SlideShare una empresa de Scribd logo

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Descargar como PPTX, PDF
D
Douglas Webster

A few years ago all you needed was a 4 port switch and Kali VM to reliably bypass most controls and have domain admin in a few hours. Defenses and networks have improved and so should your red team arsenal. Spoiler alert; you’re going to need a bigger backpack. This talk will provide a practical guide to bypassing NAC controls, taking over workstations from the parking lot, and breaking into locked PC’s. We’ll walk through 5 different hardware devices; how to build them, use them effectively, and how to protect against them.

Tecnología
1 de 17
YOUR NEW RED TEAM HARDWARE SURVIVAL PACK Chris Salerno | DanAstor | Chris Myers Bsides NOLA: 2017
WHY MORE HARDWARE?  Networks are getting better  Visibility + Security  Detection is getting better  Rogue devices +Traffic analysis  Clients listening to recommendations  Finally…
TOOLS WE’LL BE COVERING  NetworkTaps  Raspberry Pi’s  Ethernet Over Power Line Adapters  USB Rubber Duckies  Mouse Jacking
NACS AND ATTACKS  Network Access Control (NAC)  Passive Attacks  NetworkTAPs + Packet CAPs  Active Attacks  Pi’s + Power Lines + Air Freshener orTissue Box
NETWORKTAPPIN  Problem  No Creds and Can’t DoTraditional Recon  Solution  Power LineAdapter + NetworkTap + Packet Caps  Sniff… Sniff…  Host + Network Info  Credentials (Network/Smart Printers or Switch Uplinks  )  PoE pass-through is a nice feature
NETWORKTAPPIN
PI GOT UR NAC?  Problem  Active NAC attempts to auth to any system plugged in along with host checking  Solution – NAC Honeypi  Raspberry Pi + Power LineAdapter + Air Freshener orTissue Box  SSH Honeypot  Cowrie based  https://github.com/micheloosterhof/cowrie  Responder  https://github.com/lgandx/Responder
HONEYPI DEMO
I’VE GOTTHE POWER  Problem  Need to Hide Physical Location  Solution  Ethernet over Power Line  Simple to use  Transmits signal here to there  Allows for stealthier ops  Hide network taps  Hide raspberry pi’s  Hide origin of systems/traffic
ETHERNET OVER POWER LINE ADAPTERS
USB DROPS & SCREEN UNLOCKS  Problem  Need Shellz but Can’t Plug Into the Network  Solution – Getting Shellz  USB Rubber Ducky  Inherently trusted in most environments  Easy to pretend to be a keyboard  https://hakshop.com/products/usb-rubber-ducky-deluxe  Labels may help: Beach Pics, Harassment Evidence, HR, etc..  Curious Users  They plug anything in…  Or take to HR, who then plug it in…
WHEN USB DUCKS ATTACK…  Ducky Script  Load a custom payload onto your Rubber Ducky  https://ducktoolkit.com/  PowerShellAttacks, Drop Malware, Etc.  Attack Scenarios  USB Drops  Go Aggro!  Or slightly less aggro…
PERIPHERAL ATTACKS?  Problem  Need Shellz but Don’t Have Physical Access  Solution  Wireless peripherals + keystroke injection  Logitech Unifying Receivers  Assorted Microsoft Keyboards + Mice  Can exploit to get remote C2’s  Arduino Mouse Jacker  https://github.com/phikshun/uC_mousejack  JackIt  https://github.com/insecurityofthings/jackit
RUBBER DUCKY & JACKIT DEMOS
SOWHAT NOW??  USB Rubber Duckies  HID/USB device whitelisting (GPO)  Epoxy USB ports  Mouse Jacking  Provide wired/non-vulnerable peripherals  Log external calls for PowerShell  Patch it yourself
SOWHAT NOW??  Powerline Adapters + NetworkTap  Physical security & user awareness  Limit use of clear text protocols  Raspberry Pi  Rogue device detection  Don’t auth to every system  Ensure NAC service account passwords are complex as in RANDO…  Don’t SSH auth to every system… (or use certs)
QUESTIONS?

Recomendados

Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Douglas Webster
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy MechanismsSecuRing
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 

Recomendados

Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Douglas Webster
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy MechanismsSecuRing
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web CodingXavier Mertens
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
nessus
nessusnessus
nessusMuhammad Yasin
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Why linux sucks
Why linux sucksWhy linux sucks
Why linux sucksNadeen Noaman
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revivalscriptjunkie
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDCscriptjunkie
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - MaticmindMaticmind
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 

Más contenido relacionado

La actualidad más candente

$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revivalscriptjunkie
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDCscriptjunkie
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - MaticmindMaticmind
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 

La actualidad más candente (20)

$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time Access
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
nessus
nessusnessus
nessus
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Why linux sucks
Why linux sucksWhy linux sucks
Why linux sucks
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revival
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDC
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - Maticmind
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as Code
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 

Similar a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterChris Swan
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
Cybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzCybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzBrandon Kravitz
 
Beyond websites using drupal for digital signs
Beyond websites using drupal for digital signsBeyond websites using drupal for digital signs
Beyond websites using drupal for digital signsAcquia
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shellNikhil Mittal
 

Similar a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack (20)

Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
Applied VoIP Security
Applied VoIP Security Applied VoIP Security
Applied VoIP Security
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
 
Cybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzCybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitz
 
Beyond websites using drupal for digital signs
Beyond websites using drupal for digital signsBeyond websites using drupal for digital signs
Beyond websites using drupal for digital signs
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
Backtrack
BacktrackBacktrack
Backtrack
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

  • 1. YOUR NEW RED TEAM HARDWARE SURVIVAL PACK Chris Salerno | DanAstor | Chris Myers Bsides NOLA: 2017
  • 2. WHY MORE HARDWARE?  Networks are getting better  Visibility + Security  Detection is getting better  Rogue devices +Traffic analysis  Clients listening to recommendations  Finally…
  • 3. TOOLS WE’LL BE COVERING  NetworkTaps  Raspberry Pi’s  Ethernet Over Power Line Adapters  USB Rubber Duckies  Mouse Jacking
  • 4. NACS AND ATTACKS  Network Access Control (NAC)  Passive Attacks  NetworkTAPs + Packet CAPs  Active Attacks  Pi’s + Power Lines + Air Freshener orTissue Box
  • 5. NETWORKTAPPIN  Problem  No Creds and Can’t DoTraditional Recon  Solution  Power LineAdapter + NetworkTap + Packet Caps  Sniff… Sniff…  Host + Network Info  Credentials (Network/Smart Printers or Switch Uplinks  )  PoE pass-through is a nice feature
  • 7. PI GOT UR NAC?  Problem  Active NAC attempts to auth to any system plugged in along with host checking  Solution – NAC Honeypi  Raspberry Pi + Power LineAdapter + Air Freshener orTissue Box  SSH Honeypot  Cowrie based  https://github.com/micheloosterhof/cowrie  Responder  https://github.com/lgandx/Responder
  • 9. I’VE GOTTHE POWER  Problem  Need to Hide Physical Location  Solution  Ethernet over Power Line  Simple to use  Transmits signal here to there  Allows for stealthier ops  Hide network taps  Hide raspberry pi’s  Hide origin of systems/traffic
  • 10. ETHERNET OVER POWER LINE ADAPTERS
  • 11. USB DROPS & SCREEN UNLOCKS  Problem  Need Shellz but Can’t Plug Into the Network  Solution – Getting Shellz  USB Rubber Ducky  Inherently trusted in most environments  Easy to pretend to be a keyboard  https://hakshop.com/products/usb-rubber-ducky-deluxe  Labels may help: Beach Pics, Harassment Evidence, HR, etc..  Curious Users  They plug anything in…  Or take to HR, who then plug it in…
  • 12. WHEN USB DUCKS ATTACK…  Ducky Script  Load a custom payload onto your Rubber Ducky  https://ducktoolkit.com/  PowerShellAttacks, Drop Malware, Etc.  Attack Scenarios  USB Drops  Go Aggro!  Or slightly less aggro…
  • 13. PERIPHERAL ATTACKS?  Problem  Need Shellz but Don’t Have Physical Access  Solution  Wireless peripherals + keystroke injection  Logitech Unifying Receivers  Assorted Microsoft Keyboards + Mice  Can exploit to get remote C2’s  Arduino Mouse Jacker  https://github.com/phikshun/uC_mousejack  JackIt  https://github.com/insecurityofthings/jackit
  • 14. RUBBER DUCKY & JACKIT DEMOS
  • 15. SOWHAT NOW??  USB Rubber Duckies  HID/USB device whitelisting (GPO)  Epoxy USB ports  Mouse Jacking  Provide wired/non-vulnerable peripherals  Log external calls for PowerShell  Patch it yourself
  • 16. SOWHAT NOW??  Powerline Adapters + NetworkTap  Physical security & user awareness  Limit use of clear text protocols  Raspberry Pi  Rogue device detection  Don’t auth to every system  Ensure NAC service account passwords are complex as in RANDO…  Don’t SSH auth to every system… (or use certs)