The document discusses techniques used by red teams for social engineering attacks. It begins by defining social engineering and its use in security contexts. It then provides examples of social engineering techniques like manipulating links to redirect users and embedding authentication credentials in Word documents. The document also discusses rules for red team operations like having backup plans. It explores potential payload ideas like using USB rubber duckies or power banks to deliver attacks. Finally, it lists references for learning more about social engineering and specific vulnerabilities.

1. Red Team Diary:
Meu Recon falhou e agora?
Arthur Paixão
Red Team Leader | C6 Bank

2. #whoami
Arthur Paixão
Red Team Leader at C6 Bank
“Made in Recife, Lost in São Paulo”

3. #agenda Engenharia Social
Red Team
Nem tudo são flores
Pensando Fora da Caixa
Meu sucesso é sua derrota
Conclusão

4. #entry.point();
Engenharia Social
• A engenharia social, no contexto de segurança da
informação, refere-se à manipulação psicológica de
pessoas para a execução de ações ou divulgar
informações confidenciais.
• Este é um termo que descreve um tipo psicotécnico
de intrusão que depende fortemente de interação
humana e envolve enganar outras pessoas para
quebrar procedimentos de segurança.

5. Como não fazer engenharia social...

6. #SE.start();
Você está fazendo
isto errado...

7. #SE.start();
Você está fazendo
isto errado...

8. Red team, o que comem?
Onde vivem?

9. #entry.point();
Red Team

10. #SE.start();
Nem tudo são
flores...
https://youtu.be/pL9q2lOZ1Fw
VIDEO:
“Watch hackers break into the US power
grid”

11. #re.Start();
• Rule 1: Always have an escape plan
• Rule 2: Never get caught.
• Rule 3: Be aware of your surroundings.
• Rule 4: Always have a backup plan.
• Rule 5: Assumpton is the mother of all fuckups.
• Rule 6: Trust your gut.
• Rule 7: Simple and light equals freedom, agility and mobility.
• Rule 8: KISS: Keep it simple, stupid.
• Rule 9: The soluton is in the problem.
• Rule 10: Don't become predictable.
• Rule 11: Never take the elevator.
• Rule 12: Act, don’t react.
The Rules
https://redteams.net/rules

12. #re.Start();
• Rule 1: Always have an escape plan
• Rule 2: Never get caught.
• Rule 3: Be aware of your surroundings.
• Rule 4: Always have a backup plan.
• Rule 5: Assumpton is the mother of all fuckups.
• Rule 6: Trust your gut.
• Rule 7: Simple and light equals freedom, agility and mobility.
• Rule 8: KISS: Keep it simple, stupid.
• Rule 9: The soluton is in the problem.
• Rule 10: Don't become predictable.
• Rule 11: Never take the elevator.
• Rule 12: Act, don’t react.
The Rules
https://redteams.net/rules

13. #re.Start();
• Rule 1.1: Always have a plan.
• Rule 1.2: Always have a back-up plan, because
the frst one probably won’t work.
• Rule 1.3: Always have an escape plan because
all the rest of the plans will fail.
The Rules
EXTENSION
https://redteams.net/rules

14. #re.Start();
• Rule 1.1: Always have a plan.
• Rule 1.2: Always have a back-up plan, because
the frst one probably won’t work.
• Rule 1.3: Always have an escape plan because
all the rest of the plans will fail.
The Rules
EXTENSION
https://redteams.net/rules

15. Vamos calibrar nosso payload

16. #get.Scenario()
Registra um dominoRegistra um domino
Envia um email para o
alvo dando by-pass no
SPF
Envia um email para o
alvo dando by-pass no
SPF
Spear Phishing Roubo de Credencial

17. #re.Start();
 Arquivo de documento do Word com autentcação
básica.
 Ataque de manipulação de link. (sendRedirect)
 Planilha no excel. (VBS)
 UNC path injected doc + netNTLM hash
Roubo de
Credencial
https://redteams.net/rules

18. Arquivo DOC com basic
Authentcaton

19. #re.Start();
DOC Word com basic
authentcaton

20. #re.Start();
DOC Word com basic
authentcaton
TELA DA VITIMATELA DA VITIMA

21. #re.Start();
DOC Word com basic
authentcaton

22. Manipulaçao de links.

23. #re.Start();
Manipulação de
Links

24. #re.Start();
Manipulação de
Links
TELA DA VITIMATELA DA VITIMA

25. #re.Start();
Manipulação de
Links
TELA DA VITIMATELA DA VITIMA

26. #re.Start();
Manipulação de
Links

27. Planilhas do Excel

28. #re.Start();
TELA DA VITIMATELA DA VITIMA

29. #re.Start();

30. O que seria um ataque diferenciado
com o mesmo equipamento?

31. #base.hardware
https://www.hak5.org/gear/usb-rubber-ducky

32. #atck.000x1
+
https://www.clasohlson.com/uk/Clas-Ohlson-3350-mAh-Power-bank/Pr387694000

33. #atck.000x2
+
https://www.americanas.com.br/produto/123403301

34. #atck.000x2
+
https://bit.ly/2AWcNx4

35. #atck.000x2
+
https://bit.ly/2AYstjx

36. #atck.000x2
+
https://bit.ly/2D8E0hL

37. Pimp my atack!

38. #atck.000x2
+
CENSURADO
CENSURADO

39. #references • Phishing Payloads:
htps://github.com/bhdresh/SocialEngineeringPayloads
• CVE-2017-0199:
htps://github.com/bhdresh/CVE-2017-0199
CVE-2017-8759:
htps://github.com/bhdresh/CVE-2017-8759
• CVE-2017-11882
• htps://redteams.net/redteaming/2013/social-engineering
• htps://www.redteamsecure.com/social-engineering/

40. DUVIDAS?
PERGUNTAS?