Red and Blue Teaming a Modern House

Talks on protecting your home or breaking into one.

14 Apr 2018 - David E. Switzer

Intro

A couple years ago, I did a talk at BSides:Orlando called “Breadcrumbs”. It was about collecting wifi probes, semi-auto sorting out which is which (who, more accurately), and alerting you when a few people showed up. This was entirely born out of having a boss that worked out of Canada regularly showing up to the office – surprise! Jonathan and I needed protection!

Later, Jonathan and I combined my fascination w/ RF metadata w/ his fledgling love of home-automation, and did a talk called “The Trap House: Making Your Home As Paranoid As Your Are”. This was a “stable” talk at Derbycon 2017.

At BSides:Tampa 2018, we presented a talk called “Modern Day Vandals and Thieves: RF Edition”, which laid out ways to identify valuables inside of a home, a few ways of detecting if people were home, and detecting if alarm systems were present.

At this point, I realized that we were basically red/blue teaming homes, and we embraced it. Thus Bsides:Orlando 2018’s talk “Redteaming the Traphouse”. This combines some aspects of all the talks, adds some extra ideas, some new stuff about an alarm system that pulled us down a rabbit hole, and some other random toys.

More to come on this topic – including a future blog going over some of the items in these talks. Let us know if you have any questions!

The Promised Slides/Files [tm]

“Redteaming The Traphouse” - Slides for the BSides Orlando 2018 talk.
“house_hide.py” - the program to spew out probes from fake IoT devices.
“callsomeonesaysomething.sh” - a script to automate sending synthesized voice calls for alerts/etc.
ZWave captures from Jonathan’s Wink System - ZWave captures used for replay attacks mentioned in the talk.

Projects referenced in the slides:

Home Assistant - A vendor agnostic middleman for your home-automation needs!
RTL-SDR.com - A fantastic SDR site. I guess I didn’t need to hotlink that, really.
BLEah - BTLE sniffer/prober/all around party good time.
Killerbee - Tools for attacking Zigbee.
Killerzee - Tools for attacking Z-Wave.
RTL-AMR - RTL-SDR receiver for decoding AMR power meters.
GQRX - A GnuRADIO based graphical radio receiver.
URH - Universal Radio Hacker - for capturing, analyzing and replaying RF signals.