BsidesSF 2019 San Francisco, USA

ME & VULNEX

Simon Roses Femerling

• Founder & CEO, VULNEX www.vulnex.com

• @simonroses

• Former Microsoft, PwC, @Stake

• US DARPA award to research on software security

• Speaker: Black Hat, DEF CON, RSA, HITB, OWASP, SOURCE, AppSec, DeepSec, TECHNET

• Blog: http://www.simonroses.com/

• Youtube: https://www.youtube.com/channel/UC8KUXxTSEdWfpFzAydjEzyQ

• CyberSecurity Startup

• @vulnexsl

• Professional Services & Training

• Products: BinSecSweeper (The File Threat Intelligence Platform) http://www.vulnex.com/en/binsecsweeper.html

VULNEX

NOT THE DROPBOX YOU’RE LOOKING FOR…

OBJETIVES

• Pentesting Dropbox overview

• Tips from the field

AGENDA

1. Introduction

2. Pentesting Dropboxes

3. Weaponizing Pentesting Dropboxes

4. Demos

5. Conclusions

1. INTRODUCTION

1. OUR APPROACH

• Covert vs. Transparent

• Build trust & follow rules

• Many ways…

1. RED TEAM WIN – BLUE TEAM WIN

RED TEAM BLUE TEAM

Remote testing from inside Continuous improving detection skills

Wider range of attacks * Effective defense testing

Less travel High budget

Lower cost

1. ASSUME BREACH

• Pentesting Dropboxes fits perfectly with Assume Breach

1. DROPBOXES IN THE WILD I

• “My roommate found a bunch of these hidden behind desks, vending machines, and trashcans in our main college library. Thoughts on what these are?”

• https://www.reddit.com/r/hacking/comments/9rm9r6/my_roommate_found_a_bunch_of_these_hidden_behind/

• https://www.youtube.com/watch?v=UeAKTjx_eKA

1. DROPBOXES IN THE WILD II

• https://blog.haschek.at/2019/the-curious-case-of-the-RasPi-in-our-network.html

1. DROPBOXES IN THE WILD III

• “Eastern European banks lose tens of millions of dollars in Hollywood-style

hacks”

• https://www.zdnet.com/article/eastern-european-banks-lose-tens-of-millions-of-dollars-in-hollywood-style-hacks/

– Cheap laptops

– Raspberry PI

– Bash Bunny

2. PENTESTING DROPBOXES

2. NANO FACTOR PENTESTING DROPBOXES

2. NANO FACTOR PENTESTING DROPBOXES

PI ZERO Raspberry

PI 3

Odroid C2

2. HAK5 PENTESTING DROPBOXES

2. HAK5 PENTESTING DROPBOXES

Pineapple Nano

Packet Squirrel

LAN Turtle

2. FIREPOWER PENTESTING DROPBOXES

2. FIREPOWER PENTESTING DROPBOXES

Intel NUC Zotac Nano

2. OPERATING SYSTEM OPTIONS

• ARM Support

– Kali Linux

https://www.kali.org/

– Parrot Security https://www.parrotsec.org/

– Ubuntu https://www.ubuntu.com

3. WEAPONIZING PENTESTING DROPBOXES

3. WIFI & BT

3. WIFI & BT

Alfa 36H

Alfa 36NEH

CSL

SENA UD100

Ubertooth One

BT

3. SOFTWARE-DEFINED RADIO (SDR)

3. SOFTWARE-DEFINED RADIO (SDR)

RTL-SDRv

Crazyradio PA

BladeRF

LimeSDR Mine

ATTACK CAPABILITIES * I

ATTACK CAPABILITIES * II

• Network – All your classics…

• RF

ATTACK CAPABILITIES * II

• Network – All your classics…

• RF

4. DEMOS

4. SOCIAL NETWORKS C&C

4. RF MONITORING

4. MOUSEJACKING

5. CONCLUSIONS

• It’s affordable

• Improves security defenses

• Not just one way

RESOURCES

• https://www.vdalabs.com/2018/02/06/penetration-testing-dropboxes/

• https://www.blackhillsinfosec.com/pentesting-dropbox-on-steroids/

• https://www.blackhillsinfosec.com/how-to-build-your-own-penetration-testing-drop-box/

5. Q&A

• Thanks!

• Beer appreciated!!!

• @simonroses • @vulnexsl

• www.vulnex.com • www.simonroses.com