Ethical Hacking: DIY Mobile Security Workstation (For Cheap)

and with that without any further ado Dale Meredith is gonna be talking about ethical hacking do-it-yourself mobile security workstation okay we'll see if the is the mic on you guys hear me all right it's sweet thanks for coming out I was almost tempted to go get some popcorn and just start passing around with this being here at the theater appreciate y'all coming out my name is Dale Meredith I'm a mic well I've been a Microsoft trainer for some time as well as a plural site author and I wanted to share with you some of the experiences that I've had with this particular situation that kind of fell on me just real quick some of the stuff that I'm

gonna be going over you may be like oh boy what'd he say here what was that product to there I have the complete build list on my website which is available at Dale dumbs it down calm and we'll see what we can do here also as far as the questions using that app to use the questions I'm gonna pick a lucky member that gets to go home with all the equipment to build their own workstation the stuff I'm showing you guys so if you post your questions there I was gonna build it here but we just don't have enough time for me to build it so I figured especially toting around all day it's way too heavy so figured I'd give

it away okay a little bit about myself like I said in Pluralsight author myself as well as Troy hunt we went through and did the ethical hacking series whoops ethical hacking series with Pluralsight I'm currently working on their pin testing series for them which I'm really excited about anybody here Pluralsight subscribers sweet yeah okay so like I said I've been a Microsoft trainer since about 98 jumped on that whole ceh ceh thing back in about 2003 had my own Wireless ISP service I live in northern Utah where at the time when I moved out there there was no high-speed Internet well is DN C I just aged myself didn't I some of you are like is what yeah that

was a was at five 512 no tooth 1:28 thank you so I start up my own ISP business out there and sold out soon after that Comcast and all the big guys started getting out there worked on several projects with homeland security is whether the government agencies they slept in a Holiday Inn Express last night bla bla bla bla bla you just need to know that I hang out with cool people and they always say you can tell a person by their friends he's got a cute smile Denny I'm talking about Chuck he's got a cute smile rough crowd okay so I am a huge Batman fan and when I say huge it anybody notice the shirt

yet okay yeah it's it's a problem well I guess that's your definition of a problem but why do you suppose out of all the superheroes that are out there anybody know why I'm probably a huge Batman fan because he chose to be a superhero so I'm one of the only presenters here that has their own swag yes genuine Batman slap bracelets okay anybody else what else yeah yeah gadgets what's his superpower for money nice yeah that's that's his superpower no I yeah he's uses mind right he has no real superpower except for he thinks things through and that's kind of why I like him quite a bit I actually the funniest response I ever had when I asked that

somebody said you two saw your parents murdered in an alley and I'm like thanks for bringing it up no ok so I'm a huge fan and by the way after the session if you want to talk about Batman we can talk about Batman we can talk about this Batman we can talk about this Batman we can even talk about this Batman yeah old-school right but we don't talk about this Batman and we don't talk about what they're trying to do here with robbings I don't even know and whatever we do you do not mention bat flack to me okay now so yeah he always has like cool utility belts right your tool cool thing so yeah

every presentation has to have a cat video or cat picture so there's mine it's Batman related right bat cat okay so here's the issue that we have because of the popularity when it comes to pin testing because of the popularity of certain shows that are out there what's what's our biggest issue well I'll tell you it's the shortage of hoodies because ever we go everywhere we go there's hoodies right now the actual issue for us here is what do we do with all this equipment in some cases the equipment is too much if we were trying to be a little bit more covert so one day I was I'm a big fan of several products out

there I'm not here to disparage or talk well I'm gonna disparage today sorry this is gonna be a shame of a particular organization but I do love my gadgets well I came across this one day I don't even think about this for audio the tsar jack here on the right and i'm probably gonna like break everyone's eardrums here here we go let's see if this works innovative products i'll play that again so you can hear this it's probably one of the most innovative products we've ever done most innovative products they've ever done I was like well you got to tell me more oh come on see now it's not gonna work nope what is going on

you know what I forgot I forgot to sacrifice the demo virtual machine to the demo gods so he talks about this particular product that's come out and it's called the ec-council storm and it's portable and I'm like that's really cool and it uses the latest Raspberry Pi technology I'm like well tell me more this has got to be a tool that I would like to purchase so I went through and I took a look at their particular kit it's called the mobile security toolkit and hey guess what for a measly 749 dollars you can purchase this product and I went ok we meant don't mind supporting people but this may seem a little out of whack

so let me go do some shopping on my favorite place yeah that is true you do get a free t-shirt absolutely so I looked at this specs and this is actually what told me that was a Raspberry Pi who's a Raspberry Pi version 3 B plot yeah 3 B its 64-bit it's got a 100 megabit the Wi-Fi is what really annoys to be because it supports G in B it has bluetooth the latest for one a Bluetooth and so I went wait a minute oh I should have just gone there that would've given me the blown up so you guys didn't have to squint Scott has a gig of ram and this particular their toolkit has a 7 inch display so I'm like

okay well maybe the display because I happen to know how much a Raspberry Pi is again I can or I went and looked to see which model it was I started reverse engineering this going ok which one has this particular specs which one has power over ethernet capabilities which will come into play if you start thinking like an attacker and so I did some shopping and I went found this particular product out on Amazon this is the a kit that comes with actual CPU coolers cuz you know those PI's get hot especially apple pie so you got to keep those CPUs cool the one thing I will recommend obviously or the one thing I really enjoy is the I

can't believe I'm going to say this out loud the AC adapter because it actually has an on/off switch on it the PI doesn't have one by default so I went got that I then went off and found the seven-inch touchscreen monitor that comes with the interface in it so that hooks right into the Raspberry Pi I also found this was hard finding SD memory SD card on Amazon it was real hard but I found it I also went through and found the keyboard the waterproof keyboard and grab that now they use a different type of case I actually found my case I admit it's a little bit more expensive it's about eight bucks more but my case

allows me to actually move this bad boy up and down so it has a stand on it it can lay flat so I can pack it up I can put it up like a monitor if I need to there's is now an inferior product No so I went through anybody want to take guess how much this this is as of today if you were to go buy these items a hundred and seventy four dollars that shipped and I'll throw it you know what if you just want to just send me five hundred bucks I'll send you one of these and a t-shirt I'll go get you a t-shirt okay what's that stickers oh I can make up some stickers

okay so I'm thinking well it's got to be the OS he describes the US as being a customized penetration hacking operating system and I wish the video would have ran because it runs they show an image of it running and it's raspberry excuse me it's Kali Linux booting up so sure I can go off I found Kali Linux obviously love Kali it's a one-way relationship think she likes me very much and anyway I went and downloaded it you need to make sure you get the appropriate version I actually make sure you get the well in this case here you grab the Raspberry Pi version 3 64-bit you want to download that bad boy you'll then

want to go through and run through a couple of steps the first step is obviously after you download it is to burn the image to the microSD card I myself use a product called Setzer but there's hundreds of them out there now here's what's important to note is that this image that you download from Kali isn't full Kali it's designed for a Raspberry Pi but don't worry we have plans okay so we're gonna burn the image after we burn the image we're gonna insert it into the Raspberry Pi we boot it up and as soon as it boots up we login anybody come on everybody knows the username password for Kali by default wrote and then routes backwards

for the password right so we login and then the next step I'm gonna actually run through is I'm gonna go through and get my update and the reason why I want to do the update I'm going to do the update yeah hang on I'll get there sorry this is my ad D moment going through my mind for a second so I'm gonna do my a PT update this doesn't take very long probably about fifteen maybe twenty thirty seconds after I do that I'm actually go I'm gonna go out and install gparted because by default this particular image doesn't take up the entire in this case 64 gigs of SD memory so I'm going to install gparted

on my drive or on the system itself I'm then going to actually run gparted and expand it out so I have the whole 60 64 gigs or I actually have an image on 128 gigs and you can do whatever you want just depends on what it is you're trying to do now the reason why I should say this particular workstation is important to me is because when I do pen tests the one thing I do and this is what I would highly recommend especially if your consultant is I never use my own system ever I used to force the client to go out and purchase a system a laptop and that's the system I use what

I wouldn't I want to use my own system what's that yeah a combination of one I don't want to leave the engagement and I'm thinking what the deal take right did you already get one ah so you earned it early I heard somebody over here though what's somebody over here say yeah yep and so what I tell them to do is I actually tell them to take that system hopefully that makes it to him I tell him to take that system and put it away don't use it for anything else I used to tell them do that with a laptop yeah I've got a really nice solution that allows me to keep all this information and of course I can hand it

off it's not that expensive and it's actually quite powerful so sorry there was my EDD moment I got have to track there for a second after I do the extension of the partition I'm gonna then go through and do the upgrade itself and it's gonna go through and this one takes a little bit of time probably bout 30 minutes to implement after it's done we then do an apt install Kali Linux full and we go take a break but while we'll take why we're taking a break we also get to do our Eva laughs you can actually when you launch Kali before you've done this you'll actually see the menu system and like for example

when you go into information gathering there's only maybe one or two tools this isn't this actually installs everything some of the tools don't work I'll be honest with you but I kind of like learning that later I'd like to have make sure I have everything that I need yep and this isn't a very this is a very expensive option how expensive do you say oh come on really none of my stuff is gonna work today

Wow

it's like my favorite commercial right now well I'll have to do the imitation free free free free free free free free free free free he actually throws a lighter over shoulder and walks away in slo-mo as the explosion goes off just st. free free free free free yeah that's the expensive part so now I'm really bewildered because I'm like just really don't get it it actually gets worse well if we have time I'll show it to you they have a so they have their storm now they have the gale force 10 which is accessories you know expensive accessories like like tp-link adapters and it's wholly $349 it's really cool okay so some of you may be thinking hey

DL that's really cool but Wow maybe I don't like Cali that's the beautiful thing about this I actually carry around a little credit card sized SD machine or excuse me a cart holder for me that I've got different os's you can run parrot anybody running parrot using parrot what are you thinking of it yeah a lot more tools but the interface is kept for me but we can actually use parrot as a they say you can use it as a daily driver if you want but they have a armed version that's out there they also have black arch has got a distro out for Raspberry Pi now here the the keeps those you guys that plan on maybe trying to implement

these type of operating systems what I've discovered is that they don't really like the display the 7-inch touchscreen display so my recommendation for you is to plug in an external HD member it's an awesome piece of technology it's got an HDMI output I don't know if you guys do that or not anyway I'll plug in an external monitor go through the installation download the drivers for the display and then you're golden but here's another thing we can do we can actually also load something called Rick Rathbun OS which is basically anybody familiar with like a Metasploit able box or a what's a waspey bwa sure deal okay thank you for responding yeah so this is basically you

can fire up a box to fire up one of these units and it's a extremely I think it's based off of and I can't think of the distro of it but it's extremely vulnerable box that you can use for pen testing now here's what's even crazier is that I just had an opportunity to see an opportunity we'll see how it goes my son is gonna be--start being homeschooled and I'm in charge which you know that should put fear in your hearts his assignment last week was he built a pie and he's now going through and doing coding great little you know I don't the hand over a four hundred dollar laptop to him I can hand over a seven hundred

and forty nine dollar that's how they tell him if you break this no just kidding yeah so again the when you heard their website and you checkout with the free t-shirt and the gale forced an expansion pack you can walk out the door for a thousand seventy four dollars now the gale force expansion pack includes the who to travel routers anybody using one of these oh this is like one of the best friends you'll ever have you can purchase this it's a whopping 35 bucks about on Amazon this is a router for Wi-Fi so you hook this into for example I'd hook it into the Wi-Fi here and then I have my system hit this box what's

really cool is on those wonderful airlines where they charge you per connection yeah I just set this up and then have all my kids tablets and laptops hook into this and I only have to pay for one connection the other cool thing too is it's got USB on it so it's actually a power bank so it'll charge up your cell phones tablets and of course you can also has a Ethernet adapter so if you want to plug it into an Ethernet port and then this becomes an AP and access point really good for unpin testing environments the other reason why I use it or the other option that I use is I have a thumb drive that

I'll put movies on you can plug it in here and you can stream it out to all the kids see I keep to keep carrot take care of the kids while we're traveling keep them quiet so yeah they're kit includes that it also includes a a battery bank it also includes the tp-link the wn7 22 anybody know about this thing know this will run you about 14 bucks what's so special about this and 14 bucks on Amazon what promiscuous mode yeah Oh was it over here Oh cameraman dude stepping up here you go yeah so this one here's what's really cool is this one you can use this on a laptop run Kali pop it in and you can

emulate you can do quite a bit with it as far as capturing s phones that are broadcasting there SS IDs very similar Shannon here ok good Shannon was you know very similar the hack 5 Wi-Fi pineapple not as powerful but you can take this and plug it in - I call this by the way the bat pie when they good I plug it into the bat pie I now have two wireless connections I can turn this into a rogue access point or man start a man-in-the-middle attack if I'd like they also include a really in there pad there gale-force they include a really nice keyboard and with the last but not least oh they include another the

official Raspberry Pi power brick and then a software-defined radio comes with a little antenna you plug it in allows you to scan radio frequencies we use that and like IOT anything Wi-Fi I'll turn in a I'll tune in a radio station if I get really bored so

normally I would go through and build it up but what I'm gonna do is I'm going to see if I can't fire some I got two of them that are completely built here that you can come up if you want to play around with them more than happy to take questions oh yeah they're like I'm on in slide Oh SL s SL I do what questions do we have I keep moving out of frame the camera guys you deserve that because I'm like people in the over hustle like so dad we do we do have a few questions I'm gonna begin with more serious ones and then move on to the funny no does Callie come

with tools to reverse-engineer tools for iOS apps for iOS I don't see anybody no I don't know I've taught my head I don't think so again the the purpose of Callie is or one of them its main focus would be the aspect that you're going after server-based targets typically workstations yes we can't do those so I don't know how much of a demand for iOS that would be my assumption but I don't know what's that oh it does for our to cool costume the next question is do you ever find that you need more local power say what you'd get from an Intel and you see said another way what have you not been able

to do with a PI I've had some issues back when I was originally started this project I was using just the 3b and I had issues with the newer version of the tp-link USB drives not a USB adapter working correctly the power is that was questioned about power right yeah like power consumption or power CPU yeah you know it may take it's it's not obviously a an i7 you know but it definitely does its job the beautiful thing about this is you can take it after you've deployed it you know if you don't need the monitor this is one of my favorite tools put it inside of this looks like a little smoke alarm and you

plug it in and at your target and it just starts gathering information for you so yeah I'm trying to think of anything that I haven't been able to do the cool thing is that if you don't have access to AC power the power banks will charge it it only needs five amps and 2.5 volts or maybe I got that backwards probably explains why I shocked myself all the time when I'm playing with electricity so another question just have is from D stark and the question is why Batman when Iron Man is clearly better

we'll just say the Batman's older and wiser no I there's a favorite meme out there that what's that he does it in the Avengers where he says take the suit off and what it what are you and Tony Stark says a plan Thor a philanthropist yeah and then they do it with Batman the name does it with Batman it's like ninja master detective above us so yeah I do have a Marvel hero and he also doesn't have superpowers to think about that one ooh maybe that's who I'll give the now you're gonna just start throwing no he actually has superpowers what we do have some people in the other room so they wouldn't miss out on this yes that is

true if that is true keep reading so the next question is the Punisher what was the Wi-Fi router they can find it on your website the Wi-Fi router Oh in there in the force oh so if you go to

the router oh the who - that's part of the that's part of the gale-force 10 I'm gonna call it the Robin something I'll update that tonight and put that up there but the yeah it's this is called the who - it's a Cho OTO oh you bet all right the next question is could you use the security workstation to proxy smartphone apps traffic hmm you'd have to hook up a cellular yeah man good questions making me think way outside the box in that one yeah I don't know I would say if you can find some type of a cellular interface if they're using Wi-Fi which almost everybody leaves them on I was tempted to have mine up here doing some air

monitoring and seeing how many has had your phones on Wi-Fi but yeah for cellular I don't know how to I don't know how to off top my head how to hook it up yet sure these are great questions all come out with version 3 all right so the next one is what is the purpose slash advantage of building a mobile workstation why are you not using a cheap laptop or intel nuc yeah you know I've looked at that being able to do like go by my fact I've been tempted to do my Microsoft Surface fired-up just overwrite it and put Kali on it you go from there the advantage here is this is extremely portable I mean extremely portable

and you can hide you can hide it especially once you get it all configured if you don't want to deal if you want to leave behind a touchscreen you can put them in the small cases which are only about this big and those are extremely easy to hide in an extremely hard to find physically but the this is just more of a mobile I can pop it up real fast and it's 100 and I know I I was looking the other day on eBay and I could buy some old Dell systems for about the same price but they don't get a new warranty actually what's funny is on ec-council site when it has the price it says items sold as

is no warranty implied I'm like oh wow hmm not bad yep I had one last question okay what will you do with all the money you saved I'm gonna go to Disneyland no uh-oh Wow I'll buy more I'll buy real pie there we go awesome wow that Dutch would that be a lot of times thank you so much thank you thanks everybody buddy how do we want to do the the giveaway yeah yeah we have to decide that right let's see I'm gonna I'm gonna exclude the Batman questions because those I know those were already awesome but they're already a certain level I'm gonna say the person who had the question of because now you're making me think really good who

had the cellular question in this room [Music] so we can just message them they have to come and tell you what they're okay so if you if you're the one who gave me the cellular question you have to come tell me the username that you used and we will hook you up and you can carry this stuff around Thanks