Social Forensication A Multidisciplinary Approach to Successful - - PowerPoint PPT Presentation

social forensication
SMART_READER_LITE
LIVE PREVIEW

Social Forensication A Multidisciplinary Approach to Successful - - PowerPoint PPT Presentation

Sep 13, 2022 38 likes •411 views

Social Forensication A Multidisciplinary Approach to Successful Social Engineering Joe Gray, CISSP-ISSMP, GSNA, GCIH, OSWP Hack in Paris 2019 The thoughts and opinions in this presentation do not The thoughts and opinions in this presentation

slide-1
SLIDE 1

Social Forensication

A Multidisciplinary Approach to Successful Social Engineering

Joe Gray, CISSP-ISSMP, GSNA, GCIH, OSWP Hack in Paris 2019

slide-2
SLIDE 2

The thoughts and opinions in this presentation do not necessarily reflect those of IBM. The thoughts and opinions in this presentation do not necessarily reflect those of IBM.

slide-3
SLIDE 3

The thoughts and opinions in this presentation do not necessarily reflect those of IBM. The thoughts and opinions in this presentation do not necessarily reflect those of IBM.

Disclaimer

slide-4
SLIDE 4
  • Senior Security Architect
  • 2017 DerbyCon Social Engineering Capture the Flag (SECTF) winner
  • On 3rd Place Team in NOLACon OSINT CTF (Password Inspection Agency)
  • Served in the US Navy, Navigating Submarines
  • CISSP-ISSMP, GSNA, GCIH, OSWP
  • Forbes Contributor
  • Currently Authoring Social Engineering and OSINT Book with No Starch Press
  • Maintained blog and podcast at https://advancedpersistentsecurity.net
  • Trains (spoken taps out a lot) in Brazilian Jiu Jitsu
  • Just started offering OSINT training (OSINT Associates)

About Me

slide-5
SLIDE 5

DerbyCon VII Black Badge

slide-6
SLIDE 6

DerbyCon VII Closing Ceremony

slide-7
SLIDE 7

Objectives

  • Discuss the basics of Social Engineering
  • Discuss existing attacks and techniques in Social Engineering using

USB devices

  • Explain the Memory Forensics and Rogue Wifi AP and Wireless

Hacking Attacks

  • For each of the two attacks, provide:
  • The considerations prior to execution
  • Execution of the attack
  • Mitigations for the attack
  • Demonstrations for each attack
slide-8
SLIDE 8

Basics of Social Engineering

  • Human Hacking
  • Aims to influence the following:
  • Perform an action
  • Provide Information
slide-9
SLIDE 9

Types of Social Engineering

  • Phishing
  • Vishing
  • Physical
  • Dumpster Diving
  • Baiting
slide-10
SLIDE 10

The Complexity of Social Engineering

Improv Acting Psychology Infosec Technical Writing

slide-11
SLIDE 11

Cialdini’s 6 Principles of Persuasion

  • Reciprocity
  • Commitment & Consistency
  • Social Proof
  • Liking
  • Authority
  • Scarcity
slide-12
SLIDE 12

Attack #1:

slide-13
SLIDE 13

Existing Techniques and Research

slide-14
SLIDE 14

Minimum (paid) tools you’ll need

slide-15
SLIDE 15

Minimum (free/other) tools you’ll need

slide-16
SLIDE 16

Process

Gain Access Impersonate a Forensic Consultant Build Rapport Convince the victim you have to take an image Acquire Memory Image

slide-17
SLIDE 17

Pwnage

Load Image in SIFT or Kali Use volatility modules Pwnage!

  • More Attacks

Later

slide-18
SLIDE 18

Process

slide-19
SLIDE 19

Gaining Access

  • Vista Print
  • Quickidcard.com
  • Clipboard
  • Laptop and Briefcase or backpack (more evil on this later)
  • Solid Pretext
slide-20
SLIDE 20

The story….

slide-21
SLIDE 21

No DLP

  • USB Drive or Ducky
  • Powershell Script to Priv Esc or

Prompt User

  • Run FTK Imager
  • Gather Image
  • Walk out the door

DLP

  • Rubber Ducky
  • Ducky Script
  • Need Ducky Code
  • Need TwinDucky
  • PS to Priv Esc or Create Admin User
  • Run FTK Imager
  • Gather Image
  • Make a Break for It

Getting the Image

slide-22
SLIDE 22

The Attack and Payload

  • We need some OSINT
  • Layer 8
  • Windows, Linux, or Mac?
  • Proper Connectors or Dongles
  • DLP?
  • AV/EDR?
  • User rights?
  • InfoSec culture
  • Time to collect?
slide-23
SLIDE 23

Limitations

  • The user
  • The user’s permissions
  • If they aren’t an admin, you may experience complications
  • The vulnerability management posture
  • If the user is not an admin, you’re going to have to pwn something
  • Time
  • The time to collect is roughly 2-2.25 (minutes) * number of GB of RAM
  • Tested on DDR4
  • 2GB: 4:30
  • 12GB: 25:45
slide-24
SLIDE 24

Demo

  • PowerUp
  • Pwn or UAC bypass
  • FTK
slide-25
SLIDE 25

Using Volatility

  • Open Source Memory Forensics tool
  • Native to SIFT and Kali
  • Initial Variables (to make life easier)
  • Filename
  • Export VOLATILITY_LOCATION=file:///</path>/<filename>
  • Profile
  • Export VOLATILITY_PROFILE=Win10SPxx64
slide-26
SLIDE 26

Useful Volatility Modules

  • Hashdump
  • Mimikatz
  • Imageinfo
  • Connscan
  • Consoles
  • Dumpcerts
  • Iehostory
  • Clipboard
  • Chrome*
  • Firefox*
  • Netscan
  • Notepad
  • Privs
  • Screenshot
  • Timeliner
  • Verinfo
  • windows
  • Svcscan
  • Privs
  • Cmdline/cmdscan
slide-27
SLIDE 27

Limitations

  • The operating system
  • FTK Imager Lite only supports Windows
  • Rekall will work with Mac
  • Linux has Lime
  • The operating system
  • Windows 7 is easy to forensicate
  • Windows 10 is more difficult
  • Mac and Linux have plugins but not as robust
  • Time
slide-28
SLIDE 28

Demo

  • Volatility Overview
slide-29
SLIDE 29

Rogue Wi-Fi AP

  • Why?
  • How?
slide-30
SLIDE 30

Demo

  • Fake AP
  • WiFi Pineapple
slide-31
SLIDE 31

Through the Hacking Glass

  • Mission Statement: To provide free and low cost training resources to enable information

security professionals and aspiring professionals to expand their skill sets and marketability to close the skills gap. This is based on the frequent occurrence of a paradigm of employers seeking entry-level people with experience beyond typical formal education curricula. This further allows professionals and those seeking to enter industry the opportunity to gain experience beyond the walls of academic institutions or capture the flags (CTFs).

  • Twitter: @hackingglass
  • Facebook: facebook.com/hackingglass
slide-32
SLIDE 32

Upcoming Speaking Engagements

  • 8/9-10: The Diana Initiative (a Defcon Adjacent Conference; Las Vegas, NV)
  • 10/10-11: HackerHalted (Atlanta, GA)
  • 10/12: Texas Cyber Summit (San Antonio, TX)
  • 10/22: Wild West Hackin Fest
slide-33
SLIDE 33

Hacker Halted 2019

  • October 10-11
  • Atlanta, GA USA
  • Free Admission
  • Coupon Code: Joe100
  • r https://hackerhalted2019.eventbrite.com?discount=Joe100
  • Discount on Training
  • Coupon Code: JJHHTRN (15% off training)
  • Register at: - https://hackerhalted2019.eventbrite.com
  • Winn will be there, come heckle him
slide-34
SLIDE 34

Questions?

@C_3PJoe / @advpersistsec / @hackingglass / @OSINTAssociates AdvancedPersistentSecurity.net

  • sint.associates

The thoughts and opinions in this presentation do not necessarily reflect those of IBM.

slide-35
SLIDE 35

Links

  • Privilege Escalation
  • https://github.com/pentestmonkey/windows-privesc-check
  • https://github.com/FuzzySecurity/PowerShell-Suite
  • Bypass UAC
  • Various methods including Matt Graeber’s PSReflect
  • https://github.com/GDSSecurity/Windows-Exploit-Suggester
  • https://github.com/0xbadjuju/Tokenvator/wiki/Token-Privileges
  • https://github.com/rasta-mouse/Watson
  • https://github.com/AlessandroZ/BeRoot
slide-36
SLIDE 36

More Links

  • https://github.com/jocephus/social-forensication
  • Hak5 Products Script Repos
  • Rubber Ducky
  • Bash Bunny
  • WiFi Pineapple
  • DuckyGenerator
slide-37
SLIDE 37