Presented at
DEF CON 32 (2024),
Aug. 10, 2024, 2 p.m.
(105 minutes).
The Drop-Pi is a suite of software developed on a Raspberry Pi to facilitate the automatic bypassing of 802.1x/NAC implementations (pre 802.1x-2010 standards) and establish discrete remote access into target networks. Designed with physical penetration testing in mind, the Drop-Pi can establish remote access inside a target network within a matter of seconds after being plugged in, affording assessors with a quick in and out on an objective. Its built with common and easily sourced hardware which allows for easy and quick provisioning of multiple Drop-Pi devices. When it's not feasible to utilize a target network for egress traffic, the Drop-Pi can easily be configured to employ a wireless connection or mobile hotspot to facilitate access in and out of the network.
Presenters:
-
Doug Kent
- Pentesting Team at State Farm
Doug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pentesting team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
-
Robert Ditmer
- Red Team at State Farm
Rob has been on the State Farm Pentesting Team for 3 years and has recently moved the Red Team. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant - enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the State Farms Red Team.
Similar Presentations: