Follow on Google News News By Tag * Plugbot * TakeDownCon * Pen-test Tool * Jeremiah Talamantes * Penetration Testing * It Security * Ec-council * nMap * Metasploit * More Tags... Industry News News By Location Country(s) Industry News
Follow on Google News | Researcher to Release "PlugBot" Pen-Test Tool at TakeDownCon Dallas in MaySecurity researcher Jeremiah Talamantes will release a new penetration testing tool called "PlugBot" at this year’s TakeDownCon Dallas, a new IT security conference designed by the EC-Council.
By: EC-Council Security researcher Jeremiah Talamantes will release a new penetration testing tool called "PlugBot" at this year’s TakeDownCon Dallas, a new IT security conference designed by the EC-Council. PlugBot is an ultra compact penetration testing hardware device, designed to evade anti-virus and firewall detection, significantly reduce face-to-face social engineering interaction, and provide an onboard set of tools to allow an ethical hacker (penetration tester) to covertly infiltrate and dynamically hack the target from the inside out. "I am excited to unveil this new tool at TakeDownCon Dallas," said Talamantes. "As an ethical hacker for many years, I set out to create a tool that would enable us to widen our window of opportunity while reducing the chance of being discovered and still have the luxury of hacking the target dynamically. I honestly wanted to make it as easy as … walk in, plug in, and walk out." "PlugBot will be an interesting new tool for the pen-test community and TakeDownCon Dallas attendees will be the first to see it, " said Leonard Chin, Conference Director for TakeDownCon, and EC-Council Director of Global Marketing. "Jeremiah is a respected researcher and security practitioner and we’re pleased he chose TakeDownCon as the place to debut this new tool. " PlugBot was designed to facilitate penetration testing in many ways, such as: • Reducing the need face-to-face social engineering, which may lead to compromise • Allowing the dynamic use of other popular tools, such as nmap and Metasploit • Remotely installing custom Perl and Python scripts on the fly • Traversing strict egress firewall rules and filters • Incorporating remote kill switch and IDS evasion capabilities • Providing the ability to hack over multiple interfaces, including Ethernet, Bluetooth, and Wi-Fi • Saving of tool output locally or via a web interface • Viewing of statistics and logs for bot health and diagnostic purposes In addition, PlugBot challenges: • Physical Security o Personnel access to conference rooms o Wi-Fi range o Bluetooth usage o Rogue device detection and sweeps • Technical Security o Port configuration in conference rooms o Wi-Fi security settings o Bluejacking and Bluesnarfing o Rogue AP detection By using this pluggable device, penetration testers can gain access to the target location (e.g., a conference room), plug the PlugBot into the nearest wall outlet, and walk out. The PlugBot is configured to make an external connection (e.g., Wi-Fi or Ethernet) to a specified IP address in order to receive instructions. The Central Command allows the penetration tester to invoke scripts and applications. Output, as a result of testing, is encrypted and securely transmitted to the Drop Zone where the penetration tester imports data into the Central Command for analysis. PlugBot is driven by a 1.2GHz processor, with 512MB of RAM, drawing just under 5 watts of power. It offers a suite of hardware and software features, including Debian, Perl, PHP, Gigabit Ethernet, Bluetooth, and 802.11b Wi-Fi, as well as a MicroSD socket for expandability of disk space – all in a small form factor for increased stealth and portability. TakeDownCon Dallas, held at the InterContinental Dallas from May 14 - 19, is sponsored by Application Security, Element K, SAINT Corporation, and Damballa Inc, among others. It is supported by InfraGard’s North Texas Chapter and NAISG’s Dallas Chapter. The conference also enjoys the support of (ISC)2 as lead global education partner. For more information, including a complete program, presentation synopses, and registration details, go to: http://www.takedowncon.com Website: http://www.theplugbot.com ABOUT JEREMIAH TALAMANTES Jeremiah Talamantes, CISSP, CEH, is a 13-year veteran of the information security industry, currently serving as Managing Partner and Security Researcher for RedTeam Security Corporation, based in Minneapolis, MN, where he also leads RedTeam Labs. His research – most notably in advanced penetration testing and application security – has led to the discovery of numerous 0-day exploits. An ISSA chapter board member, he writes collegiate level curricula, as well as writes and presents regularly on topics ranging from war driving, to live hacking demonstrations, to network boot camps, to enterprise 802.1x deployments. In addition to being the founder of the PlugBot project, Jeremiah is the technical editor for "When Botnets Attack," an upcoming security book from Syngress Publishing. ABOUT TAKEDOWNCON TakeDownCon is a new technical IT security conference series that provides advanced, highly technical research, presentations, and training to accomplished information security professionals. Developed by EC-Council, it debuts in 2011 with two conferences in Dallas and Las Vegas. TakeDownCon focuses on technical research in cutting-edge exploits and vulnerabilities and also provides EC-Council certification training, including the renowned Certified Ethical Hacker (CEH) program (a recently accepted certification of DOD Directive 8570.01M Change 2). Website: http://www.takedowncon.com. ABOUT EC-COUNCIL The International Council of E-Commerce Consultants (EC-Council) Contact Information Leonard Chin Director of Marketing, Conferences & Events leonard@eccouncil.org # # # iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). End
|
| ||||||||||||||||||||||||||||||||||||||||||||
