Arsenal

Brought to you by:







  • Bobble


    Personalization by search providers is intended to be helpful, but can also represent a form of censorship. To address the potential issues created by these "filter bubbles" we have developed a free tool called Bobble. Bobble uses a global, Tor-like network (PlanetLab) to depersonalize search results.

    Presented By:
    Xinyu Xing

  • Cuckoo Sandbox


    Cuckoo Sandbox is an open source tool for automating malware analysis, born under the umbrella of The Honeynet Project and evolved into becoming a leading solution adopted by organizations and researchers worldwide.

    It performs dynamic analysis of given malware artifacts of any nature or malicious URLs and thanks to its highly customizable nature, it provides the analyst flexibility to perform any sort of automated forensic investigation. It's mainly written in Python and C and it's designed to be highly modular, easy to integrate and completely independent.

    Some of the information that it's able to provide are:

    • Extensive log of Windows API calls performed by the malware
    • Dumps of dropped files
    • Dumps of malware processes memory
    • Full memory dump of the analysis machine
    • Dump of network traffic
    • Screenshots
    Presented By:
    Claudio Guarnieri

  • CuckooMX


    CuckooMX is a tool which interconnects with your MTA (currently Postfix) and automatically submit decoded attachments to a Cuckoo instance. The goal is to automatically analyze all piece of crap received in your mailboxes.

    Presented By:
    Xavier Mertens

  • HookMe


    HookME is a software designed for intercepting communications by hooking the desired process and hooking the API calls for sending and receiving network data. HookMe provides a nice graphic user interface allowing you to change the packet content in real time, dropping or forwarding the packet. It also has a python system plugin to extend the HookMe functionality.

    It can be used for a lot of purposes such as:

    • Analyzing and modifying network protocols
    • Creation of malware or backdoors embebed into network protocols
    • Protocol vulnerability memory patching
    • Firewall at protocol layer
    • As postexplotation tool
    • whatever you can create with plugins using your imagination
    Presented By:
    Manuel Fernandez

  • Mercury


    Mercury is a framework for exploring the Android platform; to find vulnerabilities and share proof-of-concept exploits. Mercury allows you to assume the role of a low-privileged Android app, and to interact with other apps and the system. It allows the user to:

    • Use dynamic analysis on Android applications and devices for quicker security assessments
    • Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices
    • Write custom tests and exploits, using the easy extensions interface

    On a more technical level, Mercury allows you to:

    • Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services
    • Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see)
    • Find information on installed packages with optional search filters to allow for better control
    • Use built-in commands that can check attack vectors on installed applications and native OS components
    • Create new modules to exploit your latest finding on Android, and play with those that others have found
    • Mercury does all of this over the network and it does not require ADB

    Does it sound like with a bit of tweaking Mercury could be the perfect post exploitation tool? Well...it was used as a RAT that was deployed to a vulnerable Galaxy SIII over NFC at Mobile Pwn2Own 2012! It allowed the MWR Labs team to exfiltrate all data from the exploited phone. See more info about that here: http://dvlabs.tippingpoint.com/blog/2012/10/05/eusecwest-mobile-pwn2own-2012-recap

    Presented By:
    Tyrone Erasmus

  • OWASP Xenotix XSS Exploit Framework


    Xenotix XSS Exploit Framework is a penetration testing tool to detect and exploit XSS vulnerabilities in Web Applications. It is basically a payload list based XSS Scanner and XSS Exploitation kit. It is having the world's second largest XSS Payload list. It provides a penetration tester the ability to test all the XSS payloads available in the payload list against a web application to test for XSS vulnerabilities. The tool supports both manual mode and automated time sharing based test modes. The exploitation framework in the tool includes a XSS encoder, a victim side XSS keystroke logger, an Executable Drive-by downloader and a XSS Reverse Shell. These exploitation tools will help the penetration tester to create proof of concept attacks on vulnerable web applications during the creation of a penetration test report.

    Presented By:
    Ajin Abraham

  • Prasadhak (and offensive PowerShell)


    Prasadhak is useful in scenarios where you need to check basic "malware sanity" of a target. A powershell tool which checks running processes for malware by searching their hashes on virustotal database.

    There will also be neat demos for off sec guys of my other tool Nishang - on demand!

    Presented By:
    Nikhil Mittal

  • Smartphone Pentest Framework


    As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. We will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app. Demonstrations of the framework assessing multiple smartphone platforms will be shown.

    Presented By:
    Georgia Weidman

  • The Deck


    The Deck is a full-featured penetration testing Linux distribution that runs on the BeagleBoard-xM, BeagleBone, and similar platforms. A single device running The Deck can be used as a powerful drop box or as a replacement for a pentesting laptop. Thanks to the low power requirements of the Beagle devices, a device running The Deck can operate for days to weeks off of battery power. These devices are also easily hidden thanks to their small size.

    The Deck debuted in September 2012 at the 44CON conference in London. The first add-on module the 4Deck (for USB forensics) was also released at that time. The second module, the MeshDeck, is being released March 15, 2013 at BlackHat Europe 2013. The MeshDeck adds 802.15.4 networking to The Deck which permits multiple devices to execute coordinated attacks. The MeshDeck also adds the ability to attack from a distance of up to 1.6km away.

    Presented By:
    Phil Polstra