Type of Submission
Poster
Keywords
Cyber, Network, Computer, Hacking, Leave-Behind, Device, Cybersecurity, Attack, Remote-Access, Technology
Proposal
Cyber-attacks are an ever-present threat to our modern, technologically dependent world. This looming shadow of a disaster waiting to happen has led companies to invest heavily into their software resiliency and network defenses. However, many companies, especially small ones, have forgotten the danger of an insider threat, or at least how an insider threat could be emulated. Anything on the inside of a network automatically has a higher level of trust because most companies’ defenses have only gone as far as to protect their perimeter and educate their employees. What if an outside attacker was able to gain physical access for just a brief time to the inside of a small business? Say, in a waiting room or consultation? RAVE stands for Remote Attack Vector Engine, and is a device designed to test this flaw. RAVE is a small Raspberry Pi 0, disguised as any common workplace device, that an attacker can plant in a business’s network to attack from the inside. By connecting RAVE to an internal ethernet port, a secure reverse OpenVPN connection is automatically created to a Middleman Server over common HTTPS traffic through port 443 and kept persistent. An operator is then able to connect into RAVE through the Middleman Server. The operator can then use tools installed on the device to launch network scans, perform brute force password attacks on network devices and services, take over more devices on the network, and steal data from the company. By using this device, penetration testers can help companies develop better security practices to keep their network safe from infiltration and exploitation.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
The RAVE Network Attack
Cyber-attacks are an ever-present threat to our modern, technologically dependent world. This looming shadow of a disaster waiting to happen has led companies to invest heavily into their software resiliency and network defenses. However, many companies, especially small ones, have forgotten the danger of an insider threat, or at least how an insider threat could be emulated. Anything on the inside of a network automatically has a higher level of trust because most companies’ defenses have only gone as far as to protect their perimeter and educate their employees. What if an outside attacker was able to gain physical access for just a brief time to the inside of a small business? Say, in a waiting room or consultation? RAVE stands for Remote Attack Vector Engine, and is a device designed to test this flaw. RAVE is a small Raspberry Pi 0, disguised as any common workplace device, that an attacker can plant in a business’s network to attack from the inside. By connecting RAVE to an internal ethernet port, a secure reverse OpenVPN connection is automatically created to a Middleman Server over common HTTPS traffic through port 443 and kept persistent. An operator is then able to connect into RAVE through the Middleman Server. The operator can then use tools installed on the device to launch network scans, perform brute force password attacks on network devices and services, take over more devices on the network, and steal data from the company. By using this device, penetration testers can help companies develop better security practices to keep their network safe from infiltration and exploitation.