Healthy Paranoia Show 17: How Do I Pwn Thee?

Greetings fair ladies and kind sirs, I present yet another episode of Healthy Paranoia. In this episode we examine the notoriously mad, bad and dangerous to know; pentest dropbox. Joining Mrs. Y are some poètes maudits of the security realm, including; Taylor Banks, Dan Tentler, Kyle Stone, Nick Lennox and Jay James.

A  dropbox or creeper is a small, unobtrusive, form factor device used by pentesters to gain a backdoor into a target network. Using social engineering techniques, the pentester will plug it into an unsecured network port and the device will either “phone home” via a reverse shell over a covert channel or using a 3G/GSM wireless adapter.

In this episode we explore:

  • Make or buy?
  • Alternative uses for a dropbox.
  • Hacking in your underwear.
  • When is a pentest dropbox like a grenade launcher?
  • How security professionals love really bad puns.
  • Why hasn’t anyone built one called “My Little Pwnie” yet? Seems like a natural…

Show Notes:

Pwn Your Own Network – The original post that started it all.

DerbyCon

TP-Link

Sharp Zaurus

OG150 Router from Darren Johnson

Acehackware (Mrs. Y is registered here, in case you’re wondering what to get me for my birthday, Xmas, Kwanzaa or Hanukkah)

R00tabaga

Minipwner

Pwnie Express

Demyo Power Strip

Transcend WiFi SD card hacking

PwnPi – the Linux-based penetration testing dropbox distribution for the Raspberry Pi.

Intel NUC

Airbase-ng

Sheeva Plug

CreepyDOL

WiFi Pineapple

Hackaday Rogue Pi

Robot Dragonfly

Pentest_dropbox

Mrs. Y
Mrs. Y is a recovering Unix engineer working in network security. Also the host of Healthy Paranoia and official nerd hunter. She likes long walks in hubsites, traveling to security conferences and spending time in the Bat Cave. Sincerely believes that every problem can be solved with a "for" loop. When not blogging or podcasting, can be found using up her 15 minutes in the Twittersphere or Google+ as @MrsYisWhy.
Mrs. Y
Mrs. Y
  • Matt Thompson

    I’ve not commented on your podcasts here before so thought I’d drop a line to say keep up the good work. Some great topics discussed.

  • Joshua Toon

    “It was hacked because it was running Windows”…maybe it was running Windows that wasn’t hardened? That’s something I’ve noticed security and network people (I used to be one) seem to think…it’s perfectly cool to spend your life learning the in’s and out’s of OSPF edge cases but don’t spend ANY time learning how to secure Windows…I mean it’s only the biggest part of the iceberg below the surface of any large business. If your experience with Windows security was XP and 2003 you have missed quite a bit of interesting stuff. In my experience it’s really admin’s that are the difference…Unix admins all know how to script at least a little…lots of Windows admin’s don’t. It’s changing though…