Categories
technology

SC Congress – Day 1 – 3:30pm – “Keynote: How hackers operate”


CGIDay 1 – Tues June 11 2013:
3:30pm – “Keynote: How hackers operate: Live demonstrations of current methods of breaching networks and stealing information”, by Derrick Webber, penetration testing and digital forensics team lead, CGI

Derrick demonstrated some practical applications of the Social Engineering Toolkit (SET). He demonstrated how to conduct a phishing attack to obtain user login credentials for banking, Google and other sites. In a nutshell, here were the steps:

  1. Use SET to build a clone of a production website (the site looks the same, only it uses a different URL – wwwgoogle.com.cn for example)
  2. Use SET to send a phishing email to your target, hoping that they will click the link to your clone website;
  3. The target goes to the clone website and attempts to log in. At that point, the credentials are captured and the user is redirected to the legitimate website;
  4. The user then logs in to the legitimate website, usually none the wiser that they just gave up their credentials to the bad guys;

Derrick mentioned using the Google Hacking Database to identify data that Google has crawled and would be useful in an exploit. It really is unbelievable how much publically available content is available – and Google has done a great job of indexing it and sharing it if you know how to search for it. For example:

  • inurl:”/root/etc/passwd” intext:”home/*:” – this will identify publically accessible password files;
  • filetype:ini “This is the default settings file for new PHP installations” – these files contain info that could help you compromise a web server;
  • site*.*.*/webalizer intitle:”Usage Statistics” – log files, anyone?

Finally, Derrick demonstrated using Metasploit to build a trojan, obfuscate attach it to the back of a legitimate exe file (think winword.exe, notepad.exe, etc.) and then deliver the file to an unsuspecting target.

Derrick shared a great slide on preventing exfiltration of data from hackers. It suggested using proxies, block ports, etc. I haven’t seen the slides online yet, but if I find them, I will link to them from here.

Overall, this was an awesome presentation!

By Todd Dow

Author, Geek, CF fundraiser & Cancer Survivor. My family, baseball, infosec, privacy & devops are a few of my favorite things.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s