Houdini

Hardware implant for performing coupled physical and logical penetration tests

OBJECTIVES

  • Set up a secure channel between an internal network and an external C&C server
  • Reduce duration of physical intrusions
  • Ease the in-depth intrusion phase during a Red Team assessment
  • Implement adaptive escape techniques automatically
  • Enable remote internal penetration testing to cut the costs of sending experts on site
Houdini

Innovations

Miniaturization - Automation - Flexibility - Stealth

Functionalities

Generic, easily-concealable system

Miniaturization of the platform

Stealth of the physical device by embedding the platform in an ordinary object

Independence of the platform regarding the enclosing object

Logical discretion through footprint minimization

Automation of escape methodology

Passive or active analysis of the network environment and information retrieval

Adaptive escape algorithm allowing uncovering the most reliable output channel

Output protocol suited for network issues (low speed, service interruption)

Adaptability to the environment

Support for Ethernet, Wi-Fi and 3G/4G

Circumvention of 802.1x authentication systems

Multi-protocol output channels (TCP, SSL, HTTP, DNS)

Handling of a fleet of Houdini systems

Single C&C for managing several Houdini instances

Remote control of the systems

Instance blacklisting mechanism

Transport layer security

System administration and internal network access secured using SSH

Customer Experience

Without Houdini

Strong interlocking between the physical and logical intrusion during Red Team tests: physical intrusion, connection to the internal network, manual tests, exit.

Substantially increased risk of detection.

With Houdini

Low interlocking: physical intrusion, device drop-off, exit.

Duration of physical intrusion tests dramatically reduced.