Designed under Raspberry Pi and aimed for Red Team Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low-profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection from IDS/IPS or monitoring systems. This tool gathers information and use a combination of honeypots to trick Automation Systems to give us their network credentials! We will build a physical network & infrastructure lab to show how CIRCO works (live demo) Major features for release v1.5:
- Allow existing IP-Phone to co-exist with CIRCO
- Eliminate template files (craft all packets)
- Support NTP exfiltration
- Software encrypted via Bluetooth (prevent forensic)
- Self destroy and alarm switch
- Bypass active & passive fingerprinting (NAC)
- Credentials integration into Faraday
[CB19] CIRCO: Cisco Implant Raspberry Controlled Operations by Emilio Couto
1. C I R C OCisco Implant Raspberry Controlled Operations
https://circo.cc
2. • My name is Emilio and I’m hacker
• I like to play with packets, networks, electronics and 3D printers
• I presented security tools at various conferences (DEF CON, BlackHat
Asia, AV Tokyo HIVE, SECCON, HITB, etc)
• Sorry, I’m not a native programmer or English/Japanese speaker J
Helloこんにちは
https://circo.cc
3. ▪ Allow existing IP-Phone to co-exist with CIRCO
▪ Eliminate template files (craft all packets)
▪ Support NTP exfiltration
▪ Software encrypted via Bluetooth (prevent forensic)
▪ Self destroy and alarm switch (thanks Will)
▪ Bypass fingerprinting (NAC)
▪ Credentials integration into Faraday (thanks Fran)
https://circo.cc
What’s new? 新機能
4. ▪ Cisco DNA (Digital Network Architecture)
▪ Infoblox NetMRI
▪ Micro Focus® Network Automation (formerly HP NA)
▪ Service Now Discovery*
▪ ForeScout CounterACT (NAC)
▪ Trusted network administrators
▪ Others
* SNMP discovery only
https://circo.cc
Who we target? ターゲットは?