Initial Access with the Bash Bunny

Focused View

19:49

119 View

Module 1 - Course Overview

1. Course Overview.mp4

01:18

Module 2 - Initial Access with Bash Bunny

1. Tool Introduction.mp4

07:56

2. Setting up for Your First Attack.mp4

04:13

3. Demo - Attack.mp4

00:42

4. More Payloads and Additional Tools.mp4

04:20

Module 3 - Resources

1. Resources.mp4

01:20

Description

In this course, you will learn how to gain that crucial initial access using a hardware device called a Bash Bunny. You will explore how to leverage Human Interface Device (HID) emulation to compromise targets, and how to write your own scripts to create custom payloads.

What You'll Learn?

One of the most important parts of a Red Team engagement is the initial access and how to exfiltrate important information to help you gain a deeper foothold into your target environment. In this course, Initial Access with Bash Bunny, you will learn the capabilities of the BashBunny and why it is a key initial access tool in the red team toolkit. Threat actors take advantage of physical access to devices in order to obtain credentials stored on the device. APT groups such as DarkVishnya have used Bash Bunny devices to help infiltrate major banks across Europe. Having the ability to covertly plug in a device that hacks your target in seconds and pull out confidential data ready for use with no interaction required can be a game changer for red team members. You will learn how to utilize this tool to help you achieve your red team goals. Within this course you will learn about bunny scripts, how to load them and even modify them to help obtain and exfiltrate key files and information from your target. The Bash Bunny is amazingly adaptable and can also be used to launch a number of attacks at multiple stages of the cyber kill chain including launching stagers for Empire (covered in Pluralsight course Command and Control with Empire) and you will also show you where to find additional resources to help craft your perfect attack vector for those specialist jobs. When you have finished with this course, you will have the skills and knowledge to perform attacks from your team that simulate APT capability against your client

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Shell Scripting

Bash Shell

FC

Instructor's Courses

FC is a well-known ethical hacker and social engineer. He has been working in the information security field for over 20 years and excels at circumventing access controls. FC legally ‘breaks into’ hundreds of banks, offices and government facilities around the world. His work demonstrating weaknesses in physical, personnel and digital controls assists organisations to improve their security. He is motivated by a drive to make individuals, organisations and countries more secure and better-able to defend themselves from malicious attack. FC has held positions in his career such as Senior Penetration Tester as well as Head of Social Engineering and Physical Assessments for renowned security companies. Having worked as Head of Cyber Research for Raytheon Missile Systems, collaborating alongside intelligence agencies, he has cemented his skillset and knowledge whilst helping governments take correct courses of action against national threats. He is the Co-Founder & CEO of Cygenta

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.