Presented at
BruCON 0x09 (2017),
Oct. 6, 2017, 1:30 p.m.
(240 minutes)
Are you confronted with huge amounts of IP addresses you need to scan or penetration test against?
Are you ready to go into bug bounty hunting on a large scale?
Do you need to do open source intelligence for hundreds of domains and users?
Then you need a scalable and robust system that is easy to build and maintain, easy to control and that can scale in seconds.
During this workshop we will build a system that can use physical computers, virtual machines, cloud based systems, mobile phones, mini computers (system on a chip such as the Raspberry PI) and even microcontrollers such as an Arduino. Basically, if it has a CPU or chip in it we can attach it as a worker.
This system will be robust; a defect part will not affect the system as a whole. It will be cheap by using some cloud solutions and cheap hardware. It will be versatile; we could program it to do whatever we want. All this in the space of under 4 hours.
Some of the tasks we will achieve in this workshop:
- generate rainbow tables on the fly and crack a password
- create an open source intelligence report really fast
- perform a penetration test on a big network comprised of different types of servers (SSH, DNS, web applications, web services ...)
- furthermore we will show how this system can be used to help you get started in bug bounties by doing things like DNS brute forcing
Presenters:
Links:
Similar Presentations: