SlideShare une entreprise Scribd logo

Connecting the Dots

Télécharger en tant que PPTX, PDF
InnoTech
InnoTech

Presented at InnoTech Oklahoma 2013. All rights reserved.

Technologie
1  sur  56
Connecting the dots…. Footprints in the ether, and other musings. Sean Satterlee – Principal Security Engineer
Disclaimer THIS IS PURELY FOR EDUCATIONAL PURPOSE. Myself, any identities that I may use, Net Source, Inc., NetSourceLabs, NetSourceSecure and any other organizations that I am affiliated with cannot be held liable for any negligence or illegal activity that may result in the disclosure of the information included in this briefing.
About me intentionally left blank
A “howto” or “readme.txt” • A quick guide to a talk by me. • Be prepared – – – – – – – – – – – – – – – – Topics will be all over the place I will chase rabbits I use profanity to make my point I am passionate about my work If you get up during this talk, be prepared to be heckled. Did I mention that I will jump around on topics? I will bring in points that I find interesting, while they might not be germane to the exact topic, you may find them useful. If I switch languages for a certain word or concept. Do not get angry. Write it down, google it, you can figure it out for yourself later. I may repeat things every now again. I will chase rabbits I need to make a “logic-chart” for following my talks I should also remember to start using the “notes” feature for powerpoint. I like it when people clap immediately after pseudo profound statements. I do not like the obligatory applause at the end of my talks My talks are interactive. Several of my friends are in the crowd – – Sometimes I will just skip slides because I don’t feel like talking about them. It’s alright though, you can download this slide deck The detailed sections are out of order. Sorry, I don’t want to fix it. • They are not “plants”, but I will sometimes call on them to help me remember antic dotes.
Business Intelligence? • A nice name for Corporate Espionage • Knowing the business model for a given target (read: client), and you will further understand the areas of their infrastructure that may be less guarded • Knowing more about your target will lead you to appropriate attack vectors
Dox? • Is it necessary to publish this information? • In short, the answer is no.
HOWEVER… • Having information is one thing. • Displaying that you have this information is another. • An entire generation raised with the notion that “knowledge is power” has caused this. • Displaying this information as a means to show power and to hinder some else‟s operations is something completely different.
Forms of Reconnaissance and Intel Gathering • Physical • Social • OSINT
Subsets of Physical • Drive-bys – Done at multiple times throughout the day/night. – Establish key employees and work shifts – Use a rental car with a contour cam (HD), just leave it. • Wardrive – Don’t get too close – Use everything you can in BT5, or Kali • Dumpster Dive – Do this at night – Avoid the critters
• Get a tour, make note of how physical security is managed. – Organics – CCTV – RFID – Magstrips – Electronic Keypads – “Secure” keylocks
• Make note of the badges, if you are conducting a social, you may need to create one. • It doesn’t need to “work”, Just pass a glance.
• RFID? Sure, we can do that…
• Magstrips? Yeah, that too. Info available on instructables.com
Keylocks • Seriously? Are you kidding me? • Medco, Chubb, and Bonowi keys are now available for download to be printed on your reprap
Physical Locks
Security Keypads Type Procedure Sentex Keypads ***00000099#* DoorKing *029999 AeGIS #,0 (same time) followed by 0000 Elite “Program” button, followed by 7777 Linear #,9,# 123456 add your code by: 0,1,#,%desired code% Multicode 1234 (no lockout, just keep pecking)
Keys to a successful “Social” • Accurate data • Susceptible targets • Audacity
USB drops and rubber duckies
CD/USB drop • Curiosity killed the cat • Think of this as a „reverse dead drop‟. Pseudo public place, and you WANT it to be found. – You may ask yourself, “who would actually plug this in?” – Now tell yourself, “too many people that probably work with me.”
You knew this would come up
Other methods • The USB drop isn‟t always needed – If you can gain physical access: • a rubber-ducky can be used to drop a payload and a reverse, persistent shell – If you can‟t gain physical access: • You can squeeze a rubber-ducky into anything that uses a USB connection. Ship it to someone in the target company. Human stupidity will take over, and SOMEONE will plug it in.
Just how easy is that? • Not calling anyone out, but certain people in this industry are literally, batting 1000 using this technique. – But seriously, how easy is it?
I was going to make a political joke here, but… well, let’s just skip that part as I don’t really have any politics.
OSINT • TheHarvester • Maltego • NetGlub • Spokeo • Palantir
Quality of Sources • None of these tools are worth the processing power of launching them if you don’t know where to look.
Sources, you say? • • • • • • • • Spokeo Anywho Lexis-Nexis Ancestry Public Records for target area ESRI – GIS data County Assessors office Social Networks – – – – – Twitter Facebook Myspace Google+ Youtube
Twitter?
Flickr? Why flickr? • Because sometimes smart people do very stupid things. • You can do something about it…
OR…
Examples, you say? • Users will come up with a “clever” password… – And reuse it. – And reuse it. – And reuse it.
So what comes of this behavior?
Again
And again…
Why Facebook?
Inadvertent Excess • Go into the Kinko‟s closest to your target. • Say you “forgot your thumbdrive” • They show you a box, you say “that‟s it!” • YAHTZEE!
A quick note about ‘excessed equipment’ • Please wipe configs on hardware and remove drives • 4th Saturday sales have yielded quite a few Cis** devices with current configs for an organization STILL ON THEM.
Recon-ng • Recon gets it’s own slide, because. Well, it’s cool.
Create your own transforms • There is a wealth of information in public databases – Property taxes – Marriages, divorces, VPO’s, traffic citations, etc – Foreclosures – Birth records, death certificates – blogs
Quality of Product • Your information is only as good as your starting point – Use CORRECT and ACCURATE information. Do not guess.
Otherwise… • The signal to noise ration is horrendous This entire section is total junk and incorrect data
Social Engineering • I will not pretend that neuro-linguistics has gotten me past some serious security measures. – However, a fake accent did get ri0t and I quite a few drinks in Vegas. • How does it work? – You appeal to a person’s sensibility and logic.
Seriously though, what does SE get us? • It gets us physical access to a location to actually DO the CD/USB drop • If the target is in a shared office location, hangout in the smoker’s area. – – – – Listen Sniff RFID Snarf bluetooth Pay attention to visual layout of ID badges in case you need to fabricate one – Possibly tailgate a person into a secure area
• Become a customer/client of the target. • Remember, people are inherently stupid and willing to trust. Exploit this. – “Give them an ounce of quality lies, and you will get a pound of truth in return.” - me
Qualify your statements and questions • Don’t ask stupid questions that are DIRECT. • You will always need to fill some gaps, it’s important to do this without inferring a fictional story. • Be knowledgeable of the subject matter at hand. – This means taking an interest in whatever widget you are trying to gather information about
Pushing in • So what options do I have to exploit a location using the information I have gathered? – – – – – CD/USB drops Social Engineering Client-side Attacks Intranet access portals with weak user/pass combos Sub-domains for test/development environments to attack via web applications to extract data – Complete Breach of network via wireless to create a C&C
Wait, I just said wireless “techie LUsers” – let me tell you why they are your biggest problem.
“Why?” you ask? • Because they are the ones that take it upon themselves to create and fix things with only half of the ‘larger picture’ • Which, in turn, just ends up causing more problems • Like?
Rogue AP’s anyone?
People who build “labs” at work
How this can cause issues • Vast majority of ‘labs’ are default passwords • Rogue AP’s lack strong encryption or any at all • A shared password used over an open wifi connection • Unused accounts with the “default P@ssw0rd!”
How is this remedied? • • • • Strengthen your policies Educate users Educate users (yes, that’s twice on purpose) Self audit – Old machine accounts in AD – Maintenance (service) accounts – Accounts that have never been used
In conclusion • Try harder • Enable yourself and your staff – Come to local hacker meetings – We will gladly show you stuff • No such thing as a stupid question. – Just stupid people, that don’t ask questions.
Any questions that relate to the actual topic? • I like to eat steak cooked medium rare • I have two cats, a dog, a planted aquarium and a entire school of carnivorous fish • My favorite color is clear • Etc…
Errata http://netsourcelabs.com/ Email: sean@netsourcesecure.com Twitter: @seanwayne http://www.linkedin.com/in/satterleesean

Recommandé

Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Google Hacking
Google HackingGoogle Hacking
Google HackingPim Piepers
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620melendez321
 
Black Hat Ethical Hacking
Black Hat Ethical HackingBlack Hat Ethical Hacking
Black Hat Ethical HackingA.T Multitech Corporation Ltd
 

Recommandé

Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
I hack you hack we all hack
I hack you hack we all hackI hack you hack we all hack
I hack you hack we all hackKaraMichelleHarkins
 
So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017So, you wanna be a pen tester ctsc2017
So, you wanna be a pen tester ctsc2017Adrien de Beaupre
 
Google Hacking
Google HackingGoogle Hacking
Google HackingPim Piepers
 
5G and the Invisible Interface
5G and the Invisible Interface5G and the Invisible Interface
5G and the Invisible InterfaceExperience UX
 
Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620Hpai class 12 - potpourri & perception - 032620
Hpai class 12 - potpourri & perception - 032620melendez321
 
Black Hat Ethical Hacking
Black Hat Ethical HackingBlack Hat Ethical Hacking
Black Hat Ethical HackingA.T Multitech Corporation Ltd
 
Doc5
Doc5Doc5
Doc5cdech
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version VoyagesDidier Brisset
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaelaclaudiueu07
 
Compta En Bref
Compta En BrefCompta En Bref
Compta En BrefOlivier Marechal
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestionSiham Bekri
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualitéguest966e53
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionAdvences
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetairesRafik1984
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gantner Technologies
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetMehdi Elazri Ennassiri
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyageMoulas
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyageslauriedalmagne
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishguest160cae
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptablehassan1488
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)guest160cae
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptableAbdelhak Essoulahi
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dreamTaoufik Laaziz
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeGeneviève Texier
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesDorothea Salo
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea conInnismir
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 

Contenu connexe

En vedette

Doc5
Doc5Doc5
Doc5cdech
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version VoyagesDidier Brisset
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaelaclaudiueu07
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestionSiham Bekri
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualitéguest966e53
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionAdvences
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetairesRafik1984
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gantner Technologies
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetMehdi Elazri Ennassiri
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyageMoulas
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyageslauriedalmagne
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishguest160cae
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptablehassan1488
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)guest160cae
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptableAbdelhak Essoulahi
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dreamTaoufik Laaziz
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeGeneviève Texier
 

En vedette (18)

Doc5
Doc5Doc5
Doc5
 
Présentation Version Voyages
Présentation Version VoyagesPrésentation Version Voyages
Présentation Version Voyages
 
Voica maria si nicolae mihaela
Voica maria si nicolae mihaelaVoica maria si nicolae mihaela
Voica maria si nicolae mihaela
 
Compta En Bref
Compta En BrefCompta En Bref
Compta En Bref
 
Contrôle de gestion
Contrôle de gestionContrôle de gestion
Contrôle de gestion
 
Module N°2 Manuel Qualité
Module N°2 Manuel QualitéModule N°2 Manuel Qualité
Module N°2 Manuel Qualité
 
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & DistributionTours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
Tours Opérateurs : 2 Enjeux majeurs - Productivité & Distribution
 
Module c procedures_budgetaires
Module c procedures_budgetairesModule c procedures_budgetaires
Module c procedures_budgetaires
 
Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)Gestion d’une agence de voyage routière (Blondel Seumo)
Gestion d’une agence de voyage routière (Blondel Seumo)
 
Bonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budgetBonnes pratiques pour le processus élaboration du budget
Bonnes pratiques pour le processus élaboration du budget
 
Agence de voyage
Agence de voyageAgence de voyage
Agence de voyage
 
Projet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyagesProjet tuteuré entr'aide & voyages
Projet tuteuré entr'aide & voyages
 
Tunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_englishTunisel manuel de_procedures_14_avril_2010_english
Tunisel manuel de_procedures_14_avril_2010_english
 
L’organisation comptable
L’organisation comptableL’organisation comptable
L’organisation comptable
 
Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)Tunisel manuel de_procedures_14_avril_2010 (2)
Tunisel manuel de_procedures_14_avril_2010 (2)
 
Le manuel-d organisation-comptable
Le manuel-d organisation-comptableLe manuel-d organisation-comptable
Le manuel-d organisation-comptable
 
Rapport de stage desert dream
Rapport de stage desert dreamRapport de stage desert dream
Rapport de stage desert dream
 
Manuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commercialeManuel d'organisation administrative comptable et commerciale
Manuel d'organisation administrative comptable et commerciale
 

Similaire à Connecting the Dots

Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesDorothea Salo
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea conInnismir
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckNorth Texas Chapter of the ISSA
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)DukeDigitalScholarship
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Advanced googling
Advanced googlingAdvanced googling
Advanced googlingsonuagain
 
Risk management and auditing
Risk management and auditingRisk management and auditing
Risk management and auditingDorothea Salo
 
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECUnit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECsundarKanagaraj1
 
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...Angela M. Hooker
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outtheODI
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampStephanie Moore
 
Data Visualisation - An Introduction
Data Visualisation - An IntroductionData Visualisation - An Introduction
Data Visualisation - An Introductionb1e1n1
 

Similaire à Connecting the Dots (20)

Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Preservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanitiesPreservation and institutional repositories for the digital arts and humanities
Preservation and institutional repositories for the digital arts and humanities
 
Blitzing with your defense bea con
Blitzing with your defense bea conBlitzing with your defense bea con
Blitzing with your defense bea con
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin FalckLuncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
Luncheon 2016-07-16 - Topic 2 - Advanced Threat Hunting by Justin Falck
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)Staying Broad and Shallow: Learning on the Fly (Eric Monson)
Staying Broad and Shallow: Learning on the Fly (Eric Monson)
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
 
Advanced googling
Advanced googlingAdvanced googling
Advanced googling
 
Risk management and auditing
Risk management and auditingRisk management and auditing
Risk management and auditing
 
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VECUnit I Introduction to AI K.Sundar,AP/CSE,VEC
Unit I Introduction to AI K.Sundar,AP/CSE,VEC
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
The Case of the Ouch! Demoing Inaccessible User Experiences to Bring Organiza...
 
Business considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught outBusiness considerations for privacy and open data: how not to get caught out
Business considerations for privacy and open data: how not to get caught out
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Technology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech CampTechnology Tips for Students-New Student Tech Camp
Technology Tips for Students-New Student Tech Camp
 
Data Visualisation - An Introduction
Data Visualisation - An IntroductionData Visualisation - An Introduction
Data Visualisation - An Introduction
 

Plus de InnoTech

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"InnoTech
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is MaturingInnoTech
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?InnoTech
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostInnoTech
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering StormInnoTech
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the fieldInnoTech
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implicationsInnoTech
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged InfrastructureInnoTech
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365InnoTech
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studiesInnoTech
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential InnoTech
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?InnoTech
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...InnoTech
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeInnoTech
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacyInnoTech
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio InnoTech
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumInnoTech
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2InnoTech
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionInnoTech
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentationInnoTech
 

Plus de InnoTech (20)

"So you want to raise funding and build a team?"
"So you want to raise funding and build a team?""So you want to raise funding and build a team?"
"So you want to raise funding and build a team?"
 
Artificial Intelligence is Maturing
Artificial Intelligence is MaturingArtificial Intelligence is Maturing
Artificial Intelligence is Maturing
 
What is AI without Data?
What is AI without Data?What is AI without Data?
What is AI without Data?
 
Courageous Leadership - When it Matters Most
Courageous Leadership - When it Matters MostCourageous Leadership - When it Matters Most
Courageous Leadership - When it Matters Most
 
The Gathering Storm
The Gathering StormThe Gathering Storm
The Gathering Storm
 
Sql Server tips from the field
Sql Server tips from the fieldSql Server tips from the field
Sql Server tips from the field
 
Quantum Computing and its security implications
Quantum Computing and its security implicationsQuantum Computing and its security implications
Quantum Computing and its security implications
 
Converged Infrastructure
Converged InfrastructureConverged Infrastructure
Converged Infrastructure
 
Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365Making the most out of collaboration with Office 365
Making the most out of collaboration with Office 365
 
Blockchain use cases and case studies
Blockchain use cases and case studiesBlockchain use cases and case studies
Blockchain use cases and case studies
 
Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential Blockchain: Exploring the Fundamentals and Promising Potential
Blockchain: Exploring the Fundamentals and Promising Potential
 
Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?Business leaders are engaging labor differently - Is your IT ready?
Business leaders are engaging labor differently - Is your IT ready?
 
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
AI 3.0: Is it Finally Time for Artificial Intelligence and Sensor Networks to...
 
Using Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to LifeUsing Business Intelligence to Bring Your Data to Life
Using Business Intelligence to Bring Your Data to Life
 
User requirements is a fallacy
User requirements is a fallacyUser requirements is a fallacy
User requirements is a fallacy
 
What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio What I Wish I Knew Before I Signed that Contract - San Antonio
What I Wish I Knew Before I Signed that Contract - San Antonio
 
Disaster Recovery Plan - Quorum
Disaster Recovery Plan - QuorumDisaster Recovery Plan - Quorum
Disaster Recovery Plan - Quorum
 
Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2Share point saturday access services 2015 final 2
Share point saturday access services 2015 final 2
 
Sp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner sessionSp tech festdallas - office 365 groups - planner session
Sp tech festdallas - office 365 groups - planner session
 
Power apps presentation
Power apps presentationPower apps presentation
Power apps presentation
 

Dernier

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Dernier (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Connecting the Dots

  • 1. Connecting the dots…. Footprints in the ether, and other musings. Sean Satterlee – Principal Security Engineer
  • 2. Disclaimer THIS IS PURELY FOR EDUCATIONAL PURPOSE. Myself, any identities that I may use, Net Source, Inc., NetSourceLabs, NetSourceSecure and any other organizations that I am affiliated with cannot be held liable for any negligence or illegal activity that may result in the disclosure of the information included in this briefing.
  • 4. A “howto” or “readme.txt” • A quick guide to a talk by me. • Be prepared – – – – – – – – – – – – – – – – Topics will be all over the place I will chase rabbits I use profanity to make my point I am passionate about my work If you get up during this talk, be prepared to be heckled. Did I mention that I will jump around on topics? I will bring in points that I find interesting, while they might not be germane to the exact topic, you may find them useful. If I switch languages for a certain word or concept. Do not get angry. Write it down, google it, you can figure it out for yourself later. I may repeat things every now again. I will chase rabbits I need to make a “logic-chart” for following my talks I should also remember to start using the “notes” feature for powerpoint. I like it when people clap immediately after pseudo profound statements. I do not like the obligatory applause at the end of my talks My talks are interactive. Several of my friends are in the crowd – – Sometimes I will just skip slides because I don’t feel like talking about them. It’s alright though, you can download this slide deck The detailed sections are out of order. Sorry, I don’t want to fix it. • They are not “plants”, but I will sometimes call on them to help me remember antic dotes.
  • 5. Business Intelligence? • A nice name for Corporate Espionage • Knowing the business model for a given target (read: client), and you will further understand the areas of their infrastructure that may be less guarded • Knowing more about your target will lead you to appropriate attack vectors
  • 6. Dox? • Is it necessary to publish this information? • In short, the answer is no.
  • 7. HOWEVER… • Having information is one thing. • Displaying that you have this information is another. • An entire generation raised with the notion that “knowledge is power” has caused this. • Displaying this information as a means to show power and to hinder some else‟s operations is something completely different.
  • 8. Forms of Reconnaissance and Intel Gathering • Physical • Social • OSINT
  • 9. Subsets of Physical • Drive-bys – Done at multiple times throughout the day/night. – Establish key employees and work shifts – Use a rental car with a contour cam (HD), just leave it. • Wardrive – Don’t get too close – Use everything you can in BT5, or Kali • Dumpster Dive – Do this at night – Avoid the critters
  • 10. • Get a tour, make note of how physical security is managed. – Organics – CCTV – RFID – Magstrips – Electronic Keypads – “Secure” keylocks
  • 11. • Make note of the badges, if you are conducting a social, you may need to create one. • It doesn’t need to “work”, Just pass a glance.
  • 12. • RFID? Sure, we can do that…
  • 13. • Magstrips? Yeah, that too. Info available on instructables.com
  • 14. Keylocks • Seriously? Are you kidding me? • Medco, Chubb, and Bonowi keys are now available for download to be printed on your reprap
  • 16. Security Keypads Type Procedure Sentex Keypads ***00000099#* DoorKing *029999 AeGIS #,0 (same time) followed by 0000 Elite “Program” button, followed by 7777 Linear #,9,# 123456 add your code by: 0,1,#,%desired code% Multicode 1234 (no lockout, just keep pecking)
  • 17. Keys to a successful “Social” • Accurate data • Susceptible targets • Audacity
  • 18. USB drops and rubber duckies
  • 19. CD/USB drop • Curiosity killed the cat • Think of this as a „reverse dead drop‟. Pseudo public place, and you WANT it to be found. – You may ask yourself, “who would actually plug this in?” – Now tell yourself, “too many people that probably work with me.”
  • 20. You knew this would come up
  • 21. Other methods • The USB drop isn‟t always needed – If you can gain physical access: • a rubber-ducky can be used to drop a payload and a reverse, persistent shell – If you can‟t gain physical access: • You can squeeze a rubber-ducky into anything that uses a USB connection. Ship it to someone in the target company. Human stupidity will take over, and SOMEONE will plug it in.
  • 22. Just how easy is that? • Not calling anyone out, but certain people in this industry are literally, batting 1000 using this technique. – But seriously, how easy is it?
  • 23. I was going to make a political joke here, but… well, let’s just skip that part as I don’t really have any politics.
  • 24. OSINT • TheHarvester • Maltego • NetGlub • Spokeo • Palantir
  • 25. Quality of Sources • None of these tools are worth the processing power of launching them if you don’t know where to look.
  • 26. Sources, you say? • • • • • • • • Spokeo Anywho Lexis-Nexis Ancestry Public Records for target area ESRI – GIS data County Assessors office Social Networks – – – – – Twitter Facebook Myspace Google+ Youtube
  • 28. Flickr? Why flickr? • Because sometimes smart people do very stupid things. • You can do something about it…
  • 29. OR…
  • 30. Examples, you say? • Users will come up with a “clever” password… – And reuse it. – And reuse it. – And reuse it.
  • 31. So what comes of this behavior?
  • 32.
  • 33. Again
  • 34.
  • 37. Inadvertent Excess • Go into the Kinko‟s closest to your target. • Say you “forgot your thumbdrive” • They show you a box, you say “that‟s it!” • YAHTZEE!
  • 38. A quick note about ‘excessed equipment’ • Please wipe configs on hardware and remove drives • 4th Saturday sales have yielded quite a few Cis** devices with current configs for an organization STILL ON THEM.
  • 39. Recon-ng • Recon gets it’s own slide, because. Well, it’s cool.
  • 40. Create your own transforms • There is a wealth of information in public databases – Property taxes – Marriages, divorces, VPO’s, traffic citations, etc – Foreclosures – Birth records, death certificates – blogs
  • 41. Quality of Product • Your information is only as good as your starting point – Use CORRECT and ACCURATE information. Do not guess.
  • 42. Otherwise… • The signal to noise ration is horrendous This entire section is total junk and incorrect data
  • 43. Social Engineering • I will not pretend that neuro-linguistics has gotten me past some serious security measures. – However, a fake accent did get ri0t and I quite a few drinks in Vegas. • How does it work? – You appeal to a person’s sensibility and logic.
  • 44. Seriously though, what does SE get us? • It gets us physical access to a location to actually DO the CD/USB drop • If the target is in a shared office location, hangout in the smoker’s area. – – – – Listen Sniff RFID Snarf bluetooth Pay attention to visual layout of ID badges in case you need to fabricate one – Possibly tailgate a person into a secure area
  • 45. • Become a customer/client of the target. • Remember, people are inherently stupid and willing to trust. Exploit this. – “Give them an ounce of quality lies, and you will get a pound of truth in return.” - me
  • 46. Qualify your statements and questions • Don’t ask stupid questions that are DIRECT. • You will always need to fill some gaps, it’s important to do this without inferring a fictional story. • Be knowledgeable of the subject matter at hand. – This means taking an interest in whatever widget you are trying to gather information about
  • 47. Pushing in • So what options do I have to exploit a location using the information I have gathered? – – – – – CD/USB drops Social Engineering Client-side Attacks Intranet access portals with weak user/pass combos Sub-domains for test/development environments to attack via web applications to extract data – Complete Breach of network via wireless to create a C&C
  • 48. Wait, I just said wireless “techie LUsers” – let me tell you why they are your biggest problem.
  • 49. “Why?” you ask? • Because they are the ones that take it upon themselves to create and fix things with only half of the ‘larger picture’ • Which, in turn, just ends up causing more problems • Like?
  • 51. People who build “labs” at work
  • 52. How this can cause issues • Vast majority of ‘labs’ are default passwords • Rogue AP’s lack strong encryption or any at all • A shared password used over an open wifi connection • Unused accounts with the “default P@ssw0rd!”
  • 53. How is this remedied? • • • • Strengthen your policies Educate users Educate users (yes, that’s twice on purpose) Self audit – Old machine accounts in AD – Maintenance (service) accounts – Accounts that have never been used
  • 54. In conclusion • Try harder • Enable yourself and your staff – Come to local hacker meetings – We will gladly show you stuff • No such thing as a stupid question. – Just stupid people, that don’t ask questions.
  • 55. Any questions that relate to the actual topic? • I like to eat steak cooked medium rare • I have two cats, a dog, a planted aquarium and a entire school of carnivorous fish • My favorite color is clear • Etc…

Notes de l'éditeur

  1. Metasploit like framework to lessen the learning curve