Budgets, t2 and IMSI catchers

Unlike the on-going / upcoming cyber cold war involving nation states, image boards, corporate entities and drunk hackers, 2014 has run its course. In the private and public sector this means it’s time to start drafting those e-mails about next t2 infosec being included in the 2015 training budget. While not all our attendees are dependent on the fiscal calendar, we see fit to remind those who are. Our offensive friends can think of it as adding your backdoor into the target’s build environment.

Looking back at the past couple of years, the content has, more than once, been ahead of the times. A recent example would be the IMSI catcher hulabaloo in Norway a couple of months after @raviborgaonkar‘s and Swapnil’s t2 presentation.

Without a doubt, 2015 will give us more vulns with funny names and fancy websites, the Internet Of pwned Things, the doomsday clock getting closer to midnight and horrifying yet awesome nation state capabilities. To sum this up with an out-of-context quote from the 1950s:

“It must be obvious… that there is a contradiction in wanting to be perfectly secure in a universe whose very nature is momentariness and fluidity.”

— Alan Watts, The Wisdom of Insecurity

ps. despite several requests to add BTC, gift cards, pieces of eight or crash triggers as payment methods, we’re still sticking to the credit card payments. Getting those prepaid cards is not that hard really. On a final note, invoices have been marked as obsolete and our next release might not support them.