SlideShare ist ein Scribd-Unternehmen logo

Connecting the Dots

Als PPTX, PDF herunterladen
InnoTech
InnoTech

Presented at InnoTech Oklahoma 2013. All rights reserved.

Technologie
1 von 56
Connecting the dots…. Footprints in the ether, and other musings. Sean Satterlee – Principal Security Engineer
Disclaimer THIS IS PURELY FOR EDUCATIONAL PURPOSE. Myself, any identities that I may use, Net Source, Inc., NetSourceLabs, NetSourceSecure and any other organizations that I am affiliated with cannot be held liable for any negligence or illegal activity that may result in the disclosure of the information included in this briefing.
About me intentionally left blank
A “howto” or “readme.txt” • A quick guide to a talk by me. • Be prepared – – – – – – – – – – – – – – – – Topics will be all over the place I will chase rabbits I use profanity to make my point I am passionate about my work If you get up during this talk, be prepared to be heckled. Did I mention that I will jump around on topics? I will bring in points that I find interesting, while they might not be germane to the exact topic, you may find them useful. If I switch languages for a certain word or concept. Do not get angry. Write it down, google it, you can figure it out for yourself later. I may repeat things every now again. I will chase rabbits I need to make a “logic-chart” for following my talks I should also remember to start using the “notes” feature for powerpoint. I like it when people clap immediately after pseudo profound statements. I do not like the obligatory applause at the end of my talks My talks are interactive. Several of my friends are in the crowd – – Sometimes I will just skip slides because I don’t feel like talking about them. It’s alright though, you can download this slide deck The detailed sections are out of order. Sorry, I don’t want to fix it. • They are not “plants”, but I will sometimes call on them to help me remember antic dotes.
Business Intelligence? • A nice name for Corporate Espionage • Knowing the business model for a given target (read: client), and you will further understand the areas of their infrastructure that may be less guarded • Knowing more about your target will lead you to appropriate attack vectors
Dox? • Is it necessary to publish this information? • In short, the answer is no.
HOWEVER… • Having information is one thing. • Displaying that you have this information is another. • An entire generation raised with the notion that “knowledge is power” has caused this. • Displaying this information as a means to show power and to hinder some else‟s operations is something completely different.
Forms of Reconnaissance and Intel Gathering • Physical • Social • OSINT
Subsets of Physical • Drive-bys – Done at multiple times throughout the day/night. – Establish key employees and work shifts – Use a rental car with a contour cam (HD), just leave it. • Wardrive – Don’t get too close – Use everything you can in BT5, or Kali • Dumpster Dive – Do this at night – Avoid the critters
• Get a tour, make note of how physical security is managed. – Organics – CCTV – RFID – Magstrips – Electronic Keypads – “Secure” keylocks
• Make note of the badges, if you are conducting a social, you may need to create one. • It doesn’t need to “work”, Just pass a glance.
• RFID? Sure, we can do that…
• Magstrips? Yeah, that too. Info available on instructables.com
Keylocks • Seriously? Are you kidding me? • Medco, Chubb, and Bonowi keys are now available for download to be printed on your reprap
Physical Locks
Security Keypads Type Procedure Sentex Keypads ***00000099#* DoorKing *029999 AeGIS #,0 (same time) followed by 0000 Elite “Program” button, followed by 7777 Linear #,9,# 123456 add your code by: 0,1,#,%desired code% Multicode 1234 (no lockout, just keep pecking)
Keys to a successful “Social” • Accurate data • Susceptible targets • Audacity
USB drops and rubber duckies
CD/USB drop • Curiosity killed the cat • Think of this as a „reverse dead drop‟. Pseudo public place, and you WANT it to be found. – You may ask yourself, “who would actually plug this in?” – Now tell yourself, “too many people that probably work with me.”
You knew this would come up
Other methods • The USB drop isn‟t always needed – If you can gain physical access: • a rubber-ducky can be used to drop a payload and a reverse, persistent shell – If you can‟t gain physical access: • You can squeeze a rubber-ducky into anything that uses a USB connection. Ship it to someone in the target company. Human stupidity will take over, and SOMEONE will plug it in.
Just how easy is that? • Not calling anyone out, but certain people in this industry are literally, batting 1000 using this technique. – But seriously, how easy is it?
I was going to make a political joke here, but… well, let’s just skip that part as I don’t really have any politics.
OSINT • TheHarvester • Maltego • NetGlub • Spokeo • Palantir
Quality of Sources • None of these tools are worth the processing power of launching them if you don’t know where to look.
Sources, you say? • • • • • • • • Spokeo Anywho Lexis-Nexis Ancestry Public Records for target area ESRI – GIS data County Assessors office Social Networks – – – – – Twitter Facebook Myspace Google+ Youtube
Twitter?
Flickr? Why flickr? • Because sometimes smart people do very stupid things. • You can do something about it…
OR…
Examples, you say? • Users will come up with a “clever” password… – And reuse it. – And reuse it. – And reuse it.
So what comes of this behavior?
Again
And again…
Why Facebook?
Inadvertent Excess • Go into the Kinko‟s closest to your target. • Say you “forgot your thumbdrive” • They show you a box, you say “that‟s it!” • YAHTZEE!
A quick note about ‘excessed equipment’ • Please wipe configs on hardware and remove drives • 4th Saturday sales have yielded quite a few Cis** devices with current configs for an organization STILL ON THEM.
Recon-ng • Recon gets it’s own slide, because. Well, it’s cool.
Create your own transforms • There is a wealth of information in public databases – Property taxes – Marriages, divorces, VPO’s, traffic citations, etc – Foreclosures – Birth records, death certificates – blogs
Quality of Product • Your information is only as good as your starting point – Use CORRECT and ACCURATE information. Do not guess.
Otherwise… • The signal to noise ration is horrendous This entire section is total junk and incorrect data
Social Engineering • I will not pretend that neuro-linguistics has gotten me past some serious security measures. – However, a fake accent did get ri0t and I quite a few drinks in Vegas. • How does it work? – You appeal to a person’s sensibility and logic.
Seriously though, what does SE get us? • It gets us physical access to a location to actually DO the CD/USB drop • If the target is in a shared office location, hangout in the smoker’s area. – – – – Listen Sniff RFID Snarf bluetooth Pay attention to visual layout of ID badges in case you need to fabricate one – Possibly tailgate a person into a secure area
• Become a customer/client of the target. • Remember, people are inherently stupid and willing to trust. Exploit this. – “Give them an ounce of quality lies, and you will get a pound of truth in return.” - me
Qualify your statements and questions • Don’t ask stupid questions that are DIRECT. • You will always need to fill some gaps, it’s important to do this without inferring a fictional story. • Be knowledgeable of the subject matter at hand. – This means taking an interest in whatever widget you are trying to gather information about
Pushing in • So what options do I have to exploit a location using the information I have gathered? – – – – – CD/USB drops Social Engineering Client-side Attacks Intranet access portals with weak user/pass combos Sub-domains for test/development environments to attack via web applications to extract data – Complete Breach of network via wireless to create a C&C
Wait, I just said wireless “techie LUsers” – let me tell you why they are your biggest problem.
“Why?” you ask? • Because they are the ones that take it upon themselves to create and fix things with only half of the ‘larger picture’ • Which, in turn, just ends up causing more problems • Like?
Rogue AP’s anyone?
People who build “labs” at work
How this can cause issues • Vast majority of ‘labs’ are default passwords • Rogue AP’s lack strong encryption or any at all • A shared password used over an open wifi connection • Unused accounts with the “default P@ssw0rd!”
How is this remedied? • • • • Strengthen your policies Educate users Educate users (yes, that’s twice on purpose) Self audit – Old machine accounts in AD – Maintenance (service) accounts – Accounts that have never been used
In conclusion • Try harder • Enable yourself and your staff – Come to local hacker meetings – We will gladly show you stuff • No such thing as a stupid question. – Just stupid people, that don’t ask questions.
Any questions that relate to the actual topic? • I like to eat steak cooked medium rare • I have two cats, a dog, a planted aquarium and a entire school of carnivorous fish • My favorite color is clear • Etc…
Errata http://netsourcelabs.com/ Email: sean@netsourcesecure.com Twitter: @seanwayne http://www.linkedin.com/in/satterleesean

Empfohlen

Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Google Hacking
Google HackingGoogle Hacking
Google HackingPim Piepers
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620melendez321
 
Black Hat Ethical Hacking
Black Hat Ethical HackingBlack Hat Ethical Hacking
Black Hat Ethical HackingA.T Multitech Corporation Ltd
 

Empfohlen

Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Google Hacking
Google HackingGoogle Hacking
Google HackingPim Piepers
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620melendez321
 
Black Hat Ethical Hacking
Black Hat Ethical HackingBlack Hat Ethical Hacking
Black Hat Ethical HackingA.T Multitech Corporation Ltd
 
Doc5
Doc5Doc5
Doc5cdech
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version VoyagesDidier Brisset
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaelaclaudiueu07
 
Compta En Bref
Compta En BrefCompta En Bref
Compta En BrefOlivier Marechal
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestionSiham Bekri
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualitéguest966e53
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionAdvences
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetairesRafik1984
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gantner Technologies
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetMehdi Elazri Ennassiri
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyageMoulas
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyageslauriedalmagne
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishguest160cae
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptablehassan1488
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)guest160cae
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptableAbdelhak Essoulahi
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dreamTaoufik Laaziz
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeGeneviève Texier
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesDorothea Salo
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea conInnismir
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 

Weitere ähnliche Inhalte

Andere mochten auch

Doc5
Doc5Doc5
Doc5cdech
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version VoyagesDidier Brisset
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaelaclaudiueu07
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestionSiham Bekri
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualitéguest966e53
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionAdvences
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetairesRafik1984
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gantner Technologies
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetMehdi Elazri Ennassiri
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyageMoulas
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyageslauriedalmagne
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishguest160cae
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptablehassan1488
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)guest160cae
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptableAbdelhak Essoulahi
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dreamTaoufik Laaziz
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeGeneviève Texier
 

Andere mochten auch (18)

Doc5
Doc5Doc5
Doc5
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version Voyages
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaela
 
Compta En Bref
Compta En BrefCompta En Bref
Compta En Bref
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestion
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualité
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetaires
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budget
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyage
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyages
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_english
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptable
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptable
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dream
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commerciale
 

Ähnlich wie Connecting the Dots

Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesDorothea Salo
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea conInnismir
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)DukeDigitalScholarship
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Advanced googling
Advanced googlingAdvanced googling
Advanced googlingsonuagain
 
Risk management and auditing
Risk management and auditingRisk management and auditing
Risk management and auditingDorothea Salo
 
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECUnit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECsundarKanagaraj1
 
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...Angela M. Hooker
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampStephanie Moore
 
Data Visualisation - An Introduction
Data Visualisation - An IntroductionData Visualisation - An Introduction
Data Visualisation - An Introductionb1e1n1
 

Ähnlich wie Connecting the Dots (20)

Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanities
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea con
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
 
Advanced googling
Advanced googlingAdvanced googling
Advanced googling
 
Risk management and auditing
Risk management and auditingRisk management and auditing
Risk management and auditing
 
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECUnit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught out
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech Camp
 
Data Visualisation - An Introduction
Data Visualisation - An IntroductionData Visualisation - An Introduction
Data Visualisation - An Introduction
 

Mehr von InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Mehr von InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Kürzlich hochgeladen

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 

Kürzlich hochgeladen (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 

Connecting the Dots

  • 1. Connecting the dots…. Footprints in the ether, and other musings. Sean Satterlee – Principal Security Engineer
  • 2. Disclaimer THIS IS PURELY FOR EDUCATIONAL PURPOSE. Myself, any identities that I may use, Net Source, Inc., NetSourceLabs, NetSourceSecure and any other organizations that I am affiliated with cannot be held liable for any negligence or illegal activity that may result in the disclosure of the information included in this briefing.
  • 4. A “howto” or “readme.txt” • A quick guide to a talk by me. • Be prepared – – – – – – – – – – – – – – – – Topics will be all over the place I will chase rabbits I use profanity to make my point I am passionate about my work If you get up during this talk, be prepared to be heckled. Did I mention that I will jump around on topics? I will bring in points that I find interesting, while they might not be germane to the exact topic, you may find them useful. If I switch languages for a certain word or concept. Do not get angry. Write it down, google it, you can figure it out for yourself later. I may repeat things every now again. I will chase rabbits I need to make a “logic-chart” for following my talks I should also remember to start using the “notes” feature for powerpoint. I like it when people clap immediately after pseudo profound statements. I do not like the obligatory applause at the end of my talks My talks are interactive. Several of my friends are in the crowd – – Sometimes I will just skip slides because I don’t feel like talking about them. It’s alright though, you can download this slide deck The detailed sections are out of order. Sorry, I don’t want to fix it. • They are not “plants”, but I will sometimes call on them to help me remember antic dotes.
  • 5. Business Intelligence? • A nice name for Corporate Espionage • Knowing the business model for a given target (read: client), and you will further understand the areas of their infrastructure that may be less guarded • Knowing more about your target will lead you to appropriate attack vectors
  • 6. Dox? • Is it necessary to publish this information? • In short, the answer is no.
  • 7. HOWEVER… • Having information is one thing. • Displaying that you have this information is another. • An entire generation raised with the notion that “knowledge is power” has caused this. • Displaying this information as a means to show power and to hinder some else‟s operations is something completely different.
  • 8. Forms of Reconnaissance and Intel Gathering • Physical • Social • OSINT
  • 9. Subsets of Physical • Drive-bys – Done at multiple times throughout the day/night. – Establish key employees and work shifts – Use a rental car with a contour cam (HD), just leave it. • Wardrive – Don’t get too close – Use everything you can in BT5, or Kali • Dumpster Dive – Do this at night – Avoid the critters
  • 10. • Get a tour, make note of how physical security is managed. – Organics – CCTV – RFID – Magstrips – Electronic Keypads – “Secure” keylocks
  • 11. • Make note of the badges, if you are conducting a social, you may need to create one. • It doesn’t need to “work”, Just pass a glance.
  • 12. • RFID? Sure, we can do that…
  • 13. • Magstrips? Yeah, that too. Info available on instructables.com
  • 14. Keylocks • Seriously? Are you kidding me? • Medco, Chubb, and Bonowi keys are now available for download to be printed on your reprap
  • 16. Security Keypads Type Procedure Sentex Keypads ***00000099#* DoorKing *029999 AeGIS #,0 (same time) followed by 0000 Elite “Program” button, followed by 7777 Linear #,9,# 123456 add your code by: 0,1,#,%desired code% Multicode 1234 (no lockout, just keep pecking)
  • 17. Keys to a successful “Social” • Accurate data • Susceptible targets • Audacity
  • 18. USB drops and rubber duckies
  • 19. CD/USB drop • Curiosity killed the cat • Think of this as a „reverse dead drop‟. Pseudo public place, and you WANT it to be found. – You may ask yourself, “who would actually plug this in?” – Now tell yourself, “too many people that probably work with me.”
  • 20. You knew this would come up
  • 21. Other methods • The USB drop isn‟t always needed – If you can gain physical access: • a rubber-ducky can be used to drop a payload and a reverse, persistent shell – If you can‟t gain physical access: • You can squeeze a rubber-ducky into anything that uses a USB connection. Ship it to someone in the target company. Human stupidity will take over, and SOMEONE will plug it in.
  • 22. Just how easy is that? • Not calling anyone out, but certain people in this industry are literally, batting 1000 using this technique. – But seriously, how easy is it?
  • 23. I was going to make a political joke here, but… well, let’s just skip that part as I don’t really have any politics.
  • 24. OSINT • TheHarvester • Maltego • NetGlub • Spokeo • Palantir
  • 25. Quality of Sources • None of these tools are worth the processing power of launching them if you don’t know where to look.
  • 26. Sources, you say? • • • • • • • • Spokeo Anywho Lexis-Nexis Ancestry Public Records for target area ESRI – GIS data County Assessors office Social Networks – – – – – Twitter Facebook Myspace Google+ Youtube
  • 28. Flickr? Why flickr? • Because sometimes smart people do very stupid things. • You can do something about it…
  • 29. OR…
  • 30. Examples, you say? • Users will come up with a “clever” password… – And reuse it. – And reuse it. – And reuse it.
  • 31. So what comes of this behavior?
  • 32.
  • 33. Again
  • 34.
  • 37. Inadvertent Excess • Go into the Kinko‟s closest to your target. • Say you “forgot your thumbdrive” • They show you a box, you say “that‟s it!” • YAHTZEE!
  • 38. A quick note about ‘excessed equipment’ • Please wipe configs on hardware and remove drives • 4th Saturday sales have yielded quite a few Cis** devices with current configs for an organization STILL ON THEM.
  • 39. Recon-ng • Recon gets it’s own slide, because. Well, it’s cool.
  • 40. Create your own transforms • There is a wealth of information in public databases – Property taxes – Marriages, divorces, VPO’s, traffic citations, etc – Foreclosures – Birth records, death certificates – blogs
  • 41. Quality of Product • Your information is only as good as your starting point – Use CORRECT and ACCURATE information. Do not guess.
  • 42. Otherwise… • The signal to noise ration is horrendous This entire section is total junk and incorrect data
  • 43. Social Engineering • I will not pretend that neuro-linguistics has gotten me past some serious security measures. – However, a fake accent did get ri0t and I quite a few drinks in Vegas. • How does it work? – You appeal to a person’s sensibility and logic.
  • 44. Seriously though, what does SE get us? • It gets us physical access to a location to actually DO the CD/USB drop • If the target is in a shared office location, hangout in the smoker’s area. – – – – Listen Sniff RFID Snarf bluetooth Pay attention to visual layout of ID badges in case you need to fabricate one – Possibly tailgate a person into a secure area
  • 45. • Become a customer/client of the target. • Remember, people are inherently stupid and willing to trust. Exploit this. – “Give them an ounce of quality lies, and you will get a pound of truth in return.” - me
  • 46. Qualify your statements and questions • Don’t ask stupid questions that are DIRECT. • You will always need to fill some gaps, it’s important to do this without inferring a fictional story. • Be knowledgeable of the subject matter at hand. – This means taking an interest in whatever widget you are trying to gather information about
  • 47. Pushing in • So what options do I have to exploit a location using the information I have gathered? – – – – – CD/USB drops Social Engineering Client-side Attacks Intranet access portals with weak user/pass combos Sub-domains for test/development environments to attack via web applications to extract data – Complete Breach of network via wireless to create a C&C
  • 48. Wait, I just said wireless “techie LUsers” – let me tell you why they are your biggest problem.
  • 49. “Why?” you ask? • Because they are the ones that take it upon themselves to create and fix things with only half of the ‘larger picture’ • Which, in turn, just ends up causing more problems • Like?
  • 51. People who build “labs” at work
  • 52. How this can cause issues • Vast majority of ‘labs’ are default passwords • Rogue AP’s lack strong encryption or any at all • A shared password used over an open wifi connection • Unused accounts with the “default P@ssw0rd!”
  • 53. How is this remedied? • • • • Strengthen your policies Educate users Educate users (yes, that’s twice on purpose) Self audit – Old machine accounts in AD – Maintenance (service) accounts – Accounts that have never been used
  • 54. In conclusion • Try harder • Enable yourself and your staff – Come to local hacker meetings – We will gladly show you stuff • No such thing as a stupid question. – Just stupid people, that don’t ask questions.
  • 55. Any questions that relate to the actual topic? • I like to eat steak cooked medium rare • I have two cats, a dog, a planted aquarium and a entire school of carnivorous fish • My favorite color is clear • Etc…

Hinweis der Redaktion

  1. Metasploit like framework to lessen the learning curve