Small Disposable Devices that Own Wi-Fi Networks with Help from DARPA

If you haven’t seen Brendan O’Connor’s security conference presentations on “Reticle and F-BOMB” you should really take the time out and check them out. It is a fascinating project on using low cost computer boards to create a disposal, bot-net like, distributable Wi-Fi spying system. 

Once deployed, the sub $50 devices can crack and use the target’s wireless network to communicate back to the attacker using encrypted channels. As explained the F-BOMB, or “Falling or Ballistically-launched Object that Makes Backdoors“, can be deployed by being thrown into the target’s complex, hidden inside other objects, or even delivered via quad rotor drone.

But what would an F-BOMB be without brains? And this is where Reticle comes in.

Reticle is the software brain behind the cheap hardware brawn. Basically it is “Leaderless Command and Control” software that combines several open source products that in essence create an intelligent, fault tolerant and fully encrypted remote spying platform.

And get this, the software part of the project was created with funding from DARPA, the government’s advanced DoD research organization. Reticle was created under DARPA’s Cyber Fast Track program. A program that helps get idea’s to functional tech with greatly reduced paperwork and overhead.

Here is Brendan’s Bsides Las Vegas 2012 provided on YouTube by Adrian Crenshaw (aka IronGeek):

(NSFW intro comment)


Later this month at Black Hat USA 2013 Brendan will talk about his latest creation of this technology called CreepyDOL.

According to the presentation overview:

“CreepyDOL is a distributed sensing and data mining system combining very-low-cost sensors, open-source software, and a focus on user experience to provide personnel identification, tracking, and analysis without sending any data to the targets. In other words, it takes you from hand-crafted, artisan skeeviness to big-box commodity creepiness, and enables government-level total awareness for about $500 of off-the-shelf hardware.”

Sounds cool, in a really creepy way!

So, check out Brendan’s Bsides video from last year, and if you are at Black Hat this month, be sure to stop in and check out his presentation!

Advertisements

BSides Cleveland Security Conference Videos

If you don’t have the chance to get to the big security conferences, then you always look forward to the conference videos when they come out. July is no exception with several awesome conferences taking place. Adrian Crenshaw (aka Irongeek) has released links to all of the BSides Cleveland Security conference videos.

Below are two of my favorites.

First up is Dave Kennedy, mad hugger, and security guru extraordinaire, with a great look at some of his pentesting secrets and techniques. This is an excellent look at his Social Engineering Toolkit, tips on bypassing Anti-Virus, elevating a user to Admin account, and egress techniques.

Next up is “Pass the Hash like a Rockstar” by Martin “Purehate” Bos. This is a great look at different techniques used to compromise systems by using pass the hash. Kind of disappointing, this is not the talk he was going to do. He was going to do a speech on password cracking, which sounded really interesting, but he had to change it at the last moment. Hopefully he will release the intended speech at some point, but this talk is very good too!