cubox – Todd H Dow

Sector 2015: Stealth Attack from the Produce Aisle

It’s official: Keith Benedict (@mehtryx) and I will be presenting at Sector 2015 in Toronto. Our topic is called “Stealth Attack from the Produce Aisle”. Here’s a summary of what to expect:

The proliferation of devices like the Raspberry Pi, Pineapple Express, PwnPi and more make it easier (and cheaper) than ever to obtain a complete stealth attack or defense arsenal.

In this session, we’ll take a low-cost, credit-card sized ARM computer, add some freely available software and see what we get. We’ll learn:

what options are available to build such a device
how to build a working device
add-ons including additional network adapters and wireless extenders
overview of some commonly available software tools
how to conduct attack and defense scenarios

Hardware will include Cubox, Hummingboard, Raspberry Pi and more. Software will include Kali Linux and a multitude of offensive and defensive infosec tools.

You’ll come away from this session with a better understanding of how much you can accomplish with one of these devices and a healthier respect (or greater fear) of tiny computers.

Registration for Sector has begun – hurry now and get your ticket before prices rise!

Let Keith and I know if you’ll be coming to Sector and let us know what you’d like us to touch on during our presentation.

Talk soon!

Todd

Cubox – Build a linux box for just over $100

IMG_CuBox I’m a sucker for a bargain. And as I’m sure you already know, I’m also a geek. So, when the two meet, I’m there!

So, last year, when I heard about a tiny computer in a box that cost about $100, I was intrigued. SolidRun, an Israeli company, sells a 2″x2″x2″ arm-based computer that runs linux, Android and some other OSes quite well. With 2GB RAM, quad core CPU, gigabyte ethernet, HDMI, wireless and more, I had to give it a try.

The cubox ranges in price from $90 at the low end to $140 fully loaded. I opted for a fully loaded model. And, I also ordered a top of the line hummingboard as well. I’ll talk more about that device another time though. For the next few posts, I’m going to share my experiences – the good, the not so good and the things that I still want to accomplish with my cubox-i4pro.

For today, I’ll start with an intro and some instructions to get started. In the following days, I’ll outline some cool tools, how I installed them and how I use them. So check back often and let me know your experiences with these devices.

First, some key links:
http://www.solid-run.com/wiki/Main_Page
http://www.offensive-security.com/kali-linux-vmware-arm-image-download/
http://tools.kali.org/

Now, how to get your cubox up and running:

First, my cubox came with a memory card with Android pre-installed. I was able to simply plug in a monitor, keyboard and mouse and turn it on. It worked perfectly.

But, I’d like to start from scratch with a plain install of Debian Linux. So, I grabbed a new SD card, flashed a Debian image (provided by solid-run) and away I went.

To flash an image (from Mac – additional instructions available here):
Download an image from SolidRun’s OS download page.
At the command line, type:
> mount
> sudo diskutil unmountDisk /dev/disk1*
> sudo dd if=<IMAGE_NAME>.img of=/dev/rdisk1 bs=4096
(control+T to see progress of image creation)

Once complete, insert the SD card into the cubox-i4pro, plug in peripherals and power it up. Voila!

Next up: how to take advantage of the full capacity of the SD card.

Also, have you registered for SC Congress 2015 in Toronto on June 10 & 11 yet? Register now and remember to use discount code TODDHDOW to get almost 50% off your registration.