deral heiland deral heiland rapid7 com percent x
play

Deral Heiland deral_heiland@rapid7.com @Percent_x Praeda Praeda - PowerPoint PPT Presentation

Nov 01, 2023 •165 likes •290 views

Deral Heiland deral_heiland@rapid7.com @Percent_x Praeda Praeda (La)n for plunder, booty, spoils of war) Command line tool Current Praeda version (Wri6en in Perl)

  1. Deral Heiland deral_heiland@rapid7.com @Percent_x

  2. Praeda • Praeda ¡(La)n ¡for ¡ plunder, ¡booty, ¡spoils ¡of ¡war) ¡ • Command ¡line ¡tool ¡ • Current ¡Praeda ¡version ¡(Wri6en ¡in ¡Perl) ¡ • Embedded ¡device ¡informa)on ¡harves)ng ¡tool ¡ • Enumerate ¡100+ ¡devices/models ¡ • Mul)func)on ¡printers, ¡UPSs, ¡Modems, ¡IP ¡Cameras, ¡NAS, ¡ ¡ ¡

  3. Praeda Install Linux • git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Cpan ¡Perl ¡modules: ¡ • cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SSL Net::SNMP NetAddr::IP ¡

  4. Praeda Install Win7 • � Install ¡perl ¡ ¡ • h6p://www.ac)vestate.com ¡ • Git ¡= ¡Git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Zip ¡= ¡h6ps://github.com/percx/Praeda/archive/master.zip ¡ • Cpan ¡Perl ¡modules: ¡ • sudo cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SNMP NetAddr::IP • http://www.sisyphusion.tk/ppm/Net-SSLeay.ppd • Change ¡line ¡47 ¡in ¡praeda.pl ¡from ¡“ use Net::SSL; ¡to ¡ use Net::SSLeay;

  5. Praeda Install OSX • Git ¡clone ¡git://github.com/percx/Praeda.git ¡ • Cpan ¡Perl ¡modules: ¡ • sudo cpan -i LWP::Simple ¡LWP::UserAgent ¡HTML::TagParser ¡URI::Fetch ¡HTTP::Cookies ¡IO::Socket ¡ HTML::TableExtract ¡ Getopt::Std Net::SSL Net::SNMP NetAddr::IP • If ¡a\er ¡install ¡you ¡have ¡issue ¡with ¡Praeda.pl ¡not ¡running ¡saying ¡a ¡module ¡is ¡missing ¡most ¡likely ¡cause ¡is ¡ ¡ ▪ mul)ple ¡version ¡of ¡perl ¡installed ¡ ¡ ▪ path ¡order ¡is ¡messed ¡up ¡ ▪ Determine ¡version ¡that ¡is ¡being ¡used ¡and ¡install ¡all ¡modules ¡to ¡that ¡version ¡ ¡ – Sample “sudo perl5.16 -MCPAN -e 'install Net::SNMP’” ¡

  6. Praeda

  7. Praeda How it works: • Scan network for embedded systems • Fingerprint embedded systems • Run Praeda modules based on fingerprint • Gather data and log it

  8. Praeda • How we use it: • One of the first tools we run on an assessment • Use data harvested to gain foothold in environment • Success rate is pretty darn good. ▪ 40-50% in harvesting Valid active directory credentials

  9. Praeda • Demo • Functions • Examine output data

  10. Ques)on? ¡ Deral ¡Heiland ¡ ¡ Deral_heiland@rapid7.com ¡ Twi6er: ¡@Percent_X ¡ h6ps://github.com/MooseDojo/praedasploit ¡ h6ps://github.com/percx/Praeda ¡

  11. END OF THE WORLD AS WE KNOW IT

Recommend

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP Research Lead (IoT) Rapid7 IoT Research Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control

555 views • 27 slides
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Introduction Deral Heiland, CISSP, GWAPT: Senior Security Engineer at CDW, responsible for security assessments, penetration tests and consulting for

596 views • 58 slides
Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral

Simple Network Management Pwnd Information Data Leakage Attacks Against SNMP Introduction Deral Heiland Matthew Kienow deral_heiland@rapid7.com mkienow@inokii.com dh@layereddefense.com @HacksForProfit @Percent_X Why ? Add value ?

939 views • 66 slides
Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS

Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS

Plunder Pillage & Print THE ART OF LEVERAGING MULTIFUNCTION PRINTERS DURING PENETRATION TESTING Deral Heiland Pete Arzamendi deral_heiland@rapid7.com peter_arzamendi@rapid7.com @Percent_x @TheBokojan

750 views • 64 slides
Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland,

Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland,

Genetic and cardiovascular risk factors in relation to physical limitation Emerald G. Heiland, PhD candidate Aging Research Center, Karolinska Institutet, Stockholm, Sweden Emerald.heiland@ki.se CONFLICT OF INTEREST DISCLOSURE I have no

345 views • 23 slides
Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve

Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve

Curren ent E Even ents i in F n Feder deral al For orest M t Man anag agement Steve Brink California Forestry Association VP-Public Resources steveb@calforests.org 916-208-2425 What I Will Cover March 23, 2018 Omnibus Spending

165 views • 13 slides
Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our

Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our

Fe Federal deral Fi Fiscal scal Ye Year ar 20 2018: 18: A Webinar For Advocating For Our Funding Priorities June 28, 2017 Presenters Today Ashley hley Feasl sley, ey, Migra grati tion on Polic icy y Director rector, ,

574 views • 26 slides
FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY

FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY

FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR FEDERAL DERAL UNIVER IVERSIT SITY OF OF CEAR EAR Growth through joint excellence Universidade Federal do Cear Federal University of Cear Growth through joint excellence

442 views • 23 slides
Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the

Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the

SMENT ASSESSMEN E L INSTITUTE Stakeholder participation Stakeholder participation in in DERAL INSTITUT the context the conte xt of s of science cience-based based SK ASSES consumer consumer prot protection ection Leonie Dendler

590 views • 29 slides
Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr,

Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr,

Assessment of the Economic Value and Job Creation Impacts of Project Capital Investment Activity under the EB-5 Regional Center Program Federal deral Fiscal al Years rs 2014-15 15 Jeffrey B. Carr, President Robert A. Chase, Senior

162 views • 12 slides
Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil

Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil

Pri Princ ncipal Fe Fede deral Civil Civil Rig ights L s Laws Title VI of the Civil Rights Act of 1964 Section 504 of the Rehabilitation Act of 1973 Section 109 of the Housing and Community Development Act of 1974 Fair

1.07k views • 53 slides
A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City

A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City

A Presen entat ation ion to: Feder deral al Reser erve Bank nk of Kans nsas as City Recog ognizing nizing Risk in Global bal Agric icult lture re Curt Covington Senior Vice President / Senior Risk Manager July 20, 2011 Snapshot

638 views • 11 slides
Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi

Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi

Federal Ef deral Efforts t s to Adv Advance Data Sharing nce Data Sharing Christi Christi Dant, Dant, State Systems Coordinator, Division of Data and Improvement (DDI), ACF, OPRE Chris T Chris Traver, Senior Advisor and Interoperability

408 views • 9 slides
Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct

Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct

Direct loan Direct loan Information Information Feder deral Direct Student Loans l Direct Student Loans A sim A simple and fle le and flexible way to finance your e ible way to finance your education. ucation. Welcome! Welcome! Feder

590 views • 38 slides
P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce

P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce

P.R.I.M.E. .I.M.E. Finance nce Panel of Recognized International Market Experts in Finance nce New ew Germ rman an netting ting legis islation lation followi lowing ng Fede deral ral Court urt of Justice stice decision cision of 9

82 views • 7 slides
Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian

Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian

P Modules Processing Units Phase-locked Loop Simulation Studies Prospectives Chemical Analog Computers for Clock Frequency Control Based on P Modules Thomas Hinze Christian Bodenstein Benedict Schau Ines Heiland Stefan Schuster Friedrich

686 views • 52 slides
Sta tate te Leg egisl slati tive Up Update te: 2020 R 20 Review ew And W What Co

Sta tate te Leg egisl slati tive Up Update te: 2020 R 20 Review ew And W What Co

Fede Fe deral an and d Stat ate Legislative Updat pdate June 4, 4, 202 2020 Zoom oom Sta tate te Leg egisl slati tive Up Update te: 2020 R 20 Review ew And W What Co Comes N Nex ext 2020 2020 Le Legis gisla

280 views • 25 slides
Year-End Report 2017 2017 summary Adjusted NAV +16 percent, reported NAV +15 percent, TSR 13

Year-End Report 2017 2017 summary Adjusted NAV +16 percent, reported NAV +15 percent, TSR 13

Year-End Report 2017 2017 summary Adjusted NAV +16 percent, reported NAV +15 percent, TSR 13 percent, (SIXRX +9 percent) Listed Core Investments: 17 percent total return Patricia Industries: mixed performance, add-on acquisitions and

441 views • 25 slides
MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com Black Hat USA 2009 - July 30, 2009 Agenda MD5 on GPUs Dec 2008: rogue CA certificate on PS3 cluster MD5 birthday search Results &

516 views • 19 slides
MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com Agenda MD5 on GPUs Dec 2008: rogue CA certificate on PS3 cluster MD5 birthday search Results & performance MD5 on GPUs MD5 is

448 views • 18 slides
Milk, Whole milk vs. 2 percent Current recommendations from AAP and AHA Breastfeeding or

Milk, Whole milk vs. 2 percent Current recommendations from AAP and AHA Breastfeeding or

2/9/2017 Milk, Whole milk vs. 2 percent Current recommendations from AAP and AHA Breastfeeding or formula until 1 year of age Whole milk until 2 years of age Beginning at 2 transition to 2 percent milk Controversy and Issues in

196 views • 5 slides
Opportunity to Improve By 2020, more than 60 percent of Idaho jobs will require a career

Opportunity to Improve By 2020, more than 60 percent of Idaho jobs will require a career

Opportunity to Improve By 2020, more than 60 percent of Idaho jobs will require a career certificate or college degree. Roughly 90 percent of Treasure Valley students graduated from high school in 2009. It is estimated that fewer

308 views • 27 slides
Teachers getting shut out of housing In 40 percent of the 680 school districts that reported

Teachers getting shut out of housing In 40 percent of the 680 school districts that reported

Teachers getting shut out of housing In 40 percent of the 680 school districts that reported salary data, first-year teachers did not earn enough to rent a one-bedroom apartment Problem worst in the Bay Area In 90 percent of

323 views • 8 slides
You miss 100 You miss 100 percent of the percent of the shots you dont shots you

You miss 100 You miss 100 percent of the percent of the shots you dont shots you

You miss 100 You miss 100 percent of the percent of the shots you dont shots you dont take. take. Wayne Gretzky Wayne Gretzky 1 A Bias for Action A Bias for Action Steve Rivkin Senior Fellow, Health

285 views • 15 slides

More recommend