BYOD presentation Init 6 + ISSA PR Chapter joint meeting
-
Upload
jose-quinones -
Category
Technology
-
view
1.070 -
download
2
description
Transcript of BYOD presentation Init 6 + ISSA PR Chapter joint meeting
Obsidis Consortia, Inc.
BYOD:Bring Your Own Darkside
José L. Quiñones-Borrero, BSMCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
What is OC, Inc?
• Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico.
• OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
Why BYOD?
• What's Mine Is Mine, What's Yours Is Mine, Too
• Employees Happier, More Productive?
• Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
Why NOT?
• Little or no control over devices
• Privacy issues about device’s content
• No jurisdiction over devices
What are these devices?
Laptops
• Live CD/USB– Live USB Creator– Unetbootin
• Virtual Machines– VMware Player– VirtualBox
• Full OS on Hardware– Kali/Backtrack– Pentoo– BackBox
Smartphones and Tablets
• Jailbreak iOS
• Rooted Android
• Ubuntu Touch (Phone)
Others
• Home Routers– Linksys WRT-54G– Alfa Network AP-121U– TP-Link WR703N
• Custom Firmware– DD-RWT– OpenWrt w/Jasager– Totmato Router
Let focus on iOS …
Apple iOS AppStore Goodness
• iNet• TIOD• IPScanner• zScan Pro• Whois• TCPinger• Net Utility
• VNC viewer• RDP client• aSubnet
• Python 2.7
Cydia
Jailbroken iOS
• Tools– nmap, tcpdump, ettercap, aircrack-ng*, dns2tcp,
netcat• Development– Python, Ruby, Perl, SQLite
• OS– wget, curl, grep, sed, awk, inetutils, whois, locate
• Deamons– dns, http, dhcp, ftp, vnc
Installing Metasploit on iOS
1. Jailbrake your iOS devices2. Install BigBoss Recomended Tools3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb4. iconv_1.14-1_iphoneos-arm.deb5. zlib_1.2.3-1_iphoneos-arm.deb6. metasploitframework4.5.tgz
What about Android?
PwnPad ($895.00)
•Wireless ToolsAircrack-ng•Kismet •Wifite•Reaver•MDK3•EAPeak•Asleap•FreeRADIUS-WPE
•HostapdBluetooth Tools:•bluez-utils•btscanner•bluelog•Ubertooth tools•Web ToolsNikto•Wa3f
•Network ToolsNET-SNMP•Nmap•Netcat•Hping3•Macchanger•Tcpdump•Tshark•Ngrep•Dsniff•Ettercap-ng•SSLstrip
•Hamster & Ferret•Metasploit 4•SET•Easy-Creds
•John (JTR)•Hydra•Pyrit•Scapy
Can we be more creative?
Red Teaming BYOD
• Raspberry Pi ($35)– 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet– Huge development community– Debian and Red Hat based distros
• CubieBoard ($80)– 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet– Some community support– Ubuntu and Android
• Odroid ($90)– 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet– No community yet(new platform)– Ubuntu and Android
Demo
Open Discussion …
Q & A
Please visit us to keep in touch …www.ObsidisConsortia.org
www.BSidesPR.org
https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQghttps://plus.google.com/u/0/communities/102771209982001396923
https://facebook.com/obsidisconsortiahttps://twitter.com/BSidesPR
Affiliates:www.TalktoanIT.comwww.codefidelio.org
www.darkoperator.com