gray hat hacking - grand computers€¦ · gray hat hacking grand computers club ... definitions...
TRANSCRIPT
Gray Hat Hacking
Grand Computers Club New Technologies SIG
January 20, 2016
Topics
• January Newsletter
• Overview
• Intrusion attack steps
• Future targets
• Open discussion
• Questions
1/20/2016 www.grandcomputers.org 2
Overview
Definitions
• Black-hat hackers, or simply “black hats,” are the type of hacker the popular media seems to focus on. Black-hat hackers violate computer security for personal gain or for pure maliciousness.
howtogeek.com
1/20/2016 www.grandcomputers.org 3
Overview
Definitions
• White-hat hackers are the opposite of the black-hat hackers. They’re the “ethical hackers”, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and
criminal purposes. howtogeek.com
1/20/2016 www.grandcomputers.org 4
Overview
Definitions
• A gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.
howtogeek.com
1/20/2016 www.grandcomputers.org 5
Overview
Attack objectives
C.H.E.W.
• Criminal – for financial gain
• Hacktivism – for political leverage
• Espionage – for information gathering
• Warfare – disrupt, destroy, damage
1/20/2016 www.grandcomputers.org 6
Intrusive Attack
Stages of a intrusive attack
• Reconnaissance
• Incursion
• Discovery
• Capture
• Exfiltration
1/20/2016 www.grandcomputers.org 7
Intrusive Attack
Reconnaissance – most time consuming & very important; non-intrusive
• Broad
• Targeted
• Direct
• Much easier with Internet & social media
• Goal is to find cracks in the armor
1/20/2016 www.grandcomputers.org 8
Intrusive Attack
Scenario - Reconnaissance –
• Target – government contractor
• Sells equipment to government agencies
• Has public/private web sites with org charts, leadership profiles & bios
• Officers have pictures, & LinkedIn pages
• Company has BYOD policy
• Parking lot open to visitors
• IT support by external contractors
1/20/2016 www.grandcomputers.org 9
Intrusive Attack
Incursion
• Gain access to network/computer resources
• Preliminary capture of stuff (also next stage)
• Initial incursion (foothold) on network resources
• Use exploit to attack vulnerability on target system & determine landing point
• May use software payload as exploit
1/20/2016 www.grandcomputers.org 10
Intrusive Attack
Incursion
• Hire on as IT contractor, cleaning staff
• “Drop” USB drive in parking lot
• Install malware via email
• Lure to compomised web page
1/20/2016 www.grandcomputers.org 11
Intrusive Attack
Discovery
• Obtain information from inside the target
• Create backdoor for quick & easy access
• Network & vulnerability scans from inside
• Access directories; steal credentials
1/20/2016 www.grandcomputers.org 12
Intrusive Attack
Discovery
• Find software used and release/maintenance levels
• Check for default passwords
• Discover logging and audit habits
• Note maintenance and upgrade windows
• Find ACL (access control lists)
1/20/2016 www.grandcomputers.org 13
Intrusive Attack
Capture
• Prepare info for “move” in next stage
• Use credentials from discovery to access files and databases
• Try to find encryption keys for sensitive info (may not be on main computers)
1/20/2016 www.grandcomputers.org 14
Intrusive Attack
Capture & control
• Obtain passwords, credentials, encryption keys
• Access desired files, email
• Add additional malware, backdoor access, place tools and data on other servers & workstations; hide and encrypt all of this
• Decide what to do about detection & surveillance
1/20/2016 www.grandcomputers.org 15
Intrusive Attack
Exfiltration – last & most important stage
• Remove info from target & copy/send to other network
• Bundle data to use existing channels such as web pages and external resources
• Be patient; objective is to not get caught
• Beware of data loss protection methods
• Use of drop sites to store and share
1/20/2016 www.grandcomputers.org 16
Intrusive Attack
Exfiltration – last & most important stage
• Bundle desired data & move to external sites or media using existing resources
• Complete above actions without disrupting data loss protection methods
• Use other compromised sites to store and share your booty
1/20/2016 www.grandcomputers.org 17
Intrusive Attack
Tools & Concepts
• View web pages for HTML source code
• Note URLs and addresses on web page by moving cursor around page
• Build a good collection of recent tools and methods
• Become familiar with what versions of software have unpatched flaws
• Take lots of time to prevent detection
1/20/2016 www.grandcomputers.org 18
Intrusive Attack
Internet defense components
• Network firewall
• Network intrusion protection & network detection protection
• Client firewall
• Client intrusion protection & client detection protection (AV, antimalware)
1/20/2016 www.grandcomputers.org 19
Intrusive Attack Targets
• Banks not customers
• Infrastructure – power, water, food, roads, rail, air
• Manufacturing, supply chains
• Medical records, hospitals,
• Police, fire, military, national guard
• Cyber devices – disks, computers, routers, firewalls
1/20/2016 www.grandcomputers.org 20
Other Links
• Anatomy of cyber attach
• Seven stages of advanced threats
• Cyber exploitation life cycle
• Protect Myself from Cyber Attacks
• Watch live attack traffic
1/20/2016 www.grandcomputers.org 21
Next Meeting
Windows 10 Troubleshooting
Wednesday, February 17, 2016
4:00-5:30pm
Havasupai/Maricopa Rooms
Chaparral Center
1/20/2016 22 www.grandcomputers.org
Discussion
1/20/2016 23 www.grandcomputers.org