Obsidis Consortia, Inc.

BYOD:Bring Your Own Darkside

José L. Quiñones-Borrero, BSMCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA

What is OC, Inc?

• Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico.

• OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.

Why BYOD?

• What's Mine Is Mine, What's Yours Is Mine, Too

• Employees Happier, More Productive?

• Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes

Why NOT?

• Little or no control over devices

• Privacy issues about device’s content

• No jurisdiction over devices

What are these devices?

Laptops

• Live CD/USB– Live USB Creator– Unetbootin

• Virtual Machines– VMware Player– VirtualBox

• Full OS on Hardware– Kali/Backtrack– Pentoo– BackBox

Smartphones and Tablets

• Jailbreak iOS

• Rooted Android

• Ubuntu Touch (Phone)

Others

• Home Routers– Linksys WRT-54G– Alfa Network AP-121U– TP-Link WR703N

• Custom Firmware– DD-RWT– OpenWrt w/Jasager– Totmato Router

Let focus on iOS …

Apple iOS AppStore Goodness

• iNet• TIOD• IPScanner• zScan Pro• Whois• TCPinger• Net Utility

• VNC viewer• RDP client• aSubnet

• Python 2.7

Cydia

Jailbroken iOS

• Tools– nmap, tcpdump, ettercap, aircrack-ng*, dns2tcp,

netcat• Development– Python, Ruby, Perl, SQLite

• OS– wget, curl, grep, sed, awk, inetutils, whois, locate

• Deamons– dns, http, dhcp, ftp, vnc

Installing Metasploit on iOS

1. Jailbrake your iOS devices2. Install BigBoss Recomended Tools3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb4. iconv_1.14-1_iphoneos-arm.deb5. zlib_1.2.3-1_iphoneos-arm.deb6. metasploitframework4.5.tgz

What about Android?

PwnPad ($895.00)

•Wireless ToolsAircrack-ng•Kismet •Wifite•Reaver•MDK3•EAPeak•Asleap•FreeRADIUS-WPE

•HostapdBluetooth Tools:•bluez-utils•btscanner•bluelog•Ubertooth tools•Web ToolsNikto•Wa3f

•Network ToolsNET-SNMP•Nmap•Netcat•Hping3•Macchanger•Tcpdump•Tshark•Ngrep•Dsniff•Ettercap-ng•SSLstrip

•Hamster & Ferret•Metasploit 4•SET•Easy-Creds

•John (JTR)•Hydra•Pyrit•Scapy

Can we be more creative?

Red Teaming BYOD

• Raspberry Pi ($35)– 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet– Huge development community– Debian and Red Hat based distros

• CubieBoard ($80)– 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet– Some community support– Ubuntu and Android

• Odroid ($90)– 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet– No community yet(new platform)– Ubuntu and Android

Demo

Open Discussion …

Q & A

Please visit us to keep in touch …www.ObsidisConsortia.org

www.BSidesPR.org

https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQghttps://plus.google.com/u/0/communities/102771209982001396923

https://facebook.com/obsidisconsortiahttps://twitter.com/BSidesPR

Affiliates:www.TalktoanIT.comwww.codefidelio.org

www.darkoperator.com