Open all
Close all
1.1 The Audience for This Book
22
1.2 The Contents of This Book
22
1.3 The Structure of This Book
23
1.4 Note from the Author
26
PART I Performing IT Security Penetration Tests
29
2 IT Security Penetration Tests
31
2.1 Getting Started: What Are Pentests?
32
2.1.1 Advantages of Penetration Tests
32
2.1.2 The Limits of IT Security Tests
33
2.1.3 Objectives of Penetration Tests
33
2.1.4 Threats and Attacks
35
2.2 Characteristics of Penetration Tests
40
2.3 Procedure for Penetration Tests
44
2.3.1 Phase 1: Pre-Engagement
45
2.3.2 Phase 2: Reconnaissance
45
2.3.3 Phase 3: Threat Modeling
46
2.3.4 Phase 4: Exploitation
46
2.3.5 Phase 5: Reporting
46
2.3.6 Phase 6: Retesting
47
2.4 Assessing Vulnerabilities
47
2.5 Eliminating Vulnerabilities
51
3 Red Teaming as a Method
53
3.1 Using Red Teaming Successfully
55
3.1.2 Guidelines and Specifications for Red Teaming
56
3.1.3 Advantages of Red Teaming
57
3.2 Procedure of Red Teaming
58
3.2.2 Red Teaming Phases
58
3.3 The Purple Team Variant
60
4 Test Scenarios in Practice
63
4.1 Scenario A: Testing a Wi-Fi Surveillance Camera
64
4.2 Scenario B: Examining RFID Access Cards for a Locking System
75
4.3 Scenario C: Checking the Network Connections of a Printer
83
4.4 Scenario D: Analyzing the Interfaces of a Client Computer
90
PART II Awareness Training with Pentest Hardware
101
5 Security Awareness Training
103
5.1 Social Engineering
104
5.2 Different Types of Training
105
5.3 Security Awareness Training Using Pentest Hardware
106
6 Successful Training Methods
111
6.2 Promoting Motivation
114
6.2.1 Real-Life Examples
114
6.3 Controlling Activation
115
6.3.2 Flashlight Method
116
6.3.3 Short, Subject-Specific Conversation
116
6.4 Encouraging Interaction
117
6.4.1 Learning by Doing
117
7 Training Scenarios in Practice
121
7.1 Scenario A: Contaminated Workplace
121
7.2 Scenario B: Hardware Scavenger Hunt
124
7.3 Scenario C: USB Drives in Public Areas
127
PART III Hacking and Pentest Hardware Tools
135
8.1 Overview of the Hardware
137
8.1.5 Radio Frequency Identification
141
8.1.9 Universal Tools
143
8.2 Sources of Supply
144
9 Secret Surveillance Using Spy Gadgets
147
9.2 Mini Recording Devices: Secret Audio Recordings
151
9.3 GSM Recording Device: Worldwide Audio Transmissions
153
9.4 Spy Cameras: Undetected Video Recordings
155
9.5 Mini Wi-Fi Cameras: Versatile Camera Modules
157
9.6 GPS Trackers: Secretly Tracking and Transmitting Positions
158
9.7.1 Audio Spy Gadgets
160
9.7.2 Video Spy Gadgets
161
9.7.3 Radio Connections
162
9.8 Analyzing Devices Found
163
10 Recording Keystrokes and Monitoring Signals Using Loggers
165
10.2 Keyloggers: Inconspicuous Keyboard Monitoring
168
10.2.1 USB Keyloggers
169
10.2.2 Keyloggers with Wi-Fi
173
10.2.3 EvilCrow Keylogger: Flexible Platform
178
10.3 Screen Loggers: Secret Screen Monitoring
184
10.3.1 VideoGhost: Secret Screenshots
184
10.3.2 Screen Crab: Screen Logger via Wi-Fi
187
10.4.2 Screen Loggers
197
10.5 Analyzing Devices Found
197
11 Attacks via the USB Interface
199
11.2.1 Rubber Ducky Mark II: The BadUSB Classic
204
11.2.2 Digispark: An Affordable BadUSB Device
211
11.2.3 Teensy: A Universal Board
222
11.2.4 MalDuino 3: BadUSB with a Switch
231
11.2.5 Arduino Leonardo: BadUSB with Arduino
234
11.2.6 EvilCrow Cable: Disguised BadUSB
238
11.3 Control via Bluetooth or Wi-Fi
241
11.3.1 InputStick: Wireless Bluetooth Receiver
241
11.3.2 USBNinja: Bluetooth Control
246
11.3.3 Cactus WHID: BadUSB with Wi-Fi
251
11.3.4 DSTIKE WIFI Duck: Wi-Fi Keystroke Injection
258
11.3.5 ESP32-S3 Pendrive: Super WiFi Duck
263
11.3.6 O.MG Product Family
266
11.4 Simulating USB Devices
281
11.4.1 Bash Bunny Mark II: The BadUSB Multitool
281
11.4.2 Key Croc: A Smart Keylogger
285
11.5 Destroying Computers Using USB Killers
297
11.5.1 USBKill: Irreparably Damaging Devices
297
11.5.2 USB Killers Without Designations
305
11.5.3 Alternative Killers
307
11.6.1 Software Solutions
309
11.6.2 Hardware Solutions
311
11.7 Analyzing Devices Found
312
12 Manipulating Wireless Connections
313
12.2 Frequencies and Antennas
316
12.3 Wireless Signal Cloners: Duplicating Wireless Connections
318
12.4 Nooelec NESDR SMArt: Analyzing Wireless Connections
319
12.5 LimeSDR Mini: Attacking Wireless Connections
326
12.6 YARD Stick One: Manipulating Wireless Signals
329
12.7 HackRF One: Easy Duplication of Wireless Communication
334
12.8 HackRF One PortaPack: Mobile Version
339
12.9 Jammers: Interrupting Wireless Connections
347
12.10 Countermeasures
348
12.11 Analyzing Devices Found
349
13 Duplicating and Manipulating RFID Tags
351
13.2 Detectors: Detecting RFID Readers and Tags
356
13.2.1 RFID Diagnostic Card
357
13.2.2 RF Field Detector
357
13.2.3 Tiny RFID Detector
358
13.2.4 Other Solutions
359
13.3 Cloners: Simply Copying RFID Tags
359
13.3.1 Handheld RFID Writer
360
13.3.2 CR66 Handheld RFID
361
13.3.3 Handheld RFID IC/ID
362
13.3.4 RFID Multifrequency Replicator
363
13.3.5 XIXEI X7-B Smart Card Reader/Writer
364
13.4 Keysy: A Universal RFID Key
366
13.5 ChameleonMini/Tiny: An RFID Multitool
368
13.6 Proxmark: Powerful RFID Hardware
373
13.6.3 Portable Version
382
13.7 iCopy-X: Another RFID Multitool
383
13.8 NFCKill: Destroying RFID/NFC Tags
386
13.8.2 The CCC’s RFID Zapper
388
13.10 Analyzing Devices Found
389
14 Tracking and Manipulating Bluetooth Communication
391
14.2 Bluefruit LE Sniffer: Tracking Bluetooth Low Energy
394
14.3 BtleJack with BBC micro:bit for Tapping Bluetooth Low Energy Connections
397
14.4 Ubertooth One: Analyzing Bluetooth Connections
403
14.6 Analyzing Devices Found
409
15 Manipulating and Interrupting Wi-Fi Connections
411
15.2 DSTIKE Deauther: Interrupting Wi-Fi Connections
414
15.3 Maltronics WiFi Deauther: Remote-Controlled Attacks
421
15.4 WiFi Pineapple: Fake Wi-Fi Networks
426
15.6 Analyzing Devices Found
446
16 Tapping Wired LANs
447
16.2 Throwing Star LAN Tap: Simply Tapping Data
450
16.3 Plunder Bug: Exfiltrating Data with Style
454
16.4 Packet Squirrel Mark II: Capturing Network Traffic
458
16.5 Shark Jack: Performing Predefined Actions
481
16.6 LAN Turtle: Secret Network Access
488
16.8 Analyzing Devices Found
502
17 Universal Hacking Hardware
503
17.1 USB Army Knife: LILYGO T-Dongle S3
503
17.2 Raspberry Pi and P4wnP1 A.L.O.A.: The BadUSB Super Tool
511
17.3 Flipper Zero: A Hacker Tamagotchi
515
17.3.10 Alternative Firmware
528
18 Discontinued Hardware and Previous Versions
533
18.1 Attacks via the USB Interface
533
18.1.1 Rubber Ducky: Mark I (Version 2010)
533
18.1.2 MalDuino Lite and Elite
537
18.1.4 Bash Bunny Mark I
548
18.1.5 USBKill Version 2.0
552
18.2 Manipulating Wireless Connections
554
18.2.1 Crazyradio PA: Transfer of Wireless Connections
554
18.3 Tapping Wired LANs
557
18.3.1 Packet Squirrel Mark I
557
19 Analyzing Detected Hardware
575
19.2 Devices with Data Storage
576
19.2.1 Protection Against Modifications (Write Blockers)
577
19.2.2 Creating an Identical Copy of Detected Hardware
580
19.2.3 Examining the File System and Files
581
19.2.4 Restoring Deleted Data
585
19.2.5 Readout via Debug Interfaces
587
19.3 Logging Network Traffic
587
19.4 Detecting and Analyzing Wi-Fi Networks
592
19.4.1 Analysis Using Hardware: WiFi Pineapple
592
19.4.2 Analysis Using Software: Aircrack-ng
593
20 Instructions and Knowledge Base
597
20.1 Laboratory Environment
597
20.1.1 Oracle VirtualBox
598
20.2.3 Important Settings
607
20.3 Virtual Keyboard and Mouse
610
20.4 DuckyScript from Hak5
616
20.4.1 Version 1.0 (2010)
617
20.4.2 Version 2.X (2017)
618
20.4.3 Version 3.0 (2022)
619
20.5 PayloadStudio from Hak5
622
20.5.1 Calling PayloadStudio
624
20.5.2 Selecting Hak5 Hardware
625
20.5.3 Writing a Payload
625
20.5.4 Compiling and Downloading a Payload
626
20.5.5 Exporting and Importing a Payload
627
20.5.6 Other Useful Functions
628
20.6 Cloud C2 from Hak5
628
20.6.1 Ordering Cloud C2
629
20.6.2 Downloading and Starting Cloud C2
629
20.6.3 Installing Cloud C2
631
20.7 Keyboard Shortcuts and Special Keys
633
20.7.1 Keyboard Shortcuts
633