Mantra Information Security

This is the time of year when most people gear down and enjoy the festive season. Others, however, are wide awake, scanning Twitter/X and other platforms for potential 0days. Whether you're a sleep-deprived SOC analyst, an overstretched CISO, or a caffeine-addicted security researcher, we wish you happy holidays! PS: Be kind, let those 0days drop in the second week of January instead of the upcoming weeks! ;)

Unicorn Engine Workshop Delivered at BSides London ✅ Last Saturday, we spent an incredible day at BSides London in Hammersmith, engaging with attendees, discussing products and services, and delivering our free workshop on encryption and Unicorn Engine. This year, we had four full hours dedicated to the topic, allowing us to dive deep into the basics. We were thrilled to welcome 12 core attendees, with a few others dropping in throughout the session to join the fun for an hour or two. The day was filled with problem-solving, collaboration, and hands-on challenges. Here’s a snapshot of the participants hard at work, achieving their goals and tackling encryption challenges:

BSides London is just around the corner! It will take place this Saturday at Hammersmith, London. As the UK's largest and oldest BSides conference, it's always an incredible event, and this year promises to be even better. We’re especially excited because Balazs Bucsay will be hosting his Defeating Encryption Using the Unicorn Engine workshop. While the workshop is already sold out, we do have some great news: if you're interested in attending the conference, we have a spare ticket! Feel free to reach out to us for a chance to snag a free BSides London ticket. Don't miss this opportunity!

Hacking Barcodes for Fun & Profit... Is our very first article on our brand-new blog! In this post, our consultant details an interesting vulnerability discovered in the barcode system of certain vouchers used in an EU country for PET and aluminum can recycling. These barcodes contain the voucher's value, which can be altered. While the barcode generation process involves a unique mathematical formula, we successfully reverse-engineered the algorithm and its parameters to produce valid codes. You can find the majority of the details (without specifics to prevent misuse) on our blog here: https://lnkd.in/eHAz_Pzu We plan to post regularly about Mantra's updates and cutting-edge research. Stay tuned to our blog so you don't miss out on any exciting discoveries!

GreHack ✅ Awesome people, magnificent scenery, great food! CVEs presented: - CVE-2024-20357 - CVE-2024-20376 - CVE-2024-20378

Mantra is getting traction! We’re excited to announce that, following our workshop at hack.lu, we’ll be hosting the Unicorn Engine workshop again at BSides London in mid-December. While the official conference schedule hasn’t been finalised or published, we can confirm that we’ll be there. If you’re attending, don’t miss this chance to deepen your reverse engineering skills using Unicorn Engine. We’re also thrilled to be presenting our recent research on Cisco IP Phones at GreHack in Grenoble this Friday. We’ll be sharing insights on vulnerabilities that allow real-time call interception. Be sure to find us if you’re attending!

Last week, we spent an incredible time at @Hack.lu in Luxembourg, A relatively small, high-quality conference with around 500 attendees, primarily from Europe. The event had top-notch talks, a vibrant community and lots of fun. Balazs delivered his training, Defeating Encryption Using the Unicorn Engine, to an engaged group of 25 attendees. This intensive session is part of the broader Software Reverse Engineering for Beginners course. Despite its challenging content, the attendees' positive feedback was priceless and inspiring, it is always heart-warming to see so many people succeed in a small room. Note: The photo captures about 50% of the attendees, as some chose not to participate in photos for privacy reasons.

New week, new conference. We are looking forward to hack.lu this week!

Mantra Information Security will be making an appearance at Grehack in Grenoble, France, next month! We are excited to present our brand-new talk titled: Is Your Phone Spying on You? An In-Depth Analysis of Vulnerabilities in Cisco VoIP Phones. Our research, conducted late last year in collaboration with Davinsi Labs, uncovered multiple high and critical vulnerabilities. One of the most severe allowed an attacker to listen in on any phone calls made from or received by certain Cisco IP Phone families. During our talk, we'll showcase this vulnerability in action. We'll even take a live call from our audience and play it back in real time. Our presentation is ready, and the slides are nearly complete—we can't wait to deliver this talk! Also, don't forget about our FREE Unicorn Workshop at Hack.lu in Luxembourg, happening in just ten days. And if you're interested in our Software Reverse Engineering training, join us at DeepSec in Vienna. You can find details under the DeepSec Conference & Training 6 ticket type. More information is available here: https://lnkd.in/eFm2kaKF

Free Software Reverse Engineering training... For those, who attend Hack.lu this month! Last week, Balazs presented his Server-Side Cross-Site Scripting talk at BSides Ljubljana, which received outstanding feedback. It's always a pleasure to mix high- and low-level topics in a way that everyone can understand. Experienced consultants found the content insightful, while newcomers to IT security appreciated that they could follow every slide of the talk. Mantra Information Security is delighted that our content was featured at BSides Ljubljana. Our next stop is Hack.lu, where we’ll be offering a free training session open to all! Training title: Defeating Encryption Using Unicorn Engine Workshop If you have some experience in assembly and Linux, join us, and we’ll teach you advanced Reverse Engineering skills!