Type of Submission

Poster

Keywords

Cyber, Network, Computer, Hacking, Leave-Behind, Device, Cybersecurity, Attack, Remote-Access, Technology

Proposal

Cyber-attacks are an ever-present threat to our modern, technologically dependent world. This looming shadow of a disaster waiting to happen has led companies to invest heavily into their software resiliency and network defenses. However, many companies, especially small ones, have forgotten the danger of an insider threat, or at least how an insider threat could be emulated. Anything on the inside of a network automatically has a higher level of trust because most companies’ defenses have only gone as far as to protect their perimeter and educate their employees. What if an outside attacker was able to gain physical access for just a brief time to the inside of a small business? Say, in a waiting room or consultation? RAVE stands for Remote Attack Vector Engine, and is a device designed to test this flaw. RAVE is a small Raspberry Pi 0, disguised as any common workplace device, that an attacker can plant in a business’s network to attack from the inside. By connecting RAVE to an internal ethernet port, a secure reverse OpenVPN connection is automatically created to a Middleman Server over common HTTPS traffic through port 443 and kept persistent. An operator is then able to connect into RAVE through the Middleman Server. The operator can then use tools installed on the device to launch network scans, perform brute force password attacks on network devices and services, take over more devices on the network, and steal data from the company. By using this device, penetration testers can help companies develop better security practices to keep their network safe from infiltration and exploitation.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.

RAVE Poster.pptx (2435 kB)
Submission Poster

Share

COinS
 

The RAVE Network Attack

Cyber-attacks are an ever-present threat to our modern, technologically dependent world. This looming shadow of a disaster waiting to happen has led companies to invest heavily into their software resiliency and network defenses. However, many companies, especially small ones, have forgotten the danger of an insider threat, or at least how an insider threat could be emulated. Anything on the inside of a network automatically has a higher level of trust because most companies’ defenses have only gone as far as to protect their perimeter and educate their employees. What if an outside attacker was able to gain physical access for just a brief time to the inside of a small business? Say, in a waiting room or consultation? RAVE stands for Remote Attack Vector Engine, and is a device designed to test this flaw. RAVE is a small Raspberry Pi 0, disguised as any common workplace device, that an attacker can plant in a business’s network to attack from the inside. By connecting RAVE to an internal ethernet port, a secure reverse OpenVPN connection is automatically created to a Middleman Server over common HTTPS traffic through port 443 and kept persistent. An operator is then able to connect into RAVE through the Middleman Server. The operator can then use tools installed on the device to launch network scans, perform brute force password attacks on network devices and services, take over more devices on the network, and steal data from the company. By using this device, penetration testers can help companies develop better security practices to keep their network safe from infiltration and exploitation.

 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.