Introduction to Ethical Hacking

Reading Summary: Social Engineering

Social Engineering has become a powerful hacker technique that most organizations still ignore, if not, underestimate its true impact. This technique takes into advantage the weakest link of the security chain in the organization (i.e.: people/employees). However, there are various counter-measures techniques used to reduce the likelihood of a successful social engineering attack. In most cases of a successful attack data is compromised and computer systems are violated.  The cycle consists of four phases: information gathering, developing relationship, exploitation, and execution. It is also important to note the human behavior of a social engineering attack. Most individuals are motivated either by revenge, financial gain, self-interest, etc. to perform such an attack in the first place. Some of the techniques they use include shoulder surfing, checking any trash cane/ recycle bins, email/mail-outs, forensic analysis, website, phishing, etc. Lastly, the counter-measures include different ways to reduce the attack in the first place, such as security policy, physical security, education and security awareness program, etc.

Question for the class:
Have you been a target from a social engineering threat? If so, how were you notified and what were the corrective steps taken to prevent a similar future attack?

In the news: Iran Threat Group Uses Fake LinkedIn Network to Target Victims

Dell SecureWorks found that potential victims were targeted thru social engineering by an extensive network of fake LinkedIn profiles.  Threat Group 2889 consists of 25 fake LinkedIn accounts that pertain to 204 legitimate LinkedIn users in Middle East, North Africa and South Asia, and are likely targets of TG-2889. In addition, they are divided into two groups: fully developed personas (leader accounts) and supporting personas. Once Dell SecureWorks informed LinkedIn of the fake profiles, LinkedIn took them down immediately.

For additional information regarding this article, please click here.

There are many uses for netcat. One of its primary uses can be for file transfers, but it can also be used for checking port connections on remote hosts, port scanning, firewall testing, address spoofing, as a proxy, and much more. It can execute executables such as a command shell. For telnet like connections, netcat can be used in either client mode or server mode. Netcat is not encrypted, and all traffic on netcat can be read through a sniffer or analyzer. Encrypted forms of netcat include cyptcat or ncat. Netcat can be used for malicious purposes if you are able to install the executable on a remote host as a means of a back door for file transfers, if netcat is not already installed. The reason one should not have netcat installed is for the potential for misuse by a malicious actor.

News Article: FBI states anti-marijuana policy hinders ability to hire Cyber Experts
http://arstechnica.com/tech-policy/2014/05/fbi-chief-says-anti-marijuana-policy-hinders-the-hiring-of-cyber-experts/

This week’s reading covered netcat. Netcat is extremely popular because it can be used for more purposes than just port scanning. This article talks about how to use netcat to open remote command prompt instances, send & receive files. It also covers how netcat can be hidden in a Windows NT environment. Something I found interesting is how the article mentions that netcat can be by defenders to see what attackers are doing by monitoring network activity from the attacking netcat instance. The article then talks about how defenders should not count on this as a detection method because netcat traffic can be encrypted when attackers use the cryptcat variant of netcat.

An article I found interesting can be found at

http://www.darkreading.com/attacks-breaches/state-trooper-vehicles-hacked-/d/d-id/1322415?

The article covers how pen testers were able to demonstrate proof of concept on how blackhat hackers can take control of non-networked vehicles. The article covers how such attacks can be done and what can be done to mitigate chances of success against such threats.

Netcat was originally designed to be a backend tool that can test, create, read & write to connections using TCP or UDP. It can be used directly or run by programs or scripts. It was originally designed for Unix and Linux and has since been ported over to other platforms.  It is a must-have for any hacker and their tool box. It was created in 1995 by Hobbit as a network debugging and exploration tool. Besides the ability to make connections to and from any port, it can also do file transfer, port scanning and port listening.

In the news:

Recent studies show that besides hacking or malware, device loss are also a leading problem.

http://www.networkworld.com/article/2988643/security/device-loss-data-breach-malware-hacking-trend-micro-report.html

Net cat is just another tool used to test machines and networks with the main difference over nmap being the ability to read as well as write. Net cat is important to know because it is widely regarded as one of the most popular tools among security professionals. The reading clearly notes that net cat should not be loaded onto production systems.

My question for the class would be since net car can read and write when is it better to use nmap instead of netcat? It seems that net cat has more features.

News for the week:

http://www.securityweek.com/north-korea-suspected-hacking-seoul-subway-operator-mp

North Korea launched a cyber-attack on South Korea’s subway system. I thought this was interesting because when we think about who we need to worry about with Cyber Security I think we often think about the same countries we need to worry about with military might but cyber-attacks sort of even the playing field in some ways and allows anyone to be a massive force.

Armstrong, T. (2003), “Netcat – The TCP/IP Swiss Army Knife”, Information Security Reading Room, SANS Institute. Based on Nmap’s optimized and tested passive and active scanning libraries, Ncat is a powerful and flexible general purpose command line tool, useful for a wide range of interactive and network-connected backend testing and administration tasks. It  can read, write, redirect, and encrypt/decrypt data across an computer network, and enable users to: control every character sent among servers, network services, and clients, and view the resulting raw, unfiltered responses.  As such it is helpful in understanding a service, and how clients are using it, and enables: fixing problems, finding security flaws, and testing custom commands. It runs on all major operating systems, and can act as a connection broker among clients and services.

Question for class: How do penetration testers test for and detect the most common SCADA attack methods: Restriction of Operations within the Bounds of a Memory Buffer (26%), Improper input Validation (9%) ?

News of the Week: Dell’s 2015 annual security report states: Attacks on Supervisory Control and Data Acquisition (SCADA) systems doubled worldwide between 2013 (163,228 attacks) and 2014 (675,186 attacks.) They target basic system operations controls, access and credential management, network navigation and input validation – and have potential to wreak major havoc over critical infrastructure systems for all. Most common successful attack methods against SCADA target insecure applications programming and management practices, including: Improper, Restriction of Operations within the Bounds of a Memory Buffer (26%), Improper input Validation (9%), Information Exposure (9%), Resource Management Errors (8%), Improper Neutralization of Input During Web Page Generation – i.e. Cross-site Scripting (7%), Permissions, Privileges and Access Controls (7%),…

https://software.dell.com/docs/2015-dell-security-annual-threat-report-white-paper-15657.pdf

NetCat has been surging in popularity since 2000 among information security professionals. NetCat is unlike Nmap because this utility allows you discover, read and write data across TCP and UDP network connection. Thus giving you the ability to manipulate connections remotely. NetCat was created by Hobbit in 1995 as a feature-rich network debugging and exploration tool. We can thank Hobbit for giving us a tool that can be used in infinite ways of using it to remotely prompt any node and perform such actions as hiding FTP transfers, port scanning, encryption among other uses.

I found this interesting article regarding design flaws which make drones vulnerable to cyber-attacks. Thus rendering normal (recreational) as well as weaponized drones having weaknesses, which can exploited by “drone hacking smartphones”.
Please see link below for further information:
http://thehackernews.com/2015/10/drone-hacking.html

Reading Summary: NETCAT

Netcat is very powerful tool that is similar to Nmap, but has ability to not only read, but also write data across network connections. The process involved using command lines with various command switches allowing to establish sessions and manipulate connections, such as: redirecting traffic, transferring files without any FTP servers via direct connection, execute remote Apps, scripts and procedures; scanning firewall for blocking source routes, and listen to ports. NetCat was designed to be network debugging and investigation tool, but given its capabilities can also be used as a Backdoor. Moreover, NetCat can pipe certain connections made to itself as being server to another service or destination by modifying local system’s scripts.

Additional Resource describes NetCat is verbose details:   http://nc110.sourceforge.net

Question to the Class: 

Given NetCat’s capabilities to read and write any type of TCP and UDP connections and manipulate data, should NetCat be considered as being the Best Tool when it comes to network scanning and vulnerability testing?

In the News:

More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities

Read more at: http://thehackernews.com/2015/10/android-stagefright-vulnerability.html