1. InfoconDB
  2. DerbyCon
  3. DerbyCon 7.0 Legacy (2017)
  4. Drone Delivered Attack Platform (DDAP)

Drone Delivered Attack Platform (DDAP)

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 4:30 p.m. (25 minutes)

"The day the chickens moved into the coop I knew there was going to be trouble. I had no idea the extent of the problem, until one day I realized that they were building a rogue network inside of the coop. This was partially my fault for providing power to the coop in the first place, but I definitely underestimated their capabilities. What kind of evil were they plotting? I could try to hack into their wireless network, but they had good physical security so getting in close proximity to their location was going to be a problem. What I settled on was using a drone to deliver a hacking drop kit to the chicken coop. The goal is to build the complete kit with low cost, readily available parts, so that if the chickens capture the drone or it is otherwise compromised, we are not out a ton of money. It should have sufficient battery to provide flight time to and from the target location, and sufficient compute time to do a reasonable amount of wireless hacking. We would use the drone to deliver our attack kit to the roof of the chicken coop and power off the rotors to preserve battery for our return flight. We would then use a Raspberry Pi with a wireless antenna to do the wireless hacking. Our platform could be accessed remotely over the cell network using something like TAP, and things that need more compute power like cracking hashes could be shipped offsite over the cell network. " Michael Collins has over 20 years of experience in information security, primarily as an ethical hacker. He worked in consulting for 15 years at both Ernst & Young and Deloitte where he was responsible for conducting penetration testing for a wide variety of companies including financial services, energy, manufacturing and government clients. Michael joined MasterCard in 2011 where he was responsible for performing security testing on MasterCard products and platforms. He recently worked on the security testing of MasterCard’s MDES platform, which supports mobile payment platforms such as Apple Pay and Google Wallet, as well as MasterCard's mobile wallet solution. @h3mlock

Presenters:

Links:

Similar Presentations: