Dec 21

DEFCON 21 — Fantastic!


The Rio Hotel and Casino
Las Vegas, NV

Star Wars spandex… AWESOME!!
Pacmfan – github
RTK 8187 chipset – pwnpi
321 rule – 3 hrs sleep / 2 meals / 1 shower!
Who wants to volunteer? If you don’t have your hand up, get the fuck up here!
Seriously, those are the worst shorts ever!  Get the fuck off the stage!
You! You are now ‘Dr Bubbles’
New guy- top or bottom? Him: are you interested? (Applause) he’s now ‘Switch’ for changing that up on the panel 🙂
…”OMG, his shirt matches his socks!” (Blue/red stripes)… How old are you? 15. Did your mom bring you? Yea (smiling). Is she hot?!?!  He couldn’t answer!
Pentest Toolkit:
Wifi pineapple?
The management session is going on next door… If you would, imagine that opera just gave you a car… Now scream for about 10 secs… Nice! Fuck those guys 🙂
This talk is rated NC17… Be ready.
This is really named  ‘Anch’s Dirty Sack’
He’s gunna show what’s in his sack
-Wireless USB for pwning. That’s what Pineapple is for.
-lightning Gig adapter.
-hard drive
-usb3 to sata adapter
-gig switch
-wifi pineapple (hack5) man in middle! Wifi usb to pineapple to RJ
-PASSIVE LAN tap with step down to 100mbps
-android phone vulnerable!!
-scan with pwn’d tablet
-lock picks – tubular / regular
-wireless ‘Alpha’ looks like a triangle
-what’s your IP target, and the environment?  What can you get through the airport? Do you freedom fondle?
-VMs for scans
-Nessus or Qualis
-exposé with metasploit on the command line
-Zen box with several hosts
-Cali or Backtrack or Pentoo… Use Pentoo! Had a Gentoo overlay which is awesome (backwards)
-don’t use a live CD.
-configuration problems are the most common finds. Patch management as well.
-Bus pirate for hardware manipulation. Logic analyzer
-use Zen for hardware virtualization. Can test remotely.
Beagle bone black – pi step up
-Gentoo is very well documented
-Pentoo – Gentoo docs take care of you
– build with ‘minus x’
-ARM processors are in everything and Pentoo runs on it.
-make your own cellphone tower!
-making unprivileged user by default in new distros
-ARM 7 is the latest and 6 is the Pi
-7 is more powerful for compiling and it’s coming soon for P2
-SET ‘Social Engineering Toolset’
-eselect kernel command will allow you to choose your correct build
Wireless Security:
-by far the most crowded and therefore one of the biggest topics of today!
-use AES
-good Apple attack coming out. Go to it on Sun (OS X adapt)
-scope of work… Get paid for what they want you to do, not what you want to do.
-get a Rules of Engagements!!
-iPhone used as a hotspot
-don’t be the ‘caught one’ … Always be able to prove that it was someone else!
-focus on the TARGET! Not everyone.
-the out brief is what gets you paid!
-what you found, where you found it, what can you do?
-platform selection? OS? Software? Network card (1 vs 2 vs 3). Can make a single card do 30 throughputs… A 2 part allows a sniff and eject. 3 cars is better. Capture, line out, injects. Get used to your own setup! And then antennas!
-send back to C2 from your pocket
-have ALL 3 platforms during an assessment (Win/OSX/*NIX)
-hack naked (no firewalls)
-may have 10 OSs… 99% of the time is Gentoo, but use them all!
-Airgrapg? AirDrop (github) (reverse firewall)
-test the decryption part! Do your own research
-ANTENNAS: radiation pattern. Omni- Fixed/magmount, and directional (yagi is the best)
-WIFI CARD: alpha cards / Rockland N3 / ROSWELL / ST71 / airpcapnx / Wispy DBX
– chipsets
-contest-distance/hide and seek/fox and hound/password crack/system takeover
I can explain it to you but I can’t understand it for you
‘I got your back… AHH’