HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate...

41
Phishing: Going from Recon to Creds Hackcon 2016 Edition Adam Compton

Transcript of HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate...

Page 1: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Phishing:GoingfromRecontoCredsHackcon2016EditionAdamCompton

Page 2: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Agenda

●TalkaLittleAboutMyself●WhatisPhishing?●AStandardPhishingProcess● SpeedPhishingDemo

https://github.com/tatanus/SPF

Page 3: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

AdamCompton

Father- 5yrsHusband-16yrsSecurityResearcher- 16yrsProgrammer- 34yrsHillbilly- 39yrs

@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/

[email protected][email protected]

https://github.com/tatanus/SPF

Page 4: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

WhatisPhishing?

"theattempttoacquiresensitiveinformation...bymasqueradingasatrustworthyentityinanelectroniccommunication."- Wikipedia(Phishing)

https://github.com/tatanus/SPF

Page 5: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

WhyPhish?

PotentialhighreturnoninvestmentMaybeeasiestwayonanetworkItworks!Peoplewanttobehelpful.

https://github.com/tatanus/SPF

Page 6: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

GoingBacktothe90s

“AOHell includesa''fisher''thatallowsausertoposeasanAOLofficialandasknewmembersforpasswordsorcredit-cardnumbers.”- SanJoseMercury1995

https://github.com/tatanus/SPF

Page 7: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing
Page 8: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Whatkindofsensitiveinfo?

CredentialsCreditCardsIdentity- PIIHealthInformationBitcoinWalletsSteamAccounts

https://github.com/tatanus/SPF

Page 9: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

TypesofPhishingAttacks

Attack Magnitude Targeting

Phishing Many General

SpearPhishing 10s- 100s Group,Company

Whaling One Executive

https://github.com/tatanus/SPF

Page 10: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

StandardPhishingProcess

https://github.com/tatanus/SPF

Page 11: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Thelistoftargetsandanyotherinfothatwillhelp

Findthroughcompanysite,googlesearches,andevensocialmedia

Listmaybeprovidedbycustomer

https://github.com/tatanus/SPF

Page 12: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

ReconTools

https://github.com/tatanus/SPF

Page 13: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Settingupweb,dns and/ormailservers

Createaconvincingscenario,writetheemail

Testtheentireprocess!

Thismaybeyouronlychancetofixissues

https://github.com/tatanus/SPF

Page 14: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

CredentialHarvesting =>LoginInformation

ExploitingClient =>MetasploitSessions

Thisstepisbasedonscopeofwork

https://github.com/tatanus/SPF

Page 15: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

AttackTools- SetuptoPostCompromise

https://github.com/tatanus/SPF

Page 16: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Everyone’sFavoritePart!AtMinimum:•DescribetheAttackScenario•Targets•CollectedCredentialsorCompromisedSystemsIncludeStatistics

https://github.com/tatanus/SPF

Page 17: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Iamlazy- Canwemakethiseveneasier?

Yes...Automation!

ProgramAPIs•BeEF RESTFul API•Recon-cli•SET- seautomateParseCommandlineToolOutputPython,Perl,&Bash

https://github.com/tatanus/SPF

Page 18: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SpeedPhishingFramework- SPF

Automatescommontasksneededtoperformaphishingexercise

WritteninPython

Minimalexternaldependencies

https://github.com/tatanus/SPF

Page 19: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

CurrentFeatures

HarvestsEmailAddressSetups&HostsWebsitesSendsphishingemailstotargetsRecordsCreds andKeystrokesCreatesVERYSimpleReport

https://github.com/tatanus/SPF

Page 20: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- UsageStatement/Options

https://github.com/tatanus/SPF

Page 21: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- ConfigFile

https://github.com/tatanus/SPF

Page 22: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- StandardPhishingProcess

https://github.com/tatanus/SPF

Page 23: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- Reconnaissance

Searchesonlinesearchengineslike:◦Google,Bing,andDuckDuckGo

CanuseexternaltoolssuchastheHarvester

https://github.com/tatanus/SPF

Page 24: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- IdentifyingPotentialTargets

https://github.com/tatanus/SPF

Page 25: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- SetupandDeploy

Built-inwebserverbasedonTwistedpythonlibrary

Templated samplewebsiteswithaccompanyingemailtemplates

Abilitytodynamicallycloneadditionalloginportalsasneeded

https://github.com/tatanus/SPF

Page 26: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- LoadingWebSites

https://github.com/tatanus/SPF

Page 27: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- WebSites

https://github.com/tatanus/SPF

Page 28: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- SendingEmails

Cansimulatesendingofemails

Sendsemailsinaroundrobinstylealternatingacrossallphishingsites

Sendsemailsvia3rdpartySMTPserverorbyconnectingdirectlytothetarget'smailserver

https://github.com/tatanus/SPF

Page 29: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- SendingEmails

Page 30: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- CollectResponses&PostExploitation

LogsallaccesstothewebsitesLogsallformsubmissionsLogsallkeystrokes

Hasabilitytopillageemailaccounts

https://github.com/tatanus/SPF

Page 31: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- CollectingResults

https://github.com/tatanus/SPF

Page 32: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Reports

SavesalldataandactivitylogstoassessmentspecificdirectorystructureGeneratessimpleHTMLreport

https://github.com/tatanus/SPF

Page 33: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPF- SimpleReport

Page 34: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Advanced/ExperimentalFeatures

CompanyProfiler◦ Identifywhichifanytemplatesshouldbeused◦ Dynamicallygeneratenew"target-specific"phishing sitesPillage◦ Verifycredentials◦ Downloadattachments◦ Searchfor"SSN,password, login,etc…)

https://github.com/tatanus/SPF

Page 35: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

SPFDemo

Weshallallnowpraytothedemogods

https://github.com/tatanus/SPF

Page 36: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

FutureWork/Features

MoreexternaltoolsBetterProfiling/PillagingFancyReportsIncorporateSSL(possiblyviahttps://letsencrypt.org/).

Suggestions?

https://github.com/tatanus/SPF

Page 37: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

AHUGEThankYouto:

Recon-ng- TimTomes(lanmaster53)BeEF - WadeAlcorntheHarvester - ChristianMartorellaSocialEngineeringToolkit- DaveKennedyMorningCatch- RaphaelMudge

https://github.com/tatanus/SPF

Page 38: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Defense

Preparation◦UserAwareness&PeriodicTesting

Detection&Analysis◦Alerts,MailProxies

Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested

https://github.com/tatanus/SPF

Page 39: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

Defense

Preparation◦UserAwareness&PeriodicTesting

Detection&Analysis◦Alerts,MailProxies

Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested

https://github.com/tatanus/SPF

Page 40: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

ThankYou!

Page 41: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing

411

AdamCompton@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/[email protected][email protected]

https://github.com/tatanus/SPF


Why Employees (Still) Click on Phishing Links: an ...web.mit.edu/smadnick/www/wp/2020-10.pdf · Phishing emails demonstrate this dynamic. Phishing is the practice of sending emails

Why Employees (Still) Click on Phishing Links: an ...web.mit.edu/smadnick/www/wp/2020-10.pdf · Phishing emails demonstrate this dynamic. Phishing is the practice of sending emails

1 in 414 Emails are a phishing attack

1 in 414 Emails are a phishing attack

SPAM, MALWARE, Phishing et emails Commerciaux · «Predictive Email Defense» contre les spam, malware, phishing et emails commerciaux : retour d’expérience de la ville d’Asnières

SPAM, MALWARE, Phishing et emails Commerciaux · «Predictive Email Defense» contre les spam, malware, phishing et emails commerciaux : retour d’expérience de la ville d’Asnières

DETECTION OF PHISHING AND SPAM EMAILS …trap.ncirl.ie/4148/1/michaeloluwasegunakinrele.pdf1 Detection of Phishing and Spam Emails Using Ensemble Technique MICHAEL OLUWASEGUN AKINRELE

DETECTION OF PHISHING AND SPAM EMAILS …trap.ncirl.ie/4148/1/michaeloluwasegunakinrele.pdf1 Detection of Phishing and Spam Emails Using Ensemble Technique MICHAEL OLUWASEGUN AKINRELE

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

AWARENESS OF PHISHING SCENARIO - CYBERWISER.eu · 2020. 11. 19. · Phishing attack exercise •Identify phishing indicators in an email. •Distinguish phishing from legitimate emails.

Fact Sheet: Sending Elected Officials Emails, Letters, and ......Fact Sheet: Sending Elected Officials Emails, Letters, and Faxes Emails You can also contact your elected officials

Fact Sheet: Sending Elected Officials Emails, Letters, and ......Fact Sheet: Sending Elected Officials Emails, Letters, and Faxes Emails You can also contact your elected officials

Introduction to Email. Overview Setting up an account Sending Emails Receiving Emails Folders.

Introduction to Email. Overview Setting up an account Sending Emails Receiving Emails Folders.

Analyzing Social and Stylometric Features to Identify Spear phishing Emails

Analyzing Social and Stylometric Features to Identify Spear phishing Emails

DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS · DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS What is Phishing? Phishing is the fraudulent practice of sending spoofed emails

DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS · DIGITAL SELF DEFENSE: RID RIT OF PHISHING ATTEMPTS What is Phishing? Phishing is the fraudulent practice of sending spoofed emails

Computer crime, ethics and security...Phishing – setting up fake websites or sending emails that looks like true website and asking personal information from you. It may instruct

Computer crime, ethics and security...Phishing – setting up fake websites or sending emails that looks like true website and asking personal information from you. It may instruct

5 Marketing Emails Your Business Should Be Sending

5 Marketing Emails Your Business Should Be Sending

Detecting Deceptive Patterns in Phishing Emails · 2014. 7. 31. · Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia

Detecting Deceptive Patterns in Phishing Emails · 2014. 7. 31. · Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia

Phishing Test Templates · 2020. 12. 9. · Phishing Test Templates Our most effective phishing emails, and why they work. Here are our Top 10 Phishing Email templates. Use them

Phishing Test Templates · 2020. 12. 9. · Phishing Test Templates Our most effective phishing emails, and why they work. Here are our Top 10 Phishing Email templates. Use them

Sending Emails over Secure Email Connections with S7 … · Sending Emails over Secure Email Connections with S7-1500 and ... Establishing Secure Connection to ... GeoTrust Global

Sending Emails over Secure Email Connections with S7 … · Sending Emails over Secure Email Connections with S7-1500 and ... Establishing Secure Connection to ... GeoTrust Global

So, you think you’re good at spotting phishing emails

So, you think you’re good at spotting phishing emails

6 EMAILS EVERY REAL ESTATE AGENT SHOULD BE SENDING

6 EMAILS EVERY REAL ESTATE AGENT SHOULD BE SENDING

Detecting Deceptive Patterns in Phishing Emails - … · Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and

Detecting Deceptive Patterns in Phishing Emails - … · Detecting Deceptive Patterns in Phishing Emails Matthew Barba-Rodriguez Advisers: Lauren M. Stuart, Drs. Julia M. Taylor and

Phishing - infosec.byu.edu · PHISHING What it is… The fraudulent practice of sending emails purporting to be from ... by connecting to your phone (landline or mobile) and prevents

Phishing - infosec.byu.edu · PHISHING What it is… The fraudulent practice of sending emails purporting to be from ... by connecting to your phone (landline or mobile) and prevents

THE IMPACT OF USERS CHARACTERISTICS ON … Mohammed A...THE IMPACT OF USERS’ CHARACTERISTICS ON THEIR ABILITY TO DETECT PHISHING EMAILS ii Abstract Phishing emails result in significant

THE IMPACT OF USERS CHARACTERISTICS ON … Mohammed A...THE IMPACT OF USERS’ CHARACTERISTICS ON THEIR ABILITY TO DETECT PHISHING EMAILS ii Abstract Phishing emails result in significant

PHISHING PREVENTION TRAINING White Papers...phishing. Phishing emails are used by attackers to deliver viruses, steal passwords, install ransomware and impersonate corporate officers

PHISHING PREVENTION TRAINING White Papers...phishing. Phishing emails are used by attackers to deliver viruses, steal passwords, install ransomware and impersonate corporate officers