SlideShare a Scribd company logo

The CARzyPire - Another Red Team Operation

Prathan Phongthiproek
Prathan Phongthiproek

Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !!

Technology
1 of 19
Download to read offline
© 2019 Secure D Center Co.,Ltd The CARzyPire Another Red Team Operations
© 2019 Secure D Center Co.,Ltd DISCLAIMER All the information provided on this site are for educational purposes only. Any actions and or activities related to the material contained within this document is solely your responsibility. The misuse of the knowledge can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information from this document to break the law.
© 2019 Secure D Center Co.,Ltd Introduction Agenda  The CARzyPire Project  Preparation  Customizing Payload  Delivery and Exploitation Speaker Prathan Phongthiproek tanprathan pprathan prathan cwhunderground
© 2019 Secure D Center Co.,Ltd The CARzyPire Project Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !! External Zone Internal Zone
© 2019 Secure D Center Co.,Ltd Preparation
© 2019 Secure D Center Co.,Ltd Hardware Preparation https://re4son-kernel.com/re4son-pi-kernel  Sticky Fingers Kali-Pi 0 – Armel edition Raspberry Pi Zero W
© 2019 Secure D Center Co.,Ltd Hardware Preparation https://github.com/BastilleResearch/mousejack  Build the firmware  Flash over USB Crazyradio PA https://github.com/insecurityofthings/jackit  Install the JackIt https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript  Create Duckyscript
© 2019 Secure D Center Co.,Ltd Radio Frequency (RF) over USB Dongle Wireless devices (Mouse/Keyboard/Presenter remote) can be hijacked !! Source: https://www.mousejack.com/
© 2019 Secure D Center Co.,Ltd Command-and-Control Server Preparation https://github.com/EmpireProject/Empire  Setup the Empire C2 Server PowerShell Empire https://github.com/interference-security/empire-web  Set up the PowerShell Empire Web
© 2019 Secure D Center Co.,Ltd Customizing Payload
© 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
© 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
© 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customizing PowerShell Empire Stager HTTP Stager Agent
© 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customized Payload x Duckyscript Stager (Multi/Launcher) Creation Duckyscript
© 2019 Secure D Center Co.,Ltd Delivery and Exploitation
© 2019 Secure D Center Co.,Ltd Delivery through CARzyPire Jackit AutoPWN x Empire Web
© 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
© 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
© 2019 Secure D Center Co.,Ltd Thank You Contact us: info@secure-d.tech

Recommended

Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Jack Smith
 
Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Tools for building your Startup on AWS
Tools for building your Startup on AWSTools for building your Startup on AWS
Tools for building your Startup on AWSRob De Feo
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
B2B Software Global Trends
B2B Software Global TrendsB2B Software Global Trends
B2B Software Global TrendsAmazon Web Services
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsAmazon Web Services
 

Recommended

Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Create WiFi Hotspot on Windows 7
Create WiFi Hotspot on Windows 7 Jack Smith
 
Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Tools for building your Startup on AWS
Tools for building your Startup on AWSTools for building your Startup on AWS
Tools for building your Startup on AWSRob De Feo
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkLeveraging Splunk Enterprise Security with the MITRE’s ATT&CK Framework
Leveraging Splunk Enterprise Security with the MITRE’s ATT&CK FrameworkSplunk
 
B2B Software Global Trends
B2B Software Global TrendsB2B Software Global Trends
B2B Software Global TrendsAmazon Web Services
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsAmazon Web Services
 
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -Takuma Haraguchi
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestAmazon Web Services
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...Amazon Web Services
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitAmazon Web Services
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxThanhBoHoaluaVn
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOpsCobus Bernard
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAmazon Web Services
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungSameer Kenkare
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitAmazon Web Services
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceChristopher Doman
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Amazon Web Services
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate開拓文教基金會
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 
Machine Learning at the Edge
Machine Learning at the EdgeMachine Learning at the Edge
Machine Learning at the EdgeAmazon Web Services
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicChris Skinner
 
Shell Script 4 DBAs
Shell Script 4 DBAsShell Script 4 DBAs
Shell Script 4 DBAsRodrigo Mufalani
 
Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Prathan Phongthiproek
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 

More Related Content

Similar to The CARzyPire - Another Red Team Operation

顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -Takuma Haraguchi
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestAmazon Web Services
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...Amazon Web Services
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitAmazon Web Services
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxThanhBoHoaluaVn
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaNowSecure
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOpsCobus Bernard
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAmazon Web Services
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungSameer Kenkare
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020NSC42 Ltd
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitAmazon Web Services
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceChristopher Doman
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Amazon Web Services
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsNowSecure
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate開拓文教基金會
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software DeliveryTiffany Jachja
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicChris Skinner
 

Similar to The CARzyPire - Another Red Team Operation (20)

顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
顧客要望と情熱のあいだ - B2B SaaS のプロダクトマネジメント -
 
A few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP requestA few milliseconds in the life of an HTTP request
A few milliseconds in the life of an HTTP request
 
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo... From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
From Unattended Ground Sensors (UGS) to Installations; Leveraging AWS IoT fo...
 
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS SummitDeveloping intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
Developing intelligent robots with AWS RoboMaker - SVC207 - New York AWS Summit
 
Fortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptxFortinet - Digital Government Cloud Security 2.pptx
Fortinet - Digital Government Cloud Security 2.pptx
 
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2fridaOSS Tools: Creating a Reverse Engineering Plug-in for r2frida
OSS Tools: Creating a Reverse Engineering Plug-in for r2frida
 
2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps2019-11-09 DevOpsNG - What I've learned from DevOps
2019-11-09 DevOpsNG - What I've learned from DevOps
 
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles YangAWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
AWS微服務時代-Serverless架構與物聯網的整合與應用-Tomofun-Charles Yang
 
Trends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe ChungTrends in Digital Transformation by Joe Chung
Trends in Digital Transformation by Joe Chung
 
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020The security phoenix - from the ashes of DEV-OPS Appsec California 2020
The security phoenix - from the ashes of DEV-OPS Appsec California 2020
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency Enterprise
 
Digital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS SummitDigital transformation for local news - SVC220 - New York AWS Summit
Digital transformation for local news - SVC220 - New York AWS Summit
 
Blackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat IntelligenceBlackhat - Do you trust your Threat Intelligence
Blackhat - Do you trust your Threat Intelligence
 
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
Developing intelligent robots with AWS RoboMaker - SVC207 - Santa Clara AWS S...
 
Android Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy EnhancementsAndroid Q & iOS 13 Privacy Enhancements
Android Q & iOS 13 Privacy Enhancements
 
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
張楷翊(Oscar):客製打造專屬工作 App – Power Apps / Automate
 
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
{unscripted} 2020 : A Conference for Simplifying and Scaling Software Delivery
 
Machine Learning at the Edge
Machine Learning at the EdgeMachine Learning at the Edge
Machine Learning at the Edge
 
Bitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - publicBitcoin and cryptocurrencies fs club final - public
Bitcoin and cryptocurrencies fs club final - public
 
Shell Script 4 DBAs
Shell Script 4 DBAsShell Script 4 DBAs
Shell Script 4 DBAs
 

More from Prathan Phongthiproek

Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Prathan Phongthiproek
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetPrathan Phongthiproek
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityPrathan Phongthiproek
 

More from Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)Mobile Defense-in-Dev (Depth)
Mobile Defense-in-Dev (Depth)
 
Cyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application ExploitationCyber Kill Chain: Web Application Exploitation
Cyber Kill Chain: Web Application Exploitation
 
Mobile App Hacking In A Nutshell
Mobile App Hacking In A NutshellMobile App Hacking In A Nutshell
Mobile App Hacking In A Nutshell
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
OWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-DiveOWASP Mobile Top 10 Deep-Dive
OWASP Mobile Top 10 Deep-Dive
 
The Hookshot: Runtime Exploitation
The Hookshot: Runtime ExploitationThe Hookshot: Runtime Exploitation
The Hookshot: Runtime Exploitation
 
Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 
Don't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application AttacksDon't Trust, And Verify - Mobile Application Attacks
Don't Trust, And Verify - Mobile Application Attacks
 
Owasp Top 10 Mobile Risks
Owasp Top 10 Mobile RisksOwasp Top 10 Mobile Risks
Owasp Top 10 Mobile Risks
 
Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20Point-Of-Sale Hacking - 2600Thailand#20
Point-Of-Sale Hacking - 2600Thailand#20
 
OWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration TestingOWASP Thailand-Beyond the Penetration Testing
OWASP Thailand-Beyond the Penetration Testing
 
Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]Mobile Application Pentest [Fast-Track]
Mobile Application Pentest [Fast-Track]
 
Hack and Slash: Secure Coding
Hack and Slash: Secure CodingHack and Slash: Secure Coding
Hack and Slash: Secure Coding
 
CDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest WorkshopCDIC 2013-Mobile Application Pentest Workshop
CDIC 2013-Mobile Application Pentest Workshop
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Layer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load TargetLayer8 exploitation: Lock'n Load Target
Layer8 exploitation: Lock'n Load Target
 
Advanced Malware Analysis
Advanced Malware AnalysisAdvanced Malware Analysis
Advanced Malware Analysis
 
Tisa mobile forensic
Tisa mobile forensicTisa mobile forensic
Tisa mobile forensic
 
Tisa-Social Network and Mobile Security
Tisa-Social Network and Mobile SecurityTisa-Social Network and Mobile Security
Tisa-Social Network and Mobile Security
 

Recently uploaded

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

The CARzyPire - Another Red Team Operation

  • 1. © 2019 Secure D Center Co.,Ltd The CARzyPire Another Red Team Operations
  • 2. © 2019 Secure D Center Co.,Ltd DISCLAIMER All the information provided on this site are for educational purposes only. Any actions and or activities related to the material contained within this document is solely your responsibility. The misuse of the knowledge can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event any criminal charges be brought against any individuals misusing the information from this document to break the law.
  • 3. © 2019 Secure D Center Co.,Ltd Introduction Agenda  The CARzyPire Project  Preparation  Customizing Payload  Delivery and Exploitation Speaker Prathan Phongthiproek tanprathan pprathan prathan cwhunderground
  • 4. © 2019 Secure D Center Co.,Ltd The CARzyPire Project Raspberry Pi Zero W + Crazyradio PA + PowerShell Empire in the Radio-controlled car !! External Zone Internal Zone
  • 5. © 2019 Secure D Center Co.,Ltd Preparation
  • 6. © 2019 Secure D Center Co.,Ltd Hardware Preparation https://re4son-kernel.com/re4son-pi-kernel  Sticky Fingers Kali-Pi 0 – Armel edition Raspberry Pi Zero W
  • 7. © 2019 Secure D Center Co.,Ltd Hardware Preparation https://github.com/BastilleResearch/mousejack  Build the firmware  Flash over USB Crazyradio PA https://github.com/insecurityofthings/jackit  Install the JackIt https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript  Create Duckyscript
  • 8. © 2019 Secure D Center Co.,Ltd Radio Frequency (RF) over USB Dongle Wireless devices (Mouse/Keyboard/Presenter remote) can be hijacked !! Source: https://www.mousejack.com/
  • 9. © 2019 Secure D Center Co.,Ltd Command-and-Control Server Preparation https://github.com/EmpireProject/Empire  Setup the Empire C2 Server PowerShell Empire https://github.com/interference-security/empire-web  Set up the PowerShell Empire Web
  • 10. © 2019 Secure D Center Co.,Ltd Customizing Payload
  • 11. © 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
  • 12. © 2019 Secure D Center Co.,Ltd Our Enemy Windows Defender !!
  • 13. © 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customizing PowerShell Empire Stager HTTP Stager Agent
  • 14. © 2019 Secure D Center Co.,Ltd The Empire Strikes Back - Bypassing Windows Defender (Tested in July 2019) Customized Payload x Duckyscript Stager (Multi/Launcher) Creation Duckyscript
  • 15. © 2019 Secure D Center Co.,Ltd Delivery and Exploitation
  • 16. © 2019 Secure D Center Co.,Ltd Delivery through CARzyPire Jackit AutoPWN x Empire Web
  • 17. © 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
  • 18. © 2019 Secure D Center Co.,Ltd Exploitation PowerShell Empire on the Web
  • 19. © 2019 Secure D Center Co.,Ltd Thank You Contact us: info@secure-d.tech