Concise Courses             How Raspberry Pi             Can Change How             People Attack             NetworksDJ P...
Who Am I?•In my junior year in Computer and DigitalForensics at Champlain College, Burlington VT•20 Years Old•Currently st...
What is Raspberry Pi?• $35 Computer the size of a credit card• Uses GNU/Linux Operating Systems• Model B has 512 MB RAM, 2...
What this is NOT• Be all, end all network attack• Proposal of better-than-sliced-bread attacks                What this is...
What is the theory behind it?• Cheap, inexpensive computer  – My terminology for it: “Burner Computer”• Small size allows ...
What attacks to do?• Whatever you want!• Sniff networks for information and passwords• See all internal network traffic• T...
My first concept• It can be used as a cheap cluster for  computing power  – Useful in some context  – Ability to gain a la...
What you can do• Route all the traffic through the Pi  – MITM attacks• Packet sniff inside a network• VLAN Hopping• VoIP s...
Man In the Middle Attacks• Ability is built into Ettercap   – DHCP spoofing   – Arp Poisoning• All traffic will then run t...
VLAN Hopping• You can check to see if there are other parts of  the network, and listen on their traffic too• VoIP Hopper ...
VoIP Attacks• When inside a network, why not listen in on  their calls?• VoIPong  – Allows user to sniff any calls on the ...
Other options• Instead of wireless attacks, why not hardwire?  – Surge protector + Raspberry Pi = Network    Observation D...
Surge Protector Pi• For a small cost, you can set your Pi up inside  a surge protector  – Constant source of power  – Inco...
How to defend against this threat   •Physical security   •Monitor network traffic   •Specifically search for traces of   n...
How to defend against thedefenders•Spoof MAC address, andchange it periodically ifyou are within a network•Hide the device...
How to prepare yourself• Obtain Pi• Setup the Pi  – I recommend using PwnPi ( pwnpi.net )• Know your toolkit• Know your ta...
The Drop-off• Dependent on who you are attacking• Use common sense, and be sneaky!• Know your options, and know your oppon...
Contact DJ• Palombo.dj@gmail.com• @DJPalombo  – #ProjectRasPi• http://bit.ly/DJsLinkedIn
Any Questions?
Concise Courses Raspberry Pi
Upcoming SlideShare
Loading in …5
×

Concise Courses Raspberry Pi

1,232 views

Published on

DJ Palombo's talk on how to use Raspberry Pi in order to attack a network from within.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,232
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Concise Courses Raspberry Pi

  1. 1. Concise Courses How Raspberry Pi Can Change How People Attack NetworksDJ Palombo Raspberry Pi is a trademark of the Raspberry Pi Foundation
  2. 2. Who Am I?•In my junior year in Computer and DigitalForensics at Champlain College, Burlington VT•20 Years Old•Currently studying in Dublin, Ireland
  3. 3. What is Raspberry Pi?• $35 Computer the size of a credit card• Uses GNU/Linux Operating Systems• Model B has 512 MB RAM, 2 USB ports, Ethernet, video out, and HDMI• Operating System loaded on SD cards• Storage is based on the SD card size
  4. 4. What this is NOT• Be all, end all network attack• Proposal of better-than-sliced-bread attacks What this is• Another viable threat that should be assessed• A warning to security professionals
  5. 5. What is the theory behind it?• Cheap, inexpensive computer – My terminology for it: “Burner Computer”• Small size allows it to be easily hidden• Attack from within rather than forcing your way through
  6. 6. What attacks to do?• Whatever you want!• Sniff networks for information and passwords• See all internal network traffic• Try to shut down the network from within
  7. 7. My first concept• It can be used as a cheap cluster for computing power – Useful in some context – Ability to gain a large amount of power at low cost• What next?
  8. 8. What you can do• Route all the traffic through the Pi – MITM attacks• Packet sniff inside a network• VLAN Hopping• VoIP sniff
  9. 9. Man In the Middle Attacks• Ability is built into Ettercap – DHCP spoofing – Arp Poisoning• All traffic will then run through your system• You can modify traffic as it runs through your system
  10. 10. VLAN Hopping• You can check to see if there are other parts of the network, and listen on their traffic too• VoIP Hopper – Will act like a VoIP phone and look for other devices across the network – Listens for any traffic that signifies other VoIP devices• SIP crack – Crack passwords of VoIP device – Works similar to aircrack
  11. 11. VoIP Attacks• When inside a network, why not listen in on their calls?• VoIPong – Allows user to sniff any calls on the network – Will record and output to .wav file for listening later
  12. 12. Other options• Instead of wireless attacks, why not hardwire? – Surge protector + Raspberry Pi = Network Observation Device• Use it for the manufacturer’s intended purpose?
  13. 13. Surge Protector Pi• For a small cost, you can set your Pi up inside a surge protector – Constant source of power – Inconspicuous – Hardwired Ethernet connectivity
  14. 14. How to defend against this threat •Physical security •Monitor network traffic •Specifically search for traces of network sniffers
  15. 15. How to defend against thedefenders•Spoof MAC address, andchange it periodically ifyou are within a network•Hide the device well•Don’t be afraid to losethe device
  16. 16. How to prepare yourself• Obtain Pi• Setup the Pi – I recommend using PwnPi ( pwnpi.net )• Know your toolkit• Know your target and your goal• Figure out how you are going to power it
  17. 17. The Drop-off• Dependent on who you are attacking• Use common sense, and be sneaky!• Know your options, and know your opponents
  18. 18. Contact DJ• Palombo.dj@gmail.com• @DJPalombo – #ProjectRasPi• http://bit.ly/DJsLinkedIn
  19. 19. Any Questions?

×