Introduction to Raspberry Pi
Nowadays, when we speak of computing power, we often equate power with size. Picturing vast data centres filled with row upon row of buzzing machines or super computers that crunch unimaginable amounts of data. Yet, as technology progresses, we’re reminded that power isn’t just about size, it’s also about innovation and application. Enter the Raspberry Pi: a small, low cost computer that has revolutionized many areas of technology, especially cyber security.
During my training at Approach Cyber, I dove deep into the realm of Red Teaming, a specialized field in cyber security. If you’re new to this, think of a Red Team as the ultimate digital “sparring partner” for companies. This team, made up of cyber security experts, acts like potential hackers, trying to find and exploit vulnerabilities in an organisation’s defences, be it digital platforms or physical infrastructure. And among the many tools in their arsenal, one stands out not for its size but its potential: the Raspberry Pi. In this article, I’ll take you through my journey of transforming this compact device into a secret weapon and share tips on how Red Teams can use the Raspberry Pi to up their game.
Harnessing the Power of Raspberry Pi in Red Teaming: An Insider’s Perspective
During my dynamic cyber security training, I delved deep into the world of Red Teaming. There, I had the incredible opportunity to collaborate with experts in the field. While my peers orchestrated meticulous penetration tests to always remain a step ahead of potential threats, my primary role was to enhance the Raspberry Pi’s capabilities, allowing it to function as a network implant for our Red Team initiatives.
The Raspberry Pi, as we’ve discussed, offers more than just compactness and affordability. It is not only appealing from its pocket-friendly size and price, but also from its impressive versatility and robustness. “Why would you use the Raspberry Pi as a network implant?” you might wonder. Well, during red team exercises, two major constraints are the risk of getting caught and the limited time available. This is where the Raspberry Pi shines. Its compact size makes it discreet, allowing it to seamlessly integrate into systems, while its adaptability ensures it can be tailored to the unique demands of each mission.
Network Access Control (NAC Security): The challenge of this journey
Red Teaming with Raspberry Pi involves navigating a myriad of technical complexities. Prominently, among them stands the daunting task of bypassing Network Access Control (NAC) systems and unravelling the intricacies of the IEEE 802.1X protocol.
Demystifying Network Access Control (NAC Security)
Network Access Control, or NAC, is a security method that keeps networks safe by only letting devices that follow certain policies access the network. If you’re thinking, “How useful is this Raspberry Pi in a NAC-protected environment?” then you’ve hit the nail on the head. Usually, the Raspberry Pi can’t just walk into a secured network and start working. But I didn’t let that stop me, saw it as a challenge to overcome.
802.1X and Raspberry Pi
That’s where 802.1X comes in. 802.1X is a network access control standard that sets up a framework for checking and controlling user traffic on wired and wireless networks. 802.1X isn’t perfect. If you know what you’re doing, you can find and exploit weaknesses in its design. This lets us get past this security measure and sneak into the network.
The widely used version of this standard has a significant weakness: the lack of protection against the technique of clandestine listening to network traffic, commonly known as sniffing. This approach allows for the interception of data packets circulating on a network. According to the ATT&CK model (Adversarial Tactics, Techniques, and Common Knowledge), this method corresponds to technique T1040.
This strategy effectively allows the attacker to spy on communications between devices on a network, collect sensitive information, and potentially exploit other vulnerabilities. The existence of this situation is made possible by the fact that the IEEE 802.1X 2004 standard does not provide any encryption or authentication guarantee for each data packet.
But that’s not all even more recent implementation of this standard IEEE 802.1X 2010 implementing MACsec (IEEE 802.1AE) or a Layer 2 encryption performed on a hop-by-hop basis. For more information on that I’ll guide to Gabriel Ryan’s talk on Bypassing Port Security In 2018 Defeating MacSEC and 802.1X 2010 .
In the realm of cyber security and Red Teaming, the Raspberry Pi exemplifies that power and innovation aren’t solely determined by size. My experiences at Approach Cyber highlighted the vulnerabilities within network protocols like IEEE 802.1X, emphasizing the importance of continuous evolution in digital security. Despite advancements in standards, no system is impenetrable. Thus, the journey in cyber security is about innovation, adaptation, and perpetual vigilance, and tools like the Raspberry Pi remain pivotal in navigating these challenges.
In the next part (view part 2 : https://soc-blog.approach-cyber.com/raspberry-pi-a-man-in-the-middle-attack), we’ll talk more about the specific tools and techniques we used and the lessons we learned from this experience. So, stay tuned!
Want to stay up to date with the latest threats? Subscribe then to our SOC newsletter.