Instructables

The Deck - Portable Penetration Testing and Forensics System

Picture of The Deck - Portable Penetration Testing and Forensics System
IMG_20120815_120420.jpg
IMG_20120815_120440.jpg
IMG_20120926_164913-1.jpg
lunchbox-thedeck2.jpeg
thedeck-two-copies.jpeg
hydra-2.png
java-1.png
java-2.png
java-3.png
ms08_067-1.png
ms08_067-2.png
reaver-1.png
reaver-2.png
Screenshot-1.png
wifi-1.png
wifi-2.png
wifi-3.png
IMG_20120817_013935-1.jpg
The Deck is a full featured penetration testing and forensics system based on the BeagleBoard-xM.  It will also run on the BeagleBone.  The Deck is an Ubuntu-based Linux distribution.  It contains everyone you would ever need and more in a small package.  Because the system is low power it can be run for days or weeks from battery power.  It should be possible to run The Deck indefinitely from solar power.  Having a full set of tools that run on the BeagleBoard-xM and also the BeagleBone allows a lot of flexibility.  The Deck is equally suited as a portable penetration testing platform and as a drop box.

More information on The Deck can be found here http://ppolstra.blogspot.com/2012/09/introducing-deck-complete-pentesting.html  Please note that this website will not allow uploading the 3GB install file for The Deck.  The appropriate images can be downloaded from my website listed on the blog or preloaded microSD cards are available from a vendor also listed on my blog (I don't get any money from the vendor, so don't feel like you have to use them, it is up to you to decide if you want to save the hassle).  

The Deck works equally well on systems with a 7" ULCD7 touchscreen or with an external monitor/TV via the BeagleBoard-xM HDMI or S-video port.  My personal setup consists of a BB-xM with the ULCD7 mounted in a Buzz Lightyear lunchbox, a second BB-xM without a display, and a BeagleBone.  I connect them together with a USB-powered network hub.  I also have 2 Alfa wifi adapters and a directional antenna for wifi hacking.

The Deck debuted at 44Con 2012 in London in September 2012.  The slides from my 44Con presentation are available at http://www.slideshare.net/ppolstra1/polstra-44con2012 You may find these useful if you want to build one of these devices.  You might check the website http://44con.com as the audio and video from this presentation may appear there.  It was also presented two weeks later at GrrCON in Grand Rapids, Michigan so you might want to check http://grrcon.org for that video as well. 

You can find out more about this an other projects on my blog http://ppolstra.blogspot.com or by following me on Twitter @ppolstra.
 
Remove these adsRemove these ads by Signing Up
AlexiS31 month ago

I was led to this article after viewing DefCon21 presentation that you put together. I visited your blog, but haven't seen any updates for this (http://ppolstra.blogspot.com/2012/09/introducing-d...).

Are you still giving this project any attention? I've got two beagle bone blacks that I'd like to use for this and wanted to make sure I was using updated distros.

ppolstra (author)  AlexiS31 month ago
Oh, yes. This is very much an ongoing project. In fact, I have written a book Hacking and Penetration Testing with Low Power Devices to be released shortly by Syngress. There will be a brand new 2.0 release to correspond with the book launch. Watch sourceforge or philpolstra.com for the latest. The Deck 2.0 may be released before the book, shortly after I return home from DEFCON 22.
this looks like a really interesting project! but I'm a little confused about what penetration testing is? what is the purpose of the device? is there a reason you want it to be solar powered? do you take it outside?
ppolstra (author)  amandaghassaei1 year ago
Penetration testing is something often done by computer security professionals. Essentially what we do is to try and break in (or hack) a company's computer systems in order to make sure that the bad guys can't easily do so.

The biggest thing The Deck has going for it is that it is extremely portable and low-powered. This allows you to bring it anywhere and run it off of battery power. You can also run the same software on the smaller BeagleBone which is even easier to plant as a network sniffing device. Such a planted device is normally called a drop box. Because of its low power, when run as a drop box on the BeagleBone you can run stuff for days on batteries then pick it up later. You could also put something outside a company's office in which case solar power could be used for extremely long-term deployments.

Hope this helps.