SlideShare uma empresa Scribd logo

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

Transferir como PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

A technical overview of the dangers of BYOD in an enterprise

Tecnologia
1 de 20
Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
What are these devices?
Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
Let focus on iOS …
Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
Cydia
Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
What about Android?
PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
Can we be more creative?
Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
Demo
Open Discussion … Q & A
Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com

Recomendados

Social engineereing
Social engineereingSocial engineereing
Social engineereing
Sri Manakula Vinayagar Engineering College
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)
Marco Dal Pino
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
ProductNation/iSPIRT
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yours
David Busby, CISSP
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Michael Scheidell
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
AVG Technologies AU
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
Paul Fremantle
 

Recomendados

Social engineereing
Social engineereingSocial engineereing
Social engineereing
Sri Manakula Vinayagar Engineering College
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)
Marco Dal Pino
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
ProductNation/iSPIRT
 
Web application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yoursWeb application-security-and-why-you-should-review-yours
Web application-security-and-why-you-should-review-yours
David Busby, CISSP
 
Governance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile AppsGovernance and Security in Cloud and Mobile Apps
Governance and Security in Cloud and Mobile Apps
Michael Scheidell
 
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...
Michael Scheidell
 
Computing on the Move - Mobile Security
Computing on the Move - Mobile SecurityComputing on the Move - Mobile Security
Computing on the Move - Mobile Security
AVG Technologies AU
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
Paul Fremantle
 
Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
Marian Marinov
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
Mohammed Adam
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
IoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemIoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot system
Marco Dal Pino
 
Prakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber Warfare
PrakashPadariya1
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Internet of things
Internet of thingsInternet of things
Internet of things
Senthilkumar Murugesan
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
AI Frontiers
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
Christopher Frenz
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochure
Sherief Razzaque
 
Tech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveTech Blogs - Pakistani Prospective
Tech Blogs - Pakistani Prospective
Farhan Chawla
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
2B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 20142B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 2014
IKT-Norge
 
How Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the EnterpriseHow Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the Enterprise
satishgannu
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
Adrian Sanabria
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 

Mais conteúdo relacionado

Mais procurados

IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
WSO2
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
AI Frontiers
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 

Mais procurados (20)

Protecting your home and office in the era of IoT
Protecting your home and office in the era of IoTProtecting your home and office in the era of IoT
Protecting your home and office in the era of IoT
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
 
IoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot systemIoTSummit: Design and architect always disconnected iot system
IoTSummit: Design and architect always disconnected iot system
 
Prakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber WarfarePrakash Padariya - IoT Cyber Warfare
Prakash Padariya - IoT Cyber Warfare
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
 
Your Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoTYour Thing is Pwned - Security Challenges for the IoT
Your Thing is Pwned - Security Challenges for the IoT
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
 
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies Army
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochure
 
Tech Blogs - Pakistani Prospective
Tech Blogs - Pakistani ProspectiveTech Blogs - Pakistani Prospective
Tech Blogs - Pakistani Prospective
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
2B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 20142B Kjesbu Cold Technology Warm Hands EHiN 2014
2B Kjesbu Cold Technology Warm Hands EHiN 2014
 
How Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the EnterpriseHow Search is Accelerating the Growth of Video in the Enterprise
How Search is Accelerating the Growth of Video in the Enterprise
 

Semelhante a BYOD presentation Init 6 + ISSA PR Chapter joint meeting

Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
Adrian Sanabria
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
Yury Chemerkin
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT Patterns
WSO2
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Kinect kunkuk final_
Kinect kunkuk final_Kinect kunkuk final_
Kinect kunkuk final_
Yunkyu Choi
 

Semelhante a BYOD presentation Init 6 + ISSA PR Chapter joint meeting (20)

Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
How to Take an Enterprise Approach in a SMB World - Jeff Shuron, Sports Physi...
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
WSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in FinanceWSO2Con EU 2015: IoT in Finance
WSO2Con EU 2015: IoT in Finance
 
The Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoTThe Internet of Things and You - A Developers Guide to IoT
The Internet of Things and You - A Developers Guide to IoT
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Bulletproof IT Security
Bulletproof IT SecurityBulletproof IT Security
Bulletproof IT Security
 
Zero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
 
Securing your Cloud Environment
Securing your Cloud EnvironmentSecuring your Cloud Environment
Securing your Cloud Environment
 
Successful Industrial IoT Patterns
Successful Industrial IoT PatternsSuccessful Industrial IoT Patterns
Successful Industrial IoT Patterns
 
Soc analyst course content v3
Soc analyst course content v3Soc analyst course content v3
Soc analyst course content v3
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Privacy for tech startups
Privacy for tech startups Privacy for tech startups
Privacy for tech startups
 
Kinect kunkuk final_
Kinect kunkuk final_Kinect kunkuk final_
Kinect kunkuk final_
 

Mais de Jose L. Quiñones-Borrero

Mais de Jose L. Quiñones-Borrero (15)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 

Último

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

BYOD presentation Init 6 + ISSA PR Chapter joint meeting

  • 1. Obsidis Consortia, Inc. BYOD:Bring Your Own Darkside José L. Quiñones-Borrero, BS MCP, MCSA, MCT, CEH, CEI, GCIH, GPEN, RHCSA
  • 2. What is OC, Inc? • Obsidis Consortia, Inc. [OC, Inc.] is a non-profit organization that promotes security awareness in the community and supports professional development of security professionals, students and enthusiasts in Puerto Rico. • OC, Inc. has develop and is supporting initiatives like the Init6 Security User Group, Professional Training & Workshops, Network and Security Systems Simulation Scenarios (Capture the Flag), Security BSides Puerto Rico Conference and a Community Outreach Program.
  • 3. Why BYOD? • What's Mine Is Mine, What's Yours Is Mine, Too • Employees Happier, More Productive? • Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes
  • 4. Why NOT? • Little or no control over devices • Privacy issues about device’s content • No jurisdiction over devices
  • 5. What are these devices?
  • 6. Laptops • Live CD/USB – Live USB Creator – Unetbootin • Virtual Machines – VMware Player – VirtualBox • Full OS on Hardware – Kali/Backtrack – Pentoo – BackBox
  • 7. Smartphones and Tablets • Jailbreak iOS • Rooted Android • Ubuntu Touch (Phone)
  • 8. Others • Home Routers – Linksys WRT-54G – Alfa Network AP-121U – TP-Link WR703N • Custom Firmware – DD-RWT – OpenWrt w/Jasager – Totmato Router
  • 9. Let focus on iOS …
  • 10. Apple iOS AppStore Goodness • iNet • TIOD • IPScanner • zScan Pro • Whois • TCPinger • Net Utility • VNC viewer • RDP client • aSubnet • Python 2.7
  • 11. Cydia
  • 12. Jailbroken iOS • Tools – nmap, tcpdump, ettercap, aircrack- ng*, dns2tcp, netcat • Development – Python, Ruby, Perl, SQLite • OS – wget, curl, grep, sed, awk, inetutils, whois, locate • Deamons – dns, http, dhcp, ftp, vnc
  • 13. Installing Metasploit on iOS 1. Jailbrake your iOS devices 2. Install BigBoss Recomended Tools 3. ruby_1.9.2-p180-1-1_iphoneos-arm.deb 4. iconv_1.14-1_iphoneos-arm.deb 5. zlib_1.2.3-1_iphoneos-arm.deb 6. metasploitframework4.5.tgz
  • 15. PwnPad ($895.00) •Wireless ToolsAircrack-ng •Kismet •Wifite •Reaver •MDK3 •EAPeak •Asleap •FreeRADIUS-WPE •Hostapd Bluetooth Tools: •bluez-utils •btscanner •bluelog •Ubertooth tools •Web ToolsNikto •Wa3f •Network ToolsNET-SNMP •Nmap •Netcat •Hping3 •Macchanger •Tcpdump •Tshark •Ngrep •Dsniff •Ettercap-ng •SSLstrip •Hamster & Ferret •Metasploit 4 •SET •Easy-Creds •John (JTR) •Hydra •Pyrit •Scapy
  • 16. Can we be more creative?
  • 17. Red Teaming BYOD • Raspberry Pi ($35) – 700 Mhz A7, 512MB, HD, 2 USB 2.0, Ethernet – Huge development community – Debian and Red Hat based distros • CubieBoard ($80) – 1 Ghz A10, 1 GB, HD, 2 USB 2.0, Ethernet – Some community support – Ubuntu and Android • Odroid ($90) – 1.7 Quad A9, 2GB, HD, 2USB 2.0, Ethernet – No community yet(new platform) – Ubuntu and Android
  • 18. Demo
  • 20. Please visit us to keep in touch … www.ObsidisConsortia.org www.BSidesPR.org https://www.youtube.com/channel/UCtpOw0dKOIVJu7JZqHx4oQg https://plus.google.com/u/0/communities/102771209982001396923 https://facebook.com/obsidisconsortia https://twitter.com/BSidesPR Affiliates: www.TalktoanIT.com www.codefidelio.org www.darkoperator.com