SlideShare ist ein Scribd-Unternehmen logo

Advanced phishing for red team assessments

Als PPTX, PDF herunterladen
J
JEBARAJM

The presentation was about how Office365 can be attacked, and how GSUITE features can be leveraged for phishing and RED Team assessments. Linkedin: https://www.linkedin.com/in/jebaraj-m-551a091aa/

Technologie
1 von 37
A Red Teamer’s Access from the internet. Null Chennai Meet 23 November 2019 PRESENTER: JEBARAJ M
Most Used Mail Servers  Office 365  Gsuite  Custom mail servers ( postfix, exim etc.)
OSINT to the best  OSINT is the most important phase for conducting a Red Team Assessments.  Some of the usefull resources for OSINT are as follows.  https://osint.best/  https://osintframework.com/
Linkedin to get Linked  Linked in provides more data than you think that can link you in to an organization.  From Linkedin name we can derive a email address by serveral combinations like, firstname.lastname, Lastname.firstname Firstnamefirstletter.lastname Lastnamefirstletter.firstname etc.
Hunting for emails  There are many email scraper lying around the github.  Hunter.io is an email scraper if you give an domain name it will fetch out the emails on public internet.  You can also makeuse of https://www.alreadycoded.com/ which has lead generation tools.
Preying by Spraying  Password Spraying is trying a single credential over multiple accounts. Some default password that can be used for spraying are Eg. Nov@2019 Password123$ Summer2019 etc.
Attacking Office365  Office 365 is a service provide by Microsoft for an organization communication.  Autodiscover and Lyncdiscover are indicators. Eg. autodiscover.example.com, lyncdiscover.example.com
Gotta check out the GAL  Using GAL is a perfect way for user enumeration.  GAL is Global Address List. You can use search option either on skype or while composing a mail.  In Gsuite you can open hangout to check for the user
Staying Stealth by Rules  Attacker plan to remain stealth to maintain access for the compromised O365 accounts.  Real Attackers Try to stay stealth as possible leaving no traces which would alert by creating inbox rules and deleting the incoming mails after forwarding.
Doppel Ganger Phishing  Doppel Ganger Domain is a look a like of a legitimate domain.  Always choose a wise doppel ganger domain.
Phishing  My approach towards a phising campaign which works most of the time is buying a domain with ecommerce name, or elearning portals. Create a signup page or a fake login portal customized to the targeted domain.  Then conduct a phishing campaign stating we have partnered with Eg book2learn.com etc
Phishing Delivery  You can use Frameworks for phishing delivery by adding you smtp through which your phishing email will be delivered.  You can aslo use sendemail cli version tool.  Some of the populary used phishing frameworks are Gophish KingPhisher etc.
Staying Stealth while Phising  Hide your personal informations which may get leaked while setting up a phising campaign.  Main things a good attacker will hide as follows. * Whois informations * SSL Certificate informations
Phishing on GSuite  Offcourse Gsuite use AI to read for any Spam and spoofy content.  Gmail is secured by preventing malicious attachment.
Then How we can Conduct Phishing against a GSUITE user?
Fear Not Google itself has made it simple for us
Hangouts  Google Hangout is used as a chat platform.  Many users keep google hangout insecure. Thanks to google for that.
Hangout
Groups  Google Group is a platform for creating a group conversations.  You can create a google group at https://groups.google.com/  Invite members to the group.  Likelihood of suspicion is less also all thanks to google for their feature.
Groups
Ordering for Takeout  Google provide a way to export all the google data in zip file which will contain gmail,maps,playstore, etc.  Takeout.google.com
Phishing attachment file types  Most encountered phishing malicious attachments are as follows. Docx Doc Xls Xlsx Rtf
Macroless  DDE is Dynamic Data exchange based payloads can used to create dde based pyloads which can be inserted on document.  Some of the ways to generate the macroless payloads are as follows. metasploit Unicorn Manual approach by formula injection etc.
Advanced macro based payload  Vbscript are used for macros.  Vbscripts can be obfuscated to evade detection.  Vba Stomping can be done to evade detection
MACRO OBFUSCATION  Vbscript can be obfuscated to evade detection.  Some of the ways that VBScript code canbe obfuscated are as follows  use of strreverse() function  Custom use of the function name.  Using custom encoder to encode the payload function eg. ROT series encoding.  Many macro obfuscation tools are available on github.
VBA Stomping  A Macro payload file contains two things VBA source code and pcode.The VBA source code is compile into pcode which gets executed when enabling macros after opening malicious marco embedded file.  VBA Stomping is modifying the VBA source to fake that there is nothing malicious on the macro file but the pcode will contain maclious payload.  Tool: evilclippy
Undetectectable Marco payload  An attacker can craft a malicious undetectable macro by combining macro obfuscation + VBA STOMPING + AMSI BYPASS payload
DEMO
Linking maldocs  Attacker abuse the Objecting Linking feature on Microsoft by embedding malicious file and changing the icon to look legitimate.  Microsoft ASR provides security in OLE nowadays
DEMO
Phishing Templating  Mime type legitimate marketing mails can be copied and customized for phishing.  Create internal forward like template while spear phishing.
See to the C2  C2C server are setup on VPS to execute commands to the connected vitim machines  Some of the popular C2 framework used nowadays are Covenant Empire Koadic
Getting the Access After Malcious Execution on Remote Computer
What about Firewall?  Many organizations have firewall and defender how to evade firewall and endpoints.  Stealth C2 data exfiltrations needs to be used in these type of scenarios.
Onedrive and DropBOX C2 Demo
Real Forensics Scenario Discussion

Empfohlen

OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?Beau Bullock
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Email Security 101 – A Practical Guide For Every Business
Email Security 101 – A Practical Guide For Every Business Email Security 101 – A Practical Guide For Every Business
Email Security 101 – A Practical Guide For Every BusinessPECB
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 

Empfohlen

OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?OK Google, How Do I Red Team GSuite?
OK Google, How Do I Red Team GSuite?Beau Bullock
 
Red Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterRed Team Tactics for Cracking the GSuite Perimeter
Red Team Tactics for Cracking the GSuite PerimeterMike Felch
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Presentation on Web Attacks
Presentation on Web AttacksPresentation on Web Attacks
Presentation on Web AttacksVivek Sinha Anurag
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Email Security 101 – A Practical Guide For Every Business
Email Security 101 – A Practical Guide For Every Business Email Security 101 – A Practical Guide For Every Business
Email Security 101 – A Practical Guide For Every BusinessPECB
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise ScamGuardian Analytics
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdfMariGogokhia
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityRonson Fernandes
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Denail of Service
Denail of ServiceDenail of Service
Denail of ServiceRamasubbu .P
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdfFarouk2nd
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
THE GAME OF PHISHING
THE GAME OF PHISHINGTHE GAME OF PHISHING
THE GAME OF PHISHINGijcisjournal
 
Ethical hacking - Skills.pptx
Ethical hacking - Skills.pptxEthical hacking - Skills.pptx
Ethical hacking - Skills.pptxNargis Parveen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2DallasHaselhorst
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise ScamGuardian Analytics
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing ThreatNick Miller
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdfFarouk2nd
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 

Was ist angesagt? (20)

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2Cybersecurity Awareness Training Presentation v1.2
Cybersecurity Awareness Training Presentation v1.2
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Business Email Compromise Scam
Business Email Compromise ScamBusiness Email Compromise Scam
Business Email Compromise Scam
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Ransomware - The Growing Threat
Ransomware - The Growing ThreatRansomware - The Growing Threat
Ransomware - The Growing Threat
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
Application Security
Application SecurityApplication Security
Application Security
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 

Ähnlich wie Advanced phishing for red team assessments

THE GAME OF PHISHING
THE GAME OF PHISHINGTHE GAME OF PHISHING
THE GAME OF PHISHINGijcisjournal
 
Ethical hacking - Skills.pptx
Ethical hacking - Skills.pptxEthical hacking - Skills.pptx
Ethical hacking - Skills.pptxNargis Parveen
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007guest20ab09
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force toolszeus7856
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreWilliam Mann
 
Demystifying Initial Access in Azure
Demystifying Initial Access in AzureDemystifying Initial Access in Azure
Demystifying Initial Access in AzureGabriel Mathenge
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopErnest Staats
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing AttacksPECB
 
A Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the InternetA Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the Internet- Mark - Fullbright
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistPixel Crayons
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfxererenhosdominaram
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideBenedek Menesi
 
Abusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control CenterAbusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control CenterAjin Abraham
 
RansomCloud O365: Pay por your Office 365 e-mail
RansomCloud O365: Pay por your Office 365 e-mailRansomCloud O365: Pay por your Office 365 e-mail
RansomCloud O365: Pay por your Office 365 e-mailTelefónica
 

Ähnlich wie Advanced phishing for red team assessments (20)

THE GAME OF PHISHING
THE GAME OF PHISHINGTHE GAME OF PHISHING
THE GAME OF PHISHING
 
Ethical hacking - Skills.pptx
Ethical hacking - Skills.pptxEthical hacking - Skills.pptx
Ethical hacking - Skills.pptx
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007GNUCITIZEN Pdp Owasp Day September 2007
GNUCITIZEN Pdp Owasp Day September 2007
 
Password cracking and brute force tools
Password cracking and brute force toolsPassword cracking and brute force tools
Password cracking and brute force tools
 
Technology Training - Security, Passwords & More
Technology Training - Security, Passwords & MoreTechnology Training - Security, Passwords & More
Technology Training - Security, Passwords & More
 
Demystifying Initial Access in Azure
Demystifying Initial Access in AzureDemystifying Initial Access in Azure
Demystifying Initial Access in Azure
 
FBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise WorkshopFBI & Secret Service- Business Email Compromise Workshop
FBI & Secret Service- Business Email Compromise Workshop
 
Network Security and Spoofing Attacks
Network Security and Spoofing AttacksNetwork Security and Spoofing Attacks
Network Security and Spoofing Attacks
 
A Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the InternetA Basic Guide to Safe Surfing on the Internet
A Basic Guide to Safe Surfing on the Internet
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
How to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security ChecklistHow to Secure Web Apps — A Web App Security Checklist
How to Secure Web Apps — A Web App Security Checklist
 
2023-May.pptx
2023-May.pptx2023-May.pptx
2023-May.pptx
 
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdfComputer_Hacking_for_Beginners_Kevin_James_complex.pdf
Computer_Hacking_for_Beginners_Kevin_James_complex.pdf
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
 
Abusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control CenterAbusing Google Apps and Data API: Google is My Command and Control Center
Abusing Google Apps and Data API: Google is My Command and Control Center
 
RansomCloud O365: Pay por your Office 365 e-mail
RansomCloud O365: Pay por your Office 365 e-mailRansomCloud O365: Pay por your Office 365 e-mail
RansomCloud O365: Pay por your Office 365 e-mail
 
Eseminar1
Eseminar1Eseminar1
Eseminar1
 
email security
email securityemail security
email security
 

Kürzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Kürzlich hochgeladen (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Advanced phishing for red team assessments

  • 1. A Red Teamer’s Access from the internet. Null Chennai Meet 23 November 2019 PRESENTER: JEBARAJ M
  • 2. Most Used Mail Servers  Office 365  Gsuite  Custom mail servers ( postfix, exim etc.)
  • 3. OSINT to the best  OSINT is the most important phase for conducting a Red Team Assessments.  Some of the usefull resources for OSINT are as follows.  https://osint.best/  https://osintframework.com/
  • 4. Linkedin to get Linked  Linked in provides more data than you think that can link you in to an organization.  From Linkedin name we can derive a email address by serveral combinations like, firstname.lastname, Lastname.firstname Firstnamefirstletter.lastname Lastnamefirstletter.firstname etc.
  • 5. Hunting for emails  There are many email scraper lying around the github.  Hunter.io is an email scraper if you give an domain name it will fetch out the emails on public internet.  You can also makeuse of https://www.alreadycoded.com/ which has lead generation tools.
  • 6. Preying by Spraying  Password Spraying is trying a single credential over multiple accounts. Some default password that can be used for spraying are Eg. Nov@2019 Password123$ Summer2019 etc.
  • 7. Attacking Office365  Office 365 is a service provide by Microsoft for an organization communication.  Autodiscover and Lyncdiscover are indicators. Eg. autodiscover.example.com, lyncdiscover.example.com
  • 8.
  • 9. Gotta check out the GAL  Using GAL is a perfect way for user enumeration.  GAL is Global Address List. You can use search option either on skype or while composing a mail.  In Gsuite you can open hangout to check for the user
  • 10. Staying Stealth by Rules  Attacker plan to remain stealth to maintain access for the compromised O365 accounts.  Real Attackers Try to stay stealth as possible leaving no traces which would alert by creating inbox rules and deleting the incoming mails after forwarding.
  • 11. Doppel Ganger Phishing  Doppel Ganger Domain is a look a like of a legitimate domain.  Always choose a wise doppel ganger domain.
  • 12. Phishing  My approach towards a phising campaign which works most of the time is buying a domain with ecommerce name, or elearning portals. Create a signup page or a fake login portal customized to the targeted domain.  Then conduct a phishing campaign stating we have partnered with Eg book2learn.com etc
  • 13. Phishing Delivery  You can use Frameworks for phishing delivery by adding you smtp through which your phishing email will be delivered.  You can aslo use sendemail cli version tool.  Some of the populary used phishing frameworks are Gophish KingPhisher etc.
  • 14. Staying Stealth while Phising  Hide your personal informations which may get leaked while setting up a phising campaign.  Main things a good attacker will hide as follows. * Whois informations * SSL Certificate informations
  • 15. Phishing on GSuite  Offcourse Gsuite use AI to read for any Spam and spoofy content.  Gmail is secured by preventing malicious attachment.
  • 16. Then How we can Conduct Phishing against a GSUITE user?
  • 17. Fear Not Google itself has made it simple for us
  • 18. Hangouts  Google Hangout is used as a chat platform.  Many users keep google hangout insecure. Thanks to google for that.
  • 20. Groups  Google Group is a platform for creating a group conversations.  You can create a google group at https://groups.google.com/  Invite members to the group.  Likelihood of suspicion is less also all thanks to google for their feature.
  • 22. Ordering for Takeout  Google provide a way to export all the google data in zip file which will contain gmail,maps,playstore, etc.  Takeout.google.com
  • 23. Phishing attachment file types  Most encountered phishing malicious attachments are as follows. Docx Doc Xls Xlsx Rtf
  • 24. Macroless  DDE is Dynamic Data exchange based payloads can used to create dde based pyloads which can be inserted on document.  Some of the ways to generate the macroless payloads are as follows. metasploit Unicorn Manual approach by formula injection etc.
  • 25. Advanced macro based payload  Vbscript are used for macros.  Vbscripts can be obfuscated to evade detection.  Vba Stomping can be done to evade detection
  • 26. MACRO OBFUSCATION  Vbscript can be obfuscated to evade detection.  Some of the ways that VBScript code canbe obfuscated are as follows  use of strreverse() function  Custom use of the function name.  Using custom encoder to encode the payload function eg. ROT series encoding.  Many macro obfuscation tools are available on github.
  • 27. VBA Stomping  A Macro payload file contains two things VBA source code and pcode.The VBA source code is compile into pcode which gets executed when enabling macros after opening malicious marco embedded file.  VBA Stomping is modifying the VBA source to fake that there is nothing malicious on the macro file but the pcode will contain maclious payload.  Tool: evilclippy
  • 28. Undetectectable Marco payload  An attacker can craft a malicious undetectable macro by combining macro obfuscation + VBA STOMPING + AMSI BYPASS payload
  • 29. DEMO
  • 30. Linking maldocs  Attacker abuse the Objecting Linking feature on Microsoft by embedding malicious file and changing the icon to look legitimate.  Microsoft ASR provides security in OLE nowadays
  • 31. DEMO
  • 32. Phishing Templating  Mime type legitimate marketing mails can be copied and customized for phishing.  Create internal forward like template while spear phishing.
  • 33. See to the C2  C2C server are setup on VPS to execute commands to the connected vitim machines  Some of the popular C2 framework used nowadays are Covenant Empire Koadic
  • 34. Getting the Access After Malcious Execution on Remote Computer
  • 35. What about Firewall?  Many organizations have firewall and defender how to evade firewall and endpoints.  Stealth C2 data exfiltrations needs to be used in these type of scenarios.