The BHIS wireless kit can be requested by sending an email to systems@blackhillsinfosec.com. The kit can be sent to your residence or the hotel where you plan to stay during your onsite engagement.
The wireless kit includes the following components for use during testing:
Note: Software defined radios should be used on physical hardware to avoid buffering issues. Use on a virtual machine typically results in significant difficulty.
WARNING: Attacks against non-802.11 protocols should be executed with extreme care. Targeting with protocols like BLE and Zigbee is usually very difficult. As a result, testers should ask the customer for a representative device or physically inspect a customer device to confirm targeting before attacks are executed.
- (2) Alfa AWUS036ACH (USB C Interface)
- (1) HackRF One Software Defined Radio with Porta-Pack
- Porta-Pack documentation: https://github.com/eried/portapack-mayhem
- Porta-Pack wiki: https://github.com/eried/portapack-mayhem
- (1) Proxmark3 RDV4
- (1) CC2531 Zigbee Protocol Sniffer and Programmer
- Usage details: https://community.oh-lalabs.com/t/guide-build-a-zigbee-cc2531-sniffer-how-to-use-it/469
- Compatible with Wireshark
- Wireshark plugin: https://github.com/zsmartsystems/com.zsmartsystems.zigbee.sniffer
- Zigbee dissectors: https://www.wireshark.org/docs/dfref/z/zbee.nwk.html
- (1) CC2540 Bluetooth Low Energy (BLE) Sniffer and Programmer
- Compatible with Airtool, Kismet, and Wireshark
- (1) Nooelec NESDR SMArt v5 RTL2832 Software Defined Radio
- Compatible with Kismet or typical SDR software