War Driving 101

by javvad Malik with 1 comment

A few weeks ago a non-tech friend said he’d heard someone talk about this thing called War Driving so I explained that essentially, War Driving is about locating WiFi access points and recording their geographical location.

Upon seeing a confused look, I told him that he too could undertake a very basic form of wardriving using any device that has wifi capabilities. Basically, to turn it on and see which access points are broadcasting their location and writing down the details. Of course he didn’t believe that anyone would go through all that trouble, so to prove him wrong, Girl Cynic and I went on a little adventure.

filed under Video

(ISC)2 Congress 2013 recap: Talks, weird DM’s & Rick Rolling

by javvad Malik with no comments

It was my first time in Chicago, which I must say did not live up to its reputation of being windy at all – in fact the weather was quite pleasant. But I wasn’t in town to see the sites or enjoy the mild weather; I was here for the (ISC)2 Congress conference.

I do quite enjoy Congress – like any conference; particularly one in its 3rd year it has its pros and cons. But for the most part the talks were good, the people were decent and there was a total absence of drunk or hung-over kids looking to pwn your devices as is standard at most hacker-con type conferences.

The Talks

You know how if a movie has a great opening sequence, it gets you on a high and you anticipate what happens throughout the rest of the movie. Well, I started off Congress by attending Chris Nickerson’s talk on Red Team testing and identifying risks of physical and IT security convergence. Not only is does Chris have some excellent viewpoints – but he’s not afraid to call a spade a spade.

After that I had to get my game face on as I was on a panel along side Eric Jacobs, Spencer Wilcox, James McQuiggan, Dan WaddellForrest Foster  and was pulled together and moderated by Tony Vargas  - It seemed to go well and we even made it into a Dark Reading article.

I made it to two great talks delivered by Spencer Wilcox, one on mobile device privacy and geolocation and another on the gamification of security. I particularly like the gamification talk which went into many different concepts and aspects of what makes a game appealing, why people play and how some of those techniques can be used in security both at a technical and human level.

Tim Wilson facilitated an interesting discussion with Julie Peeler and Rohyt Belani on end user awareness and changing behaviors.


Meme’d Forever

Eve Adams  gave a cool talk that gave practical tips on how one can improve their resume and further career in infosec. She even meme’d me with a slide – I’m still trying to work out if this was a good or bad thing.

Meme'd forever


Awkward Messages


Whilst at conferences, the best way to usually communicate with others is via some form of social media. I find twitter direct messaging works pretty well for this and I’m used to seeing someone message me asking where I am, discussing which talks are worth attending or what lunch plans are. So I was quite surprised when I received this message from Andrew Hay.


Screen Shot 2013-09-29 at 11.42.23

This message worried me as I’m only around 5’6 (in heels) and Andrew is something like 6’5 and a former rugby player. So I responded in the only way I could – honestly.


Screen Shot 2013-09-29 at 11.42.47

As I sent the message, I kind of got the feeling that my profile picture probably didn’t come across too well and I was apprehensive about the response I would get… so you can imagine my surprise when I saw this.


Screen Shot 2013-09-29 at 11.42.58

I politely excused myself and avoided contact for the rest of the conference.


The Rick Roll


Often when I go to conferences I end up making a video of my adventures. I was short on ideas and time at Congress – so ended up rick rolling the attendees by getting them to sing the chorus one word at a time. Guess you should never trust a guy with a camera asking you to say one word to “test out his mic”


filed under Video

Blackhat, BsidesLV and Defcon 2013

by javvad Malik with no comments

For the second year in a row I managed to get myself over to the madness in Vegas for the week that features Blackhat, BsidesLV and Defcon. Having been there last year for the first time – I felt like a seasoned pro going in for year two. No longer was I going to be dazzled by the bright lights or masses of people. Oh no, I was going to get in – do the job and get out.

It didn’t quite work out as planned, but it was still a very informative week and fantastic opportunity to meet with so many people. As is somewhat customary, I documented my travels with my video camera so future me can look back disapprovingly.

If the youtube link doesn’t work in your country, you can always try watching the Vimeo version

Vegas 2013 from Javvad on Vimeo.



filed under Video

Keyboard Gladiator

by javvad Malik with no comments

On my command (line) – Unleash Hell



Keyboard warriors are so last year… now keyboard gladiators – that’s something I could get behind!


filed under Uncategorized

WiFi insecurity Part 2 – Snoopy

by javvad Malik with no comments

Continuing my look into WiFi vulnerabilities I came across Snoopy developed by Daniel and Glenn at Sensepost. You can read about the project in more detail and find links to download it on this blog post – alternatively; you can watch their talk on the topic at 44Con 2012.

filed under Video

WiFi insecurity part 1 – The Pineapple

by javvad Malik with no comments

Went I went to RSA in San Francisco back in February 2013, I also got a chance to attend and speak (briefly) at BsidesSF. As a speaker, I was pleasantly surprised to receive a speaker goodie bag. To my sheer geeky delight it had a Wifi Pineapple inside!

So I thought it would make a good topic to discuss some of the (many) security issues that can manifest when using wifi. A lot of what the pineapple does can be achieved using other means. What the Pineapple is really good (and scary) for is that everything you need is all inside on little black box.

Stay tuned, in the next vlog I’ll cover another sweet tool that takes advantage of wifi insecurity issues. It’s proper scary so you don’t want to miss that.



To read more about the pineapple you can head over to the official site

Or the link to Troy Hunt’s blog is here.

Stay secure my friends.

filed under Video

RANTing Rockstar

by javvad Malik with 1 comment

The monthly RANT in London that is always good entertainment. It must have been eating its greens because it’s all grown up and had its first full on conference. If you want a proper review you can read write ups by Thom Langford or Lee Munson.

I was looking forward to attending, and was honoured to be invited to be part of a panel on the day. What could be better than being invited to speak at a conference you think is pretty cool to start with?

Well, it so happened that the panel I was on was entitled, “Infosec Rockstars… the Myth and the Reality” alongside panelists Neira Jones and Ed Gibson whilst being moderated by Stephen Bonner!!! There were two things that bothered me about this situation – firstly, I would be sharing the stage with three people who I have no business being on stage with. Secondly, I am by no stretch of the imagination a rockstar.

I’m one of those guys who ends up having random thoughts at the weird times. For example, during a family dinner I may start pondering over whether Commando was a better film than Predator. Or wonder if I have enough ironed shirts whilst helping a child out with their homework. As a result, I may have dropped a line from the movie “Reign of fire” into the talk and possible drew the attention to similarities between myself and Jack Black.

Anyway, whilst onstage and feeling out of my league I recalled the tongue in cheek video I made with Space Rogue entitled  “how to become an infosec rockstar” and wondered if this was just a simple case of a joke going too far. Like how sometimes you make a joke in school, or a certain incident happens and for the rest of your years you’re remembered as “that guy” – a bit like how Jason Biggs will forever be linked to an American Pie.

I thought of Van Damme in the hilarious Coors Light advertisement and wondered if I too had ended up becoming a parody of myself.

From what I recall, the panel went well – there were plenty of friendly faces in the crowd I could turn to who were either smiling encouragingly or trying to put me off. During the breaks I got to mingle with plenty of cool people, a couple of whom referred to me repeatedly as a rockstar and I wasn’t sure whether to speak to them normally, or whether they expected me to get back into character and play up to the role… It’s at that time I realized how profound this dialogue from Tropic Thunder was:

I don’t even know who I am anymore.



filed under blog

Bypassing internet filtering with Lahana

by javvad Malik with 2 comments

Ever find one of your favourite websites is blocked? Well, Lahana is a quick and easy way to bypass basic filtering.

Find out more at http://lahana.dreamcats.org

filed under Video

PR Fails

by javvad Malik with no comments

Are PR professionals


a) Competent

b) Annoying

c) A necessary evil

d) Well-meaning and gracious people

e) All of the above


One thing that can be universally agreed upon is that not all PR pro’s are created equal and some can be pretty annoying. So I break down a few of the common PR fails with Neil from Eskenzi PR.


What do you think are the most annoying PR traits?

filed under Video

What’s an Asset?

by javvad Malik with no comments

Ever wondered what an asset is? Well wonder no more… either that or continue to wonder.


filed under Video