Albert van Harten, What The Hack Aps Posted December 4, 2023 Share Posted December 4, 2023 Well, the title says it all 🙂 I've been asking ChatGPT, which suggested to build one myself using a Raspberry Pi - but I haven't got the courage yet to do so. Albert Denmark What The Hack ApS Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 5, 2023 Share Posted December 5, 2023 The Plunder Bug has no WiFi built in. It depends on the use case and what's desired, but using some alternative hardware would most likely not be that much of a challenge. Especially taking into account your profession and the type of company you run. You should have the knowledge needed. If speaking of Hak5 devices, it could probably be possible to use a slightly modded Packet Squirrel to achieve "Plunder Bug-like features" along with WiFi capabilities. Note that the Squirrel doesn't have WiFi out of the box but it's possible to add it. However, and as said, it all depends on the use case and it wouldn't be exactly like a Plunder Bug. Quote Link to comment Share on other sites More sharing options...
Albert van Harten, What The Hack Aps Posted December 5, 2023 Author Share Posted December 5, 2023 Thank you, Dark_pyrro. I am an ethical hacker, but I do not have the experience on every part of the branch, and surely not an experience of 20 years: 20 years ago, I was still a script kiddy who did not know anything about ethics and rules. Here in Denmark, most companies do not have the slightest idea of the term "documentation". You would not dream of how often I ask for an overview on the network outlets and people look at me as if they see water burning: Danish companies have no idea what is on their network. And that is why I often would like to show them, that unused network outlets, accessible for everyone, fully connected to their internal network, is a very bad idea. As it is now, I simply connect my Kali Linux or Parrot OS to the network, and show them how easily I can connect to the network. But then, many say: "We would see if someone connects his computer to the network" - which is correct. So I would like to be able, to connect a little network tapping to a unattended outlet, connect a power bank to the tapping device, and connect to the device using Wi-Fi, while sitting in the office of the CEO. That would open the eyes of any decision maker. Albert Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 5, 2023 Share Posted December 5, 2023 37 minutes ago, Albert van Harten, What The Hack Aps said: Danish companies have no idea what is on their network. I would dare to disagree with such a generalization. I'm pretty sure there are organizations in Denmark that has (at least some) kind of control. I can't imagine that 802.1X is totally absent in Denmark. Hamlet isn't always correct about every aspect of that country. 45 minutes ago, Albert van Harten, What The Hack Aps said: So I would like to be able, to connect a little network tapping to a unattended outlet, connect a power bank to the tapping device, and connect to the device using Wi-Fi, while sitting in the office of the CEO. What are you going to listen to? I assume they have switched networks and not hubs broadcasting traffic everywhere. What are you going to show the CEO? Packet captures? Â EU organizations will most likely get a bitter pill to swallow when the NIS2 directive becomes domestic law in the member states on the 17th of October 2024. If they haven't done their homework, the risk is that it will be costly if they get reported or caught not being compliant when being scrutinized. Instead of showing some "tech based arguments", I would start educating the organization (and with top management as a priority) to make it clear to them what could happen if they aren't compliant. That will then lead to technical actions needed, preferably based on some method/model like ISO27000, NIST Framework, and/or CIS Controls. Quote Link to comment Share on other sites More sharing options...
Albert van Harten, What The Hack Aps Posted December 5, 2023 Author Share Posted December 5, 2023 Sure, Hamlet isn't always right. However, I've been living in Denmark in the past 20 years and I see what I see 🙂 But's not discuss that. I am going to show them, that they have to disconnect unused ports. Simply because of very low practical security problems: Low risk: I can print on their printers (recently, I logged on to the guest network of a public library. They are having a printer which can be used by citizens, when they pay a little amount using a service called Princh. However, I could see the IP address of the printer, and add it to my printers list, if I would. Medium risk: I could access non-patched, non-secure IoT-devices, if I would High risk: I could access NAS and computers on the network, and plant malware into the machines. Many computers are running with Windows 7 - anno 2023! I totally agree that the approach is to educate the organization. But unless I show them what is possible, they won't listen. The average teacher tells The good teacher demonstrates The extraordinary teacher inspires I am beyond the "average teacher" phase, but inspiring is not what the target group is looking for at this moment. IT Security is really a very unknown thing. Yesterday, I got an e-mail from an organization. I had a bad feeling, half a year ago, about their IT-security, and told them. They said: "We are managing it". Then I got an email two weeks ago: "Somehow, personal sensitive information has been shared with a partner, without consent of the involved citizens". I asked again: "Do you need someone who can tell the personnel as well as the top management team, how hackers work, what can be done, how to recognize them and how to act if they strike?" The email I got yesterday stated: "No thank you. We are managing it". Until they get hacked for real. If you would, you could find some spicy stuff about the ongoing hack of the Danish realtor-chain EDC: They make mistake on mistake, and no-body is doing something. The personnel does not know anything! Danes thinks that IT-problems only exist under the hood, and that nobody is having any responsibility, except their own IT-companies. Ethical hackers do not exist in Denmark. Believe me, it's true! Try to find any jobs in IT-security in Denmark ... They're hard to find. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 5, 2023 Share Posted December 5, 2023 Well, I found hundreds of security related jobs listed on trustworthy sources with a simple search so I have to disagree on that point as well. If they violate GDPR, then just report them to Datatilsynet. Quote Link to comment Share on other sites More sharing options...
Albert van Harten, What The Hack Aps Posted December 5, 2023 Author Share Posted December 5, 2023 Sure - huge concerns owned by companies in other countries - they know. Yes, I know Datatilsynet 🙂 Quote Link to comment Share on other sites More sharing options...
Albert van Harten, What The Hack Aps Posted December 5, 2023 Author Share Posted December 5, 2023 I also know the Danish snatching mentality. In my opinion, not the way to go. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.