Mobile Security Tool Kit

Mobile Security Tool kit

​The STORM Mobile Security Toolkit is a fully-loaded pen test platform which comes equipped with a customized distro of Kali loaded onto a portable Raspberry Pi-based touchscreen device.

INCLUDES:

  • Keyboard
  • Carry Case
  • STORM T-shirt
  • STORM Sticker
  • Access to the STORM Resource Center (Video Demos, Support, ISO Image Download)

From: $749.00Select options

Sold AS-IS with no warranties expressed or implied.

Introducing the STORM!

Mobile Security Toolkit Workshop!

Specs

    • 64 Bit – Quad Core Mobile System with Case
    • 1 GB RAM
    • 7 inch Touch Screen Display
    • 64 GB MicroSD – Preloaded w/Custom Linux Hacking OS
    • 100Mb Ethernet Port
    • 4 USB Ports
    • 802.11n Wireless
    • Bluetooth 4.1
  • Combined 3.5mm Audio Jack and Composite Video
  • Camera Interface (CSI)
  • Display Interface (DSI)
  • VideoCore IV 3D Graphics Core
  • Full HDMI
  • USB 2.0 A to B Micro Power Cable. [The Storm can be powered from a 5V micro-USB source, Power Supply not included with base package.]
  • Rollup Water Resistant Keyboard
  • Field Case Organizer for all your gear

Workshop in Huntsville, Alabama

Workshop in New York, New York

Workshop in Dallas, TX

Note: The STORM mobile security tool kit contains a full Kali Linux load including all of the associated security tools. These tools are very powerful and all proper precautions should be adhered to at all times.

Always remember that the difference between illegal and ethical hacking comes down to one word; permission. It is illegal to utilize these or any other pen testing tools on a network or website without permission.

As stated in the terms and conditions, EC-Council is not responsible for illegal use of these tools and you accept the full liability for its usage. The entire code of ethics can be found here.

Get started

Click here to learn how to start using your mobile security tool kit.

Case Study – STORM Workshop in New York

CyberServices NYC ethical penetration test against a client’s wifi network, of which was compromised by a blackhat cell operating in NYC.

My name is Mike.  I am the founder/president of CyberServices NYC. We are a small cyber security group operating in NYC.  My team consists of nine other employees, specializing in various areas of penetration testing, ethical hacking, risk assessment, cyber threat analysis and information warfare.

Our client base is mainly small to medium sized businesses, healthcare facilities and local and federal government requests (off-book engagements).  In May of this year, I was fortunate enough to attend HACKNYC and buy the EC-Council’s Mobile Security Tool Kit (Storm device.)  EC-Council also had a two-day workshop on using the Storm device.

The live penetration test:

I was contacted by the CEO of a medium sized business.  She was concerned about the WLAN part of her network, particularly the public facing WiFi access system.  She had been hacked, her network compromised through an attack vector involving this sub-system.

No surprise or fancy technical stuff here.  This was just a common, easy hack that a 12 year old could pull off.  The difference here is that when we saw the screen capture provided to us by their IT staff (using Snort), a team member saw a familiar “signature” in the traffic.  These hackers were after their PCI database. They didn’t get it. This was a group, a cell we’ve seen before.

After all the contract discussions with the CEO and the Head IT guy were agreed on, our “get out of jail card” and emergency contacts numbers exchanged, our pentest would begin on a Friday at 23:59 hrs, and end Monday at 06:00 hrs. We went to the local police precinct and informed the desk sergeant of
our intentions and contact numbers.

So, we used the Storm device for the entire test.  After some recon of the area and OSINT of the company, we had our network map of their wireless system.  We used Kismet for the usual wireless details.  Then it was on to the Aircrack-ng suite, (sudo airmong-ng start wlan).  You folks get the rest. we got output from airodump-ng.  Back to Kismet for comparison and targeting. So, we confirmed our target and it’s details.

Now, from our earlier recon, we discovered the make and model of their routers. (yes, there was a little social engineering after we sealed the deal with the client).  Google really is your best friend. So, is ToR. So, we downloaded the most commonly used passwords and defaults used by that manufacturer and CUPP since we did a behavioral profile on the Head IT guy.  Along with OSINT, we had a good idea of his general personality.  Our dictionary.txt was created.  Time to fire for effect.

“sudo mdk3 mon0 p -c 2 -t {MAC address here} -f {our dictionary.txt here}”

This was a hybrid brute force attack, obviously. Our profile help out.  The password was a mix of the IT guy’s personal  and family’s PII. The user ID was obvious. We entered the info on the SSO screen and that’s it.Thanks for playing, game over. Now, this was a very simple real life test.  No big deal.  The point here is we used the Storm device for every step of this hack. And, since our after action report given to the CEO was met with satisfaction (the head IT guy, not so much), we got our agreed upon bankers’ check.

Summary:

The Storm device performed admirably in the field. We had our usual laptop with us just in case but we didn’t use it. Now, since the Storm unit is Raspberry 3+ based it is slower than the regular hardware of the trade. It also runs hotter depending the length of use. We put small heat sinks on the two main processors. We also had the A/C on in our van.  In the theater of battle, the Storm did the job and did it well.

When you get one, do the usual mods on Kali. Clear out the # in sources.list (cd /etc/apt. then nano sources.list). Then run sudo apt-get update.  Set the correct time and date for your time stamp on screen shots. We used an Alpha AWUSO36NEH NIC card. Configure your Storm device for your external NIC.  (ifconfig, etc, etc). Make sure network settings and USB settings recognizes your card. Hack your own system for a test.

Get a wireless miniMouse. It’s easier to click on the tools in Kali on the Storm unit. Finally, we used a 2400 milliAmp rechargeable USB battery with a back-up for power.  We used only one for this pentest. They do last.

Remember, like a hand-held two way radio, the Storm unit is a field device.  If you expect HP laptop multi-core, hyper processor speed from this unit, then, well just go away and find another career.  Storm works. It works well.

So, get one. Pack the bag in comes in with your rubber duckies, LAN turtles, USB drives and other stuff you’ll use with it and make some money.