Houdini
Hardware implant for performing coupled physical and logical penetration tests
OBJECTIVES
- Set up a secure channel between an internal network and an external C&C server
- Reduce duration of physical intrusions
- Ease the in-depth intrusion phase during a Red Team assessment
- Implement adaptive escape techniques automatically
- Enable remote internal penetration testing to cut the costs of sending experts on site
Innovations
Functionalities
Generic, easily-concealable system
Miniaturization of the platform
Stealth of the physical device by embedding the platform in an ordinary object
Independence of the platform regarding the enclosing object
Logical discretion through footprint minimization
Automation of escape methodology
Passive or active analysis of the network environment and information retrieval
Adaptive escape algorithm allowing uncovering the most reliable output channel
Output protocol suited for network issues (low speed, service interruption)
Adaptability to the environment
Support for Ethernet, Wi-Fi and 3G/4G
Circumvention of 802.1x authentication systems
Multi-protocol output channels (TCP, SSL, HTTP, DNS)
Handling of a fleet of Houdini systems
Single C&C for managing several Houdini instances
Remote control of the systems
Instance blacklisting mechanism
Transport layer security
System administration and internal network access secured using SSH
Customer Experience
Without Houdini
Strong interlocking between the physical and logical intrusion during Red Team tests: physical intrusion, connection to the internal network, manual tests, exit.
Substantially increased risk of detection.
With Houdini
Low interlocking: physical intrusion, device drop-off, exit.
Duration of physical intrusion tests dramatically reduced.