[00:29.380 --> 00:31.140]  Okay.
[00:57.960 --> 00:59.460]  11 o'clock.
[00:59.460 --> 01:02.480]  This is building, testing, dropboxes.
[01:02.500 --> 01:06.240]  If you were looking for some other talk, probably down the hall.
[01:06.240 --> 01:07.900]  But thank you all for showing up.
[01:09.180 --> 01:10.640]  Have a little bit of fun today.
[01:10.640 --> 01:12.180]  Maybe you'll learn some stuff, maybe you won't.
[01:12.180 --> 01:15.420]  At this point, you're already paid, so what do I really care?
[01:16.680 --> 01:17.480]  Okay.
[01:18.720 --> 01:19.780]  I'm Chris Carlis.
[01:19.780 --> 01:23.240]  I'm not Johnny Christmas, the keynote yesterday.
[01:23.920 --> 01:28.000]  That's the most recent photo of me possible.
[01:31.210 --> 01:34.430]  I'm not going to put an old photo up that here's me when I was younger.
[01:34.430 --> 01:35.710]  No, thanks, Mitch.
[01:38.790 --> 01:44.990]  Basically, I'm a career penetration tester, red teamer, fake criminal.
[01:45.230 --> 01:47.050]  I've worked as a consultant.
[01:47.050 --> 01:48.410]  I work internal.
[01:48.550 --> 01:50.050]  I show up at a lot of places.
[01:50.050 --> 01:53.630]  I'm also here generally when there's stuff going on.
[01:55.530 --> 02:00.790]  I think a lot of testers out there, they do the job for a while, and then they're like, oh, that was fun.
[02:00.790 --> 02:04.790]  I'm going to move on to something grown up, maybe like research or management.
[02:05.770 --> 02:08.230]  For me, this is the coolest stuff.
[02:08.230 --> 02:10.210]  I love the work that I do.
[02:10.430 --> 02:14.710]  I love digging into weird, fun stuff and then talking about it.
[02:14.810 --> 02:19.030]  I will be a pen tester until, you know, they don't let me do this anymore.
[02:19.030 --> 02:24.150]  I will do this job until they pry your computer from my cold, dead hands.
[02:27.230 --> 02:28.330]  That's pretty much me.
[02:28.330 --> 02:31.570]  If you see me in this shirt, I probably have something to say.
[02:31.570 --> 02:35.630]  So, yeah, just stop by and say hi.
[02:36.650 --> 02:37.250]  Okay.
[02:38.950 --> 02:41.910]  Normally at this point, I would talk about what we're going to talk about.
[02:41.910 --> 02:44.510]  Like, why are we talking about Dropboxes?
[02:44.570 --> 02:57.370]  But as I started putting this talk together and talking to people about this talk, I kind of got, like, they're like, hey, man, I know you like nerd stuff, but what are you talking about?
[02:57.470 --> 02:58.930]  I'm like, you know, Dropboxes.
[02:58.930 --> 03:00.730]  And they're like, no, I don't know.
[03:00.730 --> 03:01.150]  All right.
[03:01.990 --> 03:04.490]  What are Dropboxes?
[03:05.170 --> 03:21.250]  From my point of view, and I'm opinionated, it's essentially a little customized remote computer of some type used to provide, you know, remote access for generally some sort of internal network testing.
[03:21.910 --> 03:22.690]  Very simple.
[03:22.690 --> 03:26.250]  I have a computer and I'm going to drop it on your network.
[03:26.350 --> 03:27.730]  It's a temporary thing.
[03:27.730 --> 03:29.250]  It's not going to be there forever.
[03:30.850 --> 03:32.610]  It's used for penetration testing.
[03:32.870 --> 03:35.110]  It's used for red teaming.
[03:35.130 --> 03:37.990]  For lesser degree, you know, crime.
[03:39.670 --> 03:42.470]  And it used to be very common.
[03:44.050 --> 03:57.250]  But, you know, as time has passed, it's been we've seen a lot more virtual machines being used for this type of work or just if you've got like some agent running, connecting to a C2 on a compromised host, also doing the same thing.
[03:57.250 --> 03:58.710]  Everything's doing the same job there.
[03:58.830 --> 04:02.910]  We just need to get into that environment in order to do some testing.
[04:03.170 --> 04:08.250]  And one of the ways to do it is to put together a little computer that's going to do a specific job and put it on the network.
[04:08.250 --> 04:11.090]  So that's what we're talking about today.
[04:11.090 --> 04:11.950]  Physical Dropboxes.
[04:11.950 --> 04:12.490]  Everybody good?
[04:12.490 --> 04:12.770]  Cool.
[04:12.770 --> 04:13.530]  Let's move on.
[04:13.530 --> 04:16.570]  Why am I making this talk about Dropboxes?
[04:18.570 --> 04:26.450]  Ultimately, like, you know, we most everything I talk about is because I did this and screwed it up.
[04:26.450 --> 04:27.450]  I messed it up.
[04:27.450 --> 04:28.930]  I made a lot of mistakes.
[04:28.930 --> 04:30.690]  I did a bad job.
[04:30.690 --> 04:32.010]  And things went poorly.
[04:32.010 --> 04:34.710]  And now I'm up here telling you about it.
[04:34.710 --> 04:39.230]  So you hopefully don't need to make the same dumb mistakes.
[04:39.230 --> 04:42.490]  You can make your own stupid mistakes.
[04:42.490 --> 04:44.950]  I look forward to your presentation.
[04:48.790 --> 04:58.370]  In truth, though, over the years, I've put together a fair number of these boxes for penetration testing, for red teaming.
[04:58.670 --> 05:06.490]  I've even used them for things like you come to a conference and you're doing the CTF and you've got some friends, some randos that show up and you're like, let's all collaborate.
[05:06.710 --> 05:14.290]  It's handy to have just a box and be like, all right, everyone connect to this thing wirelessly and we'll share files and there's a bunch of tools already loaded on it.
[05:14.290 --> 05:15.370]  Stuff like that.
[05:15.850 --> 05:19.990]  Putting these things together, though, when I started, I did what everyone does.
[05:19.990 --> 05:20.870]  We look on the internet.
[05:20.870 --> 05:23.450]  Did somebody already do the heavy lifting for me?
[05:23.470 --> 05:28.210]  Can I easy mode this and not have to try too hard?
[05:28.470 --> 05:29.730]  And yeah.
[05:29.770 --> 05:33.090]  There are blog posts.
[05:33.350 --> 05:35.850]  There are guides out there.
[05:36.390 --> 05:47.950]  In fact, in 2014, Philip Polstra, I think, wrote a book called, more published book, Hacking and Penetration Testing with Low Power Devices.
[05:48.930 --> 05:51.510]  I've read a bunch of this stuff.
[05:51.510 --> 05:52.030]  It's good work.
[05:52.030 --> 05:53.710]  I appreciate that they did it.
[05:55.090 --> 06:06.570]  When you follow these instructions and you follow these guides, ultimately what you end up with is somebody else's drop box that they built to do what they wanted to do.
[06:07.350 --> 06:10.710]  That's even if, like, things aren't ridiculously out of date.
[06:10.710 --> 06:16.370]  Because no one's going back and updating their blog post and being like, oh, by the way, Python 3 now, not 2.7.
[06:16.370 --> 06:17.470]  Nobody does that.
[06:17.470 --> 06:22.250]  So you're just kind of like, this seems like a cool guide, but none of this stuff is even commercially available anymore.
[06:23.430 --> 06:32.930]  So if you do these things, you kind of end up with a box that might work, but probably isn't going to be the best tool for the job that you want to do.
[06:38.580 --> 06:40.200]  Get that in the audio.
[06:44.720 --> 06:46.540]  Can't I just buy something?
[06:46.540 --> 06:56.400]  Can't I just give Hack 5 some of my money and they give me a packet squirtle, land turtle, pineapple thing?
[06:56.540 --> 06:57.280]  Yeah.
[06:57.540 --> 07:01.220]  I mean, in some part, what did I just say?
[07:01.400 --> 07:05.360]  It's not going to do what maybe you want it to, but yeah, give them your money.
[07:05.360 --> 07:07.060]  I certainly did.
[07:08.060 --> 07:13.080]  They do kind of what they're supposed to do, but it's a good starting point.
[07:13.200 --> 07:18.040]  Buy some stuff, try it out, and you'll be like, oh, I wish this did X, Y, and Z.
[07:18.140 --> 07:22.140]  And then you're going to be like, oh, that's a talk, man.
[07:22.340 --> 07:23.300]  All right, cool.
[07:23.300 --> 07:25.640]  This is going on the shelf, and I'm never going to use it.
[07:25.900 --> 07:27.980]  Who here owns a Wi-Fi pineapple?
[07:31.140 --> 07:36.500]  Who uses a Wi-Fi pineapple for legit work?
[07:37.260 --> 07:39.100]  Zero hands, YouTube.
[07:39.200 --> 07:39.920]  Nobody.
[07:39.920 --> 07:40.540]  All right.
[07:40.940 --> 07:41.700]  I like it.
[07:41.700 --> 07:46.360]  It's a fun little thing, but I'm not going to use it.
[07:46.360 --> 07:47.140]  Hobby is great.
[07:47.140 --> 07:47.920]  I don't know.
[07:48.260 --> 07:49.780]  It's trouble to work from.
[07:51.840 --> 07:55.120]  So that's kind of what this talk is really going to be about.
[07:55.480 --> 08:00.120]  I'm not going to tell you here's what to buy, here's what to program, here's code on the screen.
[08:00.120 --> 08:01.100]  That's dumb.
[08:01.180 --> 08:07.080]  We're going to talk about what I think about and what I think you should think about when you're like, I need a box to do a thing.
[08:07.080 --> 08:10.880]  I have to support a team of penetration testers, we're doing a red team engagement.
[08:10.880 --> 08:13.540]  I just want to learn some stuff, and I think this will be fun.
[08:16.720 --> 08:22.560]  Things that I've thought about, mistakes that I've made, some of the weirder possible options out there.
[08:24.240 --> 08:25.620]  There's a bunch of stuff.
[08:25.960 --> 08:30.100]  Certain things we mentioned that are... it's going to be out of date.
[08:30.100 --> 08:31.920]  It's already probably out of date.
[08:31.940 --> 08:35.220]  Some of the stuff I have on there, I'm like, nope, they just announced version 2 of this.
[08:35.220 --> 08:36.120]  What can you do?
[08:36.120 --> 08:40.100]  So it's more of a thought process rather than like follow these steps.
[08:40.100 --> 08:45.960]  If you're looking for steps, like I said, lots of blogs and guides out there that will handle it for you.
[08:46.080 --> 08:51.840]  So specifically, to run through stuff, we're going to talk... start off with testing goals.
[08:51.840 --> 08:54.480]  Like, what are you looking to do?
[08:54.680 --> 08:57.260]  That's going to drive a lot of your decision-making process.
[08:57.260 --> 09:03.700]  The budget, which no one really wants to think about, but you have what you want to do and you have what you can afford to do.
[09:04.940 --> 09:15.140]  From there, we'll kind of move into hardware options, what's available, kind of like the major choices and some of the limitations and capabilities of that.
[09:15.140 --> 09:18.940]  The software, which is so god damn annoying.
[09:19.020 --> 09:21.880]  But you've got to have software, other than that, nothing's going to happen.
[09:21.980 --> 09:35.180]  Comms and accessories, like if you put a box on someone's network and you can't communicate with it, they already have a bunch of boxes on their network that you can't communicate with.
[09:35.180 --> 09:36.940]  They don't need another one.
[09:36.940 --> 09:40.120]  Comms are kind of a critical part, like some software, some hardware in there.
[09:40.560 --> 10:01.200]  And stuff to make sure that your box, when you need it to work, not in a lab, but in the real world, when you've broken into some place in the middle of the night and you're crawling under some CFO's desk, and you're not like, oh, crap, the power adapter is back in my house,
[10:01.200 --> 10:02.380]  five states away.
[10:02.860 --> 10:15.760]  And then a little bit of OPSEC, which is basically me saying here's how I've gotten caught by doing dumb things, but also general good ideas and tips on not screwing it up.
[10:16.120 --> 10:18.100]  With DFIU.
[10:19.440 --> 10:20.300]  All right.
[10:20.300 --> 10:21.680]  Testing goals.
[10:21.760 --> 10:25.000]  What are you trying to do here?
[10:25.000 --> 10:26.220]  I mean, seriously.
[10:28.700 --> 10:34.560]  Oftentimes, with this kind of stuff, it's a penetration test, or it's a red team test.
[10:34.560 --> 10:36.960]  Which are, like, they're different.
[10:36.960 --> 10:44.680]  There's penetration testing, and then marketing says we can charge more if we call it a red team test, and then it's the exact same.
[10:44.680 --> 10:45.000]  No.
[10:45.000 --> 10:45.600]  It's not.
[10:45.600 --> 10:48.500]  They are fundamentally kind of different tests.
[10:49.720 --> 10:58.100]  And I think there's no hard definition, so this is just straight up my opinion, and feel free to argue, but I have a microphone right now.
[10:59.000 --> 11:10.380]  The penetration test tends to answer the question of how an attacker with access to an environment would look to compromise and go after a target.
[11:10.380 --> 11:17.200]  It's generally limited in scope, and stealth is not a priority .
[11:17.420 --> 11:20.580]  It can be stealthy, but they know there's a test.
[11:20.580 --> 11:29.500]  Somebody knows there's a test going on, and either they know beforehand, or they figure it out pretty quick, because you're not necessarily trying to be stealthy.
[11:30.240 --> 11:31.580]  And you're testing, like, what?
[11:33.040 --> 11:34.580]  You're testing the controls.
[11:34.580 --> 11:39.080]  What's in place, and seeing how well it does its job, and looking for gaps in those.
[11:39.640 --> 11:44.660]  A red team engagement, on the other hand, more of, like, an attack simulation.
[11:45.100 --> 11:47.760]  You're not testing, really, the controls.
[11:47.760 --> 11:49.220]  You're testing the defenders.
[11:49.220 --> 11:57.100]  You're testing their ability to notice an attack's going on, and, you know, figure out what's happening.
[11:57.120 --> 11:58.100]  Can they stop it?
[11:58.100 --> 12:00.060]  Can they figure out that it was you?
[12:01.380 --> 12:03.220]  They would really like to.
[12:03.340 --> 12:07.640]  And you, with your drop box, would like to not be caught.
[12:07.640 --> 12:08.540]  Like, stealth is a focus.
[12:08.540 --> 12:15.000]  You want to avoid being caught forever, or until the point where you're like, yeah, I'm okay.
[12:15.000 --> 12:17.400]  Like, let's get some value out of this.
[12:17.400 --> 12:21.080]  Let's be a little bit noisy, and get caught.
[12:21.540 --> 12:24.940]  Drop boxes are used for both.
[12:25.700 --> 12:33.240]  Using a box built for penetration testing on a red team will probably get you caught fairly quickly.
[12:33.800 --> 12:50.780]  Using a box for red teaming on a penetration test probably worked, but you may have built a box that is stealthy, is, you know, made to fly under the radar so much so that it's hard to get work done, or people are like, oh, the tools I need aren't here,
[12:50.780 --> 12:56.400]  or, you know, they're trying to run, you know, eight people trying to run Metasploit at the same time, and you're like, you're still using Metasploit?
[12:56.400 --> 12:57.120]  Like, yeah.
[12:57.140 --> 12:58.960]  And it may not be able to handle it.
[13:01.980 --> 13:08.600]  A couple examples of what I talk here about building boxes with a focus on it.
[13:09.060 --> 13:13.200]  On, yeah, the left.
[13:13.380 --> 13:16.340]  The left is the little Raspberry Pi system.
[13:16.340 --> 13:19.180]  We'll talk a little bit more about that hardware in just a bit.
[13:19.320 --> 13:20.180]  It's small.
[13:20.180 --> 13:21.620]  Three inches on the side.
[13:21.620 --> 13:22.600]  I got it with me.
[13:22.600 --> 13:24.300]  If you guys want to see it later.
[13:24.720 --> 13:27.880]  Stealthy, very red teaming.
[13:27.880 --> 13:31.180]  On the right is a picture of the beast.
[13:31.680 --> 13:33.480]  From my friends at security.
[13:33.480 --> 13:36.480]  They put this together for penetration testing.
[13:36.500 --> 13:38.640]  They shipped this to their clients.
[13:39.140 --> 13:40.320]  It's big.
[13:41.100 --> 13:45.460]  But it's made to handle a team of penetration testers.
[13:46.440 --> 13:48.040]  All working at the same time.
[13:48.040 --> 13:53.320]  It will spin up new testing VMs from its hypervisor as, you know, as needed.
[13:53.320 --> 13:55.280]  Everyone can have their own testing VM in this thing.
[13:55.280 --> 14:08.240]  It's made to test an environment with multiple well-segmented VLANs or different networks all at the same time without having a client go like, oh, plug it in the other one now or go into your things and change your setting.
[14:08.240 --> 14:10.300]  It gets the job done.
[14:10.560 --> 14:14.040]  But it is clearly not for red teaming.
[14:14.620 --> 14:17.140]  They built that with a specific goal in mind.
[14:17.140 --> 14:20.520]  And I think they did a pretty cool job at it.
[14:21.780 --> 14:23.620]  I need a third hand.
[14:35.870 --> 14:39.170]  So we're not really building general purpose box.
[14:39.170 --> 14:44.550]  The type of work that you want to do will drive the decisions that you're going to make.
[14:44.550 --> 14:47.390]  The pen testing boxes will give you more flexibility.
[14:47.730 --> 14:53.470]  Literally like back in the day, because I'm old, it was just like a laptop.
[14:53.470 --> 14:57.770]  You just like send this laptop to the client and tell them to plug it in.
[14:58.350 --> 15:01.750]  And like eight times out of ten, they'd get that right.
[15:03.810 --> 15:12.030]  So basically you're putting together for pen testing a box that is strong enough to do what you need it to do.
[15:12.130 --> 15:16.710]  And as long as the client can deal with it and make stuff work, you got a lot of options.
[15:17.110 --> 15:22.330]  A lot of this talk, though, I'm focusing more on the red team side, because I think it's more fun.
[15:22.330 --> 15:23.270]  It's my talk.
[15:24.090 --> 15:25.530]  There's interesting options.
[15:25.530 --> 15:27.570]  There's compromises that we have to make.
[15:28.730 --> 15:33.370]  That push our decisions around and, you know, like we're trying to stay stealthy.
[15:33.370 --> 15:35.150]  What do we need to do to make that happen?
[15:36.610 --> 15:39.510]  You can use these red team boxes for pen testing, too.
[15:39.890 --> 15:45.430]  And really a lot of this stuff is based on the budget that you have.
[15:46.590 --> 15:47.550]  Money.
[15:47.610 --> 15:51.430]  If you got like unlimited funds, cool, awesome.
[15:52.390 --> 16:01.730]  Custom ordered PCBs and implants and have people writing software for you and getting it fast, too, because you can pay for that.
[16:02.010 --> 16:04.270]  But you don't have unlimited funds.
[16:04.650 --> 16:06.490]  I don't have unlimited funds.
[16:06.490 --> 16:10.970]  As much as I want to like blow money on this kind of stuff, like, all right, what do I got laying around?
[16:10.970 --> 16:12.670]  What am I familiar with?
[16:14.530 --> 16:15.750]  The time.
[16:16.730 --> 16:21.310]  Maybe you're broke, but you got a lot of time to be broke.
[16:21.570 --> 16:37.030]  And you can kind of fill up that I got to get this job done bucket with like, all right, I don't have money, but I can spend enough time getting what I do have and what I can afford to the point where it can do the job that I want.
[16:39.090 --> 16:41.030]  There's a third one.
[16:41.770 --> 16:46.810]  And it's tolerance for all the crap.
[16:46.810 --> 16:49.430]  Like, it is, it's annoying.
[16:49.750 --> 16:51.610]  It's the work.
[16:52.090 --> 16:55.070]  You need to get something done and it is a hassle.
[16:55.070 --> 16:56.530]  Things are going wrong.
[16:56.770 --> 17:02.790]  And maybe you got really high tolerance for that, but a lot of times it's not necessarily you.
[17:02.790 --> 17:06.690]  Like 57% of red team is team.
[17:07.290 --> 17:16.690]  And so if you built something and like, hey, it's cheap and I got it done quick, here's the 200 page poorly written instruction manual team.
[17:16.990 --> 17:19.630]  We can't use it on Thursdays for reasons.
[17:19.630 --> 17:21.770]  No one's going to want to use your tool.
[17:22.590 --> 17:25.110]  And you'll have blown that budget.
[17:25.210 --> 17:25.210]  So
[17:28.810 --> 17:34.530]  a lot , like, a lot of people like, a lot of penetration testing, a lot of hacking, a lot of like security stuff.
[17:34.530 --> 17:36.630]  I feel like it's, it's like making sausages.
[17:36.630 --> 17:40.370]  Everybody loves delicious sausages, especially here in Milwaukee.
[17:40.550 --> 17:43.370]  Um, nobody really wants to see the sausages being made.
[17:43.530 --> 17:45.470]  This is the sausages being made.
[17:45.470 --> 17:50.310]  How much time and like frustration and annoyance are you willing to put in this?
[17:50.310 --> 17:58.590]  Does it get to the point where like the project just never gets done because that budget got blown and you're done dealing with this stupid crap?
[17:59.710 --> 18:01.010]  Hacking is annoying.
[18:01.010 --> 18:07.890]  Here's an important, I can stick this slide in any talk about hacking forever and this is going to be true.
[18:07.890 --> 18:11.470]  90% of hacking is getting the damn tools to work.
[18:11.470 --> 18:12.390]  You know why?
[18:12.390 --> 18:14.490]  Because they're written by hackers.
[18:14.490 --> 18:19.270]  And once like, ah, that works on my box, you know, let's GitHub that stuff.
[18:19.270 --> 18:20.330]  That, that's it.
[18:20.330 --> 18:24.530]  It does what you need it to do, but right now, no, I got to fight.
[18:24.650 --> 18:27.270]  Then 10% is actually hacking.
[18:27.870 --> 18:29.690]  And you're like, yes, finally doing the thing.
[18:29.690 --> 18:31.130]  What's not on this slide?
[18:31.130 --> 18:32.250]  Writing the report.
[18:32.250 --> 18:34.290]  There's no time left for that.
[18:34.410 --> 18:42.750]  Nobody, we're like, we take that time away from our families because we've been screwing around with computers for 90% of the time when we're supposed to be working.
[18:44.070 --> 18:47.790]  That has nothing to do with this talk, but it's important that you know that.
[18:49.170 --> 18:50.050]  Okay.
[18:51.470 --> 18:52.990]  Cheap, fast, and good.
[18:53.370 --> 18:57.410]  Classic, pick one, two if you're lucky and you got corporate sponsorship.
[19:00.610 --> 19:01.870]  Hardware decisions.
[19:02.050 --> 19:07.130]  Um, from just, uh, like looking at the thing.
[19:09.010 --> 19:10.050]  Bill in a box?
[19:10.050 --> 19:10.870]  How big is it?
[19:10.870 --> 19:12.510]  Um, does it look weird?
[19:12.910 --> 19:16.170]  Like if you're trying to be a stealthy little red team box.
[19:16.550 --> 19:17.650]  Um, does it look weird?
[19:17.650 --> 19:18.250]  Is it boring?
[19:18.250 --> 19:18.830]  Is it interesting?
[19:18.830 --> 19:19.750]  Does it look dangerous?
[19:19.750 --> 19:26.470]  Does it look like something's going to call, like the fire department about, like the bomb squad going to roll in because you're like, I've, I've made a thing.
[19:26.550 --> 19:27.710]  Let's test with it.
[19:27.710 --> 19:29.170]  Uh, circuit boards on display.
[19:29.170 --> 19:31.330]  Or is it a nice boring case?
[19:32.190 --> 19:33.730]  Industrial beige.
[19:33.830 --> 19:35.650]  Um, is it noisy?
[19:36.230 --> 19:37.170]  Is there a fan in there?
[19:37.170 --> 19:38.450]  Is there LEDs on the fan?
[19:38.450 --> 19:41.250]  Because who doesn't, I hate that crap.
[19:41.310 --> 19:46.930]  Um, um, will it get the job done?
[19:47.670 --> 19:49.730]  There's different types of testing that people like to do.
[19:49.730 --> 19:53.830]  Some folks like to test on the box.
[19:53.830 --> 19:59.150]  They want to remotely log into this drop box and run their tools from that thing.
[19:59.150 --> 20:01.690]  And certain tools work kind of better when you're doing that way.
[20:01.690 --> 20:08.350]  Other people are like, I'm just going to make a tunnel and shove all my traffic through this box.
[20:08.370 --> 20:20.410]  Um, the load put on that box by just shoveling packets back and forth is less than if you're asking it to, you know, try to do password cracking on a Raspberry Pi for some crazy reason.
[20:20.410 --> 20:24.550]  Uh, so, will this job get your type of testing done?
[20:25.050 --> 20:28.550]  Um, is the price something that, that you can tolerate?
[20:29.330 --> 20:33.010]  Um, and is it, is it easy to use?
[20:33.010 --> 20:47.950]  Is it something that when you're out in the field, when you've given it to somebody else who didn't build it out in the field and you're like, here's what you need to do, um, to get it deployed and get it up and running, is it going to break?
[20:48.130 --> 20:58.150]  Did you, you know, buy something flimsy, um, because it was cheap and now the header pins are falling off because it's cold solder joints?
[20:59.950 --> 21:05.630]  Do you need to stick, stick to a specific architecture?
[21:07.950 --> 21:14.110]  We'll just talk about Raspberry Pi because they're very popular.
[21:14.110 --> 21:21.910]  They're, they're, when I started making Dropboxes with Raspberry Pis, I was kind of unhappy.
[21:21.910 --> 21:25.910]  They were fairly new, um, and a little bit flaky.
[21:25.970 --> 21:29.850]  Like, you plug in a USB and a thing reboots, kind of flaky.
[21:30.250 --> 21:42.830]  And there's multiple instances where I was, I, I placed a, a Raspberry Pi on the network and then it would go down and I was like, did they catch me or did this just thing just stop working?
[21:43.310 --> 21:47.290]  And, uh, about 60% of the time the thing just stopped working .
[21:47.310 --> 21:49.150]  I'm like, all right.
[21:51.030 --> 21:55.370]  A lot of the stuff I want wasn't available with ARM, was kind of flaky.
[21:55.370 --> 21:59.370]  And so I was, I was, I'm down on Raspberry Pi and I started looking for alternatives.
[22:00.050 --> 22:03.310]  Now, they're a bit better, quite a bit better.
[22:03.310 --> 22:04.470]  I like them a lot.
[22:05.030 --> 22:10.450]  So, mmm, Pi.
[22:11.170 --> 22:15.130]  Uh, they are so popular that they have clones.
[22:15.130 --> 22:17.250]  Uh, like this is an, an orange Pi.
[22:17.250 --> 22:18.830]  There's banana Pi.
[22:19.150 --> 22:21.330]  Um, tradeoffs though.
[22:21.330 --> 22:26.310]  I mean, like the orange Pi has more capabilities cause they're like, let's, let's sell this thing.
[22:26.310 --> 22:28.630]  Let's add some stuff in that the Raspberry Pi doesn't.
[22:28.630 --> 22:31.630]  But also it's just made by some guys somewhere in China.
[22:31.890 --> 22:33.990]  I mean, I suppose it all is really.
[22:33.990 --> 22:44.530]  But, um, if they want to like just disappear one day and you know, support's gone, that's a risk that you took by making that hardware decision.
[22:45.110 --> 22:48.830]  Uh, this up here, that's, is this still a Pi?
[22:48.830 --> 22:49.890]  Yeah, it's still a Pi.
[22:49.890 --> 22:54.690]  Um, this is what I've been poking at and using more lately.
[22:54.690 --> 22:58.210]  Uh, the Pi compute modules, which are more of like an IOT Pi.
[22:58.210 --> 22:59.070]  It's still the Pi.
[22:59.070 --> 23:07.390]  It's, it's that little board right there and you can just kind of pop it into a lot of different, um, cases.
[23:07.610 --> 23:10.510]  Um, it's like the reverse of a Pi hat.
[23:10.510 --> 23:14.310]  Like you're just adding your Pi to, to cool stuff rather than adding cool stuff to your Pi.
[23:14.330 --> 23:20.490]  And so that puts a Raspberry Pi into that smaller case and it's got stuff that I like.
[23:20.490 --> 23:27.070]  It's got like two Ethernet ports, which for reasons I think are, are often important if you're doing red teaming stuff.
[23:27.650 --> 23:34.810]  Um, but maybe you don't want ARM and you're like, I don't want something Intel, Intel based for, for strong opinions.
[23:35.270 --> 23:46.170]  Um, this is one of the first ones that, that I started looking at when I, I went that option and it is a, a little computer called a, a Fitlet from Fit PC.
[23:46.190 --> 23:50.890]  Um, this is fairly old really at this point, like eight, nine years ago.
[23:50.910 --> 23:52.070]  Nine years old, maybe?
[23:52.470 --> 23:53.470]  Old.
[23:53.670 --> 23:55.630]  This is not updated kind of stuff.
[23:55.630 --> 23:57.110]  They got newer versions.
[23:57.210 --> 23:58.950]  Um, and I liked it.
[23:58.950 --> 24:00.010]  It was small.
[24:00.010 --> 24:01.690]  It was relatively cheap.
[24:02.110 --> 24:04.250]  Um, it was silent.
[24:04.250 --> 24:06.370]  It could fit in my back pocket.
[24:06.370 --> 24:08.870]  Uh, you stick laptop RAM in there.
[24:08.870 --> 24:18.630]  It's got an Intel CPU, um, built in WiFi or you can put like, uh, you know, some cellular in there and it had an option with dual Ethernet ports.
[24:21.050 --> 24:22.870]  Yes, we'll get to that.
[24:23.410 --> 24:26.890]  Dual Ethernet ports on a red team test.
[24:27.370 --> 24:28.450]  Black box, right?
[24:28.450 --> 24:31.650]  I don't know how you defended your network.
[24:31.650 --> 24:41.390]  I don't know if you've done something fun like stick 802.1X on your wire LAN to provide just straight up like you aren't not just plugging stuff in.
[24:41.630 --> 24:52.070]  Um, to be able to test against that, to be able to operate on your network, I want to look to be able to bypass the strictest stuff I might run into that I can still bypass.
[24:52.070 --> 25:03.050]  And if I want to try to bypass that level of NAC, um, physical man in the middle using a device with a couple Ethernet jacks on it is the way to go.
[25:03.050 --> 25:08.930]  Some software, some scripts, a little bit of, you know, crossing these fingers, hoping this crap works and, uh, we might go on.
[25:08.930 --> 25:16.150]  Which is why a lot of the stuff I'm, I'm, I'm showing like that, that compute module case, dual Ethernet, love that.
[25:16.190 --> 25:18.930]  Um, this box had dual Ethernet, um, made it happen.
[25:19.890 --> 25:32.590]  More recently, um, Eric Escobar, I was talking with him, I think last year maybe, he's saying we're using this, uh, we got rid of those, those splitlets and we're using the Zima board, also dual Ethernet, still cheap.
[25:36.280 --> 25:37.940]  This thing got hot.
[25:38.140 --> 25:39.600]  It's fanless.
[25:39.600 --> 25:46.360]  Um, and so you can see there's, there's a tall version with a big heat sink on it and the short version, that's like the base version.
[25:46.360 --> 25:50.700]  The top of that thing got like, I don't want to hold this in my hand level hot.
[25:50.700 --> 25:59.300]  And then you're going to take it and you're going to like shove it in a fabric cube in somebody's office in a tiny enclosed space.
[25:59.300 --> 26:04.800]  I'm like, let's hope nothing catches on fire or if it does, they can't trace it back to me.
[26:06.260 --> 26:11.480]  Uh, so this little bit smaller does the same kind of thing, still cheap.
[26:11.480 --> 26:14.840]  Um, it has, it has what it has.
[26:14.840 --> 26:19.240]  You can't really like open it up and add more, more memory to it and stuff like that.
[26:19.620 --> 26:24.160]  Um, all they did, oh, also it's newer.
[26:25.960 --> 26:29.780]  Like last week they said that we got version two of this coming out.
[26:29.780 --> 26:31.180]  Slides already out of date.
[26:31.180 --> 26:35.620]  There's going to be a new one that's going to look slightly different, doing the same thing, same kind of ports, even better.
[26:36.000 --> 26:39.380]  Um, this is another one that they have, looks like a Sony Walkman.
[26:39.380 --> 26:42.060]  I don't, that's just dating myself, right?
[26:42.640 --> 26:45.340]  Uh, I got it with me so you can check it out later if you want.
[26:45.340 --> 26:46.500]  It's even newer still.
[26:46.740 --> 26:50.560]  Uh, you, this one you can pop open, put a laptop, you know, RAM in there.
[26:50.680 --> 26:56.440]  Um, yeah, there's more parts, but on the flip side it's only got one ethernet jack.
[26:56.600 --> 26:58.280]  Um, so less ports.
[26:58.860 --> 27:05.440]  I don't use this for, for like a red team test, but I do use it for showing up on site and I just want a, a box.
[27:05.440 --> 27:07.420]  I don't want to put my laptop on the network.
[27:07.540 --> 27:15.420]  I want this box that is pristine and is going to get wiped before I leave and I can test from that.
[27:15.620 --> 27:18.460]  So these are just some decisions that I'm making.
[27:18.460 --> 27:20.140]  Go shopping for yourself.
[27:20.280 --> 27:24.520]  Don't, find what fits your goals, what fits your budget.
[27:25.840 --> 27:37.080]  Find something cool and new that you want to screw around with and then convince the boss that that fits your goals and your budget and have some fun, learn some stuff.
[27:38.240 --> 27:41.620]  Softer, oh God, this is so many words.
[27:41.920 --> 27:48.000]  Um, most of this crap, most of this crap is just straight up stolen from like software development.
[27:48.240 --> 28:02.580]  The stuff that you, that they care about is the same stuff that you care about, but like I don't sit down and consciously make a decision of like, ah, flexible or complex.
[28:03.020 --> 28:04.640]  It's, it's at a high level in your head.
[28:04.640 --> 28:08.160]  Like you, you see what's available and you're making these trade-offs.
[28:08.160 --> 28:12.900]  You're probably not building this software, generally most of it from scratch.
[28:12.940 --> 28:16.720]  So you're looking what's there and saying like, how does this fit in there?
[28:16.720 --> 28:24.360]  But ultimately a lot of the decisions and choices you're making will be trade-offs in these types of categories.
[28:27.760 --> 28:30.780]  I'm not going to cap that water, we'll just see if it spills everywhere.
[28:32.060 --> 28:37.700]  Um, at a base level, you need an operating system.
[28:37.840 --> 28:38.240]  You need a Linux.
[28:38.240 --> 28:40.360]  Let's be honest, it's probably going to be Linux.
[28:41.120 --> 28:48.800]  Um, if you, if you use and you're like, I use Windows for penetration testing, cool.
[28:48.800 --> 28:49.500]  You know what?
[28:49.980 --> 28:51.260]  Do stuff on hard mode.
[28:51.260 --> 28:52.340]  Like, good job.
[28:52.340 --> 28:52.960]  I appreciate it.
[28:52.960 --> 28:54.920]  Like, I'm not going to do it.
[28:55.020 --> 28:59.360]  Uh, I remember when it was just straight up like, laugh, no, not going to work.
[28:59.360 --> 29:02.260]  Um, but you know, they make some, some strides.
[29:02.260 --> 29:03.600]  There's, there's a lot of good stuff out there.
[29:03.600 --> 29:06.040]  So, um, if that's what you want, make it happen.
[29:06.040 --> 29:08.280]  But otherwise, yeah, it's going to be Linux.
[29:08.280 --> 29:17.320]  Which Linux may be influenced by what you need to do and what the hardware you're going to want to use will support.
[29:18.280 --> 29:22.960]  Um, three of these are just like the same thing.
[29:22.960 --> 29:23.960]  It's all just Debian.
[29:24.980 --> 29:30.620]  Um, I should probably show some non-Debian stuff up there, but I use Debian crap a lot, so it's my slide.
[29:30.620 --> 29:32.380]  Uh, Windows, huh?
[29:32.380 --> 29:34.300]  Yeah, you get to use it a little bit.
[29:34.920 --> 29:38.840]  Um, you've got your, your OS.
[29:38.900 --> 29:40.160]  It's newish.
[29:40.160 --> 29:42.240]  It does what you want it to do.
[29:42.440 --> 29:43.980]  Um, you need other stuff.
[29:44.260 --> 29:46.540]  Weird drop boxy kind of stuff.
[29:49.060 --> 29:55.800]  Custom, uh, persistence, just getting this box up and going kind of stuff on, on your thing.
[29:55.900 --> 30:04.040]  Um, if it's a penetration testing box, a lot of them will have some sort of, of client level user interface.
[30:04.360 --> 30:09.760]  Um, cause you don't want to say like, here's just a command line shell into my system.
[30:09.980 --> 30:11.760]  Um, do something.
[30:11.760 --> 30:12.960]  Change whatever you want.
[30:13.060 --> 30:19.900]  Client, uh, so something that they can do to, to, to tweak things and change like, oh, I thought we were DHCP.
[30:20.020 --> 30:21.260]  No, manual addresses.
[30:21.260 --> 30:23.060]  We can change that in, in here.
[30:23.060 --> 30:34.900]  Um, additional options maybe for the, uh, a red team operator who's, who's, uh, sticking with these boxes on the network, um, that maybe they can access via, you know, command line over Wi-Fi or, or however we're getting in there.
[30:35.100 --> 30:45.380]  Um, something that's going to make sure you can keep that box up and going, um, that if it reboots, if something weird happens, it comes back the way you want it to.
[30:46.480 --> 30:51.800]  Um, do you want virtual machines on your box?
[30:51.800 --> 30:52.960]  Do you need a hypervisor?
[30:53.120 --> 31:09.980]  Um, is it, is it, I know a lot of folks like doing internal pentesting off of Kali or some Debian, you know, version, but, um, I see a lot of them now where they'll, they'll say, let's spin up a Windows VM and we've gotten to the level where like, we'll just,
[31:09.980 --> 31:19.580]  we'll just add this Windows VM to the domain and then we can use a bunch of fun tools on our unrestricted Windows box that are a little bit of a pain to use in Linux.
[31:19.780 --> 31:22.100]  Um, so do you need one of those?
[31:22.100 --> 31:25.480]  Uh, remote access, the whole, like, let's get into this thing.
[31:25.600 --> 31:30.960]  Um, VPN options, open VPN, wire guard, tail scale, I don't know.
[31:31.160 --> 31:38.080]  Um, I was talking with some guys at another big shop and they're like, yeah, we just, let's use it like SSH tunnels.
[31:38.080 --> 31:40.740]  I'm like, yeah, it works.
[31:40.740 --> 31:43.160]  If it works for you, if it works for your team, great.
[31:43.300 --> 31:49.160]  Uh, NAC bypass, there's a, a few scripts out there, um, that will do this.
[31:49.180 --> 31:59.340]  Um, I'll include, I'll include at the end links to a GitHub, uh, which is, I know, because I'm, I'm like, no one ever updates their stuff.
[31:59.580 --> 32:08.980]  I'll put these slides on there and the hardware and software that I may mention by name, um, also like links to that stuff on there and then you can be like, oh, cool.
[32:08.980 --> 32:10.200]  Uh, he never updates this.
[32:10.200 --> 32:11.900]  I'm like, you're getting it.
[32:12.640 --> 32:21.620]  Um, so like there's a, a, a Dolos NAC bypass script and there's, I think one that they wrote in like JavaScript or something.
[32:21.620 --> 32:22.680]  It's, it's fun stuff.
[32:22.680 --> 32:26.040]  It could help you bypass that 802.1X.
[32:26.360 --> 32:28.640]  It's good to have it if you need it.
[32:28.640 --> 32:33.600]  Um, do you plan to, you know, use a, a, a C2?
[32:33.620 --> 32:49.240]  Are you going to like put this box in a network, compromise some hosts, have an agent maybe call out to the internet from those hosts, but you want just a backup, like calls back to your box just in case things are going wrong, some sort of out of band.
[32:50.380 --> 32:51.580]  Does that have to be on there?
[32:52.100 --> 32:53.020]  Encryption options.
[32:54.520 --> 32:56.200]  We want this to be encrypted, right?
[32:56.200 --> 33:00.940]  If, if and when the blue team finds it and they take a look at it, we don't want to be like, oh, here's all our secrets, bro.
[33:01.240 --> 33:04.240]  Um, so locking it down.
[33:06.780 --> 33:14.340]  We'll talk about this in, in OPSEC a little bit, but locking it down is interesting because a lot of stuff, like your box is encrypted.
[33:14.340 --> 33:16.740]  You plug it in, it starts up and what does it say?
[33:16.740 --> 33:19.860]  Like, put in, put in the password.
[33:20.700 --> 33:24.240]  You guys like already back in the van and you're like, did you put in the password?
[33:24.240 --> 33:27.120]  And he's like, I don't have a monitor and a keyboard with me, man.
[33:27.120 --> 33:28.380]  What do you mean I had to type it?
[33:28.940 --> 33:38.860]  Setting up encryption that you can get your box up and running, but no one else can, but in a way that doesn't involve like ridiculous bull crap.
[33:38.860 --> 33:41.920]  I'm trying to swear less and I feel like it's very forced.
[33:44.180 --> 33:46.020]  Oh, shoot.
[33:46.960 --> 33:55.080]  Um, and importantly, whatever random janky ass GitHub scripts that you're like, yeah, I use this all the time.
[33:55.080 --> 33:56.020]  You're like, do you know what it does?
[33:56.020 --> 34:01.560]  Like, I probably should, but it's long and it works.
[34:01.780 --> 34:05.420]  Uh, uh, yeah.
[34:05.420 --> 34:08.120]  Uh, getting all that on your box.
[34:08.720 --> 34:12.140]  Here's the annoying parts.
[34:12.240 --> 34:14.060]  You got to test this crap out.
[34:15.440 --> 34:18.140]  Um, because it's not going to work.
[34:18.900 --> 34:24.080]  It'll, it'll work for five minutes in your, in your lab, in your home office.
[34:24.800 --> 34:31.780]  And, um, and then you're troubleshooting it at 3am in a hotel room in like Idaho.
[34:32.000 --> 34:37.860]  And you're like, does Amazon deliver to this random place?
[34:38.040 --> 34:40.960]  No, they don't have what you want.
[34:40.960 --> 34:42.680]  Your stuff is going to break.
[34:43.340 --> 34:45.020]  Burn this stuff in.
[34:45.480 --> 34:49.460]  Like take the box and like throw it in a bog and then see if it still works level.
[34:49.460 --> 34:59.660]  Like it is annoying, but, um, it is more annoying when the entire team is looking at you being like, what the hell man?
[35:00.200 --> 35:04.380]  Like weeks of planning and like your thing just broke.
[35:05.400 --> 35:06.740]  Yeah, sorry.
[35:07.300 --> 35:11.080]  It's not going to, having a box is not going to be like the star.
[35:11.080 --> 35:12.380]  It's not going to make the engagement.
[35:12.380 --> 35:13.800]  It's a fun thing to do.
[35:13.800 --> 35:23.040]  It can screw up your engagement if you built a box that, that you built a pen testing box and you use it on a red team and it's noisy as hell.
[35:23.880 --> 35:29.100]  Um, if it's trying to, you know, get the time from Debbie and you're like, shh.
[35:31.400 --> 35:35.100]  All right, let's talk about communication options.
[35:35.520 --> 35:37.240]  Got to talk to this thing.
[35:38.100 --> 35:40.360]  Um, can we just go over the wire?
[35:40.360 --> 35:41.660]  We used to back in the day.
[35:41.660 --> 35:43.380]  I'll just SSH straight out of your network.
[35:43.580 --> 35:46.180]  That crap would work all the time.
[35:46.680 --> 35:51.580]  Nowadays, um, it might work all the time.
[35:51.580 --> 35:51.580]  Um, I don't know.
[35:51.600 --> 35:56.140]  Maybe the, you know, is, is that S3 bucket the new SSH out?
[35:59.420 --> 36:00.060]  That's fun.
[36:00.060 --> 36:05.240]  They already, they, they went through all the hassle of setting up this network and giving it like access to the internet.
[36:05.240 --> 36:06.240]  You might as well use it, right?
[36:06.400 --> 36:07.800]  Um, or not.
[36:08.100 --> 36:09.360]  Wireless options.
[36:09.720 --> 36:13.100]  Um, I don't know why.
[36:13.180 --> 36:14.900]  I just put a bunch of dongles on here.
[36:14.900 --> 36:19.940]  Depending on your hardware, these are probably not going to be dongles and don't really need to be dongles and probably shouldn't be dongles.
[36:20.060 --> 36:25.060]  Um, because like Wi-Fi, uh, everybody knows Wi-Fi.
[36:25.060 --> 36:30.400]  Cellular, cellular I love because it, it, I feel gives me a lot of best of both worlds.
[36:30.400 --> 36:32.800]  Like I get connectivity out.
[36:32.800 --> 36:34.220]  It's hard to see.
[36:34.320 --> 36:35.700]  Um, Bluetooth.
[36:37.600 --> 36:38.760]  Are you close enough?
[36:38.760 --> 36:42.780]  Are you, are you willing, do you have it set up to do this Bluetooth kind of crap you needed to do?
[36:42.840 --> 36:44.160]  All these can work.
[36:44.280 --> 36:46.160]  Um, but there's, there's trade-offs.
[36:46.160 --> 36:49.780]  Um, going over the wire, you're going to get caught probably.
[36:49.780 --> 36:52.320]  Hopefully, you hope you get caught.
[36:52.320 --> 36:56.360]  When you're doing dumb stuff on purpose, you're kind of like, man, I hope they see this.
[36:56.360 --> 37:00.480]  I hope that like this is going to be a fun test and a, a strong fight here.
[37:00.660 --> 37:06.080]  Um, with the Wi-Fi, with the wireless stuff, um, there's trade-offs that we make.
[37:07.400 --> 37:15.040]  Uh, generally the higher the frequency, the lower the range, the greater the data throughput.
[37:15.040 --> 37:23.080]  Um, and like if you're hanging out like right outside their door, because like, ah, I got, I got good data right here.
[37:23.080 --> 37:32.640]  They're going to notice like, who's this guy sitting out in his car in front of the building with his, his laptop, um, and monster energy drinks laughing to himself.
[37:34.740 --> 37:37.860]  So, uh, maybe some other options there.
[37:37.860 --> 37:39.600]  Uh, certain things cost money.
[37:39.600 --> 37:44.580]  Like if you're using cellular, um, generally need some type of cellular plan.
[37:45.380 --> 37:49.460]  Can you spin up your own cellular tower and network?
[37:49.660 --> 37:50.500]  Yeah.
[37:50.520 --> 37:52.340]  It's a nightmare to do.
[37:52.340 --> 37:54.120]  No one's going to approve that.
[37:54.120 --> 38:03.920]  No one's going to be like, yeah, make, make, make a 3G network out of your, um, SDR and that'll be worth your time and energy and effort.
[38:03.920 --> 38:11.480]  Now, um, the OPSEC of it, phone companies, like can you get like burner kind of stuff?
[38:11.480 --> 38:11.800]  Yeah.
[38:11.800 --> 38:13.640]  It's more time, energy and effort.
[38:14.480 --> 38:14.840]  Um
[38:18.700 --> 38:23.060]  , how much, how much effort and, and money are you going to spend on this?
[38:23.320 --> 38:28.980]  Do they think, you think they're going to find your SIM card and figure out that it's you?
[38:29.580 --> 38:34.800]  Then if that's important, that doesn't happen for your test, maybe do that level of effort.
[38:35.820 --> 38:41.600]  What are some other fun, this is where things get a little bit fun for me because like, what other ways can I talk to this stupid box?
[38:41.600 --> 38:43.000]  I went through all the hassle putting it somewhere.
[38:43.000 --> 38:44.120]  I want to talk to it lately.
[38:44.120 --> 38:45.620]  I've been looking at this wifi.
[38:45.740 --> 38:46.280]  Hello.
[38:46.540 --> 38:49.900]  It is, um, in the 900 megahertz range.
[38:50.260 --> 38:59.820]  So, uh, it operates like wifi same, you know, basic protocols, but, um, fairly good throughput for, you know, a couple of kilometers worth of range.
[39:00.020 --> 39:03.820]  They got some, um, raspberry PI hats out there for it.
[39:03.820 --> 39:05.460]  There's some other hardware out there.
[39:05.840 --> 39:12.680]  Um, liking it, it's, it's kind of a bulky solution right now compared to like this built in wifi.
[39:13.000 --> 39:16.720]  Um, but maybe, maybe it works.
[39:16.960 --> 39:18.800]  What other weird stuff can we do?
[39:18.820 --> 39:23.020]  What about powerline ethernet from like back in the day?
[39:23.720 --> 39:33.700]  I've not used this yet, but I plan on just like going places and not even breaking in, just plugging it in to see if someone else has already plugged one in somewhere inside that building.
[39:33.900 --> 39:37.700]  Like I'll be out in the parking garage and like, Oh shit, network.
[39:38.280 --> 39:45.200]  Um, but this powerline ethernet is using electrical wiring to transmit data.
[39:45.200 --> 39:52.200]  You plug in one of these adapters, plug an ethernet cable into it, plug in another one somewhere else in your house, generally not in your office.
[39:53.400 --> 39:57.760]  And, uh, and then you don't have to run cat six or five or whatever through your place.
[39:57.760 --> 40:04.300]  Um, nowadays we just, you know, use wifi, but these are still available and serve the purpose sometimes.
[40:04.560 --> 40:11.820]  Um, drone, I bought drone radios cause these are old ones too.
[40:12.140 --> 40:15.680]  Um, I think they're in like the nine, also in the 900 megahertz range.
[40:15.900 --> 40:18.860]  Drones need to talk for a considerable distance.
[40:18.860 --> 40:20.680]  They need to transmit data.
[40:20.860 --> 40:28.520]  Um, you can plug these in and like Linux will, you just open a terminal to them essentially and you can shove packets across them.
[40:28.720 --> 40:29.940]  Um, it works.
[40:29.940 --> 40:33.860]  It's a little bit, it's a little bit just like another thing you're sticking on this box.
[40:33.860 --> 40:36.720]  Uh, that's impossible to see.
[40:36.720 --> 40:39.280]  That's, that's a star link.
[40:39.280 --> 40:43.440]  I do not recommend using star link, but there's no other better satellite stuff.
[40:43.440 --> 40:49.440]  And even with the satellite, you're kind of like making a jump from a box to something that's connected to the satellite.
[40:49.440 --> 40:55.360]  And you're just like, I'm not, there's no good cellular towers here and I just need some sort of connection going in there.
[40:55.360 --> 41:07.600]  Uh, Zigbee, Z-Wave, um, same general frequencies as like the Bluetooth stuff, but maybe the wireless stuff, Bluetooth, there's a lot of common tools.
[41:07.600 --> 41:08.280]  Like people know it.
[41:08.280 --> 41:11.460]  They, they can, it's easy to find if you're looking for that sort of thing.
[41:11.540 --> 41:16.860]  If you're moving to like weirder wire, wireless protocols and maybe they won't notice it.
[41:16.860 --> 41:17.900]  Maybe they will.
[41:18.180 --> 41:20.640]  Maybe they'll just find your box and throw it in the garbage.
[41:20.760 --> 41:21.560]  Um, Mocha.
[41:23.380 --> 41:30.580]  Mocha is using, this is also for the home where people would have like coaxial cable run for cable TV throughout their house.
[41:30.640 --> 41:34.100]  And they said, well, what if we just shoved internet over that as well?
[41:34.300 --> 41:38.600]  And well, what if we just shoved internet over that?
[41:38.600 --> 41:41.160]  Um, plug a couple of these in the network and see what happens.
[41:41.160 --> 41:51.680]  Cause maybe there's, maybe there's a TV in the public accessible lobby that, um, you can plug this kind of stuff into.
[41:52.620 --> 41:54.440]  Uh, Meshtastic.
[41:54.580 --> 42:00.600]  Uh, it's, I'm not really used to it.
[42:00.600 --> 42:01.800]  Like I, I get it.
[42:01.880 --> 42:04.800]  It's very like, I like that it's a community kind of thing.
[42:04.800 --> 42:11.240]  Like, oh, everyone spins up stuff and packs, stuff gets passed along and shared and it's encrypted.
[42:11.560 --> 42:20.180]  Um, I don't know if the, the data throughput and hoping that other people are doing things so I get the range that I want are worth it for me.
[42:20.220 --> 42:22.380]  And I don't know, some other, like laser drones.
[42:22.440 --> 42:24.660]  There might be some, there's weird stuff out there.
[42:24.660 --> 42:29.760]  This is where you get to go shopping and being like, I wanted to check this out and now I can justify expensing it.
[42:30.060 --> 42:37.440]  Um, because I think we can use this on a test and maybe you do and maybe you don't, but now you have some new toys to play around with.
[42:38.840 --> 42:39.760]  All right.
[42:40.040 --> 42:41.680]  You made a bunch of decisions.
[42:42.460 --> 42:44.420]  Uh, you picked out some hardware.
[42:45.580 --> 42:50.220]  You wanted some nice capabilities, some, some out of band kind of stuff, some, some ninja things.
[42:50.240 --> 42:54.260]  Uh, you got some dongles and software stuff.
[42:54.260 --> 42:55.720]  What's your box look like?
[42:56.420 --> 42:57.620]  Oh God.
[42:58.340 --> 42:59.480]  Oh no.
[42:59.700 --> 43:01.220]  You just hung everything up.
[43:01.220 --> 43:03.460]  Like it's just a Christmas tree at this point.
[43:03.460 --> 43:05.840]  You hung every freaking ornament off the thing.
[43:06.400 --> 43:08.560]  Oh, the bomb squads rolling in.
[43:08.560 --> 43:09.220]  Oh God.
[43:09.220 --> 43:09.940]  No.
[43:11.120 --> 43:14.720]  Looks like we forgot about OPSEC.
[43:17.870 --> 43:19.790]  We don't want to get caught.
[43:20.630 --> 43:23.230]  Um, ideally no one will see these boxes.
[43:23.590 --> 43:28.590]  If someone does see it, you want them to be like, I don't know, someone else's, some IT bullshit thing.
[43:28.590 --> 43:29.690]  Someone else's problem.
[43:31.830 --> 43:33.270]  Here's a solution.
[43:34.430 --> 43:45.630]  My friend Michael Howard showed us yesterday at his talk, sorry, at, at the Michael's talk, uh, about physically going in and putting boxes in.
[43:45.630 --> 43:47.850]  So this is the same, uh, Zima board.
[43:48.550 --> 43:54.590]  And, uh, on the bottom of that is a, um, a cellular hotspot, essentially.
[43:55.990 --> 43:59.210]  And, um, does it also provide, yeah, it's just, yeah.
[43:59.210 --> 44:18.330]  Um, and he's, he's taken the legit bottom off of the Zima board and made a 3D case for his hotspot and attached, like, nice right angle, like, it, it looks professional.
[44:18.530 --> 44:19.170]  Yeah.
[44:19.330 --> 44:27.510]  Like, it's still something that, that is not necessarily going to see in the environment, but you're not saying like, it's not a bunch of circuit boards hanging out and random antennas sticking off the thing.
[44:27.510 --> 44:31.870]  It gets the job done, uh, without lighting the place up.
[44:32.890 --> 44:36.530]  Um, so this is, I like this.
[44:36.530 --> 44:40.410]  Uh, other, other opposite considerations.
[44:40.450 --> 44:46.890]  Like I said, just, I got to like, I got like 15 minutes-ish.
[44:47.370 --> 44:49.290]  Oh man, sweet.
[44:51.690 --> 44:55.570]  Um, ways I have screwed this stuff up in the past.
[44:56.450 --> 45:04.170]  Um, you guys know that, uh, I don't know if it still does, Raspberry Pi used to just have default credentials?
[45:05.410 --> 45:06.330]  Yeah.
[45:06.710 --> 45:08.350]  You know who else knows that?
[45:08.350 --> 45:09.810]  The blue team.
[45:11.470 --> 45:13.550]  You know who should have known that?
[45:13.570 --> 45:23.450]  Uh, not, I mean, me, but also the guy who, who was using the Dropbox that I, I was using at that time, um, because he did not change that.
[45:23.590 --> 45:31.770]  And so ultimately when they found the box, um, like the forensics was, we just logged in as root.
[45:32.190 --> 45:35.750]  Oh, well, here's your bill.
[45:37.410 --> 45:39.950]  Uh, other dumb stuff I've done.
[45:40.210 --> 45:43.910]  Uh, this Raspberry Pi has a host name of Callie.
[45:46.390 --> 45:47.510]  Yeah.
[45:51.950 --> 46:02.290]  If you can figure out what the host name should be in advance, wireless shenanigans are generally good for, for giving you an indication of that at least.
[46:02.690 --> 46:06.830]  Um, if you don't know, don't try to be clever.
[46:06.970 --> 46:08.110]  Be a little bit clever.
[46:08.110 --> 46:09.870]  Don't be too clever.
[46:10.150 --> 46:26.070]  Um, at my job working internal, at a, in a red team simulation and engagement, I named the box with our naming structure, which is letters and numbers and like they mean stuff, but some of them are random.
[46:26.070 --> 46:29.250]  And it's a couple of random ones were R and T.
[46:29.790 --> 46:32.950]  And the blue team was like, I think that's red team.
[46:32.950 --> 46:35.270]  And I'm like, no, it's not me.
[46:35.270 --> 46:38.350]  And they're like, yeah, but there's, there's R and T for red team.
[46:38.350 --> 46:39.850]  And I'm like, you dicks.
[46:39.970 --> 46:42.350]  That is exactly what I did.
[46:42.350 --> 46:44.110]  Oh, I thought I was being clever.
[46:44.210 --> 46:46.190]  And like this naming structure works.
[46:46.190 --> 46:48.070]  And they're like, no man, I think that's you.
[46:48.070 --> 46:51.930]  And then it got to be a bit of a fight.
[46:51.930 --> 46:53.190]  Cause I'm like, it's not.
[46:53.190 --> 46:54.750]  And I'm like, whatever.
[46:54.750 --> 46:56.850]  And then they ignored it.
[46:56.970 --> 47:05.010]  I'm like, this is still an, that engagement went six months because they just thought like, I was probably red team.
[47:05.010 --> 47:07.330]  Like, yeah, but you, this is a simulation.
[47:07.330 --> 47:09.250]  You still have to do your job.
[47:09.470 --> 47:11.930]  And they just like, ah, we're good.
[47:11.930 --> 47:13.290]  It's carless.
[47:15.010 --> 47:17.990]  So now I've learned that lesson.
[47:19.030 --> 47:22.470]  Uh, I don't name stuff like that anymore.
[47:23.630 --> 47:32.910]  Um, the software that we're using, the 802.1X bypass stuff.
[47:33.390 --> 47:38.650]  Um, it works, it works fairly well, especially cause everyone thinks like, oh, my network's defended.
[47:38.650 --> 47:41.750]  I, I went through the annoying amount of hassle to set this up on network.
[47:41.890 --> 47:45.070]  And then you plug in this box and like, it does its job.
[47:45.190 --> 47:49.550]  Um, a lot of penetration testers like Toronto, a very common tool called responder.
[47:49.550 --> 47:51.510]  It's been around for like a decade .
[47:51.510 --> 47:55.470]  Does a fantastic job of making your password, my password.
[47:56.530 --> 48:03.690]  Um, and does this by listening for certain things and, and capturing that and like directing responses to itself.
[48:03.830 --> 48:14.070]  Uh , which if, if you just run that on a box where you physically man in the middle, a system, it black holes that system.
[48:14.390 --> 48:17.810]  So I put a box on network and they're like, can we run responder?
[48:17.810 --> 48:20.750]  I'm like, yeah, I put responder on there and it turned it on.
[48:20.750 --> 48:27.310]  And the person working at a computer called the help desk cause their computer wasn't working right anymore.
[48:27.350 --> 48:34.750]  Cause every time it would send out like a net bios broadcast or LLMR, it would say like, all right, everything's got to, like, it didn't make it past that box.
[48:34.750 --> 48:38.330]  And so help desk came out and said, huh, what's this thing?
[48:38.990 --> 48:42.830]  And that was the end of testing.
[48:43.810 --> 48:46.050]  Uh, other opposite considerations.
[48:46.050 --> 48:50.050]  The, how, how paranoid are we getting the cellular stuff?
[48:50.050 --> 48:52.810]  Do you need a SIM that's not tied to you?
[48:52.930 --> 48:54.510]  There's options out there.
[48:56.690 --> 49:00.710]  Are we wiping our fingerprints off these boxes?
[49:02.150 --> 49:03.850]  I mean, we probably should.
[49:03.850 --> 49:05.030]  It only takes a second.
[49:05.030 --> 49:16.170]  But, um, honestly, if you're, if you're doing that level of, of incident response, you win.
[49:16.170 --> 49:17.590]  Like you got me.
[49:17.990 --> 49:19.330]  Send me to fake jail.
[49:19.330 --> 49:20.650]  You caught your fake criminal.
[49:20.830 --> 49:33.950]  Um, the, uh, on a recent one using a Raspberry Pi and, uh, but, uh, there's, uh, a GitHub project out there called Crypt My Pi.
[49:34.710 --> 49:35.990]  And, uh, I like it.
[49:36.350 --> 49:42.730]  Modified a bit for use with like non pies, but it does, uh, it's for this kind of stuff.
[49:42.730 --> 49:51.830]  Like you have a Raspberry Pi and you want to encrypt it, but you want to be able to get it up and going without like having a monitor and keyboard and typing in your password.
[49:51.830 --> 49:53.610]  And so it has a number of options.
[49:53.630 --> 50:04.190]  Um, it'll, uh, connect to a wireless access point and you can, um, SSH to it with a particular key and they'll be like, all right, yeah, that's the right key.
[50:04.350 --> 50:05.630]  Let's get up and going.
[50:05.630 --> 50:20.510]  So, um, I use that method recently where I plugged in the Dropbox and, um, as it was booting up on my phone, I had the, uh, the wireless network it was looking for.
[50:20.510 --> 50:27.970]  So it saw that network connected to it and then I SSH to it with the correct key.
[50:27.970 --> 50:31.150]  And I said, I don't need and continued with the boot process.
[50:31.310 --> 50:34.050]  And then I walk away with that phone and the network's gone.
[50:34.050 --> 50:43.030]  And so if someone wanted to bring that box down and bring it back up, they would need to, well, have the SSH key, know what wireless network it's looking for.
[50:43.190 --> 50:46.010]  Um, know the password, a whole bunch of stuff that's not going to happen.
[50:46.010 --> 50:48.230]  Um, so lots of options in there.
[50:48.310 --> 50:56.490]  You know, do we, um, as far as like networks or do you want to plug in like a, um, a YubiKey and hit that and get this thing up and running?
[50:56.830 --> 51:01.130]  Um, all before, all while all the important stuff is still encrypted .
[51:01.630 --> 51:04.010]  Uh, so that project's a lot of fun.
[51:04.070 --> 51:05.130]  Check that out.
[51:06.050 --> 51:07.290]  Um, yeah.
[51:09.530 --> 51:13.210]  This, uh , this kind of stuff still gets me to today.
[51:13.290 --> 51:21.270]  I'm, I'm, I, I try to be good at this, but, um, you do know what, you do not know what's going to happen when you get out in the field.
[51:22.050 --> 51:35.490]  Um, with that encrypted PI and all the hoops I jumped through, I was installing it on a, uh, an emergency telephone out in the parking garage.
[51:35.790 --> 51:36.530]  You've seen them.
[51:36.530 --> 51:37.850]  They've got blue lights on them.
[51:37.850 --> 51:38.310]  I'm like, help.
[51:38.310 --> 51:39.570]  I'm, I need, I need help.
[51:39.570 --> 51:40.390]  I'll press this button.
[51:40.690 --> 51:45.830]  And so I'd open one of those up and it's just network.
[51:45.990 --> 51:47.310]  Power over Ethernet.
[51:47.450 --> 51:48.970]  So I plugged into there.
[51:49.230 --> 51:52.250]  Like, wireless network, get this PI up and going.
[51:52.250 --> 51:53.570]  Everything's looking great.
[51:54.090 --> 51:55.370]  Putting it all back together.
[51:55.510 --> 52:00.290]  And I accidentally call security by pressing the button.
[52:00.410 --> 52:02.170]  Because the phone still works.
[52:02.350 --> 52:03.470]  And they're like, what's wrong?
[52:03.470 --> 52:04.090]  What do you need help with?
[52:04.090 --> 52:05.250]  And I'm like, oh, nothing.
[52:05.250 --> 52:07.290]  No, we're all, we're all, like I'm Han Solo or something.
[52:07.290 --> 52:08.570]  Like, we're all fine here.
[52:08.810 --> 52:09.390]  Yeah.
[52:09.390 --> 52:11.230]  No, this is a weapons malfunction.
[52:12.250 --> 52:12.810]  No.
[52:12.810 --> 52:16.150]  And they, like, this is, like, security was so fast.
[52:16.150 --> 52:17.970]  I'm like trying to screw this thing back together.
[52:17.970 --> 52:18.710]  No.
[52:18.710 --> 52:20.510]  Now they're popping out like, what's wrong?
[52:20.510 --> 52:23.810]  I'm like, it's just, you know, authorized testing.
[52:23.810 --> 52:24.830]  That's what's wrong.
[52:29.650 --> 52:31.510]  So we plan, we prepare.
[52:31.510 --> 52:32.790]  We make a whole bunch of decisions.
[52:32.790 --> 52:35.250]  We try to do the best job that we can.
[52:35.250 --> 52:36.690]  Things are still going to go wrong.
[52:36.690 --> 52:38.310]  That's, that's okay.
[52:40.930 --> 52:42.390]  Your box can do a lot of stuff.
[52:42.390 --> 52:48.210]  Maybe what kind of stuff do you want to be on the lookout for that is a bit more serious than you just screwed up this engagement?
[52:49.830 --> 52:53.050]  Can we stick a microphone in there and record some stuff?
[52:53.090 --> 52:53.670]  Yeah.
[52:53.670 --> 52:54.870]  Super easy.
[52:55.270 --> 52:56.970]  Is it legal?
[52:57.210 --> 52:59.790]  Oh, man, I am not a lawyer, but no.
[52:59.790 --> 53:01.070]  No, it is not.
[53:02.970 --> 53:04.090]  Wiretapping laws.
[53:04.090 --> 53:05.070]  They're pretty strict.
[53:05.070 --> 53:07.570]  They're pretty angrily enforced.
[53:07.570 --> 53:09.150]  There's good reasons for them.
[53:09.610 --> 53:16.330]  If you are, like, a lawyer and a hacker, and you're like, you're wrong, go for it, man.
[53:16.430 --> 53:19.310]  I look forward to hearing your story.
[53:20.530 --> 53:21.570]  Video recording.
[53:21.570 --> 53:26.570]  Oddly enough, video without audio, a lot of times, yeah, that's allowed .
[53:26.930 --> 53:31.290]  But people have and should have an expectation of privacy.
[53:31.290 --> 53:43.070]  And so if you're sticking this in, like, some place and, like, ah, here's video from inside the CEO's office and maybe you're seeing stuff that he really doesn't want you to see, folks aren't going to be happy about that.
[53:44.050 --> 53:45.550]  Certain types of attacks.
[53:48.110 --> 53:51.170]  Just knocking, like, everyone off of Wi-Fi.
[53:51.750 --> 53:59.710]  Because you're, like, there's a sensor, there's a camera that's connected on Wi-Fi and we don't want this camera to see us so we're just going to, you know, blast the hell out of it.
[53:59.710 --> 54:09.750]  Or there's an attack using this little crazy radio PA thing up there that it targets the dongles for your wireless mice and keyboards.
[54:09.910 --> 54:11.990]  It's kind of patched.
[54:12.110 --> 54:17.410]  We're all updating the software, firmware on our dongles on a regular basis, right?
[54:17.410 --> 54:21.090]  Everyone is going through and making sure that your little Logitech is, yeah.
[54:22.570 --> 54:29.190]  You can use that to just send keystrokes to anything.
[54:29.330 --> 54:30.230]  Is it your client?
[54:30.230 --> 54:31.070]  It might be.
[54:31.070 --> 54:32.050]  Let's give it a shot.
[54:33.170 --> 54:34.410]  Or maybe it's not.
[54:34.410 --> 54:35.930]  And, hey, welcome to crime.
[54:35.930 --> 54:39.830]  But what is your client doing at the time?
[54:39.830 --> 54:41.070]  You can't see.
[54:41.250 --> 54:45.650]  Maybe they're making a critical database update and you're, like, run this PowerShell!
[54:47.810 --> 55:05.530]  So when I test for that, I'm, like, let me demonstrate where I know exactly what's going on, what can happen, and then I'm going to tell you to update your dongles because we can do this from a football field away instead of just in this conference room.
[55:06.530 --> 55:12.170]  Finally, a lot of this, if you're a red team, a lot of times it's part of a physical thing.
[55:12.170 --> 55:16.930]  You're breaking into a building or walking into a building with a smile and kind eyes.
[55:22.630 --> 55:27.010]  Clients aren't necessarily great at knowing what they own.
[55:27.230 --> 55:28.070]  They're not great at knowing what they own .
[55:28.830 --> 55:30.430]  Sometimes it's networks.
[55:31.570 --> 55:36.510]  Sometimes it's literal physical locations, like, can you test our data center?
[55:36.610 --> 55:41.410]  I'm, like, you do not own ‑‑ Google, Microsoft and the NSA are in this data center.
[55:41.410 --> 55:45.870]  You can't just give me permission with a piece of paper telling me I can go in and test it.
[55:49.290 --> 55:52.630]  Even a lot of stuff ‑‑ a lot of places are shared tenants.
[55:52.630 --> 55:54.890]  Like, you have an office in this building.
[55:55.830 --> 55:59.150]  The building is probably not going to be looped into this test.
[55:59.150 --> 56:09.050]  You can enter the building because you have ‑‑ you're a legitimate, you know, consultant of the client and they're asking you to come and do stuff.
[56:09.170 --> 56:14.150]  But breaking into that building in the middle of the night, they may frown upon that.
[56:14.170 --> 56:18.830]  So understanding what you can do and what scope when you're trying to get these boxes in place.
[56:18.830 --> 56:23.810]  And I'm not advocating breaking the law.
[56:23.970 --> 56:28.210]  But don't break it on accident because you're doing something stupid.
[56:28.210 --> 56:34.090]  If you're going to break the law, put some thought and planning and be purposeful and do it well.
[56:34.090 --> 56:36.430]  I'm tired of all this lazy crime.
[56:37.750 --> 56:39.490]  Oh, we thought it was okay.
[56:39.490 --> 56:41.290]  Yeah, well, no.
[56:41.290 --> 56:43.550]  And you're, like, oh, I'll just run stuff past legal.
[56:43.550 --> 56:49.950]  Legal does not want to know about any of this.
[56:49.950 --> 56:53.410]  Like, I have this drop box, drop it then, man.
[56:53.630 --> 57:02.330]  I'm going to break into someone else's building and then another person's office in that building and then I'm going to stick this ‑‑ what?
[57:02.710 --> 57:03.670]  No!
[57:08.040 --> 57:08.620]  All right.
[57:08.620 --> 57:13.220]  Let's just recap because I talked a lot about crap.
[57:15.040 --> 57:16.560]  What are you looking to do?
[57:17.240 --> 57:22.260]  If you're looking to just have fun, want to build some stuff and see how it goes, awesome.
[57:23.180 --> 57:24.460]  How much can you afford?
[57:24.460 --> 57:32.220]  How much can your employer ‑‑ how much is your significant other going to support you being, like, ah, it's 3 o'clock, are you coming to bed?
[57:32.220 --> 57:34.460]  Like, ah, well, just fucking cron.
[57:38.540 --> 57:41.820]  And then you get to go ‑‑ like, the fun part, you go shopping, like, oh, this looks cool.
[57:41.820 --> 57:44.400]  Or, like, this is ‑‑ I've worked with this before and it's stable.
[57:44.400 --> 57:48.180]  Let's buy 12 of them because we need to support a big team.
[57:48.440 --> 57:50.180]  And get your stuff up and working.
[57:50.180 --> 57:52.140]  Get it tested.
[57:52.140 --> 58:03.160]  Get it reliable for your tolerance as a hacker of reliable and be able to defend yourself to other stupid hackers who are like, it doesn't work on my box.
[58:03.160 --> 58:04.760]  And you're like, welcome to the Internet.
[58:06.060 --> 58:09.120]  How much support, how much energy effort are you going to put in this?
[58:09.120 --> 58:11.040]  Are you going to write documentation for folks?
[58:11.320 --> 58:13.540]  Are you going to write a blog post and never update it?
[58:13.540 --> 58:16.320]  Are you going to, um, be supportive?
[58:16.320 --> 58:17.900]  Like, is this just going to be your job now?
[58:17.900 --> 58:19.480]  And they're going to be like, you don't get to test anymore.
[58:19.480 --> 58:21.620]  You just have to, like, send these boxes out.
[58:21.620 --> 58:22.280]  It's lame.
[58:22.680 --> 58:24.900]  Um, take the time to get things working.
[58:24.960 --> 58:26.380]  Stuff's going to break anyway.
[58:26.380 --> 58:27.560]  It's okay.
[58:28.000 --> 58:30.000]  Uh, you just got to roll with it.
[58:30.660 --> 58:35.960]  Um, when you go out, if you're going out for Red Team stuff, you're going to need to bring stuff.
[58:36.100 --> 58:44.260]  You're going to need ‑‑ that Zima board, if you want to connect a monitor to it, it uses mini display port.
[58:46.080 --> 58:54.320]  You don't want to go to Walgreens at 3 in the morning looking for a mini display port to HDMI adapter.
[58:56.200 --> 58:58.960]  Bring your dongles, bring backups and stuff.
[58:58.960 --> 59:03.300]  Like, I had a cable, I had an HDMI cable go bad.
[59:03.620 --> 59:08.380]  That was five hours of my goddamn life trying to figure out, like, why won't this monitor work?
[59:08.760 --> 59:09.320]  Yeah.
[59:10.320 --> 59:11.660]  Um, yeah.
[59:11.740 --> 59:13.140]  I've made a bunch of mistakes.
[59:13.180 --> 59:21.720]  Hopefully, if you came here and you're like, I don't really know much about this, but we'll see what happens, now you're like, oh, I'm definitely not doing this.
[59:21.720 --> 59:22.720]  This seems like a nightmare.
[59:22.720 --> 59:28.860]  But if you are still interested in doing it, now you see, like, these are dumb things to do.
[59:28.860 --> 59:29.860]  You don't need to do them.
[59:29.860 --> 59:32.020]  I've taken care of that for you.
[59:32.020 --> 59:35.900]  Other people out there, they'll write blog posts about how they did it right.
[59:35.940 --> 59:38.220]  I'll tell you how I screwed it up.
[59:38.220 --> 59:40.760]  Trust me, they screwed it up, too.
[59:40.940 --> 59:42.920]  They're just not sharing that part.
[59:43.220 --> 59:46.680]  So, at that point, my name is Johnny Christmas.
[59:48.780 --> 59:50.880]  Do not stare directly into the shirt.
[59:50.880 --> 59:53.080]  That's why he's wearing protective goggles.
[59:54.040 --> 59:56.220]  Thank you all for coming to my talk.
[59:56.560 --> 59:57.900]  There's the QR code.
[59:57.900 --> 01:00:03.620]  I've not updated this yet because of the reoccurring joke I keep making, but I'll put these slides up there now.
[01:00:03.620 --> 01:00:07.260]  It's got some old slides, and I'll update some of the links on there.
[01:00:07.540 --> 01:00:09.320]  Other stuff I'm looking at still going in the future.
[01:00:09.320 --> 01:00:12.960]  I want to build more custom enclosures, like Michael did, but stuff for me to hide.
[01:00:12.960 --> 01:00:14.220]  Does it look like a power brick?
[01:00:14.380 --> 01:00:20.300]  Can I just steal a VoIP phone from your office and, like, shove a Raspberry Pi up inside of that somehow?
[01:00:20.440 --> 01:00:26.900]  Or even, like, the big monitors you see, a lot of them have a slot for those CM Pis, and you just pop them in there.
[01:00:26.900 --> 01:00:28.180]  Like, what can we do with that?
[01:00:28.280 --> 01:00:29.440]  We should poke around with that.
[01:00:30.700 --> 01:00:33.580]  Trying out some more minimalist power over Ethernet.
[01:00:33.900 --> 01:00:37.080]  Figuring out, like, what powering cable, like, is there an outlet nearby?
[01:00:37.080 --> 01:00:38.540]  Can I power it off a USB?
[01:00:38.540 --> 01:00:40.180]  How much of a battery do I need to shove in this?
[01:00:40.280 --> 01:00:41.300]  It gets annoying.
[01:00:41.980 --> 01:00:43.800]  Wi-Fi only Dropboxes?
[01:00:44.680 --> 01:00:46.780]  Do I even need to plug this in?
[01:00:46.860 --> 01:00:56.780]  Can I have, like, Wi-Fi and cellular and be close enough and be able to, like, steal credentials frequently enough to maintain access to your network via Wi-Fi?
[01:00:57.820 --> 01:00:59.860]  That seems even more annoying to try to find.
[01:00:59.860 --> 01:01:03.100]  At least maybe you have some idea where a LAN jack is coming out.
[01:01:03.100 --> 01:01:04.600]  There's a finite number of that.
[01:01:04.600 --> 01:01:06.800]  This thing could be in a rock under a tree.
[01:01:06.800 --> 01:01:07.600]  Who knows?
[01:01:07.900 --> 01:01:12.240]  So, are there any questions that I feel like answering?
[01:01:14.220 --> 01:01:15.100]  No?
[01:01:20.080 --> 01:01:25.260]  Honestly, like, if I don't know the naming structure, I'll name them after printers.
[01:01:28.950 --> 01:01:29.590]  Sorry.
[01:01:29.590 --> 01:01:32.770]  The question was, what do I... they can't hear you.
[01:01:32.910 --> 01:01:35.290]  What host names do I give my stuff now?
[01:01:35.290 --> 01:01:35.530]  Yes.
[01:01:35.530 --> 01:01:38.350]  If you see a printer, that's probably me.
[01:01:39.490 --> 01:01:40.790]  A new printer.
[01:01:41.230 --> 01:01:42.470]  Sometimes, here's the thing.
[01:01:42.490 --> 01:01:49.210]  If I name it after a printer, I will also open up, like, printer ports on that system.
[01:01:49.210 --> 01:01:53.170]  So, if something comes along and says, like, oh, this is clearly a printer.
[01:01:55.210 --> 01:01:57.670]  All the effort level of hassle.
[01:01:57.670 --> 01:01:58.610]  Like, can you take it further?
[01:01:58.610 --> 01:02:01.590]  Can you actually run, like, printer services on those ports?
[01:02:01.730 --> 01:02:05.410]  Can we clone the website of the printer and have it running?
[01:02:05.410 --> 01:02:06.310]  Yeah, probably.
[01:02:06.310 --> 01:02:07.270]  Any other questions?
[01:02:07.530 --> 01:02:08.350]  Because my time is up.
[01:02:08.350 --> 01:02:10.150]  Somebody probably wants to definitely get up here.
[01:02:10.270 --> 01:02:10.570]  All right.
[01:02:10.570 --> 01:02:11.610]  Thank you very much.