SlideShare ist ein Scribd-Unternehmen logo

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Als PPTX, PDF herunterladen
D
Douglas Webster

A few years ago all you needed was a 4 port switch and Kali VM to reliably bypass most controls and have domain admin in a few hours. Defenses and networks have improved and so should your red team arsenal. Spoiler alert; you’re going to need a bigger backpack. This talk will provide a practical guide to bypassing NAC controls, taking over workstations from the parking lot, and breaking into locked PC’s. We’ll walk through 5 different hardware devices; how to build them, use them effectively, and how to protect against them.

Technologie
1 von 17
YOUR NEW RED TEAM HARDWARE SURVIVAL PACK Chris Salerno | DanAstor | Chris Myers Bsides NOLA: 2017
WHY MORE HARDWARE?  Networks are getting better  Visibility + Security  Detection is getting better  Rogue devices +Traffic analysis  Clients listening to recommendations  Finally…
TOOLS WE’LL BE COVERING  NetworkTaps  Raspberry Pi’s  Ethernet Over Power Line Adapters  USB Rubber Duckies  Mouse Jacking
NACS AND ATTACKS  Network Access Control (NAC)  Passive Attacks  NetworkTAPs + Packet CAPs  Active Attacks  Pi’s + Power Lines + Air Freshener orTissue Box
NETWORKTAPPIN  Problem  No Creds and Can’t DoTraditional Recon  Solution  Power LineAdapter + NetworkTap + Packet Caps  Sniff… Sniff…  Host + Network Info  Credentials (Network/Smart Printers or Switch Uplinks  )  PoE pass-through is a nice feature
NETWORKTAPPIN
PI GOT UR NAC?  Problem  Active NAC attempts to auth to any system plugged in along with host checking  Solution – NAC Honeypi  Raspberry Pi + Power LineAdapter + Air Freshener orTissue Box  SSH Honeypot  Cowrie based  https://github.com/micheloosterhof/cowrie  Responder  https://github.com/lgandx/Responder
HONEYPI DEMO
I’VE GOTTHE POWER  Problem  Need to Hide Physical Location  Solution  Ethernet over Power Line  Simple to use  Transmits signal here to there  Allows for stealthier ops  Hide network taps  Hide raspberry pi’s  Hide origin of systems/traffic
ETHERNET OVER POWER LINE ADAPTERS
USB DROPS & SCREEN UNLOCKS  Problem  Need Shellz but Can’t Plug Into the Network  Solution – Getting Shellz  USB Rubber Ducky  Inherently trusted in most environments  Easy to pretend to be a keyboard  https://hakshop.com/products/usb-rubber-ducky-deluxe  Labels may help: Beach Pics, Harassment Evidence, HR, etc..  Curious Users  They plug anything in…  Or take to HR, who then plug it in…
WHEN USB DUCKS ATTACK…  Ducky Script  Load a custom payload onto your Rubber Ducky  https://ducktoolkit.com/  PowerShellAttacks, Drop Malware, Etc.  Attack Scenarios  USB Drops  Go Aggro!  Or slightly less aggro…
PERIPHERAL ATTACKS?  Problem  Need Shellz but Don’t Have Physical Access  Solution  Wireless peripherals + keystroke injection  Logitech Unifying Receivers  Assorted Microsoft Keyboards + Mice  Can exploit to get remote C2’s  Arduino Mouse Jacker  https://github.com/phikshun/uC_mousejack  JackIt  https://github.com/insecurityofthings/jackit
RUBBER DUCKY & JACKIT DEMOS
SOWHAT NOW??  USB Rubber Duckies  HID/USB device whitelisting (GPO)  Epoxy USB ports  Mouse Jacking  Provide wired/non-vulnerable peripherals  Log external calls for PowerShell  Patch it yourself
SOWHAT NOW??  Powerline Adapters + NetworkTap  Physical security & user awareness  Limit use of clear text protocols  Raspberry Pi  Rogue device detection  Don’t auth to every system  Ensure NAC service account passwords are complex as in RANDO…  Don’t SSH auth to every system… (or use certs)
QUESTIONS?

Empfohlen

Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Douglas Webster
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy MechanismsSecuRing
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 

Empfohlen

Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...
Security Risk Advisors - BSides Philadelphia 2017 - MFA: It's 2017 and You're...Douglas Webster
 
Developers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusDevelopers are from Mars, Security guys are from Venus
Developers are from Mars, Security guys are from VenusXavier Mertens
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan NovikovOWASP Russia
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy MechanismsSecuRing
 
$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015$HOME Sweet $HOME Devoxx 2015
$HOME Sweet $HOME Devoxx 2015Xavier Mertens
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008guest642391
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web CodingXavier Mertens
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
nessus
nessusnessus
nessusMuhammad Yasin
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Why linux sucks
Why linux sucksWhy linux sucks
Why linux sucksNadeen Noaman
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revivalscriptjunkie
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDCscriptjunkie
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - MaticmindMaticmind
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as CodeJohann Gyger
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 

Weitere ähnliche Inhalte

Was ist angesagt?

$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE EditionXavier Mertens
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessAkeyless
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Akeyless
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsSecuRing
 
Nessus Software
Nessus SoftwareNessus Software
Nessus SoftwareMegha Sahu
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revivalscriptjunkie
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?Zoltan Balazs
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDCscriptjunkie
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - MaticmindMaticmind
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015TGodfrey
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 

Was ist angesagt? (20)

$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition$HOME Sweet $HOME SANSFIRE Edition
$HOME Sweet $HOME SANSFIRE Edition
 
Streamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time AccessStreamline CI/CD with Just-in-Time Access
Streamline CI/CD with Just-in-Time Access
 
Secure Web Coding
Secure Web CodingSecure Web Coding
Secure Web Coding
 
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
nessus
nessusnessus
nessus
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Nessus Software
Nessus SoftwareNessus Software
Nessus Software
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Why linux sucks
Why linux sucksWhy linux sucks
Why linux sucks
 
The Infosec Revival
The Infosec RevivalThe Infosec Revival
The Infosec Revival
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Red teaming the CCDC
Red teaming the CCDCRed teaming the CCDC
Red teaming the CCDC
 
Cisco Webex Board - Maticmind
Cisco Webex Board - MaticmindCisco Webex Board - Maticmind
Cisco Webex Board - Maticmind
 
Secrets as Code
Secrets as CodeSecrets as Code
Secrets as Code
 
Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015Kali Linux - CleveSec 2015
Kali Linux - CleveSec 2015
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 

Ähnlich wie Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videorobbuddingh
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HIDNikhil Mittal
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdingershawn_merdinger
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterChris Swan
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using KautilyaNikhil Mittal
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)ClubHack
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
Cybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzCybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzBrandon Kravitz
 
Beyond websites using drupal for digital signs
Beyond websites using drupal for digital signsBeyond websites using drupal for digital signs
Beyond websites using drupal for digital signsAcquia
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental iiSyaiful Ahdan
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022MichaelM85042
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014TGodfrey
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shellNikhil Mittal
 

Ähnlich wie Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack (20)

Holland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_videoHolland safenet livehack hid usb pineapple_cain_oph_with_video
Holland safenet livehack hid usb pineapple_cain_oph_with_video
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Csi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide MerdingerCsi Netsec 2006 Poor Mans Guide Merdinger
Csi Netsec 2006 Poor Mans Guide Merdinger
 
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and FlutterFlutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter
 
More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)Mere Paas Teensy Hai (Nikhil Mittal)
Mere Paas Teensy Hai (Nikhil Mittal)
 
Applied VoIP Security
Applied VoIP Security Applied VoIP Security
Applied VoIP Security
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
 
Cybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitzCybercon 2015 brandon kravitz
Cybercon 2015 brandon kravitz
 
Beyond websites using drupal for digital signs
Beyond websites using drupal for digital signsBeyond websites using drupal for digital signs
Beyond websites using drupal for digital signs
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Chapter 4 access control fundamental ii
Chapter 4 access control fundamental iiChapter 4 access control fundamental ii
Chapter 4 access control fundamental ii
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at you
 
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
Backtrack
BacktrackBacktrack
Backtrack
 
Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014Kali Linux - Falconer - ISS 2014
Kali Linux - Falconer - ISS 2014
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 

Kürzlich hochgeladen

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Kürzlich hochgeladen (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

  • 1. YOUR NEW RED TEAM HARDWARE SURVIVAL PACK Chris Salerno | DanAstor | Chris Myers Bsides NOLA: 2017
  • 2. WHY MORE HARDWARE?  Networks are getting better  Visibility + Security  Detection is getting better  Rogue devices +Traffic analysis  Clients listening to recommendations  Finally…
  • 3. TOOLS WE’LL BE COVERING  NetworkTaps  Raspberry Pi’s  Ethernet Over Power Line Adapters  USB Rubber Duckies  Mouse Jacking
  • 4. NACS AND ATTACKS  Network Access Control (NAC)  Passive Attacks  NetworkTAPs + Packet CAPs  Active Attacks  Pi’s + Power Lines + Air Freshener orTissue Box
  • 5. NETWORKTAPPIN  Problem  No Creds and Can’t DoTraditional Recon  Solution  Power LineAdapter + NetworkTap + Packet Caps  Sniff… Sniff…  Host + Network Info  Credentials (Network/Smart Printers or Switch Uplinks  )  PoE pass-through is a nice feature
  • 7. PI GOT UR NAC?  Problem  Active NAC attempts to auth to any system plugged in along with host checking  Solution – NAC Honeypi  Raspberry Pi + Power LineAdapter + Air Freshener orTissue Box  SSH Honeypot  Cowrie based  https://github.com/micheloosterhof/cowrie  Responder  https://github.com/lgandx/Responder
  • 9. I’VE GOTTHE POWER  Problem  Need to Hide Physical Location  Solution  Ethernet over Power Line  Simple to use  Transmits signal here to there  Allows for stealthier ops  Hide network taps  Hide raspberry pi’s  Hide origin of systems/traffic
  • 10. ETHERNET OVER POWER LINE ADAPTERS
  • 11. USB DROPS & SCREEN UNLOCKS  Problem  Need Shellz but Can’t Plug Into the Network  Solution – Getting Shellz  USB Rubber Ducky  Inherently trusted in most environments  Easy to pretend to be a keyboard  https://hakshop.com/products/usb-rubber-ducky-deluxe  Labels may help: Beach Pics, Harassment Evidence, HR, etc..  Curious Users  They plug anything in…  Or take to HR, who then plug it in…
  • 12. WHEN USB DUCKS ATTACK…  Ducky Script  Load a custom payload onto your Rubber Ducky  https://ducktoolkit.com/  PowerShellAttacks, Drop Malware, Etc.  Attack Scenarios  USB Drops  Go Aggro!  Or slightly less aggro…
  • 13. PERIPHERAL ATTACKS?  Problem  Need Shellz but Don’t Have Physical Access  Solution  Wireless peripherals + keystroke injection  Logitech Unifying Receivers  Assorted Microsoft Keyboards + Mice  Can exploit to get remote C2’s  Arduino Mouse Jacker  https://github.com/phikshun/uC_mousejack  JackIt  https://github.com/insecurityofthings/jackit
  • 14. RUBBER DUCKY & JACKIT DEMOS
  • 15. SOWHAT NOW??  USB Rubber Duckies  HID/USB device whitelisting (GPO)  Epoxy USB ports  Mouse Jacking  Provide wired/non-vulnerable peripherals  Log external calls for PowerShell  Patch it yourself
  • 16. SOWHAT NOW??  Powerline Adapters + NetworkTap  Physical security & user awareness  Limit use of clear text protocols  Raspberry Pi  Rogue device detection  Don’t auth to every system  Ensure NAC service account passwords are complex as in RANDO…  Don’t SSH auth to every system… (or use certs)