Ean Meyer - Hiding in Plain Sight: Building a Hidden Remotely Accessible Pentesting Platform

all right everyone a little bit I got a couple more coming in okay then after this I'm gonna start perfect got a few seats over on the far room yeah excellent

so I am gonna get started I'm resetting the shot clock now so I know where I'm at um this is hiding in plain sight uh building a remote penetration testing platform now before I introduce myself I would like to lead us all in the holiest of prayers the legal disclaimer um this content of this presentation is represents my thoughts and opinions and is not representative of any of my employers Pastor current very legal the presentation also deals with matters of penetration testing consult legal counsel before engaging in penetration testing activities that means all you college kids I mean it seriously uh the build modifies an electrical device dealing with high voltages and proper handling can result in injury or death I

promise you I won't be this monotone all the way through and the presenter this guy uh takes no liability for damages resulting from the use of the information discussed in this presentation now that I've bored you to death with that here's me my name is Ian Meyer I'm an information security professional though after Moses talk I'm actually really reevaluating that that name um I have a BS in information system security and as and computer network systems I deal with HIPAA FERPA for uh HIPAA high-tech PCI intrusion detection social engineering penetration testing all the colors of the security rainbow I have a Security Plus solarwind certified professional and as of the third I passed the cissp now I only

mentioned that thank you thank you I only mentioned that because if you're going to do a talk and go through and do the cisp pro tip don't do that do not do that at the same time if you're going to do that have an incredibly amazing wife who I'm going to say hi to you right now hi Katie hopefully you'll see this later I love you um she's amazing you tell her that when you see her so uh also that Photograph by the way if you can get a professional photographer they can make this hot mess look good so um where did this idea come from um what we're going to talk about is where'd this idea come from device

functions and requirements materials and build penetration testing capabilities creating a device that blends in that's really the key focus of this talk by the way uh getting alerts when the device is discovered a little concept I like to call Red Team blue team purple team preventing devices like this in your environment it's nice to play Red Team all the time but frankly we got a lot of defenders in the room people who get paid to do this so we gotta know how to stop this device too uh next steps for this device and getting more information so we're going to go through all that to say what Willy Wonka said I think how's it going so

little to do and so much time so let's uh let's get started so again where did this idea come from everything starts somewhere and this started on under a desk um so anyway I was at one of my jobs a standard issue Cube farm and I look under the desk and what do I see it's an APC 350 UPS battery backup and it suddenly Dawns on me I had no idea this was under here uh it's hidden in the cable management arms it's probably been there since it was bought maybe months maybe years I don't know and you know what as a security professional again that worked uh I didn't think anything of it and that's

actually what got me thinking is wait a minute if I'm not paying attention to this what about other people they're not paying attention to it I mean it's probably been there forever so this isn't an original idea you can go online you can Google penetration testing on the Raspberry Pi it's out there's hundreds of people that do it the fine people at Pony Express have an addition uh there's the pone pie there's uh Kali Linux running on on Raspberry Pi there's also a book that came out in January and we're actually going to reference this pretty heavily uh great book by Joseph Munoz and Amir lakani I hope I'm saying their names right because they did great work that covers

everything so again this is an original idea so why am I here talking to you about it well the reason I'm here talking about is the devices that exist in the market now um they're great I mean here's the pawn Pro right incredible device great product it's now a 1200 1800 bucks um the academic Edition is 295. here's the actual device used by the team that wrote the book um and then up top there that little wall wart and it was built by Sammy Kmart saying that right cam car forgive me um it detects Wireless for keyboards and sends them over 2G so you've got all these devices that you can put in an environment to do varying

levels of things but some are incredibly expensive some are you know reasonable but suffer from some plainness some would stick out to a security professional if you saw this thing here hanging on some wires off of your rack what would you think what's going on here um and then that wall work you know it's really cool and it's 20 bucks but it only really does one thing so here's the problem if all these things suffer from either pulling this or they they stick out an environment or and when I say plainness I mean they're so generic that it triggers you to think about something like why is this thing here it doesn't look like anything that should

be in my environment and I've never seen it before so that brings me to the concept of The Uncanny Valley so we're going to go a little off the it track for a minute so The Uncanny Valley is a hypothesis in which in the field of Aesthetics that when things just don't look or move quite right they set off in the theory is revulsion you look at it what is this why is it in here and it just doesn't look right so this is actually an animatronic robot out of Japan um I don't know whose it is uh it's in the photo credits but it doesn't look quite right it sticks out you look at it

and go that's not human um then there's the book The Gift of fear intuition is always right in at least two ways it's a response to something and it has your best interests in heart so what happens when we combine these two ideas you get an emotional response to something in your environment telling you this is not right something is not right here and I need to investigate it which brings us to kind of the point of this talk how many of you see in a room like this how many of you have rooms like this okay so it's um so yeah so this is a standard wiring closet and a lot of small businesses a

lot of big businesses too so some of these devices might stick out in there but what about that what about a UPS would that stick out in the environment I don't think so so what if we took a device like that and embedded a penetration platform into it and hit it in plain sight so hiding the device isn't difficult it's large but again it's you know it doesn't stick out an environment something that people are used to seeing so let me move on the device functions and requirements let's actually get into what this thing does how to build it this that and the other so uh things we won't talk about today uh we're not going to talk about the

software build I could spend probably two hours talking about the software build it's not incredibly complex but it you know it takes some time software configuration again we're not going to talk about that because it takes a lot of time what we aren't also what we also aren't going to talk about is the levels of activity what color your hat is this is going to focus on white hat activities we're not talking about black hat we're not talking about going into an environment and totally poning them you want to make sure if you're using this device or you're ever involved in a penetration test always have written authorization you gotta have to get out of jail free

card verify the signer has the rights to give you that authorization somebody can just say hey yeah no go ahead hack my network it's totally cool um and then validate the systems are in scope for that test so if we're not talking about any of that stuff what do you say we're going to um we're going to talk about building the device that hides in plain sight we're going to talk about some of the design challenges and features of of building a device like this we're going to talk about the cellular hardware and the Wi-Fi Hardware network bridge modular configuration I'm just reading from bullet points uh proper weight power LED power on all USB devices

phoning home monitoring over cellular and passive alerts and soft auditing by the way that's my favorite part uh when we get to this so tools will change they're gonna they're gonna change I wanted to build a platform that when the Raspberry Pi 2 comes out when some of the new Intel computer on a stick comes out I wanted to build a platform that you could take these things shove them in and augment your capabilities for all of either penetration testing or any other capability that you need for auditing infosec so you heard me mention that we're not going to talk about a lot of stuff that doesn't mean I'm not going to get you the information don't worry you're all a

fine group of people we're going to get that for you so the first bit of that is this um this document's available on my website right now I actually posted it right before I got up here so it's there um it's about a 55-page build guide with all the photos of how what breaking down the device putting in the materials Etc and uh has an inventory of the devices and things that you need to buy the other book as I mentioned another book as I mentioned is raspberry penetration testing with a Raspberry Pi go buy this book it's ten dollars for Kindle download it's not incredibly expensive it supports the community and literally tells you everything you need

to do on the software side gives you some attack scenarios gives you some of the challenges you're gonna hit such as make sure you update your Kali software trust me on this um so it's going to cover some of that for you so these two items will give you all the additional information that I'm not going to cover here today so the materials and build I've never seen Frozen I just used that quote because I thought it was funny um here's a problem I am a filthy dirty liar I promised you a 200 platform in the abstract it was 203. um so you know sorry about that but here's the good news uh all the items that are

italicized if you're in the I.T field if you're a tinkerer a maker Etc you've probably got a lot of the stuff lying around the ones that are in bold you're going to want to buy and I've actually put in more detail with the links to where I Source the items in the document but you're going to want to make sure you've got the right chipsets if you've worked in Linux you want to make sure you got the support for it you're going to want to make sure you've got 3G modems 4G modems that are supported by the operating system so make sure if you're using this that you're buying the right parts you're getting right

chipsets the rest of it you can salvage up to and including the case I actually paid 15 bucks for the case at Skycraft but you might have one in a junk pile somewhere so so the other thing that I was really interested in doing here and going back to those discussions at the top of the the different devices that are out there and the Raspberry Pi just hanging off a rack I wanted to build something that was very solid that somebody would look at in the environment even if they picked it up and kind of shook it it wasn't gonna be like a bag of bolts just rattling around so uh in the process of doing this I

decided to try on another skill which is 3D printing um I've designed four parts that helped facilitate this project um you can reuse these These are already up online the sdl files and the object files if you're into 3D printing and you want to use them modify them for your project please take um the number one over there is what I call the Raspberry Pi platform and by the way can everyone hear me am I good we're good good okay um excellent It's the Raspberry Pi platform it's a riser board that allows you to connect I get uh I can talk louder I'm not miked yeah I I can I can grab a mic if it you need to give me the

Microsoft better okay I can do that okay oh yeah no no problem I can grab a mic I will not drop the mic I will find out the problem um so it's the Raspberry Pi platform and basically this is a 3D printed part that's going to allow you to mount a Raspberry Pi uh there's a B plus that I use but I believe that the two that's coming out will also Mount directly to it it's also going to allow you to strap those devices on originally I tried to over engineer this I'm like I'm going to make a perfect holder that holds exactly the hip work hard it's gonna it's gonna be so perfect and then I realized that's really not

going to work because you might later on go to build this and want to use a different network card or a different modem or a different AC adapter so what I did was I put a lot of holes in there to mount zip ties velcro you know this you kind of see that down at the bottom there the other one is the antenna this was one of the build challenges this is a metal box I could have put antennas in it so what I found was on the front and the bezel Plastics that there was a gap enough of a gap that I could put the cellular modem and the Wi-Fi antenna so now it's outside of that metal box and I

get a little better signal there's still some data string things that we'll talk about but again it allows you to put those tools outside of there um the third item there like says uh related to cell phone uh the sub 3G modem but um I also designed that under engineering it I put a lot of holes in there a lot of mounts you put zip ties on there I didn't want to limit you to say uh how do I put this thing on it doesn't fit it's just some straps that you put on there that easily connect to the device keep it solid you pick it up you shake it nothing's coming loose you ship it to

the clients good to go my favorite part though was my first part um it's the network bypass so yes

sorry about that

everyone grab a partner how about that yeah excellent okay so the network coupler um this is the part that really really had to work because it's the only one that's going to be exposed to that I'm trying to use this mic I'm trying to it's the only one that's going to be exposed to the user so they're going to see this on the outside we may plug it network cables into it so that we can go through and do man and middle attacks Etc so it had to work very well it'd be very solid and connected the case so we used some uh some couplers purchase off of Amazon put them into the 3D printed

part and uh off it goes cool so um yeah this is another big legal warning um if you don't know about electricity be very careful with this you're going to be rewiring high voltage uh it's 120 volts uh you can see that kid's probably not going to college um but uh this is going to a void your warranty um it's going to take a step back the reason this is important is this device needs to create permanence and we're going to talk about that in a slide in a second permanence is created by the device operating the way it normally would so we want those outlets on the back door because we want to plug stuff into them

we want somebody to walk up look at this thing and go ah it's plugged in do you know Steve do you know do you know I'll leave a plug-in up there that's what you want so just a quick warning though this voids the warranty uses 110 volt test your wiring before connecting with a great tester you can get if you're familiar with Harbor Freight I love them you can get a tester for a couple bucks um if you don't know what you're doing please do not do this consult electrician the big warning at the bottom it can result in a permanent case of death um so even worn so what do we end up with with the build

is done some of the folks down in the Splash Zone are here the device is actually down here if you haven't seen I'll leave it out to take a look at it but um this is what you end up with you end up with a UPS that has a Raspberry Pi in it that's got all your attack penetration platform in it it's got a network bypass leading off the back so you can do your man in the middle attack so if that's what's required for your evaluation uh you've got a Transformer left in there now the Transformer is not used why do I put it back in I mean it's just taking up space right

who said wait Bingo wait so what's the quote from Jurassic Park when the kid picks up the binoculars and the lawyers like are they heavy yeah then put in town they're expensive um that's that's the kind of reaction you want on people they find the device they go to pick it up and they go oh no no I don't wanna so and the other thing is kind of gets kind of heavy um now in the end sooner or later we'll get a battery back into it which will really you know give it that firm weight but uh that was one of the design challenges for the way we all we already talked about the bezel and the bezel Plastics

making sure the antennas are up there but that was also very important because you couldn't set that metal box and so I'm sure I covered all this and we covered the network bypass that was also very important for the build to make sure that you've got all the capabilities that you're going to want in an attack platform stickers uh who doesn't love stickers huh stickers everyone looks like your stickers um there are a few of these stickers up here the folks that came early got first dipped but please take them um I love warning stickers for this kind of stuff they're great they're deterrents people look at them and if they don't know what they are they go

so they don't touch it so you want to do something like that where you're trying to deter the people the ones that are just curious enough you want them to get close and go no not today um we also have asset tags when I said the network coupler is my favorite part um the the asset tags my favorite part we actually have a couple slides on that you'll see why that's important in a minute um the other thing I want to point out the asset tags is you'll you'll see them in a little better detail in a moment but I put them towards the back of the box and that's also very important when you're trying to hide this in plain

sight so we'll talk about that as well just making sure I'm good on time here so here it is all assembled ready to go um the back looks like a normal ups the power outlets work the network bypass works the uh online light glows when the Raspberry Pi is on so if the pie is on people walk by it looks for all intents and purposes like a just a device they see every day and that's really the point so um dive in here so penetration testing capabilities I think it's actually legally required that I have a quote from hackers so we have one so check that off um what can it do so we've got this cool

device and what can it do short answer Lots I mean it can do a ton of stuff um it's it's Kali Linux it's all the tools that are Kali Linux um anything that you're looking to do they're all listed up they're all trying not to read through the bullet points but anything that you're looking to do on a pen test it can do you can scope it to do to do specific types of attacks you don't want to use the network bypass fine run a loop back through so it just Loops it through that's you know if you want to do uh packet sniffing you want to do Wi-Fi Wi-Fi penetration also good what can't it do

that's the real problem so in the end it can't do much at the same time so you want to be very specific about what you're choosing to attack you're not going to go in here and run full-blown vulnerability analysis you're not going to be brute forcing passwords at the same time it's just not possible you're still talking about a 35 computer that's really what you're talking about here now we're making a lot of big advances in how powerful these things are getting I mean just the pi 2 is already making a huge leap up in in power and what it's capable of running so that might change but for right now this is kind of the boat you're in so

what do I recommend for this you know what where does this where is this really powerful and I kind of put at the bottom of the foot but I can't do that on the floating footprint footprint pivot pivot pivot um what is it really good for is it mapping the network getting in there finding out what's there finding a foothold and pivoting and again I'll say it again because I like to say it in an authorized pen testing exercise so creating a device that blends in the man behind the curtain I know we're at college and that's Wizard of Oz there's some people that probably still get it but um so you can tell her you can tell he was

like 30 and older and there's little Chuckles in the background all right so um how do I create a device that blends in I was thinking about it I broke it down into four tenants permanence belonging authenticity and Jeff um actually one of my co-workers as I was doing this the first time I mentioned I'll start with chaff because he pointed out I'm like yeah Jeff you know if you're used to you know military person you fire up the chat from the uh the heat seeking missiles follow it he's like they're not gonna go to office for a radar flares um so anyway so chaff let's start there um you want to have someone who finds this

device you don't want them to just go off on their own try and figure out what it is pick it apart unplug it Etc so you want to put something there just direct to them channel that creative curiosity um you do that a lot of times with these stickers I've talked about we're going to look at them in just a moment so you want to create something that drives the user to do what you want them to do which is leave that device alone and give you more information you want to create permanence we talked about permanence as well um the the power outlets on there you create permanence by plugging things into them people look at it and go this

device has been plugged in it's been there forever maybe I didn't notice it but it's obviously on it's got a light on things are running off of it don't touch it it's the weekend and it's five o'clock and that happens I think we all know that happens you know you know I'm just not gonna have a hard trouble I'm just gonna go alone I think it's gonna be fine um so you want to make you want to make that happen um you need belonging don't put in a beige UPS if your target has gotten you if you can find a Beijing yeah but don't put in a beige UPS if your Target's all using trip light or APC or this that and

the other modern it's going to stick out it's a UPS sure but get an idea of the environment if it's an all you know major with if they use all products from one major vendor versus another certainly don't drop one of their competitors in it's going to look weird so you know you want to deal with belonging it's got to look like it belongs there all right sorry the permanence um which one so and then authenticity it's got to look real we talked about this at the at the beginning um generic devices generic devices are just as bad as as a device that doesn't look like or looks you know it's something outside of the environment so

it's got to be authentic it's got to look like a real device something the person's used to seeing so here's our stickers and our lights notice the stickers are on the back so why did I do that why is that important if this thing's tucked under a desk most people are going to walk by it they're just going to look at it and they're going to go okay fine whatever no problem but then there's people like this in the room or people that want to be like this in the room or maybe you're in college right now and you're like oh I found something let me go check it out you're real excited to go help the team

there discover this thing in your environment you find these these stickers on the back and you're your first set of people that are going to see the danger stored energy on the back we're gonna get just close enough to them I mean not today um and then you're gonna have the second group of people I just um that are going to look at the asset attack and what I did was uh I got these wonderful Avery Dura label things or asset tag labeled you know on Amazon and they've got a wonderful website with a wonderful tool that helps you create these these labels for free and I created a fake company called red prox solving problems for the future

um and I put it on the side and I'm towards the back and you get that second type of person that goes oh I found this thing and I'm gonna go I'm gonna call that number and I'm gonna I'm gonna pull up the website I'm gonna find out what it is I'm gonna tell my infosec guys I'm going to tell the corporate security people or whomever it is they're going to report this to but hopefully they're going to go through what we're going to see on the next uh next couple slides first the other thing I want to talk about on on this device is dings and dents I really like using Salvage stuff again new stuff if your environment

hasn't bought anything if you're in some environment that's got your inventory and your budget on lockdown and no one's seen a new computer since 1996 a brand new UPS is going to stick out like a sore thumb it's not going to hide in plain sight so we want something with dings and dents maybe a little dust in it leave it out in your garage you know so it looks it's like oh yeah that's that's been there forever you want that you absolutely want that make sure I've covered everything here cover the labels very good electrical good good seen Die Hard movies who likes Die Hard movies they're great they're action movies fantastic um so this is the hardware of engines

one of my favorite and what is this scene this is the scene where they find the bomb in the school and it's in a refrigerator that was delivered today and had a power light on it and had a temperature turned on but wasn't to plugged in and that's how they discovered it right they look and they're like hey all these refrigerators came and see how they're all on but it's not plugged in here's our bomb same thing so that's why the power light was really important to me and took way longer than I really wanted to do with soldering and cleaning and figuring out how to document it and it seems easy until you start doing it

um so I really wanted that though I wanted that light to be there because again it adds to that permanence and that authenticity the person looks at it goes that thing's on it's performing it's designed it's there for a reason and I'm not going to touch it so let's talk about where to hide this thing where do we hide it I mean we built a device that can then essentially hide right in front of your face in an I.T environment but where do you hide it well there's two places I like we saw the the network cable room with all the cables floating everywhere excellent place to find it um we see some some data center rooms

here you'll actually notice if you're paying particularly close attention there's one right there there's one of the APC devices right below that CRT so that's obviously an older picture they haven't upgraded who knows but that was found on Google and I just went around looking I was like oh there's one just sitting there No One's Gonna pay any attention to it especially if it's a ndf or IDF that people rarely go into and you get access to it as part of an approved penetration testing exercise actually like the mic now I'm glad I picked it up thank you um so uh that said so hiding under a desk is fine under a file cabinet again

we've designed this so that it just sits there it doesn't it doesn't look like anything is the information security team so how do we alert when this device is discovered um pretty straightforward uh the book that I talked about before I'm not going to go in a ton of detail as to how we do this but again you're going to need to set up like a reverse shell or S Tunnel stunnel I've actually never heard someone say it aloud I've only read it so it could be awesome but you're going to want to set up something that's phoning back home the recommendation is this S Tunnel tool because if you've got an IDs IPS at the

approved penetration customer service uh if you've got that then they might see SSH and they might have this blocked 443 outbound you're going to have a lot more luck with that so the other thing you can do as a VPN tunnel that has a lot of overhead we talked about the problems with that you're still dealing with a 35 device you're gonna put a lot of overhead on that VPN and basically how do you alert for what's been caught well you monitor the tunnels if it goes down if it's not there if you can't reach it it's down someone's unplugged it they've powered it down and you know that the jig is officially up oh wait there's more

so here's red prox I'm literally I'm doing a talk on this because I had way too much fun building it red fox is a Google site Redbox is a fake company using a you know Web 2.0 logo maker and uh it has a bunch of Easter eggs in it and it's literally a website that says everything and nothing all at once um they deal with uh cubes which is quantifiable object oriented business strategy and Q biodynamics offering solutions for the future and this site uh you'll notice one of the other Easter eggs is it's from a movie called uh unfinished business I think it's out right now I'm not trying to promote it but they did a promotion

where they gave out a bunch of fake stock photos making fun of the business world that's James Franco's brother up there so if if someone's really like oh wow I guess before we did that thing he did like okay sure so the site has a products and services page and about us page and then at the location on Google Maps is the Downtown Orlando library four privet drive for the Harry Potter fans and you know just a bunch of stuff like that and I had way way way too much fun doing it as I'm doing it I'm reading my wife all the little like Insider business jokes that I've written she's like if I can divorce you right now

and I had a lot of fun so um so this is Red Rocks and that's where that asset tag points you you get sent to this website um and uh and you get a form a beautiful beautiful form you'll see it's the found asset form and it gives you a warning at the top please don't power down the device this is part of a a business Dynamics test and contact us and we'll reach out to your right Crocs Target partner Target partner so um they submit the form and I get this wonderful wonderful backend from Google thank you Google uh with a spreadsheet with all the wonderful info they're going to give me and you know what's even better than

that now they expect me to call them I've already set them up to be warm and fuzzy like oh you found one of our devices how wonderful thank you for identifying it tell me more so I I can I click on this from here I hope so so I I and she's like no seriously I'm going to divorcement um so I I made a Google Voice a voicemail for red prox um and I want people to call it I want them to get very frustrated and give me more information just like oh stupid ivr doesn't work so we're gonna try and play that now um it's 35 seconds I hope you get a kick out of it and see if we can do this

thank you for calling red prox the leader in quantifiable object-oriented

oriented one to speak with a Cube's professional press or say to if you've located one of our Cube's assets press or say three to speak with them I'm sorry I couldn't understand you press one sorry I couldn't understand you transferring to the operator in that takes them just directly to a voicemail so

so yeah that's the uh that's the Redbox difference um and like I said this is all about hiding this device in plain sight and and and making sure that we get the most out of it because penetration testing is awesome but the people are also at Target so let's talk about that a little bit red team blue team purple team I tried to make this like red fish blue fish but I can figure out so I did [Music] um so what what is that so a lot of you in here you're in college maybe you're trying to get into information security maybe this is your first conference you've got red team blue team exercises they're pretty standard you know uh your

red teams your attack they're your offense penetration testing exposed asset Discovery all the really cool stuff that they show on CSI cyber and all those great and then you have blue team which is the boring directory work and it's fantastic and it's awesome and it's needed and it's a field I work in um and uh and we do a very good job um uh so uh we do a very good job actually so um but it's blue team is we have to defend these environments we're paid uh to do that um but here's the thing um it's going to be very rare that you get to go out as a information security professional as an expert as uh as a you

know discipline um I really like Moses talk this morning um it's gonna be very rare that you get to dedicate yourself to one exercise or the other so you kind of end up as a purple team there's only so many hours in the day that you have to attack all these different vulnerabilities and issues in the environment um so you really have to try and figure out what you're going to want to do what what what do you prioritize you become that Iron Man you say all right I've got I've got to defend I've got to test I've got to figure out all the vulnerabilities I've got to figure out our our footprint and what can be

attacked so you're not likely not going to get to do the type of All or Nothing type of research so this device and the reason I talk about it is with the red prox piece with the stickers on the back with the penetration testing with the hottie implant site you're not just testing your network you're testing your people you're testing your policy you're testing how people respond to Rogue devices in your environment if they find something do they call the info 16 do they call desktop do they put in a ticket do they do they follow a known training policy have they been trained are they performing as normal humans and they just haven't been told the right

thing to do so you can use this to not just test the environment but you can use it as a physical token in the real world for people to react to do they call the Redbox phone number do they do they leave a message what do they tell you you know so how can you pivot further from that by triggering that information so preventing this device uh we don't take commonly so what are we going to do right we're moving thing how do we keep it out of our environment because it's nasty and it's ugly and I built it I know that um so one of the first two controls critical controls from Sans inventory

and oh by the way inventory you have to know what's in your environment you have to or you've got no shot you have to know what's there what's functioning what it's doing what is it supposed to be doing what are the goals for it how are people using it know what's there because when you know what's there you easier to detect the anomalies this doesn't hide as well if someone goes uh we don't issue UPS's for people at desks we have a centralized ups for our entire power environment why is that there if you know that if you have a policy and you know that there should be none of these devices in the inventory it comes significantly easier

to detect so isolation you got to keep them separated again going back for the people older than 30. um air gapping notice I have in quotes um I had a really great conversation with my co-workers the other day about air gapping um and which I really honestly learned something um and it's it's that hair gapping gets thrown around it's a term that people go oh can't get into it and it's not I mean eventually these devices go to the internet you got internet of things you got this you got that everyone has to put the device to the internet for reporting and this and that and whatnot put it in the cloud whatever you need to know again your inventory

where things live I think you need to know how to separate them so that when they're communicating with each other such as this device communicating with every server in your environment you go in oh hold on no that Network should never talk to that Network ever so let's go hunt this thing down let's find the port on the switch let's find out what's going on access control is the next piece whitelisting authentication digital certificates um actually I skipped over Knack but um I'll kind of lump it in so um neck Knack as well go through keep devices off your network obviously there are ways around these types of things and I won't go into them

but I will say uh if you're I don't know a multi-function printer is suddenly running nmap um not being a program so uh you know make sure that you're really examining what you whitelist you know what what you tell your Knack this is okay you know make sure you really take a look at that um Access Control Etc authentication white listing you know make sure the people joining your network are given a digital certificate make every device have to support that I know that sounds daunting but I mean it's really going to be necessary in the future to do that sort of identification I can tell you right now if you got a pki environment

and you've got to authenticate with a certificate that device is going to do nothing it's not going to be able to connect to the network it's not going to get the the connection needs and of course the most crucial item always is user awareness if you do not teach the users in your environment about what's going on about uh the environment about what they should expect about who to contact I mean that's the biggest thing teach your users you see something you say something I know it sounds silly it's like McGruff and take a bite out of crime but seriously teach them to say something and to the right people say Hey listen you got a question send

it to us email us whatever it is we'll help you figure it out we'll track it down we know what to look for uh to say hey this is a real threat in our environment so next steps and issues so in building this you know what have you learn what do we find out so issues beyond the build cellular strength and data I use the hallway 3G modem inside of there for cellular um I don't know that I'd recommend it for a professional penetration testing and the reason I say that is it's just not even running command line it's it's more theoretical than anything if you're going to do this professionally make sure that you're getting the right data

strength right signal strength invest in a 4K modem but you can do it you can absolutely do it um battery backup functions as I'm building it I'm like well this is salvaged the circuit board on it doesn't work anyway but the next one I realize there's enough room to pack this in with the battery and what would be very neat is to be able to know when it's been unplugged and running off a battery and it's all very possible and packing that battery back in with the devices okay um so uh we're going to try and pack it into a freebie um yeah battery backup functions and additional USB or multi-pod um the power requirements coming in there

although you've got a 5 volt wall wart um my timer's off sorry about that okay um that's it um so uh that said um that wall work only puts out so much power you can only pack so many USB devices into that so you want to make sure that uh you're you're scoping out your environment you're putting in the tools that you're going to need for that test I say packing an additional USB power or powered USB but that has additional challenges uh you may have issues with throughput you may have issues with it being a cheap device from who knows where so you're going to want to test it uh it's 10 100 for the bypass as well

there's going to be no gig there so if you're dealing in a gig environment know that if they see a slow down to 100 100 Meg they're gonna have that link just drop down you need to have a powered tap to get up to Gig so we're gonna look at that pcap storage if you're doing uh Wireshark or something like that um it's only a 16 gig card you can't just leave it on forever there may be ways around that challenge I haven't put a lot of thought into it yet a smaller battery backup unit or the next steps I'd like to get into a smaller form factor still hiding in plain sight powered from DC we want to do that and

uh Bluetooth uh logging jacking snapping all those fun toys there's still one available USB port on there but um I just didn't get to testing and of course the Raspberry Pi 2. so getting more information is this deck going to be available online well I've got good nutrients how you already looked it is already online um so you can go to this link um everything I talked about is already up there the slide deck the PDF with notes STL STL files for all the 3D printed objects the detailed build guide in PDF so that's all up there um the Avery asset label and then all the red proximages if you want to edit them in so that's it that's the

talk um questions over there yes

are a lot of their devices no but it looks mixed Lenovo look like a walk in the park um they other things called only Diagnostics um TV set if you're with your significant other um are you saying that I might be watching my marital activities hey my Grandma and Grandpa now the hottest thing

I don't know that I'm incredibly happy with that modem but it's the one that I tested so um second thing yeah you're still connected to say to six Network excuse me yeah there's there's a wall work inside of there yeah um can you transmit that is a really cool idea what do you mean no it's not why is it not if you're not protect Ed oh well yeah no but I mean like actually doing it as part of the penetration would be kind of cool oh yeah if you're returning uh chances are you pretty much get away with it yeah and it's a large Network it's very well connected yeah no no gaps that is yeah

ethernet overpower yeah all right that's what you're talking about right yeah absolutely yeah no very cool no I'll have to think about that um I had not put any thought into a very cool idea um any other questions sir so you actually plug devices into it you mean essentially a yeah no these are powered no I mean I mean pause it but you're gonna You're Gonna Want to put some useful advice into it so you've actually um I still have a couple minutes right you know like okay um so I did I actually skipped over I'm glad you brought it up uh one of the things I meant to mention was when installing this one of the things you

want to look out for is dual pdu servers um so going through and finding a server that's got dual pdus and you again you want to make sure you're approved to do these kind of activities because you could knock something off the line but all things being equal you could unplug one peu plug it in the primary view you saved online stuck in your alternate whatever and then you plug in the secondary one and oh no that's totally plugged into our finance server or just do one line so they go yeah no we did it as the secondary pdu on the battery the only thing you really got to worry about there is that the pdus are monitored

somebody in the knock might go hey why'd that PD you go oh it's back up and that's probably all that would happen so that's your question sure cool sir it looks like there's a fair amount of empty space in the uh within the casing why didn't we keep the functionality of the UPS and then just you know put it in additional inverter often you wanted the real reason that UDS was broken it doesn't work so instead of going on buying another one I didn't so in part of the phase two what I want to do is get one that's functioning and then yeah absolutely there's a ton of extra room in there put a battery in there and actually instead

of wiring the uh the pi off of there wiring it directly into the receptacles so basically another wire off the back but yeah absolutely all possible and I'm actually thinking in that multi-pi setup that I'm talking about maybe even putting like two pies in there so you have one using a processing power for Wi-Fi literally Network them together and have one as kind of a command and control server so definitely possible yes not yet no no uh really the focus of this build was to try and again like to keep a second like I'm a branding professional but I was hiding the device in there uh the capabilities are basically endless um I put the guide up

there I put all the stuff on there I highly encourage you if you like it build it let me know how it works out you know I'm Gonna Keep playing with this uh make it a little better tweaking it so if you find something that works particularly well please reach out to me I'd love to hear about it

cool um I think anyone no no then I am going to wrap up then what's up previous slide well that will actually I'll do you one better the next slide is a qcs so if you want to just sit down um it'll take you right to the thing so or I can give you the the thing there so anyway all thank you thank you besides thank you all the volunteers you're fantastic