Synacktiv_targeted_attacks_presentation_JSSI_2014(1).pdf

(162 KB) Pobierz

Targeted attacks:

Tools and techniques

Performing « red-team » penetration tests

Lessons learned

Presented on

17/03/2014

JSSI OSSIR 2014

Renaud Feil

For

Agenda



Objective:



Present tools techniques that can be used to simulate a targeted attack in a

professional context

Gain access to the internal network

Malicious e-mails

Social engineering to gather remote access credentials (VPN)

Physical intrusion to connect an 'implant' on the internal network

Respect legal constraints and ethics

Anonymize all personal information in the report



Selected goal:



3 suggested attack vectors:



Warning:



The evolution of penetration tests



A bit of history:



1967:

Joint Computer Conference

by the experts of the RAND

Corporation and the NSA

1971:

tiger teams

& James P. Anderson for the USAF

1995: First commercial penetration test offers in France

Proliferation of methodologies and certifications

Integration of penetration tests in the software development life cycle

Integrating penetration tests in the software development life cycle limits

their realism and impact

The security of an application or a system is not the security of the entire

organization



Today:



Limits:



Definitions



Targeted attacks:



Reconnaissance and planning to tailor the attacks for a

specific target

Specific objectives: retrieve sensitive information

Short-term (Hunting) or long-term (Farming) operations

Simulate a short-term targeted attack

'Light' interactions with members of the targeted organization

Large perimeter

Last longer than a conventional penetration test



Red-Team

intrusion tests:



Reconnaissance and planning



Objectives:



Identify systems accessible from the Internet

Create a simplified organizational chart

Identify physical locations

Gather phone numbers and e-mails addresses

Select the best attack scenarios

Validate attack scenarios with the customer

Efficiency (optimal result for a low complexity)

Low risk of discovery

In case of suspicion, plausible deniability



Criteria for a good attack scenario:



Plik z chomika:

musli_com

Inne pliki z tego folderu:

3A(1).pdf (343 KB)
A Closer Look At Ethical Hacking And Hackers(1).pdf (83 KB)
A Practical Fault Attack on Square and Multiply(1).pdf (366 KB)
A Primer on Scientific Programming with Python (2009)(1).pdf (6983 KB)
A+(2).zip (9992 KB)

Synacktiv_targeted_attacks_presentation_JSSI_2014(1).pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: