1. 1 Gray, A brief look into Pentesting, Gadgets,
Certifications & Cool Projects
2. 2
3. 3 Red Team Uncovers TSA Failures
4. 44 Social Engineering Metasploit, a phone, fake online
profiles, voice modulation, social engineering toolkit Forensic
Tools Kali Linux, Deft Linux, Sleuthkit, Digital Forensics Kit
Footprinting Tools Maltego, NSLookup, nMap Lockpicks/Gadgets Bump
keys, lockpick kits, master keys, hackrf, pineapple wifi, rubber
ducky, RFID, yagi antennas notable tools that EVERYONE should know
about... A BlackHats Toolkit
5. 5 The WiFi Pineapple is a unique device developed by Hak5
for the purpose of WiFi auditing and penetration testing. Since
2008 the WiFi Pineapple has grown to encompass the best rogue
access point features, unique purpose-built hardware, intuitive web
interfaces, versatile deployment options, powerful software and
hardware development aids, a modular application ecosystem and a
growing community of passionate penetration testers.
6. 6 At the core of the WiFi Pineapple is a modular web
interface designed to simplify the management and execution of
advanced attacks. A set of "infusions" (modules) provide convenient
graphical front-ends for popular command line applications.
Infusions can be installed to the device over-the-air from an
online portal. These free applications install in a matter of
clicks. Additionally, infusions may be developed directly on the
device using the open application programming interface (API). Once
submitted for review, your Infusion will be included in the online
portal for all WiFi Pineapple users.
7. 7 RECONNAISSANCE Visualize WiFi landscape. Target networks
and individuals. AUTO HARVEST Collect probe requests and beacons
for rebroadcast. DOGMA Attract specific targets or all devices with
thousands of beacons. BEACON RESPONSE Mimic networks with automatic
targeted beacons. KARMA Capture clients no matter what network they
seek.
8. 8
9. 9
10. 10
11. 11 Since 2010 the USB Rubber Ducky has been a favorite
among hackers, penetration testers and IT professionals. With
origins as a humble IT automation proof-of-concept using an
embedded dev-board, it has grown into a full fledged commercial
Keystroke Injection Attack Platform. The USB Rubber Ducky captured
the imagination of hackers with its simple scripting language,
formidable hardware, and covert design.
12. 12 COMMUNITY PAYLOAD GENERATORS, FIRMWARE, ENCODERS AND
TOOLKITS Customize pre-assembled attacks from our repository -
Payload Wiki Online Duck Toolkit for simple Reconnaissance,
Exploitation and Reporting The Simple Ducky Payload Generator for
Linux with Password Cracker and Meterpreter and Netcat integration
VID & PID Swapper to cloak your device Ducky-Decode Firmware
and Encoder adding Mass Storage, Multiple Payloads, Multilingual
and and much more. And of course the USB Rubber Ducky Forums for
Payload sharing, suggestions, questions and information.
13. 13
14. 14 10 MHz to 6 GHz operating frequency half-duplex
transceiver up to 20 million samples per second compatible with GNU
Radio, SDR#, and more software-configurable RX and TX gain and
baseband filter software-controlled antenna port power (50 mA at
3.3 V) SMA female antenna connector convenient buttons for
programming internal pin headers for expansion Hi-Speed USB 2.0
USB-powered open source hardware
15. 15 Heres a few resources Ive been reading, watching or have
bookmarked in no particular order relating to SDR and GNU Radio. As
a beginner in this I cant fully vouch for their quality but they
seem okay! http://greatscottgadgets.com/sdr/ Fantastic SDR for
HackRF tutorials by Michael Ossmann.
http://files.ettus.com/tutorials/ Some quality SDR / GNU Radio
tutorials
http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorials
SDR / GNU Radio tutorials with supporting code on github
http://www.ece.uvic.ca/~elec350/lab_manual/ Communication lab work
in GNU Radio from the University of Victoria BC
http://www.trondeau.com/gr-tutorial/ Another tutorial with
supporting code https://www.youtube.com/user/2011HPS/videos Some
GNU Radio tutorials, no audio though.
http://www.csun.edu/~skatz/katzpage/sdr_project/sdrproject.html
contain some interesting bits http://complextoreal.com/tutorials/ A
large series of tutorials in digital communications
16. 16
17. 17
18. 18
19. 19
20. 20 Certified Ethical Hacker CEH provides a comprehensive
ethical hacking and network security-training program to meet the
standards of highly skilled security professionals. Hundreds of
SMEs and authors have contributed towards the content presented in
the CEH courseware. Cisco Certified Network Associate Security
(CCNA Security) validates associate-level knowledge and skills
required to secure Cisco networks. With a CCNA Security
certification, a network professional demonstrates the skills
required to develop a security infrastructure, recognize threats
and vulnerabilities to networks, and mitigate security threats. The
CCNA Security curriculum emphasizes core security technologies, the
installation, troubleshooting and monitoring of network devices to
maintain integrity, confidentiality and availability of data and
devices, and competency in the technologies that Cisco uses in its
security structure.
21. 21
22. 22 Meetup Groups OWASP SD Dev OPS SD Python Full Stack
Talks SD Continuing Education CCNA Courses CTF Tournaments UCSB
Local Qualifiers Local Conventions Toorcon Cybercon