Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lunker: The Advanced Phishing Framework

Published bySarina Starman Modified over 9 years ago

Similar presentations

Presentation on theme: "Lunker: The Advanced Phishing Framework"— Presentation transcript:

1 Lunker: The Advanced Phishing Framework
Joshua Perrymon CEO, PacketFocus

2 Agenda Intro What is Lunker? What can it do? Attack Theory Payloads
The Old Way Demo Questions

3 Who am I? Joshua Perrymon, CEO PacketFocus
12 yrs Experience “Ethical Hacking” Over 200 Spear-Phishing attacks in 4-5 languages 85% Success ratio using “Blacklist” s from the Internet MUCH higher using “Whitelist” s

4 What is Phishing Phishing is a method of Social Engineering used to gain credentials, or have users perform a specific action. We have all gotten these types of s. Sent out to Millions Usually triggers SPAM filtering alerts Uses a known phishing site that is usually takes down within a couple days if possible

5 What is Spear Phishing A directed Phishing Attack
Only targets a handful of users s are harvested from the Internet or other public places Very hard to stop as the attack isn’t sent out all over the Internet

6 Attacking up the OSI We have been moving up the OSI (Open System Interconnection) model with attacks.

7 Attacking up the OSI model cont.

8

9 How these attacks work

10 Doing this the “OLD” Way
This takes time. But doesn’t require a lot of technical skills. Find s Find site to be phished Create the site Setup php mail spoof Test Send Monitor Before Lunker setting up a phishing attack required a lot more planning and technical details. You have to make a new phishing template by hand. Setup the backend scripts to capture the credentials, find a server to host it on, figure out how to relay a spookef , login and either tail apache ot run TCPDUmp to monitor for attacks. This is now somewhat automated with the new framework.

11 Using the Phishing Framework
Easy and repeatable Show step by step process on using lunker. Use camtasia or animations.

12 Step 1. PacketFocus.com Jperrymon

13 Step 2: Enter Client Info
PacketFocus.com Jperrymon Step 2: Enter Client Info

14 PacketFocus.com 2008 - Jperrymon
Client Details This is entered into the local database. This allows an audit trail of tests configuration and results. The idea is to document each step automatically, because no-one else wants to do it. Enter URL and IP Info if provided

15 Step3: Recon PacketFocus.com Jperrymon

16 But everyone uses their company email address right????
PacketFocus.com Jperrymon But everyone uses their company address right???? This is hard to protect against most times. Usually, internal addresses must be used in business communication. This can be leaked to the Internet Search Engines. Search and look through the results.

17 Step 4: Phishing Analysis
PacketFocus.com Jperrymon

18 PacketFocus.com 2008 - Jperrymon
On the lookout This module will actively search the target URL’s and IP’s in scope to identify potential Phishing Targets. Any site that requires credentials remotely should be considered and identified. Top targets include Webmail, VPN, and website logins. The tool will identify these portals and return analysis based on previous information gathered.

19 Step5: Select the Bait PacketFocus.com Jperrymon

20 PacketFocus.com 2008 - Jperrymon
is easy Most often, a simple from spoofed technical support will be enough to have a user form over login and password details. Analysis will identify token passwords. Numeric entries should trigger token MITM functions. Start analysis timers.

21 PacketFocus.com 2008 - Jperrymon
Verify it works

22 PacketFocus.com 2008 - Jperrymon
Now what? Login to the Phishing site locally to make sure it captures the password. It’s easy to the credentials. Be responsible and store them encrypted. Modules could auto login based on template used. Get (), Get Attachment(), Get Keyword(), Get Subject().

23 PacketFocus.com 2008 - Jperrymon
Redirect Confusion

24 PacketFocus.com 2008 - Jperrymon
Where am I? Redirection must be used after the user logs in the first time. Error message, Google, etc Redirect to real site. Delete sent to user after getting credentials.

25 Spoof the PacketFocus.com Jperrymon

26 Tony.. Tony Montana Setup a spoofed email.
PacketFocus.com Jperrymon Tony.. Tony Montana Setup a spoofed . To goal is to have the user perform a pre-defined action. Authority, realism, and language play a vital role in a successful attacks. The key is gain trust as soon as possible. NLP (Neuro-Linguistical Programming) Milgram Experiment

27 Select Footer PacketFocus.com Jperrymon

28 PacketFocus.com 2008 - Jperrymon
Footer If you want to write a custom body, select a footer template to give the attack structure.

29 Scenario Options PacketFocus.com Jperrymon

30 PacketFocus.com 2008 - Jperrymon
Pick one. Pre-defined spoofed scenarios are included with the framework. These are selected conversations that usually get the response desired based on actual field results. Scenarios: Tech Support Internal IT 3rd Party IT End-User

31 PacketFocus.com 2008 - Jperrymon
Stealthy

32 Email Head Sometimes you need to modify the email headers.
PacketFocus.com Jperrymon Head Sometimes you need to modify the headers. We will probably put something in here to identify the tool once it goes public.

33 Load the Ammo PacketFocus.com Jperrymon

34 Money Shot. This is what makes the framework stand out.
PacketFocus.com Jperrymon Money Shot. This is what makes the framework stand out. The ability to add custom payloads to the phishing . XSS, Browser Exploit, Recon, Trojans, Exploits, Backdoors, etc.. Welcome to hack 2.0

35 Test Environment PacketFocus.com Jperrymon

36 PacketFocus.com 2008 - Jperrymon
Test This module launches the local client and the locally hosted phishing site at the same time. The tester sends the spoofed to a locally configured account. This account is checked by the Client as would a normal user. Look for mistakes. The smallest error can cause the attack not to work.

37 Local Mode

38 PacketFocus.com 2008 - Jperrymon
Start the Audit

39 Just a little patience…
PacketFocus.com Jperrymon Just a little patience… Monitor the web server, db, MTA, and monitor. Setup MITM scripts to auto Configure alarms and real-time logic. Setup login options Capture Capture/Login Capture/Login/Scrape

40 DEMO Lets have a look at the current working version.
How to bypass Outlook 2007 Phishing filters.

41 What's Next MITM- 2nd Factor Authentication Advanced Payloads
PacketFocus.com Jperrymon What's Next MITM- 2nd Factor Authentication Advanced Payloads XSS CRSF Browser Exploits Recon to determine user browser, OS, etc. Reporting  Forum Support Template Sharing Training Modules User reaction analysis module Ability to customize the Templates

42 Thank You Thanks for sitting through this presentation. The main aspect to take away from this is how attacks are moving up the OSI model and targeting the user (layer 8). It doesn’t take a lot of technical skills to perform these types of attacks. User Awareness is the only way to mitigate this risk. We can’t rely on technology.

Download ppt "Lunker: The Advanced Phishing Framework"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Pizzlet Information System “When Spam just isn’t good enough…” Troy Lamberte Blake Norrish.

Pizzlet Information System “When Spam just isn’t good enough…” Troy Lamberte Blake Norrish.
Outlook Web Access (OWA) is a web mail service of Microsoft Exchange; allow users to connect remotely via a Web browser OWA is used to access e-mail,

Outlook Web Access (OWA) is a web mail service of Microsoft Exchange; allow users to connect remotely via a Web browser OWA is used to access ,
Securing your IP based Phone System By Kevin Moroz VP Technology Snom Inc.

Securing your IP based Phone System By Kevin Moroz VP Technology Snom Inc.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Presented By: Product Activation Group Email Syndication.

Presented By: Product Activation Group Syndication.
Leading at Every Turn. 1)Make sure you have your Trusted Sites configured properly in Internet Explorer 2)Store your credentials on your PC so you.

Leading at Every Turn. 1)Make sure you have your Trusted Sites configured properly in Internet Explorer 2)Store your credentials on your PC so you.
Review of Last Session Search Engine Optimisation (SEO) Search Engine Optimisation (SEO) You can fine-tune your site so that the search engines notice.

Review of Last Session Search Engine Optimisation (SEO) Search Engine Optimisation (SEO) You can fine-tune your site so that the search engines notice.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Classroom User Training June 29, 2005 Presented by:

Classroom User Training June 29, 2005 Presented by:

Similar presentations

Ads by Google