A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Drone Delivered Attack Platform (DDAP) - Michael Collins Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Drone Delivered Attack Platform (DDAP)
Michael Collins
Derbycon 2017

The day the chickens moved into the coop I knew there was going to be trouble. I had no idea the extent of the problem, until one day I realized that they were building a rogue network inside of the coop. This was partially my fault for providing power to the coop in the first place, but I definitely underestimated their capabilities. What kind of evil were they plotting? I could try to hack into their wireless network, but they had good physical security so getting in close proximity to their location was going to be a problem. What I settled on was using a drone to deliver a hacking drop kit to the chicken coop. The goal is to build the complete kit with low cost, readily available parts, so that if the chickens capture the drone or it is otherwise compromised, we are not out a ton of money. It should have sufficient battery to provide flight time to and from the target location, and sufficient compute time to do a reasonable amount of wireless hacking. We would use the drone to deliver our attack kit to the roof of the chicken coop and power off the rotors to preserve battery for our return flight. We would then use a Raspberry Pi with a wireless antenna to do the wireless hacking. Our platform could be accessed remotely over the cell network using something like TAP, and things that need more compute power like cracking hashes could be shipped offsite over the cell network.

Michael Collins has over 20 years of experience in information security, primarily as an ethical hacker. He worked in consulting for 15 years at both Ernst & Young and Deloitte where he was responsible for conducting penetration testing for a wide variety of companies including financial services, energy, manufacturing and government clients. Michael joined MasterCard in 2011 where he was responsible for performing security testing on MasterCard products and platforms. He recently worked on the security testing of MasterCard's MDES platform, which supports mobile payment platforms such as Apple Pay and Google Wallet, as well as MasterCard's mobile wallet solution.

@h3mlock

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast