Pages

Tuesday, April 25, 2017

Bash Bunny, BlackHat Asia

I gotten a Bash Bunny a month ago and boy this is a device to behold. It works somewhat like a rubber ducky but the plus point is you can immediately run scripts on it (it has a Python interpreter too!) without having to go through a compilation process like how the rubber ducky needs. The 3-way hardware switch toggle on the top is the icing on the cake. Modes 1 and 2 for unleashing the kraken while mode 3 makes it a mass storage device.
Bunny hoping
I been very interested in USB attacks for the past few months now seeing how many organisations and people still rely on USB devices amidst a storm of wireless technologies offerings. One of the questions that got me thinking is there are USB ports on planes. What happens if you connect a rubber ducky or a bash bunny into the USB port and uses a mimikatz-like exploit? Well, like any other computer, if it connects to the main network, you are probably in passwords heaven. But I doubt it. Most media terminals on the plane are standalone. WiFi on the other ...

By the way, for you security enthusiasts around the SEA region, one notable conference that might interests you is BlackHat Asia. This year, again it was held at the Marina Bay Sands Expo in Singapore. This is an excellent place for networking and getting to know the people in the industry. I have had the privilege of getting to know, meeting and talking with the Pingu team, Michael Ossmann of HackRF One fame, Jeff Moss with his young kid, Anthony Lai  who is HongKong's OWASP chapter lead and the founder of the VXCON, another awesome security conference which I hope I can attend one day, and a whole group of other awesome security people. This is one conference you should seriously consider to attend even if it's for the free business pass.
A view of events for the day. Usually the briefings and the business hall events will last for two days. Blackhat trainings last for two days as well but they are held prior to the briefings and business hall days.

One of the popular booths in Blackhat Asia business hall. Here the contestants are picking locks to win prizes. Photo credited to Anthony.

Tuesday, March 14, 2017

Nexus 6P

The Nexus 6 has a new companion for on-the-go pentesting. Can't wait to see how this baby performs on multi core tasks compared to the 6. Was tempted to flash my OnePlus 3T at first but side loading the OTAs are kinda painful compared to the Nexus phones. Pixel phones? No can do with Google's change in the FS structure. For now.