Sunday, November 25, 2018

Projects to-do

Pi Bakery - standardized build for default PIs on home network

Pi build instructions for full-on wifi testing tool, including a reproducible build of my current hacking box.



Pi dropbox for 802.1x NAC bypass
Pi dropbox for ssh outbound access

Twitter bot on Pi - ideally one that will receive requests from only me to download specific youtube URLs to the Plex bot, from anywhere. So that I can immediately download music to my Plex server at home.

OpenVAS docker image. Or Bloodhound+Neo4j on docker image.

Learn/play with Kubernetes, Terraform.

Hashcat script - hashcat post.

Re-install everything on my other laptop.


Pi Bakery

As you can see, my posting rate has dramatically dropped off. Part of this is because of a general disenchantment with doing limited-scope pentests against which networks are increasingly protected. What's the point, say I, of doing a pentest that doesn't permit access to physical workstations or emailing/phishing as part of the assessment? What benefit does a company receive of sitting me down at a network port, me failing to get on due to NAC, or even if I do get on, finding that everything is locked down and random ports aren't open, other than being able to check-off that they've done their yearly pentest?

In one (or rarely two) week, how do you expect me to assess anything else other than a point-in-time assessment? Am I testing how you look right now? or do you rather care what happens over time? Will someone slip up? Are effective policies and training in place to prevent mistakes?

Even worse are tests of targets directly, without permitting access to the network on which they sit. The only entry of attack is finding, or more likely writing, exploits of minor items and chaining them up. In which case you're only proving why something that the company considers only a medium risk, should be elevated higher and fixed. What a load of wasted effort.

Now, since it was pentests that made me do side research, not doing pentests naturally led to flagging research. Other events aside, lead me to understand that relying on work to make me happy or to drive side research and learning, is not the right path. So now I'm working on separating work and hobbies, general self-improvement, etc, and learning some new things.

Recently I found out the power of a Docker container running OpenVAS, which was super easy to install and run on Kali Linux without having to worry about dependencies. Afterwards I read "The Phoenix Project" and am almost done with the book on which the former was based, namely "The Goal". I've also started reading the DevOps Handbook to get a better grasp on SecDevOps and how to manage/drive change in an organization.

Today I've spent most of a day playing with Pi Bakery to create a standardized Pi image install. Pretty darn useful.

The plan is to eventually create an RPi dropbox for pentests, much later down the line, which should be able to do wifi stuff and/or bypass 802.1x network access level protections.

Update: Here is a standard Pi Bakery recipe in case you want to play with it. It performs the following actions:

1. Add noatime to all the partitions in /etc/fstab to avoid writing to SD Card (prolongs life of SD card)
2. apt-get update
3. install nmap git screen irssi dnsutils vnstat cifsutils
4. remove swap - also prolongs life of card
5. adds one alias command to ~/.bashrc
6. changes timezone to Central
7. Generates locales to US UTF-8 like raspi-config does
8. reboots.

Password will be raspberry123, make sure to change it, and also do a full upgrade

UPDATE 2: Item 7 above is not working, still working out hijinks.