Getting Started with the Bash Bunny from Hak5
What you'll learn
- How to set up the bash bunny
- How to use the bash bunny
- How to extend and create your own bunny scripts
- What to do next
- You will need a bash bunny usb device.
In this course, you will learn how to gain that crucial initial access using a hardware device called a Bash Bunny. You will explore how to leverage Human Interface Device (HID) emulation to compromise targets, and how to write your own scripts to create custom payloads.
One of the most important parts of a Red Team engagement is the initial access and how to exfiltrate important information to help you gain a deeper foothold into your target environment.
In this course, Initial Access with Bash Bunny, you will learn the capabilities of the BashBunny and why it is a key initial access tool in the red team toolkit.
Threat actors take advantage of physical access to devices in order to obtain credentials stored on the device. APT groups such as DarkVishnya have used Bash Bunny devices to help infiltrate major banks across Europe. Having the ability to covertly plug in a device that hacks your target in seconds and pull out confidential data ready for use with no interaction required can be a game changer for red team members.
You will learn how to utilize this tool to help you achieve your red team goals. Within this course you will learn about bunny scripts, how to load them and even modify them to help obtain and exfiltrate key files and information from your target.
The Bash Bunny is amazingly adaptable and can also be used to launch a number of attacks at multiple stages of the cyber kill chain including launching stagers for Empire and you will also show you where to find additional resources to help craft your perfect attack vector for those specialist jobs.
When you have finished with this course, you will have the skills and knowledge to perform attacks from your team that simulate APT capability against your client
Who this course is for:
- Beginners who have just purchased a BashBunny device or those that at looking at getting one.
FC aka Freakyclown
Ethical Hacker and Social Engineer
FC is a well-known ethical hacker and social engineer. He has been working in the information security field for nearly 3 decades and excels at circumventing access controls. As an ethical hacker and social engineer, FC ‘breaks into’ hundreds of banks, offices and government facilities around the world.
FC has held positions in his career such as Senior Penetration Tester as well as Head of Social Engineering and Physical Assessments for renowned security companies. Having worked as Head of Cyber Research for Raytheon Missile Systems, collaborating alongside intelligence agencies, he has cemented his skillset and knowledge whilst helping governments take correct courses of action against national threats.
Now Co-CEO and Head of Ethical Hacking at Cygenta, he continues to perform valuable research into vulnerabilities. His client list involves major high-street banks in the UK and Europe, FTSE100 companies and multiple government agencies and security forces.
His work demonstrating weaknesses in physical, personnel and digital controls assists organisations to improve their security. He is motivated by a drive to make individuals, organisations and countries more secure and better-able to defend themselves from malicious attack.
Outside of work he co-founded the Surrey and Hampshire Hackspace as well as the Defcon 441452 (Gloucester) ethical hacker group. He has been featured in books, international media such as the BBC, popular podcasts such as Dark Net Diaries, and regularly writes articles and blog posts. FC and his wife Dr Jessica Barker were Guest Curators of the 2018 Cheltenham Science Festival and are keen advocates of cyber security outreach, for example supporting TeenTech and the Cyber Security Challenge.
FC demystifies security with his expertise, humour and passion, delivering popular keynotes at corporate events, conferences and universities around the world. He specialises in teaching people of all ages and abilities the art of security in an engaging and impactful way.