On This Page

Make Your Own Pentesting Gadget

Vivek Ramachandran | March 24-25



Overview

We all love gadgets like the WiFi Pineapple, Minipwner, and Pwn Plug! They are extremely useful to show compelling demos, aid in social engineering attacks and can be used for pentest task automation. In this training, you will learn how to make your own Pentesting Gadget from scratch using off the shelf home wireless routers. You will be able to run pentest tools like Nmap, Metasploit, Aircrack-NG, etc. on this platform, automate pentest tasks, create rogue devices, backdoor the firmware and even create a wireless IDS/IPS!

A non-exhaustive list of topics to be covered:
  • Embedded system basics
  • Selecting the hardware
  • Bootloader and Firmware Basics
  • Reversing the Firmware
  • Binwalk and Firmware mod kit
  • Filesystem Extraction
  • Combating Compression and Encryption
  • Using QEMU to run binaries
  • Reversing with IDA and GDB
  • Installing a Toolchain
  • Creating Custom Backdoors
  • Repackaging the Firmware
  • Hacking Busybox -OpenWrt Basics
  • Creating a custom firmware
  • Porting Pentest Tools
  • Installing Nmap, Metasploit, Aircrack-NG, etc.
  • Running Python and Scapy
  • Monitoring Wi-Fi
  • Creating an IPS for Wi-Fi
  • Automating Pentest Tasks
  • Creating Enterprise Rogue Devices
  • Conclusion and Future Direction

Who Should Take this Course

  • Pentesters.
  • Security Researchers.
  • Network Admins.

Student Requirements

Working knowledge of Linux.

What Students Should Bring

  • Laptop with at least 4GB RAM and 20 GB free space.
  • Working USB port.

What Students Will Be Provided With

  • Hardware router with power cable.
  • PDF slides of the course.
  • Code snippets and Scripts used.
  • Videos to all demos.

Trainers

Vivek Ramachandran is the founder and chief trainer at SecurityTube.net. He discovered the Caffe Latte attack, broke WEP Cloaking (a WEP protection schema) in 2007 publicly at DEF CON, and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book, "Backtrack 5 Wireless Penetration Testing."

He runs SecurityTube Trainings and Pentester Academy - currently taken by InfoSec professionals in 90 countries. He also conducts in-person trainings in the US, Europe, and Asia. Vivek's work on wireless security has been quoted in BBC Online, InfoWorld, MacWorld, The Register, IT World Canada, etc. He has spoken/trained at top conferences around the world including Black Hat USA, Europe and Abu Dhabi, DEF CON, Hacktivity, BruCON, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n, etc. Twitter: @securitytube.