USB Armory MkII: A USB-C Thumb Drive Based Linux Computer For Pentesters

USB Armory MkII is the successor to the original USB Armory which was introduced back in 2014. This new revision is currently accepting backers on Crowd Supply, which is a crowd funding site that is very similar to Kickstarter, and is currently over 250% funded. The funding for this project will end on November 1, 2019 at 01:59 PM EDT:

A security-minded USB-C stick computer that runs Linux

The USB armory Mk II is a full featured computer (900 MHz ARM® processor, 512 MB RAM, Bluetooth, USB-C) in a tiny form-factor, designed from the ground up with information security applications in mind.

Hardware

    • SoC: NXP i.MX6ULZ ARM® Cortex™-A7 900 MHz
    • RAM: 512 MB DDR3
    • Storage: internal 16 GB eMMC + external microSD
    • Bluetooth module: u-blox ANNA-B112 BLE
    • USB-C ports: DRP (Dual Role Power) receptacle + UFP (Upstream Facing Port) plug
    • LEDs: two
    • Slide switch: for boot mode selection between eMMC and microSD
    • External security elements: Microchip ATECC608A + NXP A71CH
    • Physical size: 66 mm x 19 mm x 8 mm (without enclosure, including USB-C connector)
    • Enclosure: included with all units for device protection

Links

Burp Suite now supports WebSockets

While I was trolling around on Twitter this morning PortSwigger tweeted about their latest release of Burp Suite which now supports intercepting WebSockets. Check out their release note regarding v2.1.01. This feature also appears to be in the Community version as well as their Professional version:

http://bit.ly/2k7Dv0o

Automatic exploitation video from BSides DC

This YouTube video is titled “Lightening fast CTF solving – Automatic Exploit Generation & Side Channel Analysis” was sent to me by Sketch from this year’s BSides DC. It shows how to automate exploitation for stack overflows and format string vulnerabilities and the tool suite is built on top of the “angr” framework, Intel’s Pin framework and the “pwntools” package for Python. At the tail end of the video he actually applies this tool suite against a NETGEAR SOHO router which not only finds the vulnerability but will actually exploit it remotely and discusses how it can be used to identify and exploit these vulnerabilities in IoT devices.

http://bit.ly/2VUDfPy

I have already taken the liberty of forking all of his GitHub repositories and you can find them here:

* Zeratool: http://bit.ly/2u8hBet
* PinCTF: http://bit.ly/2u4Od98
* Rocket-Shot: http://bit.ly/2u1gYnd