We presented pwnSpoof at Blackhat!
pwnSpoof had some major updates in preparation for Blackhat EU and we loved engaging with the community on its future.
When we submitted two of our tools to the Blackhat Arsenal earlier this year, we had no idea that both would be accepted and we would soon find ourselves presenting both of these tools and having some great discussions with the community.
Blackhat EU was absolutely fantastic, with some standout briefings on Azure security and the overlooked insecurity of current SCADA installations.
We had great discussions with CTF organisers all over Europe including France, Ireland and Holland and we are super excited to collaborate on new innovations for pwnSpoof. pwnSpoof has already been used in two CTFS, with a third in the pipeline, and we collaborate with organisers for FREE as part of our effort to give back to the community. Our business is built on the consumption of opensource tools, products and libraries and we are passionate about being active and net beneficial members of the community.
What does pwnSpoof do?
pwnSpoof produces a spoofed logfile that contains thousands of legitimate looking, highly dynamic and variable web server logs. Within these logs, we hide an attack or two for the student / trainee / CTF player to go find. Thats it, its a simple aim but with some complex code to make it work well.
All of these logs are safe to use, because they are completely fake and contain no client sensitive information. Training on real logs is dangerous and sensitive information is almost impossible to redact, so use pwnSpoof.