SlideShare ist ein Scribd-Unternehmen logo

Cybercon 2015 brandon kravitz

Als PPTX, PDF herunterladen
Brandon Kravitz
Brandon Kravitz

Cybercon 2015 Talk on emerging cyber security technologies. Credit & Big thanks to the Hak5 team in Richmond, CA.

Technologie
1 von 24
1 Gray, • A brief look into Pentesting, Gadgets, Certifications & Cool Projects
2
3 Red Team Uncovers TSA Failures
44 Social Engineering Metasploit, a phone, fake online profiles, voice modulation, social engineering toolkit Forensic Tools Kali Linux, Deft Linux, Sleuthkit, Digital Forensics Kit Footprinting Tools Maltego, NSLookup, nMap Lockpicks/Gadgets Bump keys, lockpick kits, master keys, hackrf, pineapple wifi, rubber ducky, RFID, yagi antennas notable tools that EVERYONE should know about... A BlackHat’s Toolkit
5 The WiFi Pineapple is a unique device developed by Hak5 for the purpose of WiFi auditing and penetration testing. Since 2008 the WiFi Pineapple has grown to encompass the best rogue access point features, unique purpose-built hardware, intuitive web interfaces, versatile deployment options, powerful software and hardware development aids, a modular application ecosystem and a growing community of passionate penetration testers.
6 At the core of the WiFi Pineapple is a modular web interface designed to simplify the management and execution of advanced attacks. A set of "infusions" (modules) provide convenient graphical front-ends for popular command line applications. Infusions can be installed to the device over-the-air from an online portal. These free applications install in a matter of clicks. Additionally, infusions may be developed directly on the device using the open application programming interface (API). Once submitted for review, your Infusion will be included in the online portal for all WiFi Pineapple users.
7 RECONNAISSANCE Visualize WiFi landscape. Target networks and individuals. AUTO HARVEST Collect probe requests and beacons for rebroadcast. DOGMA Attract specific targets or all devices with thousands of beacons. BEACON RESPONSE Mimic networks with automatic targeted beacons. KARMA Capture clients no matter what network they seek.
8
9
10
11 Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.
12 COMMUNITY PAYLOAD GENERATORS, FIRMWARE, ENCODERS AND TOOLKITS • Customize pre-assembled attacks from our repository - Payload Wiki • Online Duck Toolkit for simple Reconnaissance, Exploitation and Reporting • The Simple Ducky Payload Generator for Linux with Password Cracker and Meterpreter and Netcat integration • VID & PID Swapper to cloak your device • Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and and much more. • And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.
13
14 • 10 MHz to 6 GHz operating frequency • half-duplex transceiver • up to 20 million samples per second • compatible with GNU Radio, SDR#, and more • software-configurable RX and TX gain and baseband filter • software-controlled antenna port power (50 mA at 3.3 V) • SMA female antenna connector • convenient buttons for programming • internal pin headers for expansion • Hi-Speed USB 2.0 • USB-powered • open source hardware
15 Here’s a few resources I’ve been reading, watching or have bookmarked in no particular order relating to SDR and GNU Radio. As a beginner in this I can’t fully vouch for their quality but they seem okay! http://greatscottgadgets.com/sdr/ Fantastic SDR for HackRF tutorials by Michael Ossmann. http://files.ettus.com/tutorials/ Some quality SDR / GNU Radio tutorials http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorials SDR / GNU Radio tutorials with supporting code on github http://www.ece.uvic.ca/~elec350/lab_manual/ Communication lab work in GNU Radio from the University of Victoria BC http://www.trondeau.com/gr-tutorial/ Another tutorial with supporting code https://www.youtube.com/user/2011HPS/videos Some GNU Radio tutorials, no audio though. http://www.csun.edu/~skatz/katzpage/sdr_project/sdrproject.html contain some interesting bits http://complextoreal.com/tutorials/ A large series of tutorials in digital communications
16
17
18
19
20 Certified Ethical Hacker CEH provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEH courseware. Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.
21
22 Meetup Groups • OWASP • SD Dev OPS • SD Python • Full Stack Talks SD Continuing Education • CCNA Courses CTF Tournaments • UCSB • Local Qualifiers Local Conventions • Toorcon • Cybercon
23
24 Questions!?!

Empfohlen

Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.22018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2Len Noe
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]RootedCON
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 

Empfohlen

Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Sessionveerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionveerababu penugonda(Mr-IoT)
 
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.22018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2Len Noe
 
Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONLyon Yang
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]Sergio González - WiFiSlax 4.0 [RootedCON 2010]
Sergio González - WiFiSlax 4.0 [RootedCON 2010]RootedCON
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
Iotivity atmel-20150328rzr
Iotivity atmel-20150328rzrIotivity atmel-20150328rzr
Iotivity atmel-20150328rzrPhil www.rzr.online.fr
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at HomeE Hacking
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation Cysinfo Cyber Security Community
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.pptAhmedalhassar1
 
CSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage GearCSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage Gearshawn_merdinger
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Labs
 
Home Automation by ESP8266
Home Automation by ESP8266Home Automation by ESP8266
Home Automation by ESP8266Gleb Vinnikov
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ
 
Teeth presentation by Nathan Carver
Teeth presentation by Nathan CarverTeeth presentation by Nathan Carver
Teeth presentation by Nathan CarverBeMyApp
 
Présentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPrésentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPôle Systematic Paris-Region
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas MoreJWORKS powered by Ordina
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]RootedCON
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 
IoTivity on Tizen: How to
IoTivity on Tizen: How toIoTivity on Tizen: How to
IoTivity on Tizen: How toSamsung Open Source Group
 
Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la ActualidadLaurence HR
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at HomeE Hacking
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Security Weekly
 
CSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage GearCSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage Gearshawn_merdinger
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Labs
 
Home Automation by ESP8266
Home Automation by ESP8266Home Automation by ESP8266
Home Automation by ESP8266Gleb Vinnikov
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ
 
Teeth presentation by Nathan Carver
Teeth presentation by Nathan CarverTeeth presentation by Nathan Carver
Teeth presentation by Nathan CarverBeMyApp
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Featuresxabean
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]RootedCON
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaYogesh Ojha
 

Was ist angesagt? (20)

Iotivity atmel-20150328rzr
Iotivity atmel-20150328rzrIotivity atmel-20150328rzr
Iotivity atmel-20150328rzr
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
 
Building Trojan Hardware at Home
Building Trojan Hardware at HomeBuilding Trojan Hardware at Home
Building Trojan Hardware at Home
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
CSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage GearCSI - Poor Mans Guide To Espionage Gear
CSI - Poor Mans Guide To Espionage Gear
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
MediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 WebinarMediaTek Linkit Smart 7688 Webinar
MediaTek Linkit Smart 7688 Webinar
 
Home Automation by ESP8266
Home Automation by ESP8266Home Automation by ESP8266
Home Automation by ESP8266
 
MicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devicesMicroEJ OS and Edje: the software foundation for IoT devices
MicroEJ OS and Edje: the software foundation for IoT devices
 
Teeth presentation by Nathan Carver
Teeth presentation by Nathan CarverTeeth presentation by Nathan Carver
Teeth presentation by Nathan Carver
 
Présentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OSPrésentation du système d'exploitation RIOT-OS
Présentation du système d'exploitation RIOT-OS
 
Controlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden FeaturesControlling USB Flash Drive Controllers: Expose of Hidden Features
Controlling USB Flash Drive Controllers: Expose of Hidden Features
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
Eloi Sanfélix y Javier Moreno - Hardware hacking on your couch [RootedCON 2012]
 
Android security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh OjhaAndroid security and penetration testing | DIVA | Yogesh Ojha
Android security and penetration testing | DIVA | Yogesh Ojha
 
IoTivity on Tizen: How to
IoTivity on Tizen: How toIoTivity on Tizen: How to
IoTivity on Tizen: How to
 

Ähnlich wie Cybercon 2015 brandon kravitz

Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la ActualidadLaurence HR
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools iSyaiful Ahdan
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...MediaTek Labs
 
Tac Presentation October 72014- Raspberry PI
Tac Presentation October 72014- Raspberry PITac Presentation October 72014- Raspberry PI
Tac Presentation October 72014- Raspberry PICliff Samuels Jr.
 
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...Luigi Francesco Cerfeda
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineersKashif Ali Siddiqui
 
20040927-Commons-Riddle.ppt
20040927-Commons-Riddle.ppt20040927-Commons-Riddle.ppt
20040927-Commons-Riddle.pptVideoguy
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?msyukor
 
The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesIntel® Software
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: KeynoteDocker-Hanoi
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar Santhosh Kumar
 
Taking the hard out of hardware
Taking the hard out of hardwareTaking the hard out of hardware
Taking the hard out of hardwareRonald McCollam
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of ThingsBlack Duck by Synopsys
 
OSNF - Open Sensor Network Framework
OSNF - Open Sensor Network FrameworkOSNF - Open Sensor Network Framework
OSNF - Open Sensor Network FrameworkAntonio Di Cello
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 

Ähnlich wie Cybercon 2015 brandon kravitz (20)

Taller IoT en la Actualidad
Taller IoT en la ActualidadTaller IoT en la Actualidad
Taller IoT en la Actualidad
 
Chapter 7 security tools i
Chapter 7 security tools iChapter 7 security tools i
Chapter 7 security tools i
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
Peripheral Programming using Arduino and Python on MediaTek LinkIt Smart 7688...
 
Tac Presentation October 72014- Raspberry PI
Tac Presentation October 72014- Raspberry PITac Presentation October 72014- Raspberry PI
Tac Presentation October 72014- Raspberry PI
 
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...
Workshop: Arduino for makers - Strumenti SW per la prototipazione elettronica...
 
Raspberry Pi
Raspberry PiRaspberry Pi
Raspberry Pi
 
Internet of Things 101 - For software engineers
Internet of Things 101 - For software engineersInternet of Things 101 - For software engineers
Internet of Things 101 - For software engineers
 
20040927-Commons-Riddle.ppt
20040927-Commons-Riddle.ppt20040927-Commons-Riddle.ppt
20040927-Commons-Riddle.ppt
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?
 
The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware Libraries
 
DockerDay2015: Keynote
DockerDay2015: KeynoteDockerDay2015: Keynote
DockerDay2015: Keynote
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Taking the hard out of hardware
Taking the hard out of hardwareTaking the hard out of hardware
Taking the hard out of hardware
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
OSNF - Open Sensor Network Framework
OSNF - Open Sensor Network FrameworkOSNF - Open Sensor Network Framework
OSNF - Open Sensor Network Framework
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas More
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
 

Kürzlich hochgeladen

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Cybercon 2015 brandon kravitz

  • 1. 1 Gray, • A brief look into Pentesting, Gadgets, Certifications & Cool Projects
  • 2. 2
  • 3. 3 Red Team Uncovers TSA Failures
  • 4. 44 Social Engineering Metasploit, a phone, fake online profiles, voice modulation, social engineering toolkit Forensic Tools Kali Linux, Deft Linux, Sleuthkit, Digital Forensics Kit Footprinting Tools Maltego, NSLookup, nMap Lockpicks/Gadgets Bump keys, lockpick kits, master keys, hackrf, pineapple wifi, rubber ducky, RFID, yagi antennas notable tools that EVERYONE should know about... A BlackHat’s Toolkit
  • 5. 5 The WiFi Pineapple is a unique device developed by Hak5 for the purpose of WiFi auditing and penetration testing. Since 2008 the WiFi Pineapple has grown to encompass the best rogue access point features, unique purpose-built hardware, intuitive web interfaces, versatile deployment options, powerful software and hardware development aids, a modular application ecosystem and a growing community of passionate penetration testers.
  • 6. 6 At the core of the WiFi Pineapple is a modular web interface designed to simplify the management and execution of advanced attacks. A set of "infusions" (modules) provide convenient graphical front-ends for popular command line applications. Infusions can be installed to the device over-the-air from an online portal. These free applications install in a matter of clicks. Additionally, infusions may be developed directly on the device using the open application programming interface (API). Once submitted for review, your Infusion will be included in the online portal for all WiFi Pineapple users.
  • 7. 7 RECONNAISSANCE Visualize WiFi landscape. Target networks and individuals. AUTO HARVEST Collect probe requests and beacons for rebroadcast. DOGMA Attract specific targets or all devices with thousands of beacons. BEACON RESPONSE Mimic networks with automatic targeted beacons. KARMA Capture clients no matter what network they seek.
  • 8. 8
  • 9. 9
  • 10. 10
  • 11. 11 Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.
  • 12. 12 COMMUNITY PAYLOAD GENERATORS, FIRMWARE, ENCODERS AND TOOLKITS • Customize pre-assembled attacks from our repository - Payload Wiki • Online Duck Toolkit for simple Reconnaissance, Exploitation and Reporting • The Simple Ducky Payload Generator for Linux with Password Cracker and Meterpreter and Netcat integration • VID & PID Swapper to cloak your device • Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and and much more. • And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.
  • 13. 13
  • 14. 14 • 10 MHz to 6 GHz operating frequency • half-duplex transceiver • up to 20 million samples per second • compatible with GNU Radio, SDR#, and more • software-configurable RX and TX gain and baseband filter • software-controlled antenna port power (50 mA at 3.3 V) • SMA female antenna connector • convenient buttons for programming • internal pin headers for expansion • Hi-Speed USB 2.0 • USB-powered • open source hardware
  • 15. 15 Here’s a few resources I’ve been reading, watching or have bookmarked in no particular order relating to SDR and GNU Radio. As a beginner in this I can’t fully vouch for their quality but they seem okay! http://greatscottgadgets.com/sdr/ Fantastic SDR for HackRF tutorials by Michael Ossmann. http://files.ettus.com/tutorials/ Some quality SDR / GNU Radio tutorials http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorials SDR / GNU Radio tutorials with supporting code on github http://www.ece.uvic.ca/~elec350/lab_manual/ Communication lab work in GNU Radio from the University of Victoria BC http://www.trondeau.com/gr-tutorial/ Another tutorial with supporting code https://www.youtube.com/user/2011HPS/videos Some GNU Radio tutorials, no audio though. http://www.csun.edu/~skatz/katzpage/sdr_project/sdrproject.html contain some interesting bits http://complextoreal.com/tutorials/ A large series of tutorials in digital communications
  • 16. 16
  • 17. 17
  • 18. 18
  • 19. 19
  • 20. 20 Certified Ethical Hacker CEH provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEH courseware. Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.
  • 21. 21
  • 22. 22 Meetup Groups • OWASP • SD Dev OPS • SD Python • Full Stack Talks SD Continuing Education • CCNA Courses CTF Tournaments • UCSB • Local Qualifiers Local Conventions • Toorcon • Cybercon
  • 23. 23