| Follow @lancinimarco

Reading time ~1 minute

Needle Status Update

I’ve been quite busy developing Needle for the last few months, and I was happy to release it at Black Hat Arsenal USA 2016. But what happens now?

Well, we have a few conferences already lined up where you can catch up directly with Needle and myself:

  • OWASP AppSec USA 2016 [October 14, Washington DC]: with a talk named “Needle: Finding Issues within iOS Applications”, I will show how Needle can be used both by security professionals and developers to assess the security of iOS applications

  • Black Hat Arsenal EU 2016 [November 3, London]: Needle will come back to Arsenal (Europe, this time!) to showcase its new features

  • DEEPSEC 2016 [November 8-9, Vienna]: for those who want a hands-on approach on iOS exploitation, I will deliver a 2-day workshop at DEEPSEC this November. This exercise-driven training course will use detailed tutorials to guide the attendee through all the steps necessary to exploit a real iOS application, and, in the process, provide an understanding of the modern attacker’s mind-set and capabilities. The course will cover iOS hacking, from the basics of vulnerability hunting on the platform to advanced exploitation techniques.

There’s still time ro register to the workshop, go grab a ticket!

To stay updated, remember to also follow @mwrneedle on Twitter!

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, devops, and network security...  

Currently Working On

Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.

  1. Cloud Native Tech
    • Cloud Security (AWS, Azure, GCP)
    • Container Security (docker, kubernetes)
      1. So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
      2. My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
    • Infrastructure-as-Code (Consul, Vault, Packer, Terraform, Ansible)
      1. Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
      2. Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
  2. Red Teaming
    • Techniques
      1. Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
    • Tooling
      1. Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
      2. GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
      3. Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.
Continue reading