We were invited to speak at @hack in Saudi Arabia
We loved presenting our two opensource tools, pwnSpoof and SMBeagle, live at @hack.
Following our success at Blackhat earlier this year, we were invited to talk about our two opensource tools at the very first @Hack conference in Riyadh, Saudi Arabia. @Hack was run in association with Blackhat, so the arsenal tools presentations were a very similar format except this time we were given the opportunity to present our tools to hundreds of people and with bigger time slots.
@Hack was held over three days, with a huge CTF dominating half of the exhibition hall and some fantastic guest speakers. We had some great discussions with speakers covering our favourite topics, DevSecOps and digital transformation.
Daniel, Simon and Pete presented multiple times over the three days and it was great interacting with guests afterwards and getting feedback and feature requests. It was also amazing to see our tools were already being used and people knew all about us before we even took to the stage!
Everyone in Saudi Arabia were fantastic, and we’ve made some great partners in the region and across Europe. We would absolutely recommend @Hack to anyone in the region and look forward to an invite next year.
What does pwnSpoof do?
pwnSpoof produces a spoofed logfile that contains thousands of legitimate looking, highly dynamic and variable web server logs. Within these logs, we hide an attack or two for the student / trainee / CTF player to go find. Thats it, its a simple aim but with some complex code to make it work well.
All of these logs are safe to use, because they are completely fake and contain no client sensitive information. Training on real logs is dangerous and sensitive information is almost impossible to redact, so use pwnSpoof.
What does SMBeagle do?
SMBeagle identifies all the SMB file shares in the environment and then enumerates every file on every share. The output of this effort is a catalogue of every accessible file and whether it can be read and written.
The applications for SMBeagle are huge. It is common for businesses to have file shares with poor or no restrictions, but they just don’t realise. Ransomware leverages this misconfiguration to steal and encrypt data that the compromised user should never have even had access to!
Penetration testers can use SMBeagle to quickly get a list of the accessible scripts in a business, or writeable executables that can form part of a watering hole attack. We have found printers with writeable drivers, database connection configurations with anonymous read access and plenty of sensitive information that is world readable.