Daniel W. Dieterle - Security Testing With Raspberry Pi

A Raspberry Pi (RPi) is an ARM based single board computer used by technical professionals, educators and hobbyists alike. Raspberry Pi is one of the most popular single board computers due to its ease of use, extremely large user base and functionality. RPis can be used as cost effective desktop computers, but are also used in robotics, science projects, monitoring systems, surveillance cameras, and countless other projects. The potential usage of RPi is really limited only by the mind of the maker using it. In this book we will focus on using RPi in the computer security field. We will cover using the device as a security testing tool and as a lab target. We will also cover some of the many ways RPi could be used in physical security. So, sit back and buckle up, this is going to be an exciting ride!

Raspberry Pis are a great tool for the security industry. You can install some industry standard security testing tools and applications on a Raspberry Pi and for the most part, they work and function completely identical to their Linux counterparts. For example, you can run a fully functional copy of Kali Linux on an RPi, giving you access to all the ethical hacking tools that you would have if you were running it on a Linux desktop. Kali Linux is very popular in the security community, because it allows you to use similar tools and techniques that a hacker would use to test the security of your network, so you can find and correct these issues before a real hacker finds them.

I think the biggest drive to use a Pi over a desktop solution is the price. A Raspberry Pi 3b+ costs about $50 USD with a memory card. Also, it can run Kali Linux and Kali is free! Kali includes open source versions of numerous commercial security apps, so you could conceivably replace costly security solutions by simply using Kali on a Pi. Kali also includes several free versions of popular software programs that can be upgraded to the full featured paid versions and used directly through Kali. But Kali is just one solution. Pentesters and Red Team members use Raspberry Pis as drop boxes Cheap hacking devices left on a target site. The drop box gives the testing team remote access to the target network and a platform in which to run security scans and tests. Because they are so cheap, using Pi drop boxes are a perfect solution.

In this book, we will see how to use Kali Linux on a Pi. We will also cover some ways to run Ethical Hacking tools in the Raspberry Pis native Operating System - Raspbian. Then we will just get crazy and check out some Pi specific security images. We will cover how to use an RPi as a Hardware Interface Device attack tool. Lastly, we will see how to use the RPi in physical security applications, like using it as a surveillance camera.

The book tutorials have been designed to help walk readers through the exercises in an easy to follow step-by-step manner. That being said, due to the complexities of using hacking tools on a Raspberry Pi, this is not an entry level book, or a How to Use RPi book. This book focuses on those with beginning to intermediate skills with Kali Linux & Ethical Hacking, basic networking skills, familiarity with virtual systems, and who already have experience with using Raspberry Pi systems. Though not solely focused on Kali Linux like my previous books, we will use Kali pretty heavily in this book, so it is a good idea to have a working knowledge of it. We also will use multiple images on multiple memory cards on a Pi, so it is good to be comfortable with writing, interchanging and using multiple OS images.

We will cover multiple ways in which Raspberry Pi systems can be used in ethical hacking and pentesting - From adding security testing tools to a base Raspbian install, using custom security images on the Pi, using it as a test attack target, using it as a HID attack device and finally to using the Pi as a physical security device. Due to how cheap RPi systems can be, this book is a good resource for experienced individuals to practice Ethical hacking techniques on a budget. I think it would also be a good resource for network administrators and non-security IT professionals that are looking to get into the field and learn more about Ethical Hacking and RPi.