Defend your system against hardware-based security breaches by thinking like a hacker! With this guide, master the tools you need to develop preventative IT security tests and measures. Learn how to perform penetration tests step by step, and then evaluate and correct vulnerabilities. Get up to speed on awareness training methods and hacking tools for protecting your hardware. From USB killers and keyloggers to manipulated Wi-Fi connections and beyond, understand real-world attack scenarios andmost importantlyhow to prevent them!

In this book, you'll learn about:

a.Penetration Testing and Red Teaming

Where are the vulnerabilities in your infrastructure? How does an attacker see your environment, and what tools do they use? You'll discover that the best attack tools often look simple, yet still cause significant damage.

b. Security Awareness Training

The best virus scanners and firewalls are useless if your team doesn't take the necessary precautions. Learn how to conduct effective awareness training to educate your colleagues about the dangers posed by inconspicuous hardware.

c.Hacking Hardware

Rubber Ducky, USBKill, HackRF One, Flipper Zerosee common attack vectors and hacking hardware in action. Become a master at identifying threats, and get equipped with appropriate countermeasures.

Highlights include:

1)Hardware pentesting

2)Red teaming

3)Training security awareness

4)Spy gadgets

5)USB attacks

6)Wi-Fi manipulation

7)Spying on wired networks

8)Wireless connection disruption

9)RFID tag manipulation

10)Bluetooth tracking

11)Universal hacking hardware

Develop training mechanisms and testing procedures to reduce the risk of attacks via external devices

Autorentext
Tobias Scheible is a computer scientist and research associate at Albstadt-Sigmaringen University of Applied Sciences, where he works as a lecturer in the university certificate program at the Institute for Continuing Education and teaches part-time modules about network security, internet technologies, and IT forensics. His focus is on IT security hardware, web application security, web forensics, and user-centered teaching.

Inhalt

... Foreword ... 19

1 ... Introduction ... 21

1.1 ... The Audience for This Book ... 22

1.2 ... The Contents of This Book ... 22

1.3 ... The Structure of This Book ... 23

1.4 ... Note from the Author ... 26

1.5 ... Further Resources ... 27

PART I ... Performing IT Security Penetration Tests ... 29

2 ... IT Security Penetration Tests ... 31

2.1 ... Getting Started: What Are Pentests? ... 32

2.2 ... Characteristics of Penetration Tests ... 40

2.3 ... Procedure for Penetration Tests ... 44

2.4 ... Assessing Vulnerabilities ... 47

2.5 ... Eliminating Vulnerabilities ... 51

3 ... Red Teaming as a Method ... 53

3.1 ... Using Red Teaming Successfully ... 55

3.2 ... Procedure of Red Teaming ... 58

3.3 ... The Purple Team Variant ... 60

4 ... Test Scenarios in Practice ... 63

4.1 ... Scenario A: Testing a Wi-Fi Surveillance Camera ... 64

4.2 ... Scenario B: Examining RFID Access Cards for a Locking System ... 75

4.3 ... Scenario C: Checking the Network Connections of a Printer ... 83

4.4 ... Scenario D: Analyzing the Interfaces of a Client Computer ... 90

PART II ... Awareness Training with Pentest Hardware ... 101

5 ... Security Awareness Training ... 103

5.1 ... Social Engineering ... 104

5.2 ... Different Types of Training ... 105

5.3 ... Security Awareness Training Using Pentest Hardware ... 106

6 ... Successful Training Methods ... 111

6.1 ... Raising Interest ... 112

6.2 ... Promoting Motivation ... 114

6.3 ... Controlling Activation ... 115

6.4 ... Encouraging Interaction ... 117

7 ... Training Scenarios in Practice ... 121

7.1 ... Scenario A: Contaminated Workplace ... 121

7.2 ... Scenario B: Hardware Scavenger Hunt ... 124

7.3 ... Scenario C: USB Drives in Public Areas ... 127

PART III ... Hacking and Pentest Hardware Tools ... 135

8 ... Pentest Hardware ... 137

8.1 ... Overview of the Hardware ... 137

8.2 ... Sources of Supply ... 144

9 ... Secret Surveillance Using Spy Gadgets ... 147

9.1 ... Attack Scenario ... 148

9.2 ... Mini Recording Devices: Secret Audio Recordings ... 151

9.3 ... GSM Recording Device: Worldwide Audio Transmissions ... 153

9.4 ... Spy Cameras: Undetected Video Recordings ... 155

9.5 ... Mini Wi-Fi Cameras: Versatile Camera Modules ... 157

9.6 ... GPS Trackers: Secretly Tracking and Transmitting Positions ... 158

9.7 ... Countermeasures ... 160

9.8 ... Analyzing Devices Found ... 163

10 ... Recording Keystrokes and Monitoring Signals Using Loggers ... 165

10.1 ... Attack Scenario ... 166

10.2 ... Keyloggers: Inconspicuous Keyboard Monitoring ... 168

10.3 ... Screen Loggers: Secret Screen Monitoring ... 184

10.4 ... Countermeasures ... 196

10.5 ... Analyzing Devices Found ... 197

11 ... Attacks via the USB Interface ... 199

11.1 ... Attack Scenario ... 201

11.2 ... BadUSB Hardware ... 204

11.3 ... Control via Bluetooth or Wi-Fi ... 241

11.4 ... Simulating USB Devices ... 281

11.5 ... Destroying Computers Using USB Killers ... 297

11.6 ... Countermeasures ... 309

11.7 ... Analyzing Devices Found ... 312

12 ... Manipulating Wireless Connections ... 313

12.1 ... Attack Scenario ... 314

12.2 ... Frequencies and Antennas ... 316

12.3 ... Wireless Signal Cloners: Duplicating Wireless Connections ... 318

12.4 ... Nooelec NESDR SMArt: Analyzing Wireless Connections ... 319

12.5 ... LimeSDR Mini: Attacking Wireless Connections ... 326

12.6 ... YARD Stick One: Manipulating Wireless Signals ... 329

12.7 ... HackRF One: Easy Duplication of Wireless Communication ... 334

12.8 ... HackRF One PortaPack: Mobile Version ... 339

12.9 ... Jammers: Interrupting Wireless Connections ... 347

12.10 ... Countermeasures ... 348

12.11 ... Analyzing Devices Found ... 349

13 ... Duplicating and Manipulating RFID Tags ... 351

13.1 ... Attack Scenario ... 354

13.2 ... Detectors: Detecting RFID Readers and Tags ... 356

13.3 ... Cloners: Simply Copying RFID Tags ... 359

13.4 ... Keysy: A Universal RFID Key ... 366

13.5 ... ChameleonMini/Tiny: An RFID Multitool ... 368

13.6 ... Proxmark: Powerful RFID Hardware ... 373

13.7 ... iCopy-X: Another RFID Multitool ... 383

13.8 ... NFCKill: Destroying RFID/NFC Tags ... 386

13.9 ... Countermeasures ... 389

13.10 ... Analyzing Devices Found ... 389

14 ... Tracking and Manipulating Bluetooth Communication ... 391

14.1 ... Attack Scenario ... 392

14.2 ... Bluefruit LE Sniffer: Tracking Bluetooth Low Energy ... 394

14.3 ... BtleJack with BBC micro:bit for Tapping Bluetooth Low Energy Connections ... 397

14.4 ... Ubertooth One: Analyzing Bluetooth Connections ... 403

14.5 ... Countermeasures ... 408

14.6 ... Analyzing Devices Found ... 409

15 ... Manipulating and Interrupting Wi-Fi Connections ... 411

15.1 ... Attack Scenario ... 412

15.2 ... DSTIKE Deauther: Interrupting Wi-Fi Connections ... 414

15.3 ... Maltronics WiFi Deauther: Remote-Controlled Attacks ... 421

15.4 ... WiFi Pineapple: Fake Wi-Fi Networks ... 426

15.5 ... Countermeasures ... 444

15.6 ... Analyzing Devices Found ... 446

16 ... Tapping Wired LANs ... 447

16.1 ... Attack Scenario ... 448

16.2 ... Throwing Star LAN Tap: Simply Tapping Data ... 450

16.3 ... Plunder Bug: Exfiltrating Data with Style ... 454

16.4 ... Packet Squirrel Mark II: Capturing Network Traffic ... 458

16.5 ... Shark Ja…