SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Building a cheap, robust, scaling, penetration testing/bug bounty super computer"

Difference between revisions of "Building a cheap, robust, scaling, penetration testing/bug bounty super computer"

From BruCON 2017

Jump to: navigation, search
(Created page with "Are you confronted with huge amounts of IP addresses you need to scan or penetration test against? Are you ready to go into bug bounty hunting on a large scale? Do you need to...")
 
m (Protected "Building a cheap, robust, scaling, penetration testing/bug bounty super computer" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
 
(No difference)

Latest revision as of 20:07, 5 July 2017

Are you confronted with huge amounts of IP addresses you need to scan or penetration test against? Are you ready to go into bug bounty hunting on a large scale? Do you need to do open source intelligence for hundreds of domains and users?

Then you need a scalable and robust system that is easy to build and maintain, easy to control and that can scale in seconds.

During this workshop we will build a system that can use physical computers, virtual machines, cloud based systems, mobile phones, mini computers (system on a chip such as the Raspberry PI) and even microcontrollers such as an Arduino. Basically, if it has a CPU or chip in it we can attach it as a worker.

This system will be robust; a defect part will not affect the system as a whole. It will be cheap by using some cloud solutions and cheap hardware. It will be versatile; we could program it to do whatever we want. All this in the space of under 4 hours.

Some of the tasks we will achieve in this workshop: generate rainbow tables on the fly and crack a password, create an open source intelligence report really fast, perform a penetration test on a big network comprised of different types of servers (SSH, DNS, web applications, web services ...), furthermore we will show how this system can be used to help you get started in bug bounties by doing things like DNS brute forcing