Presentation is loading. Please wait.

Presentation is loading. Please wait.

Commercial Attack Tools Team BAM! Scott Amack, Everett Bloch, Maxine Major.

Similar presentations


Presentation on theme: "Commercial Attack Tools Team BAM! Scott Amack, Everett Bloch, Maxine Major."— Presentation transcript:

1 Commercial Attack Tools Team BAM! Scott Amack, Everett Bloch, Maxine Major

2 Overview Why Commercial? Why Commercial? Uses Uses Good Good Evil Evil Tool Comparisons Tool Comparisons Demo Demo Considerations Considerations

3 Why Commercial? (When freeware is just as good) Additional functionality for professional environments Additional functionality for professional environments Advanced reporting Advanced reporting Audit logs Audit logs All-in-one suites All-in-one suites Professionally maintained & supported Professionally maintained & supported

4 Why Commercial? More immediate protection More immediate protection Exploits (and vulnerability awareness) made available before freeware Exploits (and vulnerability awareness) made available before freeware “black-hat hackers typically rely on other tool kits that are less focused on research and more focused on swift, illegal break-ins.“ (Canberra Times)

5 Who Uses These Tools? Aerospace industry Aerospace industry Universities / Education Universities / Education E-commerce E-commerce Energy & Utilities Energy & Utilities Financial Services Financial Services Healthcare Healthcare Manufacturing Manufacturing Security Consulting Security Consulting … and several unnamed “major federal U.S. agencies” … and several unnamed “major federal U.S. agencies”

6 Commercial Hacking Commercial not always Ethical Commercial not always Ethical Not all entities willing to pay large amounts of money for these tools want to use them ethically. Not all entities willing to pay large amounts of money for these tools want to use them ethically. Many foreign governments buy & use these tools unethically on their people and other countries. Many foreign governments buy & use these tools unethically on their people and other countries. Not all hacking tools are “good” Not all hacking tools are “good” Marketed as “lawful intercept tools” Marketed as “lawful intercept tools” Can violate human rights Can violate human rights "Corporate Enemies of the Internet” – identified by Reporters Without Borders "Corporate Enemies of the Internet” – identified by Reporters Without Borders

7 Five Corporate Enemies of the Internet 2013 Gamma Group (U.K.) Gamma Group (U.K.) trovicor (Germany) trovicor (Germany) HackingTeam (Italy) HackingTeam (Italy) Amesys (France) Amesys (France) Blue Coat Systems (U.S.) Blue Coat Systems (U.S.)

8 Five Corporate Enemies of the Internet 2013 Company: Gamma (UK) Product: FinFisher (FinSpy) Company: Gamma (UK) Product: FinFisher (FinSpy) Commercial surveillance software suite Commercial surveillance software suite Used to target Bahraini activists (May 2012) Used to target Bahraini activists (May 2012) During the fall of Egypt’s Pres. Murbarak, dissidents found FinFisher marketed to Egypt’s secret police (July 2002) During the fall of Egypt’s Pres. Murbarak, dissidents found FinFisher marketed to Egypt’s secret police (July 2002) Discovered iTunes Flaw that allowed third parties to use iTunes update to install unauthorized programs. Discovered in 2008. not patched until Nov 2011. Discovered iTunes Flaw that allowed third parties to use iTunes update to install unauthorized programs. Discovered in 2008. not patched until Nov 2011.

9 Five Corporate Enemies of the Internet 2013 Company: trovicor (Germany) Product: trovicor Monitoring Center Company: trovicor (Germany) Product: trovicor Monitoring Center Communication interception: “collect, retain, analyse and distribute voice and data communication as well as historical data.” (trovicor) Communication interception: “collect, retain, analyse and distribute voice and data communication as well as historical data.” (trovicor) Enabled Bahrain’s royal family to spy on news providers and arrest them. Enabled Bahrain’s royal family to spy on news providers and arrest them. Work with Iran Work with Iran

10 Company: HackerTeam (Italy) Product: Da Vinci Company: HackerTeam (Italy) Product: Da Vinci “For Governmental LEAs and Agencies ONLY.” “For Governmental LEAs and Agencies ONLY.” Five Corporate Enemies of the Internet 2013

11 Company: Blue Coat (California) Product: PacketShaper. Company: Blue Coat (California) Product: PacketShaper. Filtering and censorship devices for countries such as Syria and Burma. Filtering and censorship devices for countries such as Syria and Burma. “Deep Packet Inspection (DPI) products developed by Blue Coat made it possible for the regime to spy on dissidents and netizens throughout the country, and to arrest and torture them.” “Deep Packet Inspection (DPI) products developed by Blue Coat made it possible for the regime to spy on dissidents and netizens throughout the country, and to arrest and torture them.”

12 Five Corporate Enemies of the Internet 2013 Company: Amesys (France) Product: EAGLE System Company: Amesys (France) Product: EAGLE System EAGLE spyware sold to Libya while Muammar Gaddafi was in power EAGLE spyware sold to Libya while Muammar Gaddafi was in power “mass surveillance system used to spy on dissidents, journalists, activists, and political opponents.” “mass surveillance system used to spy on dissidents, journalists, activists, and political opponents.” “ do not have responsibility for how their tools are used once sold” “ do not have responsibility for how their tools are used once sold” Accused of selling to Morocco and Qatar Accused of selling to Morocco and Qatar EAGLE System sold to Nexa Technologies (2013) EAGLE System sold to Nexa Technologies (2013)

13 A Comparison Core Impact vs. Immunity Canvas “… penetration-testing frameworks that provide discovery tools, exploit code for remote and local vulnerabilities, remote agents, and other handy- dandy gadgets for exploring and exploiting a network.”

14 A Comparison Core Impact  $25,000/year per seat  Created around 1997  About 1650 Commercial-Grade exploits created in-house  User is denied the ability to create or import external exploits  Usable by almost anyone with basic computer knowledge Immunity Canvas  $3,101/year for a 10-seat license  Created around 2002  Over 490 exploits, about 4 added every month  Ability for user to create custom exploits  Intended for people with a good understanding of computers and exploits

15 A Comparison Core Impact  Intuitive and very easy to use GUI interface, “point and shoot” functionality  Requires little to no networking/programming knowledge  Each attack has a setup (Wizard) that walks through the entire process of setting up and exploiting a system, local or on a network  Offers no Command Line Interface

16 A Comparison Immunity Canvas Simple yet robust GUI for initiating attacks on targets Simple yet robust GUI for initiating attacks on targets Simple three panel display makes for easy navigation and informative results Simple three panel display makes for easy navigation and informative results Offers a Command Line Interface in addition to the GUI Offers a Command Line Interface in addition to the GUI

17 A Comparison Core Impact  Won Secure Enterprise’s Tester’s Choice award for best penetration testing framework due to its flexibility and ease of use Immunity Canvas  Free tutorial videos and documentation available on immunity web page

18 Commercial Metasploit Advantages of Pro: Advantages of Pro: “Smart” exploitation “Smart” exploitation Password auditing Password auditing Penetration test reporting Penetration test reporting Team workflow automation Team workflow automation Social engineering Social engineering Web app scanning Web app scanning Web interface Web interface Network discovery Network discovery

19 Commercial Metasploit Pricing Pricing $5000 initial purchase per year, per seat $5000 initial purchase per year, per seat Renewal rates depend on licensing agreement with Rapid7 Renewal rates depend on licensing agreement with Rapid7

20 Commercial Metasploit DEMONSTRATION Windows 7 Windows XP SP2 Ubuntu 8.04 (image provided by Metasploit)

21 Conclusions Commercial != Ethical Commercial != Ethical Cost of commercial tools is prohibitively expensive for individuals. Cost of commercial tools is prohibitively expensive for individuals. Commercial software is highly beneficial for professional pen. testing organizations. Commercial software is highly beneficial for professional pen. testing organizations.

22 In Summary Why Commercial? Why Commercial? Commercial Tools & Ethics Commercial Tools & Ethics “Five corporate enemies of the internet” “Five corporate enemies of the internet” Comparison of Tools Comparison of Tools Core Impact vs. Immunity Canvas Core Impact vs. Immunity Canvas Demonstration Demonstration Metasploit Pro Metasploit Pro Conclusions Conclusions

23 References http://www.softpedia.com/get/Network-Tools/Network-IP- Scanner/LANguard-Network-Security-Scanner.shtml http://www.softpedia.com/get/Network-Tools/Network-IP- Scanner/LANguard-Network-Security-Scanner.shtml http://www.canberratimes.com.au/it-pro/security-it/free-hacking-tool- kits-fuel-cyber-arms-race-20121114-29bvb.html http://www.canberratimes.com.au/it-pro/security-it/free-hacking-tool- kits-fuel-cyber-arms-race-20121114-29bvb.html https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit- exposed/ https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit- exposed/ http://en.wikipedia.org/wiki/FinFisher http://en.wikipedia.org/wiki/FinFisher http://www.cso.com.au/article/431882/_crisis_os_x_trojan_made_by_law ful_intercept_vendor_hackingteam/ http://www.cso.com.au/article/431882/_crisis_os_x_trojan_made_by_law ful_intercept_vendor_hackingteam/ http://www.rapid7.com http://www.rapid7.com http://www.coresecurity.com/core-impact-pro http://www.coresecurity.com/core-impact-pro http://immunitysec.com/products-canvas.shtml http://immunitysec.com/products-canvas.shtml http://www.coresecurity.com/content/review-penetration-testing-software http://www.coresecurity.com/content/review-penetration-testing-software


Download ppt "Commercial Attack Tools Team BAM! Scott Amack, Everett Bloch, Maxine Major."

Similar presentations


Ads by Google