How to ARM yourself
Beau Bullock, Ralph May & Derek Banks
BSides Tampa 2020

Abstract:
Youre on your first physical pentest, you've gained access to the data center, now what do you do? One of the best options for to demonstrate how physical security failings can bleed over into the digital breach world is to use a Pentest Ddropbox - a small IOT physical digital implant device that can be used as an attack platform against the client's infrastructure. You could buy an expensive prebuilt device and they have their place. But that's not the best you can do, hacker. Come learn how we built a variety of custom pentest dropbox and IOT devices to help us out on our engagements. We will include parts lists, build instructions, software choices, and custom scripts that you can use to build your own evil IOT devices.

Bio:
Beau Bullock is a Senior Security Analyst and Penetration Tester and has been with Black Hills Information Security since 2014. Beau has a multitude of security certifications and maintains his extensive skills by routinely taking training, learning as much as he can from his peers, and researching topics that he lacks knowledge in. He is a constant contributor to the infosec community by authoring open-source tools, writing blogs, and frequently speaking at conferences and on webcasts.

Bio:
Derek Banks has been a security analyst and penetration tester for Black Hills Information Security since 2014, but he has been a part of the IT industry for his entire career. Since graduating college with a BS in Computer Information Systems, Derek has explored many different Information Technology jobs, from working at a help desk to being a network and systems administrator. He has experience in forensics, incident response, creating custom host and network-based monitoring solutions, penetration testing, vulnerability analysis, and threat modeling. Derek?s favorite aspects of working at BHIS include learning from his coworkers and helping customers better their security posture. When he isn?t participating in CtF competitions or red team engagements, Derek enjoys spending time with his family, staying physically fit, and playing the bass guitar.

Bio:
Ralph May has six years of professional experience in information security and over 10 years in Information Technology (IT). Ralph has conducted security assessments that include components such as physical security, social engineering, internal/external network and application penetration testing, wireless assessments and Advance Persistent Threat (APT) actor simulations. Ralph currently leads the A&P breach team which focuses on advanced treat actor simulations and breach war games. Ralph is active in the security community and has spoken at multiple security conferences including Blackhat. Ralph is an Army veteran serving various levels within the federal government as both a service member and contractor.

Back to BSides Tampa 2020 video list