The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
DURATION: 18 hours
CPE POINTS: On completion you get a certificate granting you 18 CPE points.
Hardware has become more and more popular in the security sector. Hardware devices are released in order to make our work easier, faster, and many times cheaper. For that reason in this course we examine how we can use Raspberry Pi and other security related hardware to perform attacks and pentest our clients, be able to defend ourselves from these attacks, and even use hardware to create defending processes and strategies.
Course benefits:
What skills will you gain?
- Hardware manipulation
- Raspberry Pi Installation and use as a penetration testing platform (Kali, Arch Linux, ParrotOS, DVWA)
- Raspberry Pi as a network security device (Firewall and IDS system installation with Arch Linux) for IoT
- Hardware manipulation for network and appliance security
- Penetration testing and security auditing using hardware
- HID attacks using Arduino and custom hardware
- WiFi Deauthing using NodeMCU
- Keylogger attacks with Arduino based devices
Example attacks that will be demonstrated:
- HID attacks
- payload run with Metasploit
- Password attacks
- Wifi Deauthing
- keylogger attacks
- Psychson
- BadUSB
What will you learn about?
- How Raspberry Pi can be useful to penetration testers
- What kinds of attacks can be performed with Raspberry Pi and other MCBs
- What open source software works well when setting up Raspberry Pi for security
- How to protect against hardware attacks done with Raspberry Pi
Example tools that will be used:
- Metasploit
- John the Ripper Jumbo
- NagiosPi
- NodeMCU
- Arch Linux Distro
- Snort
- NextCloud
- ParrotOS
- DVWA
Course general information:
Course format:
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- PC with a preferred operating system (Mac OSX 10.11+, Windows 7+, Linux)
- Raspberry Pi 2 or 3
- Arduino and Teensy hardware
Course prerequisites:
- Programming Basics
- Basic scripting language knowledge (Python, Javascript or bash scripting)
- Pseudocode knowledge in order to understand code snippets that you will be supplied with
- Linux Bash usage basics
About your instructor: Thomas Sermpinis
8 years of experience in the Security sector
2 years of experience with Blockchain technologies
Programming experience in Java, C++, Python, Solidity and Go
Editor of “Penetration Testing with Android Devices”, “Penetration Testing with Kali 2.0” courses of PenTest Magazine
Editor of “Web Application Hacking: Data Store attacks and Advanced SQL Injection”, “Android Malware Analysis” and “Bypassing WAF” courses on eForensics Magazine.
Editor on DeltaHacker Magazine
5 years of blogging on Security and Blockchain topics ( Cr0w’s Place )
Hacking and Android Enthusiast
COURSE SYLLABUS
Module 1: Pentesting with Raspberry Pi
Raspberry Pi is revolutionary hardware that gives us the capabilities of a complete system in the palm of our hands. This means that we can produce attacks and automate them, on the go, with ways that were never before even imagined. For that reason, in this module, we examine attacks that can be performed with Raspberry Pi in order to help us with our pentests and make our lives easier.
- Kali Linux (version 2018.3) on Raspberry Pi
- Automating attacks on Pi
- Attacks using only Raspberry
- HID attacks using Pi Zero
- Password attacks with John the Ripper Jumbo
- Automated HID attacks and payload run with Metasploit
- Standalone pentesting portable station with Raspberry Pi, eg. Kali, ParrotOS
- Network monitoring with Raspberry Pi and NagiosPi
- Automating attacks with Raspberry Pi
Exercises and practicals:
- Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
- Also, HID custom attacks and network monitoring attacks will be executed by students in a testing environment that will be alterations of our initial setups, and new attacks that extend the capabilities of the presented ones.
Module 2: Pentesting with Security Related Hardware
Many other hardware alternatives exist that can be exploited in order to extend their capabilities, and help us perform attacks and pentesting processes that most of the time are costly and difficult to execute.
- Pentesting with open source hardware
- Open source rubber ducky
- Wifi Deauthing with NodeMCU
- Pentesting with Teensy hardware
- Exploiting USB vulnerabilities for device alteration
- Psychson
- BadUSB
- Pentesting with Arduino devices
- HID attacks
- keylogger attacks
- Physical access hacking hardware and attacks
- Metasploit usage with hardware attacks
- Keyloggers and other intermediary hardware for sniffing.
Exercises and practicals:
- Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
- Also, some security auditing related exercises will be included, where students will be asked to perform module related attacks (Psychson attack, Teensy HID attack and penetration testing with Arduino and Teensy hardware) in a testing environment, or even extend these attacks.
Module 3: Defence and security using Raspberry Pi
Raspberry Pi can also be used in order to defend and secure our pentesting targets. Most networks come with complex installations that may result in vulnerable systems. In this module, we examine ways that we can implement inexpensive and easy security in our network using a Raspberry Pi.
- Network security using the Arch Linux Distro
- IoT security (cameras, smart assistants and others) on Pi connected devices using Pi firewalls on Arch Linux
- Intrusion detection system using SNORT
- Building a secure NextCloud with Web application firewall on Pi
Exercises and practicals:
- Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
- Also, some practical implementations of the material examined in this module will be executed by students, with defence techniques (custom firewall and IDS) in testing environments or in the students personal network.
Module 4: Defence and security from hardware related attacks
In previous modules, several attacks have been examined, which may result in several negative outcomes. In order to secure our network, our connected appliances and our PCs, we have to follow several strategies and practices that will save us from hardware attacks.
- Defence from USB attacks (Psychson, BadUSB, general HID based attacks)
- Defence from physical access attacks and keyloggers
- Defence from LAN attacking hardware (LAN turtle and other custom LAN sniffers)
- RF security and measures (RTL RF hacking hardware and HackRF)
- Defence strategies
Exercises and practicals:
- Exercises in this module will include knowledge-based exercises that will reinforce the theoretical background acquired by this module.
- Also, some practical examples will be examined, in order to test how to defend from USB, LAN sniffing and RF attacks, and strategies applied to security related hardware.
Final exam
The Final Exam will include knowledge-based exercises as well as security related auditing exercises for practical skill testing.
QUESTIONS?
If you have any questions, please contact our eLearning Manager at [email protected].
Course Reviews
No Reviews found for this course.