Collecting Shellz by the C-Side - Hacker Halted
Collecting Shellz by the C-Side - Hacker Halted
Collecting Shellz by the C-Side - Hacker Halted
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Collecting</strong> <strong>Shellz</strong> <strong>by</strong> <strong>the</strong> C-<strong>Side</strong><br />
Presented <strong>by</strong><br />
Rob Kraus<br />
Jose Hernandez
Traditional Assessments
Client <strong>Side</strong> Attacks
Anatomy of a C-<strong>Side</strong><br />
Attack initiated with<br />
phishing emails to<br />
drive users to<br />
malicious web sites<br />
that are infected<br />
with malware<br />
Malware exploits IE<br />
vulnerability and<br />
downloads to<br />
user’s system<br />
Malware opens<br />
backdoor that gives<br />
full access to user’s<br />
system<br />
Attacker uses<br />
access to create<br />
o<strong>the</strong>r backdoors<br />
and gain access to<br />
sensitive data
Phases of an APT<br />
1<br />
Planning<br />
& Info Ga<strong>the</strong>ring<br />
2<br />
Attack &<br />
Compromise<br />
(Breach)<br />
3<br />
Establish<br />
Command<br />
& Control<br />
4<br />
Authorization &<br />
Credential Theft<br />
5<br />
Manual<br />
Exploitation &<br />
Info Ga<strong>the</strong>ring<br />
6<br />
Data<br />
Ex-filtration<br />
7<br />
Maintain<br />
Persistence
Anatomy of C-<strong>Side</strong> Attack
Choosing an Enemy
Penetration Tests
Penetration Tests
Test Scenarios
End-Point Protection
Egress Filtering
Fun With PDF’s
Information Ga<strong>the</strong>ring - Metagoofil
Metagoofil
Information Ga<strong>the</strong>ring
Social Networks
Metasploit
Exploit a Vulnerability
DLL Planting
DLL Planting
DLL Planting
Malicious Website
Citrix
Citrix External Login
Citrix External Login
Defensive Considerations<br />
Mail Gateway<br />
AV<br />
Network<br />
Proxies<br />
Content<br />
Filtering<br />
Network<br />
Monitoring<br />
Patch<br />
Management<br />
Egress<br />
Filtering<br />
Desktop<br />
AV/Firewall<br />
Perimeter<br />
Defense<br />
Client-<br />
<strong>Side</strong><br />
Defense<br />
Employee<br />
Education
Conclusion<br />
Rob Kraus<br />
Manager, Security Consulting Services<br />
Email: robkraus@solutionary.com<br />
Twitter: @robkraus<br />
Jose Hernandez<br />
Security Consultant<br />
Email: josehernandez@solutionary.com