If you read the last blog in the series, you already know that SANS OnDemand is running the best special offers of the year for a limited time, giving students who register for an OnDemand course the opportunity to get a free device. We know it’s ever-so-tempting to use these free devices for streaming or gaming, but perhaps the ultimate challenge would be to think about how you can put these devices to good use in your career.
In the last blog, SANS Instructors Mark Orlando, Justin Henderson, and Sarah Edwards offered advice about how they would use these free devices for home labs and testing environments. This time around, we have three new instructors offering a bit of advice and an anecdote or two to help you start to think about the potential ways you could put these devices to use in your career.
Experiment with iOS Development & Jailbreaking
Chris Crowley, SANS Senior Instructor & Course Author
“If I had a new macOS device from Apple, I would install Xcode on it and use it to play around with development for iOS devices. This is a program that's available from Apple and is really only intended to be used on Apple hardware. There are some hacky ways to make it run in other environments, but they're not really supported. I'd also install checkra1n for jailbreaking iOS devices, but I wouldn't recommend that for everyone. checkra1n is available for linux and macOS only.”
Get Creative with Advanced Pen Testing Techniques
Stephen Sims, SANS Faculty Fellow, Course Author, & SANS Pen Test Curriculum Lead
“In the SANS course SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking we have a module on bypassing enterprise Network Access Control (NAC) solutions. We walk through how you can dress up the Linux OS that you use for pen testing to look like an iPad, printer, or other smart device that may be defined on a company's exceptions list. In short, companies may define an exceptions list for devices that are unable to properly authenticate to the network, but that may still need access, such as printers, IoT devices, and smart devices.”
“Enterprise NAC solutions often use techniques such as passive OS fingerprinting, Javascript OS validation through the browser, and other controls to validate that you truly are the type of device defined on the exceptions list. A student was able to study the iPad they were provided with their OnDemand registration and work towards using the techniques discussed in class to trick their enterprise NAC solution into believing that their Kali Linux virtual machine was actually an iPad!”
Employ as a Research System for Hacking Endeavors
Ed Skoudis, SANS Faculty Fellow
“I find computing platforms like an iPad Pro or a Microsoft Surface tablet to be SUPER helpful while I’m hacking things. I’ll use my regular laptop with two external monitors to do my work, hacking some code or IoT hardware for my office automation, because my machine has plentiful ports. But while doing that, screen real estate is tight, full of terminals and browser windows."
"That’s where my tablet comes in — I sit it next to my laptop and use it to display technical schematics (such as the Raspberry Pi 4’s pin-out, specs for a particularly complex API, or vendor reference manuals). I’ll usually have four or five tabs open on my tablet browser flipping between those pages with the flick of a finger, without interrupting my laptop’s terminals and browsers that are directly interacting with my targets. It makes for a much more fulfilling hacking experience. For the more adventurous, you could use technologies like Apple’s Handoff and Universal Clipboard to shoot browsers and clipboard contents between the devices in your lab.”
Additional Resources
- Blog – Advice from the Pros: Turning Your Free Computing Device into a Goldmine of Hands-On Experience
- Blog: Do it Live! Dynamic iOS Forensic Testing by SANS Principal Instructor Sarah Edwards
- GitHub Presentation: Poking the Bear – Dynamic Forensic Testing and Analysis by SANS Principal Instructor Sarah Edwards
- Great List of Resources to Build an Enterprise Grade Home Lab by SANS Certified Instructors Ismael Valenzuela and Justin Henderson
- Webcast: Building an Enterprise Grade Home Lab with SANS Certified Instructors Ismael Valenzuela and Justin Henderson
- Webcast: Extending Your Home Lab to Include Cloud with SANS Certified Instructors Ismael Valenzuela and Justin Henderson
- Security Technical Implementation Guides (STIG) from the US Department of Defense
Get Your Free Device with a SANS OnDemand Course
SANS OnDemand brings the world’s most respected cybersecurity instruction straight to you in a flexible and effective online platform, with more than 50 SANS courses offered for anytime, anywhere learning.
With four months of extended access to course content, you get the opportunity to practice hands-on skills and new tools so they can be applied effectively to best defend your organization. You can experience SANS OnDemand training for free with hour-long demos for 50+ courses here.
Find your next SANS OnDemand course and register by August 19 to take advantage of the best special offers of the year: Your choice of an 11" iPad Pro with Apple Pencil, a Microsoft Surface Go 2 (128GB SSD), or $300 off any OnDemand course.
