Who are you, and what do you do?
Hi, my name is Dominic Chell (@domchell) and I live in the North West UK. I work for MDSec (@MDSecLabs), a boutique security consultancy that I helped found in 2011. Prior to that I spent just over 6 years consulting at other UK based security firms. I spend a lot of my time working in app sec, particularly in the mobile space as I head up this practice area at MDSec.
What hardware do you use?
I do most of my work from a MacBook Pro mid 2012, which is connected to a 27” Thunderbolt display when I’m in the office. Although now quite dated, the laptop is still powerful enough to satisfy my needs with an i7, 16GB of RAM and 750GB SSD. I use an iPhone 6 as my regular phone, but also have a HTC One (M8) that I occasionally use when abroad.
I sometimes end up on projects where I need to be able to hand my hard disk over to the customer when I’m done, so I also have a Dell latitude with modular bays that I use in these situations.
What does your testing network or lab look like?
I have a few lab environments.
The main scanning servers sit on a Dell PowerEdge R210 with 16GB RAM running ESXi. On there we have a couple of Debian servers and a Nessus appliance that we use for external infrastructure scanning. There is also another Debian box that sits in EC2, and is used as a C&C server for our in-house Trojan.
The mobile testing lab consists of 20 iPod 5th Gens, a mixture of iPad2 and iPad minis, iPhone 3GS’, 4, 5 and 5S’. We then have an Android Nexus 4, a Samsung Tab, a HTC One M8 and a HTC Nexus One. We primarily use these for fuzzing and/or training. On the radio side of things we have a well spec’d RF enclosure that shields up to 1Ghz and a couple of NanoBTS 165CU and 139 devices.
There is also piles of random kit lying around the office including Raspberry Pis, some Ingenico payment terminals, TikiTag readers, random routers, old laptops and more, that’s just used as and when it’s required.
What tools and software do you use for your trade?
My host OS is Yosemite but I also have a Windows 8.1 and a Kali image that are open almost all the time – I find it handy to just flip between these using VMWare Fusion. I use Chrome as my primary browser and Adium for chat on our Jabber server. I also spend more time than I’d like looking at Outlook, Word and PowerPoint.
For web app testing I almost exclusively use Burp, with a number of extender plugins including Active Scan++ and Carbonator as well as some in-house plugins that we’ve developed – although we are currently debating whether to submit these to the BAppStore.
For mobile app testing I use a mixture of things, but the tool I’ve been most impressed with is Frida (www.frida.re) – its standalone, works cross-platform, has python bindings and the project maintainers offer great support. I would really encourage people to go and look at this project. I also use Hopper quite a lot – it’s come on leaps and bounds in the last year or so and aside from the architecture support, it now rivals IDA for RE IMO.
What is your dream setup?
What I have now, but on a beach somewhere hot =)
(Editors Note) Check out Dominic’s new book on mobile application hacking, it’s one of the best out there: The Mobile Application Hacker’s Handbook.