BlackHat Europe 2016 – Epilogue

Hello Everyone,

Here again, after two really succesful days in London. BlackHat Europe ended up with really good fealings, with new friends and contacts, with many presents from the event, and more knowledge.

During my time there, I tried to capture the most importand aspects of the event, to able to constract them in a mini-documentary, that it can pass you the spirit and for you to be able to feel it, despite you weren’t there.

The conclusion of the event is that it was a really good start in the security events for me, and I hope that it is the first of many to come. Finally, I want to tell you that I met Jeff Moss (the founder of BlackHat and DefCon events) in person, and we had a really good talk. His tweet after our talk was the following:

screenshot_20161110-113335

Hope to enjoy my video. Feel free to commend, like, dislike and subscribe to my channel.

Cr0wTom

Web Application Hacking Course by Cr0wTom

Hello Everyone,

As you already know, because of my early work on Cr0w’s Place, and your support of course, I have the opportunity to work in some of the biggest education providers in the security sector. One of them is Hakin9 Media SP. with whom I am starting a new four week course tomorrow, in the subject of Web Application Hacking, and specifically in DataStore attacks and Advanced SQL Injection. You can find my course here.

My intentions are not to phish for clients. It is a really advanced topic, that not anyone can attend. But if you are up to Security and Hacking and you have some knowledge in SQL Injection, you can find this really helpful.

To continue, I want to tell you that I am preparing a vlog for the upcoming BlackHat event, that I will attend in November. I want to call anyone that will attend too, to communicate me, and scheduled a meeting in the event. I will happy to meet all of you, and present you in my BlackHat videos.

Feel free to contact me with any contact way available. ūüôā

Cr0wTom

Wordlist Creation with CUPP (Mr. Robot)

In this tutorial for Cr0w’s Place we are going to see how to generate a wordlist / dictionary file in Kali Linux, with a different tool, called CUPP. The difference is that this tool uses questions related to the victim, to produce a personalized wordlist for him/her. It is a really useful and effective tool, and it has also been shown in Mr. Robot series.

CUPP is a very powerful tool that creates a wordlist specifically for a person. CUPP is cross platform and written in Python. CUPP asks us questions about the target (name, wife’s name, pet’s name…) and then creates a password based on the keywords we entered.

To install it, go to a folder with a terminal window and type:

git clone https://github.com/Mebus/cupp.git

After this, and into the newly created cupp folder, we start the program like this:

  • cupp -i

Parameters are:

  • -h this menu
  • -i Interactive questions for user password profiling
  • -w Use this option to profile existing dictionary, or WyD.pl output to make some pwnsauce ūüôā
  • -l Download huge wordlists from repository
  • -a Parse default usernames and passwords directly from Alecto DB. Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.
  • -v Version of the program

If you like my job please Subscribe.

Thank You For Watching.:)

Cr0wTom

CTF team recruitment!

Hello everyone,

As you already know, I have started to be more active these last years in the field of security. I am not just an enthusiast, but I work and study for this field. The purpose of this post isn’t to present you my resume, but to start something new.

All these years I work alone. I write, test, and learn alone. I have also, compete in some CTFs alone, with random teams, from forums and Reddit. But I want to end this now. I want to create a team, and start to compete, wherever it is possible, develop-learn-share knowledge together, and start something new, that will offer not only to us, but hopefully to everyone.

I don’t know the name, I don’t know how many people we will be, but I want people with passion for the Security sector. Passion for computer hacking, developing, programming, penetration testing etc. I don’t want the guy that studies I.T. and goes to work just to live. Let’s create something extraordinary!

I will be happy to hear and speak with you. I am based in Greece, but I don’t thing that I want to restrict it here, so everyone¬†is welcome. Feel free to ask me anything in any of the contact ways that you may find in this blog.

Cr0wTom

My road to BlackHat Europe so far – Part 2 (Acceptance email)

Previously, we talked about the process I followed to get awarded with a student scholarship on BlackHat Europe 2016. As I told you, I followed the application process and I answered the required questions, as I showed you in part 1.

In this post, I will show you the acceptance email that I received in my inbox, ~40 days after my application.

Congratulations, you have been awarded a complimentary Student Scholarship to attend Black Hat Europe 2016 in London.  Black Hat Europe is the most technical and relevant global information security event in the world. For more than 19 years, Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.  This is an outstanding opportunity for students to learn from and network with some of the most talented researchers and practitioners working in InfoSec today.

 

Event:                   Black Hat Europe Briefings

Date:                     November 3 and November 4, 2016

Location:              Business Design Centre, London

 

Requirements:  In order to register for your complimentary Student Pass, you must meet the following requirements:

  • Must be at least 18 years old at the time of the event
  • Must provide copy of verifiable proof of full-time academic status at an accredited college or university (copy of class schedule or syllabus)
  • Must provide copy of valid and current college/university ID card
  • You must be able to provide your own travel to and accommodations in London ‚ÄĒthese are not included
  • Submit your materials on or before September 30, 2016.

 

Please reply to this email with the required information and we will set up your registration.  If you have any questions or need any more information, please contact us at blackhateuroperegistration@ubm.com

 

Congratulations on your nomination, and we hope you will be able to join us at Black Hat Europe this year.

 

The Black Hat Team

The email came from the address registration@ubm.com.

Cr0wTom

My road to BlackHat Europe so far (or how to get your scholarship)!

As I mentioned in my previous post, I recently got awarded with a complimentary Student Scholarship to attend Black Hat Europe 2016 in London. Of course they do not search for all the qualified students in the world, but you as a student have to apply for the scholarship and after a review from their side, be accepted or rejected.

The application form is hosted here and consists of several questions. I will now provide you the answers I gave to the application form, but of course if you decide to apply, give your own answers, as my answers have been recorded and you will immediately disqualified.

  • Why do you want attend Black Hat?
    Black Hat is one of the biggest events in the security industry, with many breakthrough topics every year. Because of this, and because I want to work in the Cyber Security sector in the future, I think that Black Hat can give me a head start, with the knowledge and the acquaintances that I may acquire with my attendance in the event. Also, I am really passionate in the research of this field, and finally, I think that I will be able to stand out of the crowd on the friendly competitions of the event. 
  • What course work, training, and/or experiences have you had that you feel qualify you for a complimentary pass? Be as specific as possible.
    First of all, I have completed successfully the Computer Science (CS50) course of Harvard University, through the edx platform, with a week focused on security. I am a Bachelor‚Äôs degree holder in the field of ‚ÄúSupply Chain Management‚ÄĚ and I have been selected to start a Master‚Äôs Degree in the field of ‚ÄúInformatics and Management‚ÄĚ in October 2016. These are for my accademics.Continuing, I was trained from the age of 12, by my uncle, in the field of computer science and especially programming. By the age of 18, I have started working in the biggest Greek penetration testing magazine, DeltaHacker, as a content creator, covering advanced penetration testing topics. Now, I am a workshop instructor in PenTest Mag and Hakin9, two of the biggest penetration testing related magazines in the world. I also own a big Youtube channel and a blog, related to penetration testing and information security, named Cr0w‚Äôs Place.In addition, I have presented the topic ‚ÄúPenetration Testing with Android Devices‚ÄĚ in the Google Developers conference of Thessaloniki 2014, and the topics ‚ÄúIntegration of Augmented Reality technology into Warehouse Management Systems‚ÄĚ and ‚ÄúIntegration of Near Field Communication technology into Warehouse Management Systems‚ÄĚ in the 12th Student Conference on Management Science and Technology.Finally, I have worked many times as a freelance penetration tester, and I have visited Germany after an invitation for cooperation from Auxilium Cyber Sec, with whom I may cooperate in the future, after my Master‚Äôs Degree. 
  • What specific research (Briefings, Arsenal tools, Keynotes, etc.) from past Black Hat events do you find especially interesting and WHY? Relating specific Black Hat content back to your course work and/or area of study will increase your chances of being awarded a scholarship. Please site at least 3 examples. Archives can be found here for reference: https://www.blackhat.com/html/archives.html
    1. Don’t Stand So Close To Me: An Analysis of the NFC Attack Surface (July 25, 2012) ‚Äď As I stated in the previous question, I have presented the topic ‚ÄúIntegration of Near Field Communication technology into Warehouse Management Systems‚ÄĚ which happens to also be my thesis topic for my bachelors. A big part of this topic was the security of NFC in which this Black Hat presentation helped me a lot, and I find it really interesting.
    2. Fingerprints on Mobile Devices: Abusing and Leaking (2015) ‚Äď One of my main fields of interest in the security sector is mobile devices. I have presented a topic in the GDG, wrote many things on my blog and on the magazines I work. For this matter I am interested in many Android and iOS related presentations of BlackHat, and one of my favourites was this. I have many times referenced to the paper of this presentation.
    3. Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance (July 26, 2012) ‚Äď Because most of my work is based on the corporate world, as I studied in the Supply Chain Management field, I have used the knowledge acquired by this presentation, and other sources, to fix some aspects of security in the company I was helding an internship program, Kleemann S.a.
    4. Attacking Mobile Broadband Modems Like a Criminal Would (2014) ‚Äď One of my biggest and most successful topic in the DeltaHacker Magazine, was based in this exact blackhat presentation. When I saw it, I was so excited that I wanted to present it to the Greek public, and I did it with great success.

    I have also, liked many other presentations but I think that these four was the most important now that I have to choose.

I have to thank many people for this opportunity, and for the state that I’ve reached until now, but I will not do it publicly. Keep in mind that all the above are property of the Cr0w’s Place and Thomas Sermpinis, and their use is prohibited. They have been uploaded for educational purposes only. Thank you and I wish good luck to every contestant.

BlackHat Europe 2016 is taking place in London, 1-4 November 2016. I will be happy to meet you there.

Cr0wTom

Android Malware Analysis and BlackHat Europe 2016

Hello everyone,

Long time since our last talk. I have to say sorry, but I am pretty busy those last months. I graduated in my bachelors, I started a Masters degree and many more.

The thing I want to talk you about today, is a new course that I instruct, which has to do with Android Malware Analysis. It has started 2 weeks ago and it will continue for 2 weeks more, but don’t worry, it’s self paced. You can start it whenever you want, it will be online for a long time. You can find it in eForensics magazine, in this link.

I hope that you will like it, if you decide to start it. Feel free to ask me anything, before you start, or during your course time.

Another interesting thing about Cr0w’s Place is that I will attend the BlackHat Europe conference in November. I will cover most of the things that I will see there and if some of you attend too, I will be happy to meet and talk with you.

Cr0wTom