Your SlideShare is downloading. ×
Concise Courses Raspberry Pi
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Concise Courses Raspberry Pi


Published on

DJ Palombo's talk on how to use Raspberry Pi in order to attack a network from within.

DJ Palombo's talk on how to use Raspberry Pi in order to attack a network from within.

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Concise Courses How Raspberry Pi Can Change How People Attack NetworksDJ Palombo Raspberry Pi is a trademark of the Raspberry Pi Foundation
  • 2. Who Am I?•In my junior year in Computer and DigitalForensics at Champlain College, Burlington VT•20 Years Old•Currently studying in Dublin, Ireland
  • 3. What is Raspberry Pi?• $35 Computer the size of a credit card• Uses GNU/Linux Operating Systems• Model B has 512 MB RAM, 2 USB ports, Ethernet, video out, and HDMI• Operating System loaded on SD cards• Storage is based on the SD card size
  • 4. What this is NOT• Be all, end all network attack• Proposal of better-than-sliced-bread attacks What this is• Another viable threat that should be assessed• A warning to security professionals
  • 5. What is the theory behind it?• Cheap, inexpensive computer – My terminology for it: “Burner Computer”• Small size allows it to be easily hidden• Attack from within rather than forcing your way through
  • 6. What attacks to do?• Whatever you want!• Sniff networks for information and passwords• See all internal network traffic• Try to shut down the network from within
  • 7. My first concept• It can be used as a cheap cluster for computing power – Useful in some context – Ability to gain a large amount of power at low cost• What next?
  • 8. What you can do• Route all the traffic through the Pi – MITM attacks• Packet sniff inside a network• VLAN Hopping• VoIP sniff
  • 9. Man In the Middle Attacks• Ability is built into Ettercap – DHCP spoofing – Arp Poisoning• All traffic will then run through your system• You can modify traffic as it runs through your system
  • 10. VLAN Hopping• You can check to see if there are other parts of the network, and listen on their traffic too• VoIP Hopper – Will act like a VoIP phone and look for other devices across the network – Listens for any traffic that signifies other VoIP devices• SIP crack – Crack passwords of VoIP device – Works similar to aircrack
  • 11. VoIP Attacks• When inside a network, why not listen in on their calls?• VoIPong – Allows user to sniff any calls on the network – Will record and output to .wav file for listening later
  • 12. Other options• Instead of wireless attacks, why not hardwire? – Surge protector + Raspberry Pi = Network Observation Device• Use it for the manufacturer’s intended purpose?
  • 13. Surge Protector Pi• For a small cost, you can set your Pi up inside a surge protector – Constant source of power – Inconspicuous – Hardwired Ethernet connectivity
  • 14. How to defend against this threat •Physical security •Monitor network traffic •Specifically search for traces of network sniffers
  • 15. How to defend against thedefenders•Spoof MAC address, andchange it periodically ifyou are within a network•Hide the device well•Don’t be afraid to losethe device
  • 16. How to prepare yourself• Obtain Pi• Setup the Pi – I recommend using PwnPi ( )• Know your toolkit• Know your target and your goal• Figure out how you are going to power it
  • 17. The Drop-off• Dependent on who you are attacking• Use common sense, and be sneaky!• Know your options, and know your opponents
  • 18. Contact DJ•• @DJPalombo – #ProjectRasPi•
  • 19. Any Questions?