mesh stalkings penetration testing with small networked
play

Mesh Stalkings Penetration Testing with Small Networked Devices - PowerPoint PPT Presentation

Oct 26, 2022 •339 likes •901 views

Mesh Stalkings Penetration Testing with Small Networked Devices Philip Polstra University of Dubuque @ppolstra DrPhil@polstra.org Please complete the Speaker Feedback Surveys. This will help speakers to improve and for Black Hat to make

  1. Mesh Stalkings – Penetration Testing with Small Networked Devices Philip Polstra University of Dubuque @ppolstra DrPhil@polstra.org

  2. Please complete the Speaker Feedback Surveys. This will help speakers to improve and for Black Hat to make better decisions regarding content and presenters for future events.

  3. What is this talk about? ● Hacking and/or forensics with small, low-power devices ● ARM-based Beagleboard & Beaglebone running full suite of security/forensics tools ● Porting tools to a new platform ● Performing coordinated attacks with networks of devices

  4. Who am I? ● Professor at a medium size (1800 student) private university in Dubuque, Iowa ● Programming from age 8 ● Hacking hardware from age 12 ● Also known to fly and build airplanes

  5. Roadmap Choosing a platform ● Selecting a base OS ● Building a base system ● The easy part – leveraging repositories ● The slightly harder part – building tools ● Building your own accessories ● Solo Demonstrations ● Networking with 802.15.4 ● Attack Networks ● Future directions ●

  6. Choosing a Platform ● Small ● Low-power ● Affordable ● Mature ● Networking built in ● Good USB support ● Convenient input and output

  7. And the Winning Platform is... ● Beagleboard 3.25” square – <10 Watts – €133 (or buy in USA for only $149) – Based on Cortex A8 – 100 Mbps Ethernet built in – 4 high-speed USB plus USB-on-the-go – DVI-D, S-video, and LCD output – RS-232, webcam, audio, and microSD –

  8. Beagleboard

  9. I know at least one of you will ask... ● Why not Raspberry Pi? – Not as powerful – Doesn't run Ubuntu (ARM6 not supported) – Not truly open (Broadcom won't release info) – Not as mature – Cost savings for full-featured platform are slight – Limited availability (especially in USA)

  10. Selecting a Base OS ● Angstrom comes in the box – Optimized for hardware – Nice package management – Poor repository support for our purposes ● Ubuntu is available – Backtrack is based on Ubuntu – Ubuntu is very popular – Good repository and community support

  11. Building a Base Device ● Upgrade to 16GB microSD (8GB would work, but go big) ● Download an image for microSD card – Canonical image or – Robert C. Nelson demo images – I used Nelson's because they are tweaked for Beagleboard and updated frequently ● Good instructions available at http://elinux.org/BeagleBoardUbuntu

  12. The Easy Part – Using Repositories ● Many of the tools we want are available in the standard Ubuntu repositories ● Some are also available as .deb files – Packages written in interpreted languages (Java, Python, PERL, Ruby) usually work out of the box – C-based packages depend on libraries that may or may not be available/installed

  13. The Harder Part – Building Your Own T ools ● Native or cross-compile? ● Native – Straightforward – Can be slow on 1GHz ARM with 512 MB RAM ● Cross-compile – A bit more complicated – T ake advantage of multi-core desktop with plenty of RAM

  14. Native Compilation ● “Sudo apt-get install build-essential” is about all you need to be on your way ● Something to keep in mind if you SSH in and use DHCP: Ethernet is via USB chipset and MAC address varies from one boot to next which leads to different address being assigned

  15. Cross-Compile Method 1 Download a toolchain “wget http://angstrom- ● distribution.org/toolchains/angstrom-<ver>-armv7a...” Untar toolchain “tar -xf angstrom-<ver>-armv7a-linux-gnueabi- ● toolchain.tar.bz2 -C” Setup build environment “. /usr/local/angstrom/arm/environment-setup” ● Download source ● Configure with “./configure --host=arm-angstrom-linux-gnueabi – ● prefix=/home/...” Build with “make && sudo make install” ● Copy binaries to BB-xM ● Could have problems if there is a kernel mismatch between setup and what ● is installed to BB-xM

  16. Cross-Compile Method 2 Install a toolchain as in Method 1 ● Install Eclipse ● Install C/C++ Development T ools in Eclipse ● Download software ● Use makefile to create Eclipse project ● Create a Build Configuration in Eclipse ● Compile ● Move binaries to BB-xM ●

  17. Create a Project from the Makefile ● Can have a makefile based project – Simple – Requires slight modification of makefile ● Can use makefile to create Eclipse project – Slightly more involved – Dependencies and special compile flags can be divined from makefile – More flexible if you want to make modifications

  18. Create a Build Configuration ● Right-click project in Project Explorer select Build Configurations-Manage ● Click New to create new configuration ● Set the paths to point to cross-compilation tools for installed toolchain – Set compiler, linker, and assembler commands – Set include and library paths – Good tutorial on http://lvr.com

  19. Cross-Compile Method 3 ● Same as Method 2, but with the addition of remote debugging ● Has advantage of easy transfer of binaries ● In Eclipse under Mobile Development add – C/C++ DSF GDB Debugger Integration – C/C++ Remote Launch – Remote System Explorer End-User Runtime – Remote System Explorer User Actions

  20. Cross-Compile Method 3 (contd.) ● Create /etc/hosts entry for BB-xM IP ● On BB-xM install SSH & GDBServer – “sudo apt-get install ssh” – “sudo apt-get install gdbserver” ● Manually SSH to BB-xM to make sure it works and to set up key cache ● In Eclipse create a connection ● Create .gdbinit file ● Create debug configuration

  21. Create a Connection ● Open Remote System Explorer view ● Select Connection->New->Linux ● Use BB-xM IP with options ssh.files, processes.shell.Linux, ssh.shells, and ssh.terminals ● After creating connection enter IP, user, and password under properties

  22. Create .gdbinit ● Change to the directory with your source code ● “touch .gdbinit” ● Go forth and have fun

  23. Create Debug Configuration ● Run->Debug Configurations->C/C++ Remote Configurations ● Main tab – set configuration ● Set remove absolute path ● Commands to execute before “chmod 777” ● Set path to GDB debugger ● Set the GDB port to an appropriate value

  24. Building Your Own Hardware Accessories

  25. Demo 1 - Hardware

  26. Demo 1 - Hardware

  27. Demo 1 – Our Favorite Exploit

  28. Demo 1 (contd.)

  29. Demo 2 – Wifi Cracking

  30. Demo 2 (contd.)

  31. Demo 2 (contd.)

  32. Demo 3 – Password Cracking

  33. Demo 4 – WPS Cracking

  34. Demo 4 (contd.)

  35. Demo 5 – Pwn Win7 Like Its a Mac

  36. Demo 5 (contd.)

  37. Demo 6 – Clickiddies tm

  38. 802.15.4 Networking ● Basics ● Hardware ● Simple case: 2 Xbee adapters ● Slightly harder case: multiple adapters one at a time ● Hard case: true mesh network

  39. 802.15.4 Basics ● T ypically used in low-power embedded systems ● Regular (30 m) and Pro (1.6 km) versions ● AT and API modes of operation ● Low-speed (250 kbps max) ● Supports multiple network topologies – Peer to Peer – Star – Mesh

  40. Xbee Hardware ● Manufactured by Digi ● Regular and Pro formats are interchangeable ● Uses 2 mm pin spacing – Most breadboards are 0.1” or 2.54 mm – Requires an adapter ● Several antenna options ● Be careful not to use S2 or ZB series which are the same dimensions, but are not compatible

  41. Xbee Adapters ● UART (serial) adapters – Can be wired directly to Beagles using 4 wires – Don't take up USB ports

  42. Xbee Adapters (contd) ● USB Adapters – More expensive – Helpful for initial setup – Easier to setup: just plug it in

  43. Simple Case: 2 Xbee Adapters ● Xbee modules must be configured for desired network topology ● Digi provides X-CTU software for configuration, but it only runs on Windows ● Recently Moltosenso has released Network Manager IRON 1.0 which runs on Linux, Mac, and Windows – free edition is sufficient for our limited usage

  44. Configuring Xbee Modules ● Place Xbee module in USB adapter and connect to PC running X-CTU or IRON ● Select correct USB port and set baud rate (default is 9600) ● From Modem Configuration tab select Read to get current configuration ● Ensure modem is XB24 and Function Set is XBEE 802.15.4 ● Set the channel and PAN ID (1337?) noting the settings which must be the same for all modems ● Pick a Destination Low and Destination High address for the other adapter (say 2 and 0) ● Set the My Address to a chosen value (say 01) ● Click Write to stored the new config on the Xbee ● Repeat this process on the second Xbee but reverse the addresses ● The modules should now talk to each other just fine

  45. Wiring the Xbee to Beagles If you splurged for the USB adapter you can just plug in to a USB port – BeagleBone has only 1 USB port which you might want for something else – BeagleBoard has 4 USB ports ● Using the UART interface slightly more complicated – Connect 4 wires: 3.3V, Ground, TX, RX – Configure the Beagle multiplexer for proper operation

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose

Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose

MSc System and Network Engineering Penetration testing auditability Alexandros Tsiridis &amp; Stamatios Maritsas What is the purpose of penetration testing auditability? Research questions What are the sources of penetration testing

554 views • 13 slides
Web Application Penetration By: Frank Coburn &amp; Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn &amp; Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn &amp; Haris Mahboob Testing Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process Penetration testing vs vulnerability assessment What

301 views • 17 slides
Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com

Penetration Testing for Certification: What we care about Marcel Medwed marcel.medwed@nxp.com Outline Common Criteria Evaluation Assurance Levels JHAS Penetration Testing and Countermeasures 2 Design and security of cryptographic

523 views • 40 slides
Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking

Introduction to Penetration Testing Dr. Patrick McDaniel Meghan Riegel Fall 2015 What is Penetration Testing? Attacking a system to find security vulnerabilities in order to fix them before a malicious party attacks the system Legal if

455 views • 9 slides
A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh

A Service Mesh Is Easy To Swallow In Small Pieces Andrew Jenkins Eng Lead, Aspen Mesh @notthatjenkins Why Should I Use A Service Mesh? Managing Microservices Without a Service Mesh Python Node.js Java Flask http.createServer Spring

412 views • 29 slides
networked society High internet penetration and robust infrastructure Borderless

networked society High internet penetration and robust infrastructure Borderless

Fostering cybersecurity collaboration is critical given the danger of cyber threats Singapore as a networked society High internet penetration and robust infrastructure Borderless nature of cyber threats Adopting a whole-of

635 views • 8 slides
Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Penetration Testing Ryan Connolly, ryan@cymru.com &lt;http://www.cymru.com&gt; Penetration Testing Agenda Pentesting Basics Pentesting Defined Vulnerability Scanning vs. Penetration testing Pentesting

879 views • 83 slides
Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331:

Penetration Testing Engineering Secure Software Last Revised: July 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Testing That Digs Deeper Penetration testing is about attempting to exploit as much as possible

516 views • 18 slides
Small-mesh multispecies fleet history analysis Prepared by Lou Goodreau and Andy Applegate, NEFMC

Small-mesh multispecies fleet history analysis Prepared by Lou Goodreau and Andy Applegate, NEFMC

6. Small Mesh Multispecies - June 21-23, 2016 #2 Small-mesh multispecies fleet history analysis Prepared by Lou Goodreau and Andy Applegate, NEFMC staff Analysis reviewed by the Whiting PDT INTRODUCTION The Small Mesh Multispecies Committee

424 views • 17 slides
Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June

What? Classical Attack Graphs POMDPs MDPs Taxonomy And Now? Simulated Penetration Testing: From Dijkstra to Turing Test++ J org Hoffmann June 26, 2015 J org Hoffmann Simulated Penetration Testing 1/58 What? Classical

2.44k views • 184 slides
An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack

An Introduction to IoT Penetration Testing @libertyunix www.kmco.com The Agenda n IoT Attack Surface l OWASP IoT Top 10 l -1 Ring in IoT n Wireless Topics in IoT n IoT Pen Testing Tools &amp; Examples n Q&amp;A 2 Getting Started in IoT

923 views • 52 slides
World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST

World s first Machine- Based Penetration Testing Solution Take Control, Get CyBot CREST certified CREST Certified Cronus is the 1 st CREST certified Automatic Penetration Testing vendor One of top 12 tech companies transforming

611 views • 13 slides
Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY

Network Penetration Testing Toolkit NMAP, NETCAT, AND METASPLOIT BASICS DAY OF SHECURITY February 22. 2019 whoami AND HOW DID I GET HERE? Cecillia Tran Kelly Albrink External network pen testing &amp; web Network pen testing,

882 views • 31 slides
CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS

CYBERSECURITY RISK ASSESSMENT AND PENETRATION TESTING FOR BOCES PARTICIPATING SCHOOL DISTRICTS RFP #2416 OUR DIFFERENTIATORS Global Risk Atlantic has a deep understanding of Risk Assessment and Penetration Testing on a Assessment global

519 views • 7 slides
Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything

Practical Penetration Testing 101 Look mom Im a hacker now! Words of warning Anything you do to a remote system without authorization is illegal Use common sense Federal prison is bad Overview of Today Brief overview

348 views • 13 slides
Advanc ing Byc atc h R educ tion T ec hnology in New E ngland Small Mesh Multispec ies F isher

Advanc ing Byc atc h R educ tion T ec hnology in New E ngland Small Mesh Multispec ies F isher

Correspondence (December 3-5, 2019) M 1. #12a Advanc ing Byc atc h R educ tion T ec hnology in New E ngland Small Mesh Multispec ies F isher ies Outr eac h and T ec hnology T r ansfer of the L ar ge Mesh Belly Panel Co nduc te d b y

572 views • 14 slides
Networking Circuit Switching Packet Switching Aaron Stevens (azs@bu.edu) 27 September 2012

Networking Circuit Switching Packet Switching Aaron Stevens (azs@bu.edu) 27 September 2012

9/27/2012 CS101 Lecture 07: Networking Circuit Switching Packet Switching Aaron Stevens (azs@bu.edu) 27 September 2012 Computer Science What You ll Learn Today Computer Science What is a communications network? What are the

465 views • 19 slides
CompSci 1 Lecture 2 HTML Webpages Todays Topics Basic HTML The basis for web pages

CompSci 1 Lecture 2 HTML Webpages Todays Topics Basic HTML The basis for web pages

CompSci 1 Lecture 2 HTML Webpages Todays Topics Basic HTML The basis for web pages Almost programming Upcoming Programming Java Reading Great Ideas Chapters 1, 2 HTML WWW: Lots of computers connected

290 views • 18 slides
1 2 Discussions 2010/2011 DEECDSwinburne University Background of controversy over

1 2 Discussions 2010/2011 DEECDSwinburne University Background of controversy over

1 2 Discussions 2010/2011 DEECDSwinburne University Background of controversy over school closures or mergers, BER Partner Organisation concern over community buyin, desire to find out what works in sharedschools

848 views • 36 slides
THREADING PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A P R I

THREADING PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A P R I

THREADING PROGRAMMING USING PYTHON C U A U H T E M O C C A R B A J A L I T E S M C E M A P R I L 0 6 , 2 0 1 3 1 PROCESS Background A running program is called a &quot;process&quot; Each process has memory, list of open files,

863 views • 59 slides
+ Design of Parallel Algorithms The Architecture of a Parallel Computer + Trends in

+ Design of Parallel Algorithms The Architecture of a Parallel Computer + Trends in

+ Design of Parallel Algorithms The Architecture of a Parallel Computer + Trends in Microprocessor Architectures n Microprocessor clock speeds are no longer increasing and have reached a limit of 3-4 Ghz n Transistor counts still are doubling

1.01k views • 79 slides
Electrical Networks and Hyperplane Arrangements Bob Lutz Mathematical Sciences Research

Electrical Networks and Hyperplane Arrangements Bob Lutz Mathematical Sciences Research

Electrical Networks and Hyperplane Arrangements Bob Lutz Mathematical Sciences Research Institute June 7, 2019 Partially supported by NSF grants DMS-1401224 and DMS-1701576 Section I: Electrical Networks 1 0 What is an electrical network?

764 views • 34 slides
Toward Toward Univeral Network-based Univeral Network-based Speech Translation Speech

Toward Toward Univeral Network-based Univeral Network-based Speech Translation Speech

Toward Toward Univeral Network-based Univeral Network-based Speech Translation Speech Translation Chai Wutiwiwatchai Chai Wutiwiwatchai Speech and Audio Technology Laboratory Speech and Audio Technology Laboratory National Electronics and

716 views • 36 slides
Our Pl Planet: EARTH February 20 th , 2019 The webinar will begin at 1:00 p.m. (MT) and will be

Our Pl Planet: EARTH February 20 th , 2019 The webinar will begin at 1:00 p.m. (MT) and will be

Our Pl Planet: EARTH February 20 th , 2019 The webinar will begin at 1:00 p.m. (MT) and will be recorded. While youre waiting: 1) Find the toolbar it will either be on the bottom or top of your Zoom window 2) Introduce yourself in the

630 views • 42 slides

More recommend