O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

My dog is a hacker and will still your data!

1.054 visualizações

Publicada em

Abstract:
This presentation is about a creative approach to intrusion tests, as the popular saying would say: "–The dog is man's best friend" (he makes you feel good and secure). Let's explore the vulnerability of layer eight, the human being, subject to error and the social engineering techniques; This is an innovative method, with art and style, will be simpler than it sounds; The dog will be used as an attack tool, which will carry a mobile phone hidden along with its pectoral collar.
The attack vectors are triggered automatically without any human interaction. This may include geographically close attacks, such as fake Wi-Fi access points, cellular base stations or local user attacks on a network, we can exploit DNS hijacking, packet injection, Evil-Twin, rogue router or ISP, and many other variants. Furthermore, the target will connect to your rogue wifi access point and the rules are enabled with the DHCP configurations to allow fake AP to allocate IP address to the clients and forward traffic to a fake/malicious web-site; Then, the information can be stored easily as well the injection of malicious file to remotely control the victim.
And it's done. You can drop your hacker dog in a park and expect him to hack people for you, quietly, that's perfect!

About Rafael:
Rafael Fontes Souza aka b4ckd00r is a Senior Information Security Consultant at CIPHER. He is a core member of Cipher Intelligence Labs - the advanced security team focused on penetration testing, application security and computer forensics for premier clients. He started studying at age 13 and since then has disclosed security vulnerabilities and has received recognition and awards from major companies such as Apple, Microsoft, ESET, HP and others. Being done hundreds of successful penetration tests for various organizations, including government, banking, commercial sectors, as well the payment card industry.

Publicada em: Negócios
  • Seja o primeiro a comentar

My dog is a hacker and will still your data!

  1. 1. MY DOG IS A HACKER AND WILL STEAL YOUR DATA! Rafael Fontes Souza
  2. 2. • Hacktivist • Security Consultant • Bug Bounty Hunter • Penetration Tester $WHOAMI
  3. 3. $CAT ABOUT-MY-DOG.TXT #HACKER DOG $EXIT
  4. 4. $DISCLAIMER All the information provided in this presentation are only for educational purposes. I’m not responsible for any actions that may occur afterwards. I don’t speak for my employer. All the opinions and information here are mine.
  5. 5. $REQUIREMENTS • A supported USB wireless adapter; • A Mobile phone compatible with NetHunter/Kali; • 3G/4G Connection; • The dog with a backpack or a fitted pectoral collar; $LIMITATIONS • Systems of protection installed in the target devices can prevent some types of attacks. • The version of the browser or operating system used by the victim can prevent certain types of attacks on some devices.
  6. 6. $AGENDA • DiTm (Dog In The Middle) • Hacking mobile phones Rooted devices Non rooted devices • Mobile Malwares • Social Engineering Techniques Using QR code to RCE • Demonstration • Analysis of graphs
  7. 7. $DOG IN THE MIDDLE
  8. 8. $WIRELESS ATTACKS AND TIPS
  9. 9. $INTERCEPT CREDENTIALS
  10. 10. $AUTOMATION OF DITM • Fully automated attack • No human interaction • Fake access point • Evil-twin • Karma attack • Goal: get credentials!
  11. 11. $MORE ATTACK VECTORS…
  12. 12. $SMARTH PHONES OR SPY PHONES
  13. 13. $HACKING MOBILE PHONES Rooted devices Non rooted devices
  14. 14. $ROOTED DEVICES
  15. 15. $NON ROOTED DEVICES
  16. 16. STRATEGY IS IMPORTANT! STRATEGY IS IMPORTANT
  17. 17. $SOCIAL ENGINEERING TECHNIQUE
  18. 18. $MALICIOUS QR CODE
  19. 19. APP STORES ARE TRUSTED?
  20. 20. Mobile Threat Landscape Activity Map McAfee®
  21. 21. UNDER CONSTRUCTION
  22. 22. #HOW TO PROTECT YOURSELF? • Check before downloading and installing if the application is true and original; • Don’t click on links or attachments in unsolicited emails or text messages; • Log out of sites after you have made a payment; • Keep your operating system and apps updated; • Use secure Wi-Fi; • Turn off Wi-Fi, location services and Bluetooth when not in use; • Don't jailbreak or root your device; • Back up and encrypt your data; • Install protection software;
  23. 23. $MICROSHIP IMPLANT • Will a microchip tell me my pet’s location? • Can anyone with a scanner access my contact information from the chip?
  24. 24. $POC DITM STEP BY STEP
  25. 25. $POC DITM STEP BY STEP
  26. 26. $POC DITM STEP BY STEP
  27. 27. $POC DITM STEP BY STEP
  28. 28. $POC DITM STEP BY STEP
  29. 29. $DEMONSTRATION
  30. 30. GARTNER SAYS WORLDWIDE SALES OF SMARTPHONES GREW 9 PERCENT IN FIRST QUARTER OF 2017 https://developer.android.com/
  31. 31. $MOBILE OPERATING SYSTEM MARKET SHARE https://developer.android.com/ https://www.netmarketshare.com/
  32. 32. $ANDROID PLATFORM VERSIONS
  33. 33. $MOBILE BROWSER MARKET SHARE https://developer.android.com/ https://www.netmarketshare.com/
  34. 34. GLOBAL OPERATING SYSTEMS MARKET SHARE FOR PERSONAL COMPUTERS, FROM JANUARY 2013 TO FEB 2017 https://developer.android.com/
  35. 35. $NUMBER OF MOBILE PHONE USERS WORLDWIDE FROM 2013 TO 2019 (IN BILLIONS) https://developer.android.com/
  36. 36. CONCLUSION https://developer.android.com/ The numbers speak for me: Billions of vulnerable people. • Use of mobile devices has increased every year; • Windows operating system is the most used in PCs; • Android operating system is the most used in mobile phones; • Most operating systems are out of date;
  37. 37. $THANK ALL! https://developer.android.com/ Credits: • Public awareness and prevention of Europol and Interpol • CIPHER • Kaspersky LAB • Mcafee • HackersOnlineClub • Defcon.ru • And many friends! Thanks all!
  38. 38. https://developer.android.com/ Credits: • CIPHER • Rafay Baloch • Wolmer Godoi • Cleber Brandão • Fernando Amatte • Fabrício Salomão • Diego Pereira • Rafael Capucho • Priyanshu Sahay • Chandrakant Patil • HackersOnlineClub • Defcon.ru

×