WIRELESS VILLAGE - Little Fluffy Pineapple Clouds

Video thumbnail (Frame 0) Video thumbnail (Frame 1697) Video thumbnail (Frame 3675) Video thumbnail (Frame 4924) Video thumbnail (Frame 6673) Video thumbnail (Frame 11133) Video thumbnail (Frame 12299) Video thumbnail (Frame 13740) Video thumbnail (Frame 16828) Video thumbnail (Frame 24383) Video thumbnail (Frame 31308) Video thumbnail (Frame 39520) Video thumbnail (Frame 40807) Video thumbnail (Frame 41875) Video thumbnail (Frame 43090) Video thumbnail (Frame 44305) Video thumbnail (Frame 50497) Video thumbnail (Frame 58050) Video thumbnail (Frame 65949) Video thumbnail (Frame 70867) Video thumbnail (Frame 71955) Video thumbnail (Frame 73171) Video thumbnail (Frame 77880)
Video in TIB AV-Portal: WIRELESS VILLAGE - Little Fluffy Pineapple Clouds

Formal Metadata

Title
WIRELESS VILLAGE - Little Fluffy Pineapple Clouds
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Abstract
What happens when a Pineapple, a Turtle and a Squirrel get high...up in the clouds? It's been a solid year for Hak5 and we're excited to debut some epic new features! Like a centralized web consoles for all your networked Hak5 Gear, WiFi Pineapple WPA Enterprise harvesting, credential capturing and pass-through, or LIVE reconnaissance and more! Join Sebastian Kinne and Darren Kitchen of famed pentesting tools for a peek into what's right around the corner.
Hacker (term) Real number Interface (computing) Statement (computer science) Endliche Modelltheorie Metropolitan area network Product (business)
Point (geometry) Computer cluster Software developer Statement (computer science) Online help Hacker (term) Turtle graphics
Building Roundness (object)
Trail Group action Computer file State of matter 1 (number) Event horizon Product (business) Number Spherical cap Hypermedia Extension (kinesiology) Internationalization and localization Fingerprint Scripting language Area Default (computer science) Shift operator Key (cryptography) Cross-platform Keyboard shortcut Planning Proof theory Process (computing) Repository (publishing) Cube Configuration space Right angle Window Reading (process) Asynchronous Transfer Mode Computer worm
Type theory Functional (mathematics) Bit rate Personal digital assistant Multiplication sign Plastikkarte Musical ensemble Turtle graphics Firmware Software protection dongle Software bug
Android (robot) Code Multiplication sign Mathematics Core dump Scripting language Injektivität Feedback Data storage device Hecke operator Instance (computer science) Complete metric space Type theory Data management Website MiniDisc Right angle Figurate number Resultant Asynchronous Transfer Mode Point (geometry) Trail Server (computing) Game controller Functional (mathematics) Link (knot theory) Computer file Flash memory Similarity (geometry) Mass 2 (number) Revision control Goodness of fit Hacker (term) Computer hardware Software testing Macro (computer science) Address space Computer architecture Netbook Dependent and independent variables Inheritance (object-oriented programming) Demo (music) Information Projective plane Planning Software Video game Local ring
Point (geometry) Implementation Matter wave Multiplication sign Direction (geometry) Sheaf (mathematics) Set (mathematics) Similarity (geometry) Barrelled space Water vapor Black box Public key certificate Cloning Cuboid Metropolitan area network God Domain name Enterprise architecture Multiplication Data recovery Lattice (order) Exploit (computer security) Type theory Word Process (computing) Software Password Right angle
Code View (database) Multiplication sign Source code Set (mathematics) Solid geometry Client (computing) Turtle graphics Mereology Medical imaging Casting (performing arts) Different (Kate Ryan album) Videoconferencing Endliche Modelltheorie Information security Enterprise architecture Closed set Moment (mathematics) Drop (liquid) Bit Determinism Knot Connected space Message passing Order (biology) Right angle Firmware Point (geometry) Ocean current Laptop Trail Server (computing) Motion capture Drop (liquid) Machine vision 2 (number) Power (physics) Average Ideal (ethics) Authorization Metropolitan area network Fingerprint Graphics processing unit Addition Demo (music) Word Software Point cloud Speech synthesis Table (information)
Cuboid Digital object identifier
Type theory
Interface (computing) Website Software testing Client (computing)
Point (geometry) Code 1 (number) Product (business) Revision control Direct numerical simulation Malware Mechanism design Software framework Endliche Modelltheorie Extension (kinesiology) Absolute value Demo (music) Information Military base Software developer Interface (computing) Feedback Projective plane Plastikkarte Cloud computing Line (geometry) Event horizon Software Personal digital assistant Point cloud Right angle Cycle (graph theory) Quicksort Remote procedure call Communications protocol Computer worm
Multiplication sign Mehrplatzsystem Turtle graphics IP address Food energy Data transmission Mathematics Computer cluster Different (Kate Ryan album) Single-precision floating-point format Software framework Office suite Area Web portal Feedback Instance (computer science) Connected space Proof theory Process (computing) Website Right angle Lipschitz-Stetigkeit Row (database) Web page Point (geometry) Ocean current Server (computing) Functional (mathematics) Vapor barrier Mögliche-Welten-Semantik Similarity (geometry) Product (business) Power (physics) Revision control Latent heat Causality Profil (magazine) Internetworking Hacker (term) Computer hardware Software testing Lie group Proxy server Address space User interface Addition Default (computer science) Multiplication Database Line (geometry) Vector graphics Software Doubling the cube Personal digital assistant Point cloud Communications protocol Local ring
Laptop Point (geometry) Functional (mathematics) Group action Computer file Multiplication sign Set (mathematics) Client (computing) Mereology Turtle graphics Dressing (medical) Optical disc drive Network socket Videoconferencing Software framework User interface Default (computer science) Standard deviation Focus (optics) Feedback Moment (mathematics) Planning Independence (probability theory) Uniform resource locator Process (computing) Software Website Configuration space Right angle Game theory Remote procedure call Quicksort Computer forensics Computer worm Asynchronous Transfer Mode
State of matter Point cloud Client (computing) Function (mathematics) Connected space
Area Server (computing) Information Virtual machine Shared memory Sampling (statistics) Control flow Database Bit Line (geometry) Proper map Event horizon Computer programming Product (business) Formal language Revision control Web 2.0 Direct numerical simulation Self-organization Point cloud Right angle Window
Medical imaging Natural number Multiplication sign Planning Database Stack (abstract data type) Computer font Food energy Asynchronous Transfer Mode Product (business)
i'm there and kitchen and this is my best man at my wedding said canada on. yeah really. i. michael i got to say yes now. don't ask me what was more important she in the room. they were good. again i'm subsidies to get it. were the guys from the wife i thank you and. you know we typically start is with our mission statement which is quite simply to make it to the tank kind of the model of our products this year we decided actually well you know ok that might be kind of unofficially armada we have many an official matos like make it too easy even an f.b.i. agent can use it. i love you guys are. clichy binti interface does make it quite simple but we actually have a real mission statement this year and i'm proud to say that this is it that we are inspired to elevate the into a second history by educating engaging and encouraging and all inclusive community one were all hackers belong and i'm really proud of that.
but we didn't just upgrade our mission statement this year we actually.
yet we actually upgraded the team so if you guys want to come on stage may be somewhat so it's it's well will get their come on you bring your bags you're fine.
or bring a high high. now. the sole i've been doing the development for a few years now i'm at some point i said i really need help so a. no i was going to help i really was and i wrote some bash scraps. and how that turned out i'm really sorry about the land turtle yeah all make said fix it. no no. you know you to fix it.
so i'd like to announce or introduce the new hack five gear team foxtrot couch fail and as our couch fault and corden.
catch fault but his name after struggling with many a second fault and ended up that way passing out while the building yet these guys have worked tirelessly for the last i don't even know how long but i know for the last week it's been till something am every day and i just want to hear are huge. his round of applause for this team because i've done some incredible work that we're all about to enjoy. i use will say something.
i don't really. it is that he's british am very very much so that. you do about it. well as well as a thank you first of all hues that he is said and dairy and i hear my job and so much of i know today and everyone death was my first afghan it's been really a wild experience and especially thoughtlessly i just could not be more happy to be here and surrounded by the key that i am. and doing what i'm doing so thank everyone. he's just excited he gets a stand here doesn't have to work right now so now. we're going to need a bigger cube groups are ok. right so this has been a very big year for hack five we've got a lot of had five year updates we're going to breeze through some of these until we get to the main event let's start without my favorite illustration of the air that happens also be a product the basque money.
yet so was a we launched out of last year from and yet we lose track of these things so let us know for wrong about her own products please. so what we've done a couple of things in the past year or so the first thing is like it was already aging proof and we kind of that the last well done and you needed to be able to copy and paste a file from get hob which is hard right so we reduced to get home park and just got it down to the copy and paste so now you copy and paste don't yet see aura. have been to your you know bash money any dot slasher and where you double click it the media for windows users and you don't know that's not stop so the cross platform update or windows back clinics allows you to grab all of the latest from where updates for the basque money as well as all of the payloads from that you have repository and to store them on the device. so that you don't have to go searching for them it's just one of those little niceties that kind of refined these products and it's the idea of like the future of kind of where we're heading for that kind of seems like oh here's all the stuff don't have to think we've also added a bunch of things not like extend the default behavior so we have a thing called like extensions for the body scripts one of which is. it's like the obvious why we chose the u.s. fingerprint because that's one of the biggest more intuitive ones and and most usable ones but also that stuff so that you can override are things that are most depending on your some areas you might not want to drop a bash many someone have to be able to flip it army mode and do whatever he likes you whatever you do it so you can override these configurations. we also have the ability to read caps lock states which if your craft with payloads and i'm like when king and nudging you can do some really interesting things and it's not just caps lock it seen any haydock state obviously the num lock school lock another one no one remembers. now i'm joking i think those of the aunts. there's also the ability to inject straight up all those overhead so that's important if you wanted like send a moat g. not all you have their own we've ever you ever have liked dealt with internationalize keyboards need to be able to like inject out one character that you keep getting wrong because everyone's using a weird keyboard like the brits get round. so so this k. ovary here of foster uses a keyboard where if you hit shift for you don't get an october throw for pound you get this like british pound sterling thing and the answer key is like shaped weird yet its rise oh wait we love eyes open. so this gets around that's he can literally just send that character yeah and overall i think the the bash money is now on a very very large farming community behind it and is just stone yet do all we really enjoy with a couple of pool of its plan for i think and oh yeah. go to let them said. because once it down. that means you have to leave in you have to start talking again right or at all.
ice to give us things that are out mostly working on the the other big updates on the lantern all side were mostly bug fixes and i think that just kind of shows that you know it works it does what we set out to do our big release last year around this time was the land turtle three g. and while i can't relate to. the of the stories that have been privately told to me about the interesting places these of ben i'm just very happy to know that they are either have been too interesting places or in many cases still in very interesting places doing their mission of excellent rating data over a out of band three g. back call. but what else the packets coral wheaties this in this very room or the widest children last year and i'm happy to say that the pact school has landed and is very much doing our motto of making it do the thing and it's just that aside from one firmware update to bar to support so if you know.
it doesn't have what it was built in and people asked for wireless dongles old yet another beautiful example of how when people come to us come to seven saying come to the depth and say hey it would be really great if and then there's a former up and now it does that so we encourage that isn't nice that's not just me anymore you can approach these guys now which is easier because you just tell. do things and they do right of the stick around you can abuse them at seven o'clock at the hack five made up stay tuned. what do you need if you catch them all for sale you can use them i write off to a little you can on the up it's a limited the warranty honestly. the so well last thing you know a little cracker that could be used the rubber duck he is getting its you know its first kind of glossing over in several years because again a device that just did what it was set out to do you copy and injected into the s.d. card and it types it and we've been very happy with that functionality for years now.
we simplified kind of similar functionality in the bash funny and were taking some of those lessons learned and we're doing a first party from where for the u.s. be rubber duck the that's going to allow it to perhaps type without using and inject up and just copy over a script that t.x.t. human readable. right whales on indies and asked the same store know yet no cool i can see the notes and yes so as wedding mass torts support which is something that exists in like a a second party third party former but you know we want to have one major we wanted to make a bunch of change to the dock he have for many ways so that's working towards. another thing that we have that's new in first party is that this was doused his first project which is amazing but day on a single h.t.m.l. ducky and cultures all you do as you you don't open the cherwell file it doesn't have any servers you can encode and the coach doc the scripts and inject opens the code. no my ethical will be. the. so a right so just and voting by the way it's it's so it can be hosted on the advice he can always people with you could do it on android links so now you don't have to go to someone you know third party website to type in your doc the script and get and inject out then i know everybody loved to the javelin tact are ducking code dot jar slash dash aipac capital t.. right every love that write down that's magic yeah and it because we all have our the jerry installed on it never mind anyway so i'm fantastic work there and give it up for dallas on that i'm really excited for that feature. but this is the wireless village so early let's talk about our favor for the friend the wife five pineapple it's been a big year for the wife i pineapple houses it's amazing what can happen when when we were originally tried to do was i went to seventy control a hit control c.
and i was trying to just hold down control of the nothing was happening but but now that he's owned or something. got a lot done in twenty eighteen and so we're going to start all about off by talking about the core of the wife i pineapple its engine plane a p seven k. so that's actually were were controlled got its name from because sex false happen and he actually write an a.p. for me. i know lots of sleep as lights so a sleepless lights and would know anything about those right on many of the night so i can pronounce later so that's how he goes on but we did a complete rewrite of time maybe which basically allows us to do i could be restructured complete re architecture include complete rewrite just going. the written but let's not talk about that. but the sea they they laugh because they know the pain that their and. i make me sound really cruel and on not like that he is german however is a just and he's a virgo engineer shelter at night so i would have completely out of twenty p. which allowed us to do things like. like well for instance life can inject heck ralf next friends now quite yet you can do that nothing more exciting are things like live recon mode which is a way to do. just see who everyone knows aired i'm here i hope. can quite see hands because if i don't see everyone's hands than it is allies in the battlefield is really important asset management super important as the attacker even more fun if you can actually understand like who is connected to what right and so you know we we like the approach that we had before where you know you kind of the disc. and he got a snapshot in time but we also kind of wanted to have direct feedback instantly being able to interact with the response you know be able to sort of detailed filled of them to be able to say this is what we are what we want to do with the results so that's why we added a a live version of which the new version of how to be enabled us to do. it also did lots of little niceties like saving your pipe he was so your response sessions so they can look them up later and and be able to download them get no more losing your economy is also you also know you i looked up i know that's something a lot of you guys want to have like need to be built in sick just click on the market just get your information you also tell the mac addresses but locally. mind or if it's been assigned to the hardware vendor least with high probability which kind of gives you an idea of whether or not it's like a randomized macro a market town of and then you can also make notes on your specific as societies max which to than testers like this is direct feedback from you guys last year saying hey what would you like to seeing you say like season has not unlike. i've got this client and i'm trying to keep track of all of these mac addresses and is this is see if our this is he so is this in scope is that out of scope for now just being able to keep tabs on all of those different devices know what they are across the entire unified dashboard be able to see like within the different modules whose what is really helpful yet. he said. mas a really bad and he's got this tiny little thing here which is i don't think that should be allowed its like a netbook it's fine remember when networks were cool demo yeah i don't want the good you know where to go what was the pineapple he and you have a pop star about as we could do really. that figure by the owner we do is i was going to be ok will grab what we should have done might be a good idea or a well you know that's ok too. i. look back around to that because it does look really quality of an already played with a lively khan is is pretty thick and that you cannot other ago. i also. this is this is how they're better than me they label their devices we just to pick a long wanted to des moines the wrong device old label they also don't flash from where after they've been working on scripts on the device itself that's a fun way to lose your work how often do i know how often have you written not home twice and. i'm only going to admit to twice that you know of twice in front of an audience were going to go with that. we really should do more live hacking on going out because a yeah. it's good fun and but maybe we will yet let's little back around to that at the end because i feel like there's so much more talk about since we have been really hard at work with pineapple one of the features that we have been has been requested upon us for years and i know that one point seven was adam nov his life. it was threatened exactly but this character here and have you know him.
so is adamant that said implement a feature for the wife i pineapple that we are now living lee calling pine a.p. he or maybe enterprise.
so yeah i was i think i know he's in the room of you as we love you move acts like a cool yes so i think if i hadn't had done before the fall if we had to release this before defcon i wouldn't be on stage right now i'd been some barrel someone the desert has a tendency to run around with little bats and if you've ever been smacked why with all that well that from move. makes you don't know pain. tom right sos open to the enterprise is something that you know you guys all know which price that was important for the job i'm going to be able to to a clone them you want to be able to capture don't just want to be able to capture the hatches you want domain access you could think of more ways than i can right now because on stage but. are basically what we've done is we've done similar to host the w p which take a similar approach you know in recall going to be able to clone access points you just like the export that you want you could clone dull spin up a new enterprise act as point that you'll be able to use of h. actually clones the like has a deep clone is what we call it but basically. owns everything it means the magical is the exact secure he types the exact settings of access point at least everything we can see black box approach from the outside. the young couple has gone on so of the other thing that we do is owed is downgraded talks right because you'll have followed them as chap and cracking as chap is kind of annoying so what we did his we we have a job done great technology to see we also have of based on i was i know that like judge a sense post. i know of anyone is here said which will call either way it basically we. amusing. hundred of his death is interesting how like that working at the same thing worked a recently with the x. eighty six exploits words like multiple researchers on the kind of the same wavelength that the same time and a is really cool that we're all going in kind of similar direction to yet. so sorry i have been a really long time over a long to see i'm not doing well today is out of words very much so bought more water and all feel better so eight hundred attacks as a kind of sick because uncertain devices you literally get credits yeah just like our plain text here's the password and this. this must be the enterprise stuff the stuff that's actually more secure how is that possible our of those are the vendor implementation right correct you know better plantations very is that thing we called all the time but to be completely honest it's i wes if some for apple is here go fix it please because my god i'm but yes so as you know you should point. home for certificates when you join a network and not downgrade any thing to plain text passwords because that's cool of so we have that all just nice were also working on something i know the future section but while we're on t.v. i think it makes sense to talk about his own because sense most talked about yesterday this was one of those examples where we. had researched perhaps of the same time happen with mom and pony p. at the same time to back in death on twenty two i think it was so of a similar example here this year on where we basically have a i relate tack right so we can perform it's not released yes but it's coming the very very near future and it's a way that you can. the man in the middle as a device that wants to join enterprise network and relay there and its chapters entrails you gain access to their network and you don't have to crack the credentials because you're on the network on the device is connected to use your the man in the middle which is to get the most were right for lot of fun so i'm really stoked. for the pine ape the planet he lets hear for the final team has enterprises but a long time coming. now it's kind of interesting that the wife a pineapple known for you know all the awesome fun stuff that doesn't open networks now has leapfrogged it to doing wife by doing to be a p he started to b.p.a. enterprise kind of missing something in between. you want to talk about some of the new stuff that we're dropping today yen soul of them as the first in dari my voice is going to use the first thing you know so we do open we do w.p. enterprise there's another one that we should really be doing out of the box right sold just w.p.a. personal.
and we we got tired of using tools that capture handshakes and reliably and you know will you know have everything but don't verify that message for i'm not sure if if you all sources anybody ever gotten the wrong hand shake and then you're sitting there with like a ton of graphics cards were paying some absorb an m.p. for somebody else's time the graphics cards and then suddenly you. now you're not going anywhere bashes use less right and we want to avoid got right so we want to make sure this feature is rock solid but really simple to do so another addition to the white upon which will release and today is a man in the recall my view when you go there you'll be able to click on a network that has a p a close eye on access point as w.p.a. ours. security settings you to click on not as a drop down and just say are capture some capture hundred and so that's all does it captures the handshake you have a little but no deal with everything that's like connected to it at that moment but only the things that you see in the view because again we don't want to get collateral by accident right and thank you so much. i'm and and. and then we present you had shake so on average it takes about five seconds ish to have to get some credentials the correct fish it. you don't try here because we've tried out before and not just in darfur nightmare the wireless village. bush yes yes and also a sticking to that one of the things that could be very useful there is the author and that is much more reliable the the author not yet somehow absolutely yet so before we are we kind of debate over killed off attack which resulted in a worse experience so we've thought about down a little bit and now you off works really rely. it which is great that's funny just that sweets powers just rights like the porridge was to get things are just right than anyone tatra now have a unified code base was too. that is so inside baseball it doesn't affect anybody but it means we can build things faster a lot faster. so a speaking of building things faster what are we going to build that next what is coming up in the future he says the future very small. and the gift is missing or the images mad that's ok well art so we are out i mean couch rolled over their finished a little bit early. free defcon and so i set them loose on of on a two to eleven goal knots and within a day he came back with about five attacks that will absolutely break wife i as an ideal off issues but not. so that's awesome because that took him a day or two on. it does it is the point we like you know the vases been knocked off the table and smashed into a million pieces the came by with a hammer in the new smacked all of those pieces with a lot of pieces and now we've got like ten new tiny hammers to smack all of those little pieces. yea a lead on the other thing that i mention is always that relay talk from his shop the two sold out some that's in the works that's coming for the pineapple very soon now we have of. a we have a couple of a of new improvements to just the the current party be sweet and how we do evil access points so way to a new kind of abuse different channels and be on different channels and and taking clients off certain channels to stop fighting the opticians i'm sure you've all been on access point where our network they. we're trying to get people off of it on to yours and they just kept connecting back to the access point with a beautiful enterprise a p that's got the better signal strength and work on a way to the kind of get around that they put more money in the hyde park right yet all the bears live it a i'm all about bears so you know bears love they love. the fingerprinting and tracking got they yeah absolutely and as the next thing that we're working on or well one of the next things that he's working on the which is a a much more reliable way to fingerprint different devices so if you want to trail devices our order to track devices across a place and you know how everyone is randomizing packages now all the vendors are we. found pretty reliable ways to basically a fingerprint these devices and make sure that once you connection access point we can track you would see what you've probably foreign which will keep that going to make everything just a lot simpler in general that means we're on doing a little bit of the work i'm sure you know i'm hoping that someone gets fixed but the u.. ok so the next thing that we're really excited to announce hear something that we're talking about last year that is part of our strategic vision as we have like a grown the ecosystem. over the years at the hack five year. cast of characters the woodland creatures of doom have have gone from just a pineapple in a dock to turtles and squirrels and bonnie is an octopus and everything in between so well really excited is to finally have a way to manage all of that in a more standardized way and something. that's a little bit more tenable then all of your discreet individual devices so today we are very excited to introduce the hack five cloud see to it.
i'd sold so although the like very basics arm itself host is so you to run your own servers which is you know come want me to run on my serve i won my look in a traffic so high you know that's a new model you know those friends not to yeah we should just i mean you didn't hear any lot and no so i was of other words we have. well as essentially it's a single dashboard that allows you to do commanding troll for all of your network tack five years so your squirrels your turtles all of your current gen y. pineapples all in one place so it's its see two and it works and it's brilliant and we're going to show you a demo yet. so just to show the demo video because i'm we've not sacrifice enough to the demagogues to make sure that this goes over smoothies it just would have been at least two or three laptops of sacrifice yet no one is not enough so it's not it never as so let's go ahead and take a look and i know i gave like you know dolls a shout out.
and catch old over here but interface that beautiful thing you're about to see is all foxtrot soul. halford. you guys haven't even seen it yet ok so all just paint a picture for you it's a black background with bright green taxed with little boxes again i'm very sorry about that.
so it's kind of modern in you.
the. and you can see all of your devices connected. judges. you can add and delete devices very easily.
simply nickname your device is the one in the hallway is the one in the reception. whatever type of device and will add to those as we create more back five year.
and specifically for the wife i pined up we have complete control over pine a.p. and recon. so you're familiar with managing the wife i pumped up over its current interfaces should seem very familiar but a lot sexier. and of course we konstanz unconnected clients should also feel very familiar. and with this interface are going to be able to see all of the clients and all of the devices across the entire fleet so if you've got hundreds of these deployed across the campus you now have a central interface where you can see all of these where your pen test from that does wireless audits you can send these your client sites and say here just plug this.
c n n it connects back to the see to it.
so this is as easy as you seen this is though though you first was a demo is releasing are to have a yes so this is alive and september first we're going to release a vent is a cloud software package so.
we're going to release a vent in the cloud. because also world remote so you know it's we need to be. but so as so far from releasing and this is version one point all we those who know or development cycles we usually push updates very very quickly and we listen to whatever the community ones ride so on we don't do that called me on please but we can i wanted to see what what you guys want. and with this we have a few ideas and i'm going to get a run through a couple of those on things that we're going to implement so first of all. we want to make this extensible in one way or another for for you know other people to be able to watch two sold so that's one portion of it i think that's kind of quarter the it does have all of our products whether payloads or modules want people to be able to contribute to this absolutely. you know we really want to do he is so you know you use on the pineapple right now there's a lot more that you can do on unlike locally connected pineapple versus correct as the weather f.a. so there's quite a lot more because it's obviously a device has been developing for many years on this is really fresh ideas been around for long time but. the actual code bases is quite fresh and we are on i'm the framework was put together in such a way that it can be built upon a very simply there's a lot of intelligence being put into just the protocol that it's using is so that adding to this is going to be a breeze and it means that you know as we come up with more ideas what you. can do with your pup remotely or even new devices or new transport mechanisms will be able to adapt to the whole thing to that right so for example right now with the way that this device of connects to the sea to is over each year at u.b.s. obviously you know you have is over a g.p. that's a us encrypted and signed so. well you know it's whatever we can get out for now but we're adding everything from dns tunnelling to ping totaling two. he's no show no seeds yep smoke at what as long as you get some sort of packet out of a network you'll get it to connect back to you get up information we have to feed information back along those lines the whole has anyone ever wanted to have like a wireless card across the country like that you can use as if you were there and you don't have to like. sh into a box and run the tools their you want to have them locally. her ok if you're ok so i'm so that's something that we're working on which which seems like a really weird idea but every one of five talked about as we like say it's basically we spin of a local interface and you can run your tools on it and they'll just related back to the device and the magic happens in between but. yeah why don't you want to i mean i guess we have a competing projects are dumb but why don't you ever jump over your your interface locally right why don't you want to do run wire shock when you open to face you don't want to have to have a capsule you then piped back that you can work with all right so some as easy to use your own tools so that some were doing that and also means that all of the hack five year that you already have will be able to enter. great with this right now and in traditional high fashion were releasing this you for free so that you can start using it and give us some feedback and really shape the way that it's going to grow because we're really excited to see this as kind of the new model for interfacing with your hack five year. arts at that point i'm sure you have plenty of questions and we have plenty of technical people here so we've got about seventeen o twelve minutes left in to love we need to start clearing this room out for the hack five me up which case you can actually have some beers with us and continue to ask.
and harass. the. that. and lavender it. so he's wrong for anyone actually contribute what i said about best match it. no i'm not going on this it's just about every year never changes. a legitimate technical questions what or questions about vector art i mean i love that. yes it is a row. the question is any chance we're going to see the band with on the squirrel go at any time soon we're going to release a firmware update tomorrow that will increase your packets world's ten one hundred network. no we're not that i'm being told that's not physically possible but we are working on additional equipment so the idea of the packets world was no to be that low barrier to entry and to be that small footprint and to be that low power profile and for many of the things that were using it for like for instance capturing all puerto ninety one hundred stuff best into the h.p. printer that it's. barry behind that anybody know what goes through point nine one hundred eighty printers yet failure as they have failure u.s.b. desk full of that stuff and the and and it doesn't matter of its gigabit most those things are already ten one hundred anyway however it is a much more complicated and expensive problem to solve both on the hardware side and of software. citing something that were actively doing i can't give you an exact date but as we have done with all of the products were continuing to to look at where we can innovate and that's one of the biggest pieces of feedback we've received on the packets world and so we're hoping that we can augment the product line with additional packets were a lie school. causes. any other questions. it's so. i. so the question is will the wife a pineapple have full functionality through the hack five cloud see two without having to log into the why pineapples web interface so i think i think most things that you are going to be able to local e.u. will be doing for the cloud in the future will be some things that don't make sense. to to have in the cloud such as you know changing. actually i don't know clearing your on your page cash or something like that you know stuff that nader i gaze yeah was also a inside baseball stuff yes also stuff not specific to your local access right is probably don't have that you have to bother about any more stuff like be able to change a mac address being able to set up different ways to get internet being able to. that figure those things could figure riki reconfigurations changing where the sea two goals from or updates buys see two and stuff up you'll see all of that being rolled out so the answer is pretty much yes everything that's a playable will make it to the city. it was a question the back there earlier. the. we are. yes absolutely so right now it's a single user i'm but it works across like if you share that use which no don't do that but if you share user months the company that and yes always you'll be able to use the to face and nothing will conflict with itself so at least we have not covered now and because the actual a multi tendency that is up. that we will have in the next version of going to release are actually might still be able to put it into that version because it's the database and i can do a database of the day. but so yeah so it's not something guys want to know that i was like a big thing that when you could do the similar stuff on multiple red team was on a single engagement using your common pen testing frameworks and out we would be happy to hear more from you if you've got time later on to let us know your specific use cases. and along those lines of the multi ten c. we will also have multi site support which means basically you know you have a different a working sites and you'll be able to select the different areas that you've deployed things and so then you have multiple people work on the same cloud server but with different things right which is good for me as the passer to be able to see the difference between the pineapples that i have planted. good at seven house versus the pineapples that i have planted at couch faults house. you should look on your bed. has anyone seen a cow. there is a small stuff coward and there's a reward its hundred dollars of anybody would like to turn in the small stuff cow i think you have to fly to oakland really quickly.
but. if you conspired with her i know i did no such thing i didn't want to cause of the tension. it now. you are. so i can give you the wartime the days when very long. i know. now. yes absolutely yeah absolutely yeah and there's actually so even though the bash twenty for example is a network's device there is a thing i guess we can talk about as a talk about what and i'm so iowa has anyone ever made a proxy using websites like i've never a proxy itself over h.t.m.l.. that's fun right they don't come on sox five proxies his best right guys but his love proxy chains through your pocket change i you know honestly i just r.d.p. to host and the d.n.c. from there into the next thing so so imagine all you need to do is open a single h.t.m.l. page up anywhere be a locally be it remotely be it wherever and be able to pitch through the h.. ul page the chilly h.t.m.l. page will javascript you know but a blank page they'll just tell your connections so basically a v.p.n. but with the hop over each g.p. as i know a shovel in which case it's technically possible to network the bash funny in a way that has never been done before correct which was originally idea on how do we do. the updates and song without you having to mess with the technique to sharing which is difficult to cross different wess and we thought hey if you could just you know double click original page you be happy celebrate this is really fun experimental but opens up a world of possibilities when you think about the bring your own network attacks where you can do things like captive portals automatically up and pages on the host. even potentially of the locked and i think that that's something that will continue to explore i know that that's something that's kind of proof of concept stage right now so i can't wait so that comes to fruition but that's a great point because it's more than just girls and turtles and pineapples there's a lot more to the ecosystem. the up here are. so far. but i. so. the question was about the wife i put up a mark for that came out two thousand and fourteen yet sold a new it's a single radio device by default writer so as you add another radio and you add more power and you add more ram and you add more you know then we. could start pouring back features but without you making a really weird frankenstein device that's not repeatable and yes so basically no but it takes we're ok so to answer a different question we're really focused on adding the features that is going to have the biggest impact and spending our time in a way that's going to help the vast majority of you and we know that there's a lot of. really cool edge cases and trust me we've gone down so many educators rather hold just because we're hackers and we love to see things blank. but we also want to provide you guys with the tools that allow you to get the job done because we've got more important things to do like lincoln or so ago which we can do now because we've got to read but also we want to get the hack done so we can get paid so well yes that is technically feasible in the problem with asking a hacker of the. can do something technically feasible is we will rise to the occasion into that but then we will ignore the base that is using the current gents stuff that we should really focus on adding features to so that's where we're going to spend our energy. her. well it. up. so the question is whether or not there's going to be any obfuscation in the data transmission between hack five year and the cloud see to so that anybody eavesdropping in between would be able to know the l.a. there's a bunch of a five year in your network said yet so the answer i guess for the first version was kind of its encrypted and saw. mind which means that it looks like any data leaving its garbled why you would be able to really identify that this was going to see to unless you hit the ip address and i'm you know worked out was happening there the u s. the younger you are doing well tonight. i'm higher. also i thought this would really apply to a lantern all three g. have i mentioned on the fun stories we've heard so far about the lantern three g. being in fun places if you're one of those whether you have shiny shoes or not and would like to tell the privately about the fun places that your lantern three g. has been i'm all ears lips are sealed. going to write so but back your question might so the the office cation we can do things to make it look more like the current protocol that's going over right now there is are two ways that we do it the first a cheap the this does not look like means a cheap the request but the body is encrypted so it doesn't look like.
your standard a cheap the traffic ride the other thing that we do is we do issue p.s. obviously which is the default mode which hopefully you'll use and game lets encrypt building and but the so i guess that the point is that if you do that then yes it is if we're doing the dress through opinions or through. i.d.'s and so on that gets a bit freaky because you have to make it look as real as possible and they going to be real requests but obviously if you look at the payload you may realize that this is not on and again this is the kind of place where we really rely on you guys for the feedback because it really depends on the engagement in for many engagement were hearing feedback like a that doesn't matter i just want to ship these to the. hindsight they know that there are plugged into their networks are here to find rope things that's kind of funny what the pineapples finding read things but in any event. it really depends on the scenario and so this is why we we hope that you're lucky give us that kind of feedback to really tell us where to go with us and the before side of the last allen said that the the idea of the e.u.'s busting isn't necessarily to have to go out covertly because you can't get out of the network. and who was ships a device to another location and then asked them to like open a porch or had done a as he nods i know those odds but basically you know sometimes working with clients is very difficult and getting us out even if it's your purely outbound and it's a sheep years i gather ago. heart right so it's less to do with the fact that you know we want you to be able to go out secretly that's part of it obviously but it's more to do with the fact that if they allow h d p out if they allow websites out there is that we are streaming socket that looks like a cheap he said if we get you the p.t.c. p i.c.m.p. whatever we get out where you try to get you can actually back seat. you get your job got a lot of the focus on the underlying you know of a framework and is about the reliability aspects because we've heard of war stories where the laptop get sent to the clients i'll just turn the laptop on and there will be able to pivot their independence on the network and then we hear the terrible stories about how many days and weeks go by and the. late night remote sessions because they're in a different country to get everything working so right now we're just focus on that aspect. i think you are old or earlier get here. i. the question is whether or not after the plane had five your network there's be lucky to disable the reset functionality i'm assuming you're talking about in regards to the moment we're all crap the high five years has found another doing forensics work on it not us it so because they don't like it or they go free pineapple. yeah absolutely so those not the current way that we do configuration is via configuration fall so i'm not just the video showed off but there's a little button on the side this is download set of data are set up you could about but many click on download the file you get to fall back and you just either on the pineapple those web interface for greatest you know upload the fall in stone on the turtle in the school you just.
dr on the u.s.b. or a sepia over so that the said we're trying to make the sort of easier and easier as time goes by boy were also working on things like greek team so that you know if data is in transit and it was logged you know that has been reoccupied and stuff like that right so we're trying to make it as some as hard as possible to to you.
now go and and recover data and so on for anyone that does find the devices but again like things like be able to resettle rebooted so we always try to come back in that state so with from updates white from updates we usually always white everything for you when it's applied to control we don't want everything just whites the things that needs to white.
the things are important for the cloud connectivity and it'll just restore back from the for the cloud.
probably also to sail to reset which are then maybe you that it's but yeah it. so the question is is going to have copper met comprehensive auditing and logging so you can find out which of your red team mates messed up some notoriously bad at logging but often fully we have this guy here who looks everything from you should see his debug output for the clients like just like was like dash checks are some.
about it you have basically i did you see me way more information on any to see a but we are going to have suffered by the server to probably not for version one because that's the whole thing we need to figure out how do we do it in a way that it is actually safe and logged to a proper database and doesn't die when you know something breaks we don't occur up the whole thing so.
it takes a little bit more thought but that some that were we're going to you and this is the kind of stuff where we want to hear like what is the interoperability that you're going to want to see with this with the other products area already using where you could actually be able to leverage this in your organization to its fullest a fact where it can plug into your existing infrastructures yet like your seamer something as act like sold anything as relevant will try to try to pull.
when exported closed for so please let us know you wanted integrating the team you. so. so the question is i am i understand your question is how is this going to be hosted were deployed ok. sure it's cloud base ok i'm right now it's on your cloud as then go and find of the p.s. an amazon aid of us a whatever you prefer or your local machine or your machine could be local oast i've been twenty seven zero zero one and and it's a great place to make you can run it was a and how do you run it said. lab this is brilliant and so on an annoyance three little bit who hear programs in goal. but you don't have anything to eat right people that programming go how good his goal right. at that. my favorite over here. it's great guy i love the language which means that it's easy for us to do a cross-platform it's easy for us to package everything up in a single binary so that means you basically just don't slash one and it's gotten better data baseline better h.t.m.l. soul. he is like potentially there could be a windows version but he is now giving me that death stare that it gives me sometimes i'll give you in this version but only you may want to because i want to break your machines in any event this is something that you're going to be able to very easily spend up couple of clicks automatically generating certain everything and adding your devices to it. is as simple as looking at giving it the nickname to something from dropped out of you file have that files your device you're good to go you put this in the cloud dns doesn't matter you change later samples moving web server we just changed dns heart so i guess the only other thing that like along those lines that have want to do was things are if you do have a dive down. ip for whatever reason rights will be able to tie in with some basic things like i did in essence tough adopt him. yeah any other. i. the. a more inches which we use the same. the i don't share a secret you know it's just a. it.
yes. i'm sorry i the question was are we going to add sorry i do this thing where i don't repeat the question now is what about practice is there will there be a way to do it to eleven x. in kind mode on the watch a pineapple the answer is yes so. yes sir. for it. the. her. it. her. so you know dr the question is is there reason that we just run as an executable rather than a docker image or something of that nature yes so you can on a docker we can publish a docker image but it would just be was the the the very basic alpine know it's is often haircuts are we giving outline image which has an h.. she asserted network stack and the binary like that we do that but really the reason why we didn't is because it's up to you if you want to deploy a doctor deployed in dhaka if you want to play locally to a local if you want to deploy on a raspberry pile you could do on raspberry higher i'd so i was kind of the idea behind it is no dependencies to either as long as you've got a well. its goal he runs a plan minute also its or does anymore anyway i the way it was on everything almost and it does require databases sept so there's no my s.q.l. it just creates a file and and you know usada database always in all this. are they were going to take one or two last question here is where much over on time. a brilliant we nailed it. one more. the act the planet indeed well thank you so much you guys for being a great audience today thank you for giving us the energy to continue to make these also products thank you for. you too are an amazing team once again for working tirelessly to greet you guys he also knew what kind of the features macleod see two. alright as those i'm hearing kitchen on sebastian get a trustee techno last stick around would have little shindig i think there's an open bar i hope the hour. yeah alright we don't have to play musical chairs to get these tears out here but think you guys will come and stick around for the club made up right here.
Feedback