SEARCH
TOOLBOX
LANGUAGES
Building a cheap, robust, scaling, penetration testing/bug bounty super computer

Building a cheap, robust, scaling, penetration testing/bug bounty super computer

From BruCON 2017

Revision as of 23:20, 1 July 2017 by Larry (talk | contribs) (Created page with "Are you confronted with huge amounts of IP addresses you need to scan or penetration test against? Are you ready to go into bug bounty hunting on a large scale? Do you need to...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Are you confronted with huge amounts of IP addresses you need to scan or penetration test against? Are you ready to go into bug bounty hunting on a large scale? Do you need to do open source intelligence for hundreds of domains and users?

Then you need a scalable and robust system that is easy to build and maintain, easy to control and that can scale in seconds.

During this workshop we will build a system that can use physical computers, virtual machines, cloud based systems, mobile phones, mini computers (system on a chip such as the Raspberry PI) and even microcontrollers such as an Arduino. Basically, if it has a CPU or chip in it we can attach it as a worker.

This system will be robust; a defect part will not affect the system as a whole. It will be cheap by using some cloud solutions and cheap hardware. It will be versatile; we could program it to do whatever we want. All this in the space of under 4 hours.

Some of the tasks we will achieve in this workshop: generate rainbow tables on the fly and crack a password, create an open source intelligence report really fast, perform a penetration test on a big network comprised of different types of servers (SSH, DNS, web applications, web services ...), furthermore we will show how this system can be used to help you get started in bug bounties by doing things like DNS brute forcing