and modify the BLE dongle slot to also reduce some space. Added 4 pinouts to better close the lid.

I was getting close of what I needed neitherless I wanted more specially because I had an hard time taking the antennas and the BLE dongle. Also, the pinouts were not a good option to accomodate the lid. So I decided to add a few things:

  • Small cuts to improve the removal of the antennas and the BLE dongle
  • New slot to put whatever I needed – you never know…
  • New lid that just slides into the box

And what about the lid? Besides helping to open – creating some friction –  its leet 🙂

If you are interested in printing it, I uploaded it to Thingiverse and feel free to ping me on Twitter for suggestions or modifications.

Have fun!

no responses
10/08/20 Meetings , My Events # , ,

Our DEF CON 28 day was a blast

Our DEF CON 28 day was a blast

4 portuguese security researchers presented at DEF CON this year. I’m sure that was a record 🙂

  • Paulo Silva and I with API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs (which you can check the recording on Youtube).
  • Pedro Umbelino and João Morais with Android Bug Foraging (check the talk on Youtube)

With this in our mind, we gathered together at Char49 meeting room and saw it together… with drinks and pizza.

The fun was just starting. On Pedro and João talk, they included a never shown video  before regarding Google Camera issue which included myself being a victim of this vulnerability.

We even did the CONs tradition of “Shoot the N00b” for first time speakers – drink a shot before the talk. The poison was Pedro Umbelinos’ homemade firewater. I would lie if I would say that it didn’t hurt going down 🙂

In the end we had lot of fun and I hop enext year we can be together again giving a talk at DEF CON. Who knows?

PS: A new entry on my bucket list can now be checked – be a speaker at DEF CON.

 

no responses
30/07/20 Meetings , My Events # , , ,

DEF CON 28 here I go

Even in safemode, DEF CON 28 will be legendary, specially because for the first time… I’ll be a speaker 🙂
Some of my research was already present at DEF CON but now I’ll be actually speaking at the best security event in the world.

Paulo Silva and I will be talking about API (in)Security TOP 10: Guided tour to the Wild Wild World of APIs at AppSec Village and you can’t miss it.

Check out the agenda and don’t forget also to check Android Bug Foraging from my mates Pedro Umbelino and João Morais.

 

no responses
30/07/20 Donations # , , ,

A small gesture on this pandemic times

Since the middle of April, I decided to help health professionals, firefighters and all the people who were in the frontline against COVID-19 with 3D printed visors and ear-savers.
After a while the scope had a wide range which any people could ask for this type of protections and in exchange they would offer goods which later would be distributed between local associations.

Sharing is caring right? And why not?

In total I printed on my 3D printer 684 objects:

  • 364 visors
  • 251 ear-savers
  • 19 multi-tools
  • 47 mask carriers

In returned I distributed more than 1200 units of goods.

  • 266 L of milk
  • 213 children diapers
  • 91 tuna cans
  • 85 kilos of pasta
  • 76 eggs

And many other products.

I tried to help as much as possible, specially associations that helped out families with children.
I thought for a while if I would post this but after talking with some people, they told me, why not… Maybe someone will catch the idea and do the same in other locations.

So if you want to start, ping me on Twitter.

no responses
04/03/20 My Events # , , ,

Speaker at ENEI2020

Speaker at ENEI2020

Last wednesday I gave a talk at ENEI2020 with the topic – “Do I need a hoodie to hack a bank?”. It was focused on a red-team assessment I did and it was to show computer students a little bit about security, specially:

  • Recon
  • Social Engineering
  • Implants
  • Dead-drops

It was quite interesting because I got a lot of good feedback from the audience.
I hope they liked it.

no responses