Tool & Presentation Downloads
From time to time, ThinkSECURE makes various presentations and items available for free public downloading. We hope you enjoy what we have put on tap below.
Selected Tools & Vulnerabilities
Current Version : 1.1
ThinkSECURE's Probemapper is a tool which detects probe requests from 802.11-enabled laptops with wireless client profiles and displays their encryption and capability information.
ThinkSECURE's MoocherHunter is a tool for helping law enforcement, system administrators and other authorized persons identify and hunt down wireless moochers, hackers and other unauthorized persons in real-time. Its straightforward interface helps the user to geo-locate the perpertrator in any kind of urban or rural environment. Click on the link to the left to check it out!
ThinkSECURE's OSWA-Assistant is a self-contained, no Operating System required, freely downloadable, standalone toolkit which is solely focused on wireless auditing. As a result, in addition to the usual WiFi (802.11) auditing tools, it also covers Bluetooth and RFID auditing. Using the toolkit is as easy as popping it into your computer's CDROM and making your computer boot from it!
ThinkSECURE's STIF is a tool which enables users to perform static analysis of IPA files.
(first disclosed 16 Jan 2006)
ThinkSECURE has discovered that certain well-known wireless chipsets using vulnerable drivers under the Windows XP operating system and when configured to use WEP with Open Authentication , can be tricked by a 802.11-based wireless client adapter operating in master mode ("the attacker") to discard the WEP settings and negotiate a post-association conection with the attacker in the clear. Read More Here
An online tool to help calculate the optimal placement of antenna element for a waveguide cantenna and cantenna dimensions.
A free display theme for Windows Mobile 2003 PocketPC users to use on their PocketPCs.
9 Jun 14
This presentation looks at some of the more recent and stealthy web attacks which target "Generation Z" (or any user of such social media) while they are online and illustrates how some of these attacks are engineered and the impact they have on a person's online social life. For web application developers, understanding such types of attacks will help them code better to mitigate such attacks.
3 Oct 13
This presentation looks at how to take apart and perform penetration-testing against mobile applications.
13 Mar 13
This presentation looks at what evil acts a malicious mobile application can do and how one can verify that a mobile application is actually doing what it claims to be doing.
11 Sep 11
Presentation on next-generation clickjacking attacks demo'ed at the Attacks & Vulnerabilities Track at the 20th GovernmentWare conference in Singapore in 2011
30 Sep 10
Presentation & demo on breaking into passcode-locked iPhones without alerting the user (updated with follow-on "Spykit" video!); Mobile Security Track at Govware 2010
5 Mar 10
Short 30-minute presentation at Temasek Polytechnic outlining how an individual or organization can hunt down unauthorized wireless users.
6 Aug 09
A presentation + demo on web browser security and a demo showing the theft of web-based credentials using an ARP-poisoning + SSLstrip combo.
28 Jul 08
A presentation & demo covering security issues arising from common habits of web users. A practical demo on defeating 2FA (2-Factor-Authentication) was shown (just not shown in these handouts).
Updated presentation & demos introducing the OSWA-Assistant to IT and IT Security Professionals.
31 Aug 07
A 3-hour presentation & demo introducing the OSWA-Assistant for an IDA audience. Exercises and demos were incorporated into actual run (just not shown in these handouts).
"Ghost In The Machine:
A Tale of Exploitation & Embedding"
29 Mar 07
In the first part of our presentation, we combine "DNS Snooping" with the TOR (The Orion Router) project to overcome some of the shortcomings of the original "DNS Snooping" technique to present a new perspective to targeted reconnaissance (i.e. how it can be used to track web surfing habits, email communications and various other online habits of online users).
Learn more about probemapper, a tool which helps enumerates wireless client profiles for the purposes of wireless client security auditing, as well as the WCCD Vulnerability.
Go beyond Anti-Virus software & learn which Windows OS locations Malware infects and how to get rid of 0-day Malware and Malware which blocks installation and operation of AV software...without having to re-install Windows!
(Size: 15MB !)
Original version presented in August 2005 @ AIRRAID Wireless Security Tournament; this abbreviated download slightly modified with AIRRAID picture addition. (Warning: 15MB size!)