Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Obsidis Consortia, Inc.
BYOD:Bring Your Own Darkside
José L. Quiñones-Borrero, BS
MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RH...
What is OC, Inc?
• Obsidis Consortia, Inc. [OC, Inc.] is a non-profit
organization that promotes security awareness in the...
Why BYOD?
• What's Mine Is Mine, What's Yours Is
Mine, Too
• Employees Happier, More Productive?
• Gartner Predicts by 201...
Why NOT?
• Little or no control over devices
• Privacy issues about device’s content
• No jurisdiction over devices
What are these devices?
Laptops
• Live CD/USB
– Live USB Creator
– Unetbootin
• Virtual Machines
– VMware Player
– VirtualBox
• Full OS on Hardwar...
Smartphones and Tablets
• Jailbreak iOS
• Rooted Android
• Ubuntu Touch (Phone)
Others
• Home Routers
– Linksys WRT-54G
– Alfa Network AP-121U
– TP-Link WR703N
• Custom Firmware
– DD-RWT
– OpenWrt w/Jas...
Let focus on iOS …
Apple iOS AppStore Goodness
• iNet
• TIOD
• IPScanner
• zScan Pro
• Whois
• TCPinger
• Net Utility
• VNC viewer
• RDP clie...
Cydia
Jailbroken iOS
• Tools
– nmap, tcpdump, ettercap, aircrack-
ng*, dns2tcp, netcat
• Development
– Python, Ruby, Perl, SQLit...
Installing Metasploit on iOS
1. Jailbrake your iOS devices
2. Install BigBoss Recomended Tools
3. ruby_1.9.2-p180-1-1_ipho...
What about Android?
PwnPad ($895.00)
•Wireless ToolsAircrack-ng
•Kismet
•Wifite
•Reaver
•MDK3
•EAPeak
•Asleap
•FreeRADIUS-WPE
•Hostapd
Bluetoo...
Can we be more creative?
Red Teaming BYOD
• Raspberry Pi ($35)
– 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet
– Huge development community
– Debian a...
Demo
Open Discussion …
Q & A
Please visit us to keep in touch …
www.ObsidisConsortia.org
www.BSidesPR.org
https://www.youtube.com/channel/UCtpOw0dKOIVJ...
Upcoming SlideShare
Loading in …5
×

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

1,358 views

Published on

A technical overview of the dangers of BYOD in an enterprise

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

  1. 1. Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  2. 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  3. 3. Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
  4. 4. Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
  5. 5. What are these devices?
  6. 6. Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
  7. 7. Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
  8. 8. Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
  9. 9. Let focus on iOS …
  10. 10. Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
  11. 11. Cydia
  12. 12. Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
  13. 13. Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
  14. 14. What about Android?
  15. 15. PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
  16. 16. Can we be more creative?
  17. 17. Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
  18. 18. Demo
  19. 19. Open Discussion … Q & A
  20. 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com

×