Tuesday, December 3, 2013

Part 1: Complete!

    This project has been a long process.  Starting from a point of having one Raspberry Pi running a version of Raspbian that was publicly available, to having a fully customised, fully functional operating system, this project has been challenging.  There were many lessons to be learned along the way, first of which is what hardware to be using.  Although this project was intended to be run on a Raspberry Pi, it could not be done on the rev. 1 Raspberry Pi.  The project is functional on a rev. 2 Raspberry Pi, but I will be exploring further options, including new hardware such as the CubieBoard or Beagle Bone.  The alternate hardware options can provide more power at a slightly higher price, but not a price that will make it cost-prohibitive.  There is still further work to be done before this is ready for even an Alpha release, although it is fully functional.


     To get this project to be ready for Alpha release, it will be continued into the coming months.  With a fully functional project, the work will now focus on the user experience and adding some extra functionality.  Some additional tools will be added to allow for more data to be extracted from the network, making the user experience better.  Ideally, all the scripts will be ported to Python to allow any user to take just the scripts they find useful in whatever environment they would like.  There will also be testing for new hardware and configuration.  There will be attempts to better hide the device on a network to allow it to be more functional for longer, without ever being picked up by the network administrators.

     Finally, the most important part of the project will be done last.  As I am a Computer Forensics student, the overall goal is to not only have a product, but also be able to tell when it is being used against you on your own network.  There is already a plan in motion to allow for a team to be put in place to test this very thoroughly and determine the best countermeasures, as well as locate all footprints on the network.  In the end, the goal will be to have the best functioning product, such that it is hard to detect and very productive, however, there will be written documentation on how to detect the device if there is any fear of it being used against your network.
    Thank you to everyone who has been following, and please continue to follow this project, as there is more to come, including a paper, functional scripts, and an operating system image that will be ready to be used immediately upon installation.

Wednesday, October 23, 2013

The hard part is (almost) done!

The good news is, after I cooked a Pi, I was able to get a new one overnighted, and began work on that.  The changes that took place in the interim were small, yet drastic.  I moved the vulnerability scanner over to a virtual machine, no longer on the Pi, and I switched from OpenVAS to Nessus for the sake of simplicity.  Once the new Pi came in, everything began working very well.  The upgrade to 512mb of RAM seems to helping substantially.

All of my scripts are written, and all seem functional at least on some level.  There is still some fine-tuning left to go, but the hard work is mostly behind me, thanks to a 24 hour over 3 day scripting session.  I am still planning on adding in SSLStrip, and possibly encryption on the SD card.  Encrypting the SD card will make the device painfully slow, but it will also make it almost completely untouchable from the forensic point of view.  Ironically, the only non-functional script is my menu that calls my other scripts, I'm still in the process of troubleshooting that one.  Finally, I am planning to add in a program that was suggested by the guys at PWNie Express, zram.  Zram apparently effectively triples your RAM through some intense, high speed usage of swap space.

My final paper has been started, and will be worked on throughout the next few weeks, as I have a rough draft due in about two weeks.  From here on out, it should be just some smooth sailing and some basic script work until this project will be completed, and likely completely available on github.

Thanks
-DJ

Monday, October 7, 2013

I Cooked a Pi

     As you may know from my previous post, I am attempting to build a Raspberry Pi into a network attack and network monitoring box.  This project has been going on for a few weeks, with it's fair share of minor issues, as would be expected.  However, I recently ran into a fairly large problem that I had not anticipated.  It seems that I have nearly killed a Raspberry Pi.  The system is no longer at a functional level of RAM available, which seems to be due to the amount of work I had been attempting to do on this machine, which is made to be very basic.

     With that being said, I have ordered (and overnighted) another Pi, this one is one of the new models with 512mb of RAM.  Although that still is not a large amount, it is double what I had been working with.  This Pi will not be overclocked, at least not initially.  If I begin running into the same issues I had been, which revolve around running OpenVAS and Metasploit at the same time, I do have a backup plan which should allow that to function if need be.

     Thank you for continuing to read this blog, and I'll be sure to keep you updated on how the new Pi is handling the pressure.
-DJ

Monday, September 9, 2013

An Introduction to A Pi on the Network


     The Raspberry Pi is a credit card sized computer that costs only $35.  That alone makes it an amazing base for computer projects, as the price point is right and with the power available through Linux, it can do amazing things.  I am DJ Palombo, a senior at Champlain College in the Computer and Digital Forensics major, with a specialization in Information Assurance.  I have been talking about using Raspberry Pi for some interesting purposes since they were released (http://bit.ly/Sjit4O) and will continue to work with the Pi.  I have a new project in the works that will push me beyond my current skill set into learning new and interesting things. 

     My newest project will be to take a Raspberry Pi (which may be referred to as RasPi throughout the blog) and create a network monitor box with some scripted attacks possible.  The goal is to be able to see how the small, cheap, low powered computer can capture network data in line with a computer, and also listen on the entire network, attack the network if it is told to (for experimental reasons only, of course), and do all of this in a quiet and clandestine manner. 

     The hope for this project would be to provide a low cost solution for anyone looking to monitor network traffic and have some fun on the network.  I will be posting periodic updates on the project, and if you have any questions, comments, or suggestions please let me know via the comments, and I will do my best to address them.  Thanks for reading, and I look forward to having more for you.

Thanks,

-DJ Palombo