Building a cheap, robust, scaling, penetration testing/bug bounty super computer

Presented at BruCON 0x09 (2017), Oct. 6, 2017, 1:30 p.m. (240 minutes).

Are you confronted with huge amounts of IP addresses you need to scan or penetration test against? Are you ready to go into bug bounty hunting on a large scale? Do you need to do open source intelligence for hundreds of domains and users? Then you need a scalable and robust system that is easy to build and maintain, easy to control and that can scale in seconds. During this workshop we will build a system that can use physical computers, virtual machines, cloud based systems, mobile phones, mini computers (system on a chip such as the Raspberry PI) and even microcontrollers such as an Arduino. Basically, if it has a CPU or chip in it we can attach it as a worker. This system will be robust; a defect part will not affect the system as a whole. It will be cheap by using some cloud solutions and cheap hardware. It will be versatile; we could program it to do whatever we want. All this in the space of under 4 hours. Some of the tasks we will achieve in this workshop: - generate rainbow tables on the fly and crack a password - create an open source intelligence report really fast - perform a penetration test on a big network comprised of different types of servers (SSH, DNS, web applications, web services ...) - furthermore we will show how this system can be used to help you get started in bug bounties by doing things like DNS brute forcing

Presenters:

• Andy Deweirt
• Steven Wierckx

Links:

• https://brucon0x092017.sched.com/event/B2hH/building-a-cheap-robust-scaling-penetration-testingbug-bounty-super-computer

Similar Presentations:

• DEF CON 22 (2014) / Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter!
• BSides Austin 2016 / If You Can't Beat 'Em, Join 'Em: Tips For Running a Successful Bug Bounty Program
• ToorCon San Diego 20 (2018) / Bug Bounty Hunting on Steroids