SlideShare a Scribd company logo

The CARzyPire - Another Red Team Operation

Prathan Phongthiproek
Prathan Phongthiproek

Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !!

Technology
1 of 19
Download to read offline
© 2019 Secure D Center Co.,Ltd The CARzyPire Another Red Team Operations
© 2019 Secure D Center Co.,Ltd DISCLAIMER All the information provided on this site are for educational purposes only. Any actions and or activities related to the material contained within this document is solely your responsibility. The misuse of the knowledge can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information from this document to break the law.
© 2019 Secure D Center Co.,Ltd Introduction Agenda  The CARzyPire Project  Preparation  Customizing Payload  Delivery and Exploitation Speaker Prathan Phongthiproek tanprathan pprathan prathan cwhunderground
© 2019 Secure D Center Co.,Ltd The CARzyPire Project Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !! External Zone Internal Zone
© 2019 Secure D Center Co.,Ltd Preparation
© 2019 Secure D Center Co.,Ltd Hardware Preparation https://re4son-kernel.com/re4son-pi-kernel  Sticky Fingers Kali-Pi 0 – Armel edition Raspberry Pi Zero W
© 2019 Secure D Center Co.,Ltd Hardware Preparation https://github.com/BastilleResearch/mousejack  Build the firmware  Flash over USB Crazyradio PA https://github.com/insecurityofthings/jackit  Install the JackIt https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript  Create Duckyscript
© 2019 Secure D Center Co.,Ltd Radio Frequency (RF) over USB Dongle Wireless devices (Mouse/Keyboard/Presenter remote) can be hijacked !! Source: https://www.mousejack.com/
© 2019 Secure D Center Co.,Ltd Command-and-Control Server Preparation https://github.com/EmpireProject/Empire  Setup the Empire C2 Server PowerShell Empire https://github.com/interference-security/empire-web  Set up the PowerShell Empire Web
© 2019 Secure D Center Co.,Ltd Customizing Payload
© 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
© 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
© 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customizing PowerShell Empire Stager HTTP Stager Agent
© 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customized Payload x Duckyscript Stager (Multi/Launcher) Creation Duckyscript
© 2019 Secure D Center Co.,Ltd Delivery and Exploitation
© 2019 Secure D Center Co.,Ltd Delivery through CARzyPire Jackit AutoPWN x Empire Web
© 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
© 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
© 2019 Secure D Center Co.,Ltd Thank You Contact us: info@secure-d.tech

Recommended

Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Jack Smith
 
Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Tools for building your Startup on AWS
Tools for building your Startup on AWSTools for building your Startup on AWS
Tools for building your Startup on AWSRob De Feo
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
B2B Software Global Trends
B2B Software Global TrendsB2B Software Global Trends
B2B Software Global TrendsAmazon Web Services
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsAmazon Web Services
 

Recommended

Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Jack Smith
 
Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Tools for building your Startup on AWS
Tools for building your Startup on AWSTools for building your Startup on AWS
Tools for building your Startup on AWSRob De Feo
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
B2B Software Global Trends
B2B Software Global TrendsB2B Software Global Trends
B2B Software Global TrendsAmazon Web Services
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsAmazon Web Services
 
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -Takuma Haraguchi
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestAmazon Web Services
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...Amazon Web Services
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitAmazon Web Services
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxThanhBoHoaluaVn
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOpsCobus Bernard
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAmazon Web Services
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungSameer Kenkare
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitAmazon Web Services
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceChristopher Doman
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Amazon Web Services
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate開拓文教基金會
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 
Machine Learning at the Edge
Machine Learning at the EdgeMachine Learning at the Edge
Machine Learning at the EdgeAmazon Web Services
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicChris Skinner
 
Shell Script 4 DBAs
Shell Script 4 DBAsShell Script 4 DBAs
Shell Script 4 DBAsRodrigo Mufalani
 
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Prathan Phongthiproek
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 

More Related Content

Similar to The CARzyPire - Another Red Team Operation

顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -Takuma Haraguchi
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestAmazon Web Services
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...Amazon Web Services
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitAmazon Web Services
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxThanhBoHoaluaVn
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOpsCobus Bernard
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAmazon Web Services
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungSameer Kenkare
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitAmazon Web Services
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceChristopher Doman
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Amazon Web Services
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate開拓文教基金會
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicChris Skinner
 

Similar to The CARzyPire - Another Red Team Operation (20)

顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP request
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptx
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe Chung
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency Enterprise
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS Summit
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat Intelligence
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
 
Machine Learning at the Edge
Machine Learning at the EdgeMachine Learning at the Edge
Machine Learning at the Edge
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - public
 
Shell Script 4 DBAs
Shell Script 4 DBAsShell Script 4 DBAs
Shell Script 4 DBAs
 

More from Prathan Phongthiproek

Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 

More from Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 

Recently uploaded

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

The CARzyPire - Another Red Team Operation

  • 1. © 2019 Secure D Center Co.,Ltd The CARzyPire Another Red Team Operations
  • 2. © 2019 Secure D Center Co.,Ltd DISCLAIMER All the information provided on this site are for educational purposes only. Any actions and or activities related to the material contained within this document is solely your responsibility. The misuse of the knowledge can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information from this document to break the law.
  • 3. © 2019 Secure D Center Co.,Ltd Introduction Agenda  The CARzyPire Project  Preparation  Customizing Payload  Delivery and Exploitation Speaker Prathan Phongthiproek tanprathan pprathan prathan cwhunderground
  • 4. © 2019 Secure D Center Co.,Ltd The CARzyPire Project Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !! External Zone Internal Zone
  • 5. © 2019 Secure D Center Co.,Ltd Preparation
  • 6. © 2019 Secure D Center Co.,Ltd Hardware Preparation https://re4son-kernel.com/re4son-pi-kernel  Sticky Fingers Kali-Pi 0 – Armel edition Raspberry Pi Zero W
  • 7. © 2019 Secure D Center Co.,Ltd Hardware Preparation https://github.com/BastilleResearch/mousejack  Build the firmware  Flash over USB Crazyradio PA https://github.com/insecurityofthings/jackit  Install the JackIt https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript  Create Duckyscript
  • 8. © 2019 Secure D Center Co.,Ltd Radio Frequency (RF) over USB Dongle Wireless devices (Mouse/Keyboard/Presenter remote) can be hijacked !! Source: https://www.mousejack.com/
  • 9. © 2019 Secure D Center Co.,Ltd Command-and-Control Server Preparation https://github.com/EmpireProject/Empire  Setup the Empire C2 Server PowerShell Empire https://github.com/interference-security/empire-web  Set up the PowerShell Empire Web
  • 10. © 2019 Secure D Center Co.,Ltd Customizing Payload
  • 11. © 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
  • 12. © 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
  • 13. © 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customizing PowerShell Empire Stager HTTP Stager Agent
  • 14. © 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customized Payload x Duckyscript Stager (Multi/Launcher) Creation Duckyscript
  • 15. © 2019 Secure D Center Co.,Ltd Delivery and Exploitation
  • 16. © 2019 Secure D Center Co.,Ltd Delivery through CARzyPire Jackit AutoPWN x Empire Web
  • 17. © 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
  • 18. © 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
  • 19. © 2019 Secure D Center Co.,Ltd Thank You Contact us: info@secure-d.tech