MIS 5212-Advanced Penetration Testing

MIS 5212 - Section 001 - Wade Mackey

Fox School of Business

Week 06

Metasploit Analysis

by Leave a Comment

I decided to leverage my particular professional skill set with this attack. I was a little surprised at how easy Metasploit made it to gain a root shell on the Metasploitable VM. I was able to perform some of the additional steps that a real attacker might. Of course, I stopped short of attacking other systems. (It would not have been possible anyway. My test environment was on a private network with no internet access.)

  • Presentation [PDF]
  • Executive Summary [PDF]

Russia Admits Major Info Warfare Mission

by Leave a Comment

Ruslan Stoyanov-head of Kaspersky Lab’s computer incidents investigation team and two Federal Service (FSB) officers Sergei Mikhailove and Dmitry Dokuchayev were arrested two months ago. The treason case had brought in December is the result of allegations made by an online payments firm seven years ago, it has emerged.

It was initially though that they may have been arrested in connection with an incendiary dossier compiled by a former MI6 man about US President Donald Trump, alleging the Kremlin has compromising material on him.

However, Pavel Vrublevsky, founder of online payments firm ChronoPay, told Reuters that the arrests were made in connection with allegations he made in 2010 that Stoyanov and Mikhailov had passed secrets to US firms which then made their way into the hands of intelligence officials.

Link: https://www.infosecurity-magazine.com/news/russian-cyber-treason-case-takes/

Hacking The Penetration Test

by 2 Comments

In a recent report, Rapid7 found that two thirds of penetration test engagements were not discovered at all by the organization being tested. The detection rates were nearly identical between large and small organizations and among different industries. This would be a great concern. Unlike pen tests which were short-term, rapid-fire and sometimes loud, real attacks were usually long-term, slow and quiet. This meant if organizations could not detect a penetration test, it would be impossible to detect real cyber attacks. Part of the problem was that organizations couldn’t or didn’t track their event logs daily. Penetration testing was gradually evolving. Bug bounty programs were rising and tended to shape the nature of some pen testing. Many organizations with bug bounty programs, especially technology companies including Facebook, Yahoo!, Google, Reddit, Square and Microsoft, were shifting focus to more focused and challenging engagements.

Link: http://www.darkreading.com/vulnerabilities—threats/hacking-the-penetration-test-/d/d-id/1328105

 

My recent experience with an attempted social engineering attack

by 4 Comments

Yesterday, I received a phone call from this number: (570) – 524 – 2662.  If you do a quick Google Search you will find that it’s for a legitimate source, the State Police Department in Lewisburg or Milton, PA.

The caller claimed to be an officer of the department and requested to speak to me.  So I obliged and asked him what it was about.  He claimed that they had receive several complaints about me and was calling to sort it out.  After asking him what the complaints were about, he was hesitant and said that he will forward me to the investigating officer to talk about the complaints.

I immediately stopped him and told him to give me the direct line to the investigating officer so that I can call him directly.  The caller refused and told me to use the number that showed up on my caller id. I tried to get the identity of the caller but failed because he just told me to call the number back and he will be there to answer the call.  I hung up and did the quick Google Search of the phone number.

There were several things wrong with this call:

  1. Why would the State Police from the middle of PA call someone in Philadelphia?
  2. The caller had an Indian/Middle Eastern accent
  3. The caller did not want to provide me a number or his name.

I decided to call the number back, since it was a legitimate number, and got a hold of a “different” officer.  The officer assured me that he was the only there and nobody there was trying to get a hold of me.  I told him about the phone call that I just received and he was as surprised as I was.

Moral of the story is that anything can be spoofed and made to seem like it’s coming from a legitimate source.  Be careful who you divulge information to and should always ask for a callback number if you’re not the one who initiated the contact.

Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED

by 2 Comments

Researchers at Ben-Gurion University in Israel have developed a way to steal data off of someone’s hard drive by infecting the desired computer with malware and reading data through the blinking LED light that indicates hard drive activity. In their testing, researchers used a drone camera that would fly to the window of the office where the computer was infected. Once at the window, the drone can capture the blinking LEDs, which can blink up to 6,000 times per second. This allows the desired hacker to transmit data very fast over a long distance. Being able to infiltrate a system that is not on the internet is a major concern for highly sensitive systems that utilize the “air gap.” The “air gap” is sometimes seen as an impenetrable defense against highly sensitive systems which are not connected to the internet. By using the computer’s LED light it has the potential for hackers to use a stealthier, higher-bandwidth and longer distance method to infiltrating an air-gapped computer. The researchers believe that the easiest way to circumvent this is by taping the LED light or by keeping highly sensitive systems away from windows.

Article – https://www.wired.com/2017/02/malware-sends-stolen-data-drone-just-pcs-blinking-led/