7MS #462: Pentesting with the Hak5 Key Croc
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today we talk through our first engagement using Hak5 Key Croc to steal and exfil data. In the past, my internal monologue when a new Hak5 toy is released sounds like this:
-
"I certainly don't need another Hak5 doo-dad! The last one didn't ever work that great, and ended up in a drawer full of past Hak5 doo-dads that didn't work that great."
-
"Whaaaaat? A new cool and hip video for the INSERT_CATCHY_HAK5_TOOL_NAME is out? Pffft. I don't need that."
- 5 seconds go by...
-
"Well it's just $100, shut up and take my money!"
-
"It came in the mail today! It has a cool envelope and everything!"
-
"Hrm, I followed the quick start video and 3 of the 10 steps don't work for me. I'll hit the forums. Huh, everybody seems to be having this problem.
- 5 days go by...
- "Neat! With a little help from SassyGal67 and StarWarsFreak_XXL on the forums, I hacked together my own fix for these issues. Now the core functionality of the device works, but the GUI is totally broken and you have to factory reset it with every use. Cool!"
- Deep breath. Tosses doo-dad in a drawer full of past Hak5 doo-dads that didn't work that great.
So with all that said, was our experience with the Key Croc any different? Check out today's episode to find out!