1. 1. 1 Gray, A brief look into Pentesting, Gadgets, Certifications & Cool Projects
2. 2. 2
3. 3. 3 Red Team Uncovers TSA Failures
4. 4. 44 Social Engineering Metasploit, a phone, fake online profiles, voice modulation, social engineering toolkit Forensic Tools Kali Linux, Deft Linux, Sleuthkit, Digital Forensics Kit Footprinting Tools Maltego, NSLookup, nMap Lockpicks/Gadgets Bump keys, lockpick kits, master keys, hackrf, pineapple wifi, rubber ducky, RFID, yagi antennas notable tools that EVERYONE should know about... A BlackHats Toolkit
5. 5. 5 The WiFi Pineapple is a unique device developed by Hak5 for the purpose of WiFi auditing and penetration testing. Since 2008 the WiFi Pineapple has grown to encompass the best rogue access point features, unique purpose-built hardware, intuitive web interfaces, versatile deployment options, powerful software and hardware development aids, a modular application ecosystem and a growing community of passionate penetration testers.
6. 6. 6 At the core of the WiFi Pineapple is a modular web interface designed to simplify the management and execution of advanced attacks. A set of "infusions" (modules) provide convenient graphical front-ends for popular command line applications. Infusions can be installed to the device over-the-air from an online portal. These free applications install in a matter of clicks. Additionally, infusions may be developed directly on the device using the open application programming interface (API). Once submitted for review, your Infusion will be included in the online portal for all WiFi Pineapple users.
7. 7. 7 RECONNAISSANCE Visualize WiFi landscape. Target networks and individuals. AUTO HARVEST Collect probe requests and beacons for rebroadcast. DOGMA Attract specific targets or all devices with thousands of beacons. BEACON RESPONSE Mimic networks with automatic targeted beacons. KARMA Capture clients no matter what network they seek.
8. 8. 8
9. 9. 9
10. 10. 10
11. 11. 11 Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals. With origins as a humble IT automation proof-of-concept using an embedded dev-board, it has grown into a full fledged commercial Keystroke Injection Attack Platform. The USB Rubber Ducky captured the imagination of hackers with its simple scripting language, formidable hardware, and covert design.
12. 12. 12 COMMUNITY PAYLOAD GENERATORS, FIRMWARE, ENCODERS AND TOOLKITS Customize pre-assembled attacks from our repository - Payload Wiki Online Duck Toolkit for simple Reconnaissance, Exploitation and Reporting The Simple Ducky Payload Generator for Linux with Password Cracker and Meterpreter and Netcat integration VID & PID Swapper to cloak your device Ducky-Decode Firmware and Encoder adding Mass Storage, Multiple Payloads, Multilingual and and much more. And of course the USB Rubber Ducky Forums for Payload sharing, suggestions, questions and information.
13. 13. 13
14. 14. 14 10 MHz to 6 GHz operating frequency half-duplex transceiver up to 20 million samples per second compatible with GNU Radio, SDR#, and more software-configurable RX and TX gain and baseband filter software-controlled antenna port power (50 mA at 3.3 V) SMA female antenna connector convenient buttons for programming internal pin headers for expansion Hi-Speed USB 2.0 USB-powered open source hardware
15. 15. 15 Heres a few resources Ive been reading, watching or have bookmarked in no particular order relating to SDR and GNU Radio. As a beginner in this I cant fully vouch for their quality but they seem okay! http://greatscottgadgets.com/sdr/ Fantastic SDR for HackRF tutorials by Michael Ossmann. http://files.ettus.com/tutorials/ Some quality SDR / GNU Radio tutorials http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorials SDR / GNU Radio tutorials with supporting code on github http://www.ece.uvic.ca/~elec350/lab_manual/ Communication lab work in GNU Radio from the University of Victoria BC http://www.trondeau.com/gr-tutorial/ Another tutorial with supporting code https://www.youtube.com/user/2011HPS/videos Some GNU Radio tutorials, no audio though. http://www.csun.edu/~skatz/katzpage/sdr_project/sdrproject.html contain some interesting bits http://complextoreal.com/tutorials/ A large series of tutorials in digital communications
16. 16. 16
17. 17. 17
18. 18. 18
19. 19. 19
20. 20. 20 Certified Ethical Hacker CEH provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEH courseware. Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.
21. 21. 21
22. 22. 22 Meetup Groups OWASP SD Dev OPS SD Python Full Stack Talks SD Continuing Education CCNA Courses CTF Tournaments UCSB Local Qualifiers Local Conventions Toorcon Cybercon
23. 23. 23
24. 24. 24 Questions!?!