Standard Demo 1 © Hacking Team All Rights Reserved.

Slides:

Advertisements

Similar presentations

EBooks and Audiobooks. This class will give you an overview of eBooks and electronic Audiobooks available from the Library. We will also explain the basic.

Advertisements

Getting Started with Microsoft Office 365. Getting Started - Overview How to use your existing desktop software to connect to Office 365. Install the.

DSL-2730B, DSL-2740B, DSL-2750B.

1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.1 Module 6 Switch Configuration.

Trojan Horse Program Presented by : Lori Agrawal.

1 of 5 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Back to Start 1 of 10 Connect with a Mobile Device You can use your company’s Windows SBS computer network to extend your connectivity by using mobile.

Moodle Integration with Microsoft Seree Chinodom Kittisak Onuean BURAPHA UNIVERSITY Powerful Tool for MoodlePowerful Tool for Moodle.

Microsoft ® Official Course Module 9 Configuring Applications.

Attendee overview 1 Joining a Redback Webinar. Before the Webinar Getting organised It’s always a good idea to ensure you are prepared well in advance.

eScan Total Security Suite with Cloud Security

Configuring the MagicInfo Pro Display

Confidential - © 2012 StreamWIDE © StreamWIDE

Tutorial 11 Installing, Updating, and Configuring Software

©Kwan Sai Kit, All Rights Reserved Windows Small Business Server 2003 Features.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

Web Based Inventory Site Building Room Asset Number Category Type Description Serial Number Manufacturer Model Vendor Name Acquired Date P O Number Budget.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

Learning How to Skype Presented by: Nicole Spells AET/541 – E-Learning University of Phoenix Jenna Pavleck.

1 Tradedoubler & Mobile Mobile web & app tracking technical overview.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17,

What is a Computer? Computer generally means a programmable machine. The two principal characteristics of a computer are: it responds to a specific set.

Edukey Education Ltd

Specialist communication channel. Sarah-Jane king.

VERSION 2.6 FAE Group Demo Guide. Remote Control System Demo In order to standardize the way how Remote Control System is presented and to maximize the.

Microsoft ® Windows ® Small Business Server 2003 R2 Sales Cycle.

Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 

Quick reference user guides

 Computer News/Tip  Facebook  Your Computer Problems  Next meeting January 11th  New & website 

Denise Oliver, Education and Outreach Director Alabama Supercomputer Authority.

FriendFinder Location-aware social networking on mobile phones.

1 REMOTE CONTROL SYSTEM V7 2 Introduction.

FriendFinder Location-aware social networking on mobile phones.

Internet Safety and Productivity Tips Presented by ITS Kerri Sorenson and Sean Hernandez December 11, 8:30-9:00 am.

Dextrosoft SCHEDULED PHONE BACKUP Backup your mobile life Version Copyright © 2015 Dextrosoft Private Limited. All Rights Reserved.

ITS Lunch & Learn November 13, What is Office 365? Office 365 is Microsoft’s software as a service offering. It includes hosted and calendaring.

Microsoft Office 365 x The new Office for Small Businesses Robert Clark, LucidPointe Advisors4Advisors Office 365 Webinar Series.

RCS POC – Infection Vectors Egypt June 18 th -19 st 2013 Mostapha Maanna – Marco Catino.

Information Systems Design and Development Security Precautions Computing Science.

E-safety Parent Workshop Helping to keep your children safe online.

Proctor Caching Overview. 2 Proctor Caching Diagram.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Integrating Lawful Hacking with NiceTrack Target360° Daniele Milan, Hacking Team Omri Kletter, NICE Systems.

Citrix 1Y0-201 Managing Citrix XenDesktop 7.6 Solutions Study Material Question Answer

The Hacking Suite For Governmental Interception. Which are todays challenges? Encryption Cloud Mobility.

THE NEW MOBILE WORKSPACE Enable Business Applications on Mobile Devices hopTo Work “I am amazed to see how easily hopTo transforms the user interface of.

The Hacking Suite For Governmental Interception. Today’s topic: RCS installation vectors.

Doha - 19/08/2014 Alessandro Scarafile Field Application Engineer Lorenzo Invernizzi Field Application Engineer Emad Shehata Key Account Manager Key Account.

CLINIC-LAB COMMUNICATION Configuring 3Shape Communicate™

DISCOVERING COMPUTERS 2018 Digital Technology, Data, and Devices

Office 2016 and Windows 10: Essential Concepts and Skills

Extended Operating System Support

Cyber intelligence made easy.

StreetSmart Mobile Workforce App Incorporates Microsoft Office 365 Outlook Add-In for Improved Field Worker Scheduling and Streamlined Invoicing OFFICE.

RCS v7 Infection Vectors

Boomerang Adds Smart Calendar Assistant and Reminders to Office 365 That Increase Productivity and Simplify Meeting Scheduling OFFICE 365 APP BUILDER.

A Digital Tool for the Classroom

The Hacking Suite for Governmental Interception

Cyber intelligence made easy.

Call AVG Antivirus Support | Fix Your PC

How to Fix Apple Mail Not Showing New Messages in Inbox?

It’s About Time – ScheduleMe Outlook Add-In for Office 365 Enables Users to Schedule Meetings Easily with People Outside of Your Organization Partner Logo.

Get Enterprise-Grade Call Handling and Control for Microsoft Office 365 and Skype for Business with the Bridge Boss-Admin Executive Console OFFICE 365.

Android bus ticket sale software

The Hacking Suite For Governmental Interception

Presentation transcript:

Standard Demo 1 © Hacking Team All Rights Reserved

The Standard Demo In order to standardize how Remote Control System is presented to the client and maximize the effectiveness of the presentation, a Standard Demo has been created. Following, the steps that need to be followed and the feature that has to be highlighted.

Desktop Restore Database to known status, deleting old evidence and instances, by running: rcs-db-demo –b NAME (to backup) rcs-db-demo –r NAME (to restore) Preparation Access Facebook, show list of friends and old chats; write a new message in chat Access Gmail, show to Prospect some s, then open the with.docx attachment (exploit) Social evidence generation Show that on the Target Kaspersky is running and won’t complain when infecting the PC Open the.docx attachment (exploit); tell the Prospect you are opening an Exploit Document The custom script starts the Agent when any.docx file is opened Infection Open a TrueCrypt container Open the file in the TrueCrypt container (PDF to be agreed on), show them to the Prospect Perform a Skype call Evidence creation on target

Desktop Show collected from Gmail; they look exactly like in the user’s inbox! Show contacts collected from Gmail (including the ones that Gmail automatically remembers), Facebook (even when profile is private), Skype Show Facebook chats: all chats are collected, even when generated before infection. This is called Active Scraping Play the captured Skype Call Show the captured document: exactly the same as on the Target computer, not a screenshot! Introduce the File System, and schedule a “Retrieve Default” Show evidence to Prospect

Desktop Show “Last Known Position” and explain how RCS can determine the most frequently visited places (such as home and office) Introduce the concept of “Digital Identity”, showing all the identities that the Target uses on the Internet: Gmail, Facebook, Skype, eccetera Show the picture taken from webcam, and explain that a Face Recognition Algorithm will select the best pictures to be used for the Profile section; obviously it is possible to manually add any other picture Show how RCS automatically gives you information about the most contacted persons and most visited websites Show Intelligence (Profiling) to Prospect Go back to “File System”, explain it and browse into it. Download few files from the Target Device Show the newly collected files Show other types of evidence, such as the file container in the TrueCrypt container, the device information, the BitCoin wallet and details More evidence to be shown

Desktop Turn on TNI and show the GUI Briefly explain Wifi Cracking capabilities Briefly explain possible attacks using TNI: infect executables downloaded from Internet, infect the target when visits any website, infect the target on youtube Show information collected on all hosts connected to the monitored wifi (IP, MAC, Browser, OS, Visited Websites) and select the target On the Target, visit youtube.com and show how the video is blocked Explain that downloading the update for flash, the Target will be infected (without doing it) TNI

Mobile Open the Mobile Factory previously configured Click on “Build” and briefly show that there are many infection vectors available Go to “QR Code/Web Link” and build using the App X as the app to melt with; App X needs to be defined Open the QR Code, scan it with Android using QuickMark. Setting up QuickMark correctly it is possible to have it download the file automatically upon scanning of the QR Code, without further confirmation asked Infection Show all evidence collected on Android Play microphone audio recorded during the demo If requested, generate new evidence and show it Show Evidence to Prospect

Correlation Enter the console in Demo Mode; explain that you will show correlation using pre-generated data because the data generated during the demo is not enough for correlation Show the Entities Person, explaining how they are automatically generated: one per each target in the Operation and others when somebody is a usual contact for your Target Show how such entities are correlated, as peers or as known, and show the timeline playing the communications between the Targets; show how you can easily jump back and forth to the detailed evidence Correlation in Demo Mode

Correlation Show the Entities Place, and explain how they are automatically generated. Show that two Targets met in these places Show the Entity Virtual and explain how it is automatically generated when at least two targets visit a website Show how you can manually add and edit entities and relations, to integrate further Intelligence Switch to “Position Map” and show relevant places and Target positions Show how you can play the timeline and see the Targets moving Correlation in Demo Mode

Other procedures and notes A Master Demo Chain is setup; it stays in the office and is upgraded when a new version of RCS is available. Once the new version is tested, server and target of the Master Demo Chain will be used as source to clone each FAE’s Demo Chain. In order to do so, all hardware must be aligned. On the Demo Chains, all automatic upgrades must be disabled. All Demo Chains will run Kaspersky with all cloud features disabled.