infosec technology

Sector 2015: Stealth Attack from the Produce Aisle

raspberry piIt’s official: Keith Benedict (@mehtryx) and I will be presenting at Sector 2015 in Toronto. Our topic is called “Stealth Attack from the Produce Aisle”. Here’s a summary of what to expect:

The proliferation of devices like the Raspberry Pi, Pineapple Express, PwnPi and more make it easier (and cheaper) than ever to obtain a complete stealth attack or defense arsenal.

In this session, we’ll take a low-cost, credit-card sized ARM computer, add some freely available software and see what we get. We’ll learn:

  • what options are available to build such a device
  • how to build a working device
  • add-ons including additional network adapters and wireless extenders
  • overview of some commonly available software tools
  • how to conduct attack and defense scenarios

Hardware will include Cubox, Hummingboard, Raspberry Pi and more. Software will include Kali Linux and a multitude of offensive and defensive infosec tools.

You’ll come away from this session with a better understanding of how much you can accomplish with one of these devices and a healthier respect (or greater fear) of tiny computers.

Registration for Sector has begun – hurry now and get your ticket before prices rise!

Let Keith and I know if you’ll be coming to Sector and let us know what you’d like us to touch on during our presentation.

Talk soon!




Cubox – Build a linux box for just over $100

IMG_CuBoxI’m a sucker for a bargain. And as I’m sure you already know, I’m also a geek. So, when the two meet, I’m there!

So, last year, when I heard about a tiny computer in a box that cost about $100, I was intrigued. SolidRun, an Israeli company, sells a 2″x2″x2″ arm-based computer that runs linux, Android and some other OSes quite well. With 2GB RAM, quad core CPU, gigabyte ethernet, HDMI, wireless and more, I had to give it a try.

The cubox ranges in price from $90 at the low end to $140 fully loaded. I opted for a fully loaded model. And, I also ordered a top of the line hummingboard as well. I’ll talk more about that device another time though. For the next few posts, I’m going to share my experiences – the good, the not so good and the things that I still want to accomplish with my cubox-i4pro.

For today, I’ll start with an intro and some instructions to get started. In the following days, I’ll outline some cool tools, how I installed them and how I use them. So check  back often and let me know your experiences with these devices.

First, some key links:

Now, how to get your cubox up and running:

First, my cubox came with a memory card with Android pre-installed. I was able to simply plug in a monitor, keyboard and mouse and turn it on. It worked perfectly.

But, I’d like to start from scratch with a plain install of Debian Linux. So, I grabbed a new SD card, flashed a Debian image (provided by solid-run) and away I went.

To flash an image (from Mac – additional instructions available here):
Download an image from SolidRun’s OS download page.
At the command line, type:
> mount
> sudo diskutil unmountDisk /dev/disk1*
> sudo dd if=<IMAGE_NAME>.img of=/dev/rdisk1 bs=4096
(control+T to see progress of image creation)

Once complete, insert the SD card into the cubox-i4pro, plug in peripherals and power it up. Voila!

Next up: how to take advantage of the full capacity of the SD card.

Also, have you registered for SC Congress 2015 in Toronto on June 10 & 11 yet? Register now and remember to use discount code TODDHDOW to get almost 50% off your registration.