deral heiland deral heiland rapid7 com percent x
play

Deral Heiland deral_heiland@rapid7.com @Percent_x Praeda Praeda - PowerPoint PPT Presentation

Nov 01, 2023 •165 likes •290 views

Deral Heiland deral_heiland@rapid7.com @Percent_x Praeda Praeda (La)n for plunder, booty, spoils of war) Command line tool Current Praeda version (Wri6en in Perl)

  1. Deral Heiland deral_heiland@rapid7.com @Percent_x

  2. Praeda • Praeda ¡(La)n ¡for ¡ plunder, ¡booty, ¡spoils ¡of ¡war) ¡ • Command ¡line ¡tool ¡ • Current ¡Praeda ¡version ¡(Wri6en ¡in ¡Perl) ¡ • Embedded ¡device ¡informa)on ¡harves)ng ¡tool ¡ • Enumerate ¡100+ ¡devices/models ¡ • Mul)func)on ¡printers, ¡UPSs, ¡Modems, ¡IP ¡Cameras, ¡NAS, ¡ ¡ ¡

  3. Praeda Install Linux • git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Cpan ¡Perl ¡modules: ¡ • cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SSL Net::SNMP NetAddr::IP ¡

  4. Praeda Install Win7 • � Install ¡perl ¡ ¡ • h6p://www.ac)vestate.com ¡ • Git ¡= ¡Git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Zip ¡= ¡h6ps://github.com/percx/Praeda/archive/master.zip ¡ • Cpan ¡Perl ¡modules: ¡ • sudo cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SNMP NetAddr::IP • http://www.sisyphusion.tk/ppm/Net-SSLeay.ppd • Change ¡line ¡47 ¡in ¡praeda.pl ¡from ¡“ use Net::SSL; ¡to ¡ use Net::SSLeay;

  5. Praeda Install OSX • Git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Cpan ¡Perl ¡modules: ¡ • sudo cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SSL Net::SNMP NetAddr::IP • If ¡a\er ¡install ¡you ¡have ¡issue ¡with ¡Praeda.pl ¡not ¡running ¡saying ¡a ¡module ¡is ¡missing ¡most ¡likely ¡cause ¡is ¡ ¡ ▪ mul)ple ¡version ¡of ¡perl ¡installed ¡ ¡ ▪ path ¡order ¡is ¡messed ¡up ¡ ▪ Determine ¡version ¡that ¡is ¡being ¡used ¡and ¡install ¡all ¡modules ¡to ¡that ¡version ¡ ¡ – Sample “sudo perl5.16 -MCPAN -e 'install Net::SNMP’” ¡

  6. Praeda

  7. Praeda How it works: • Scan network for embedded systems • Fingerprint embedded systems • Run Praeda modules based on fingerprint • Gather data and log it

  8. Praeda • How we use it: • One of the first tools we run on an assessment • Use data harvested to gain foothold in environment • Success rate is pretty darn good. ▪ 40-50% in harvesting Valid active directory credentials

  9. Praeda • Demo • Functions • Examine output data

  10. Ques)on? ¡ Deral ¡Heiland ¡ ¡ Deral_heiland@rapid7.com ¡ Twi6er: ¡@Percent_X ¡ h6ps://github.com/MooseDojo/praedasploit ¡ h6ps://github.com/percx/Praeda ¡

  11. END OF THE WORLD AS WE KNOW IT

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP Research Lead (IoT) Rapid7 IoT Research Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control

555 views • 27 slides
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Introduction Deral Heiland, CISSP, GWAPT: Senior Security Engineer at CDW, responsible for security assessments, penetration tests and consulting for

596 views • 58 slides
Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral Heiland Matthew Kienow deral_heiland@rapid7.com mkienow@inokii.com dh@layereddefense.com @HacksForProfit @Percent_X Why ? Add value ?

939 views • 66 slides
Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS

Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS

Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS DURING PENETRATION TESTING Deral Heiland Pete Arzamendi deral_heiland@rapid7.com peter_arzamendi@rapid7.com @Percent_x @TheBokojan

750 views • 64 slides
Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland,

Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland,

Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland, PhD candidate Aging Research Center, Karolinska Institutet, Stockholm, Sweden Emerald.heiland@ki.se CONFLICT OF INTEREST DISCLOSURE I have no

345 views • 23 slides
Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve

Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve

Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve Brink California Forestry Association VP-Public Resources steveb@calforests.org 916-208-2425 What I Will Cover March 23, 2018 Omnibus Spending

165 views • 13 slides
Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our

Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our

Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our Funding Priorities June 28, 2017 Presenters Today Ashley hley Feasl sley, ey, Migra grati tion on Polic icy y Director rector, ,

574 views • 26 slides
FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY

FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY

FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR Growth through joint excellence Universidade Federal do Cear Federal University of Cear Growth through joint excellence

442 views • 23 slides
Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the

Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the

SMENT ASSESSMEN E L INSTITUTE Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the conte xt of s of science cience-based based SK ASSES consumer consumer prot protection ection Leonie Dendler

590 views • 29 slides
Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr,

Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr,

Assessment of the Economic Value and Job Creation Impacts of Project Capital Investment Activity under the EB-5 Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr, President Robert A. Chase, Senior

162 views • 12 slides
Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil

Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil

Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil Rights Act of 1964 Section 504 of the Rehabilitation Act of 1973 Section 109 of the Housing and Community Development Act of 1974 Fair

1.07k views • 53 slides
A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City

A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City

A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City Recog ognizing nizing Risk in Global bal Agric icult lture re Curt Covington Senior Vice President / Senior Risk Manager July 20, 2011 Snapshot

638 views • 11 slides
Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi

Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi

Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi Dant, Dant, State Systems Coordinator, Division of Data and Improvement (DDI), ACF, OPRE Chris T Chris Traver, Senior Advisor and Interoperability

408 views • 9 slides
Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct

Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct

Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct Student Loans A sim A simple and fle le and flexible way to finance your e ible way to finance your education. ucation. Welcome! Welcome! Feder

590 views • 38 slides
P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce

P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce

P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce New ew Germ rman an netting ting legis islation lation followi lowing ng Fede deral ral Court urt of Justice stice decision cision of 9

82 views • 7 slides
Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian

Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian

P Modules Processing Units Phase-locked Loop Simulation Studies Prospectives Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian Bodenstein Benedict Schau Ines Heiland Stefan Schuster Friedrich

686 views • 52 slides
Understanding Aprun Use Patterns Hwa-Chun Wendy Lin National Energy Research Scientific Computing

Understanding Aprun Use Patterns Hwa-Chun Wendy Lin National Energy Research Scientific Computing

Understanding Aprun Use Patterns Hwa-Chun Wendy Lin National Energy Research Scientific Computing Center (NERSC/LBL) CUG 2009, Atlanta, GA Motivation NERSC: a DOE site providing computing resources to researchers from various

613 views • 19 slides
1 EGFR inhibition by covalent drugs Schwartz, P.; Kuzmic, P. et al . (2014) Covalent EGFR

1 EGFR inhibition by covalent drugs Schwartz, P.; Kuzmic, P. et al . (2014) Covalent EGFR

Irreversible Inhibition Kinetics Automation and Simulation Petr Kuzmi , Ph.D. BioKin, Ltd. 1. Automate the determination of biochemical parameters 2. PK/PD simulations with multiple injections Irreversible Inhibition Kinetics 1

430 views • 13 slides
Perl for Pipeline Part I L1110@BUMC 9/18/2018 2-4pm Yun Shen, Programmer Analyst

Perl for Pipeline Part I L1110@BUMC 9/18/2018 2-4pm Yun Shen, Programmer Analyst

Perl for Pipeline Part I L1110@BUMC 9/18/2018 2-4pm Yun Shen, Programmer Analyst yshen16@bu.edu Fall 2018 IS&T Research Computing Services Tutorial Resource Before we start, please take a note - all the code scripts and supporting

1.27k views • 91 slides
Rakudo and NQP Internals The guts tormented implementers made Jonathan Worthington Edument AB

Rakudo and NQP Internals The guts tormented implementers made Jonathan Worthington Edument AB

Rakudo and NQP Internals The guts tormented implementers made Jonathan Worthington Edument AB c September 17, 2013 About This Course Perl 6 is a large language, incorporating many features that are demanding to implement correctly.

2.25k views • 191 slides
Catmandu Documentation Jakob Vo Verbundzentrale des GBV (VZG) CatmanduCon 2016,

Catmandu Documentation Jakob Vo Verbundzentrale des GBV (VZG) CatmanduCon 2016,

Catmandu Documentation Jakob Vo Verbundzentrale des GBV (VZG) CatmanduCon 2016, Staatsbibliothek zu Berlin, 2016-04-11 1 Catmandu Documentation, 2016-04-11 Documentation? 2 Catmandu Documentation, 2016-04-11 Documentation matters

835 views • 18 slides
Perl Changes, packaging & CPAN Marcela Malov February 2011 Creative Commons

Perl Changes, packaging & CPAN Marcela Malov February 2011 Creative Commons

Perl Changes, packaging & CPAN Marcela Malov February 2011 Creative Commons Summary problems & changes packaging CPAN tools Perl road-map Perl in Fedora Problems & changes Problems Motto: We suck

702 views • 30 slides
A New GDML Generation Framework KEVIN WIERMAN PNNL FNAL K. Wierman, LArSoft Geometry December

A New GDML Generation Framework KEVIN WIERMAN PNNL FNAL K. Wierman, LArSoft Geometry December

A New GDML Generation Framework KEVIN WIERMAN PNNL FNAL K. Wierman, LArSoft Geometry December 6, 2016 1 The Current GDML Generation Scheme Python based soluGons Perl-based GDML Script (uBooNE)

469 views • 11 slides
Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different

Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different

Data Visibility Abstraction @stuartsierra Being abstract is something profoundly different from being vague... The purpose of abstraction is not to be vague, but to create a new semantic level in which one can be absolutely precise.

824 views • 55 slides

More recommend