4. 44
Social Engineering
Metasploit, a phone, fake online
profiles, voice modulation, social
engineering toolkit
Forensic Tools
Kali Linux, Deft Linux,
Sleuthkit, Digital Forensics Kit
Footprinting Tools
Maltego, NSLookup, nMap
Lockpicks/Gadgets
Bump keys, lockpick kits, master keys, hackrf,
pineapple wifi, rubber ducky, RFID, yagi antennas
notable tools that EVERYONE should know about...
A BlackHat’s Toolkit
5. 5
The WiFi Pineapple is a unique device developed by Hak5 for the purpose of WiFi auditing and penetration testing. Since
2008 the WiFi Pineapple has grown to encompass the best rogue access point features, unique purpose-built hardware,
intuitive web interfaces, versatile deployment options, powerful software and hardware development aids, a modular
application ecosystem and a growing community of passionate penetration testers.
6. 6
At the core of the WiFi Pineapple is a
modular web interface designed to simplify
the management and execution of
advanced attacks. A set of "infusions"
(modules) provide convenient graphical
front-ends for popular command line
applications. Infusions can be installed to
the device over-the-air from an online
portal. These free applications install in a
matter of clicks. Additionally, infusions may
be developed directly on the device using
the open application programming
interface (API). Once submitted for review,
your Infusion will be included in the online
portal for all WiFi Pineapple users.
7. 7
RECONNAISSANCE
Visualize WiFi landscape. Target networks and
individuals.
AUTO HARVEST
Collect probe requests and beacons for rebroadcast.
DOGMA
Attract specific targets or all devices with thousands of
beacons.
BEACON RESPONSE
Mimic networks with automatic targeted beacons.
KARMA
Capture clients no matter what network they seek.
11. 11
Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration
testers and IT professionals. With origins as a humble IT automation proof-of-concept
using an embedded dev-board, it has grown into a full fledged commercial Keystroke
Injection Attack Platform. The USB Rubber Ducky captured the imagination of
hackers with its simple scripting language, formidable hardware, and covert design.
12. 12
COMMUNITY PAYLOAD GENERATORS, FIRMWARE, ENCODERS AND TOOLKITS
• Customize pre-assembled attacks from our repository - Payload Wiki
• Online Duck Toolkit for simple Reconnaissance, Exploitation and Reporting
• The Simple Ducky Payload Generator for Linux with Password Cracker and Meterpreter and Netcat integration
• VID & PID Swapper to cloak your device
• Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and and much more.
• And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.
14. 14
• 10 MHz to 6 GHz operating frequency
• half-duplex transceiver
• up to 20 million samples per second
• compatible with GNU Radio, SDR#, and more
• software-configurable RX and TX gain and baseband filter
• software-controlled antenna port power (50 mA at 3.3 V)
• SMA female antenna connector
• convenient buttons for programming
• internal pin headers for expansion
• Hi-Speed USB 2.0
• USB-powered
• open source hardware
15. 15
Here’s a few resources I’ve been reading, watching or have bookmarked in no
particular order relating to SDR and GNU Radio. As a beginner in this I can’t fully
vouch for their quality but they seem okay!
http://greatscottgadgets.com/sdr/ Fantastic SDR for HackRF tutorials by Michael Ossmann.
http://files.ettus.com/tutorials/ Some quality SDR / GNU Radio tutorials
http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorials SDR / GNU Radio tutorials with supporting code on
github
http://www.ece.uvic.ca/~elec350/lab_manual/ Communication lab work in GNU Radio from the University of Victoria BC
http://www.trondeau.com/gr-tutorial/ Another tutorial with supporting code
https://www.youtube.com/user/2011HPS/videos Some GNU Radio tutorials, no audio though.
http://www.csun.edu/~skatz/katzpage/sdr_project/sdrproject.html contain some interesting bits
http://complextoreal.com/tutorials/ A large series of tutorials in digital communications
20. 20
Certified
Ethical
Hacker
CEH provides a comprehensive ethical hacking and
network security-training program to meet the standards of
highly skilled security professionals. Hundreds of SMEs
and authors have contributed towards the content
presented in the CEH courseware.
Cisco Certified Network Associate Security
(CCNA Security) validates associate-level
knowledge and skills required to secure
Cisco networks. With a CCNA Security
certification, a network professional
demonstrates the skills required to develop
a security infrastructure, recognize threats
and vulnerabilities to networks, and
mitigate security threats. The CCNA
Security curriculum emphasizes core
security technologies, the installation,
troubleshooting and monitoring of network
devices to maintain integrity, confidentiality
and availability of data and devices, and
competency in the technologies that Cisco
uses in its security structure.