sign in sign up
<<
Home , Bangladesh Bank robbery, Chaos Computer Club, Equation Group, NSA ANT catalog

Live Hack Passwords are HIGH RISK How act and what you can do

Tom Hofmann System Engineer Identity, Access & Security Disclaimer All data and information provided in this webcast are for informational purposes only.

The Micro Focus webcast related to Hacking is only for informational and educational purpose. The tutorial and demo provided is only for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Micro Focus will not be responsible for any action performed by any attendee. http://linkedin.com/in/onlinesecurity/ SE LinkedIn

http://slideshare.net/TomHofmann/ Slideshare

http://twitter.com/WickedProbl3ms Twitter

Tom Hofmann System Engineer IAS

3 Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a . This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.

Technopedia

4 „A hacker is someone who tries to find a way to make a toast with a coffee machine. “ , Founder of

5 Question 1: Is Cybersecurity a strategic topic in your organisation & do you also have the resources to implement it? h0W +0 bEcom A h4x0r H4x0r Starter Kit

Hacker Hoodie 89.50 €

Guy Fawkes Maske 10 €

Laptop Sticker 9.95 € Bildschirmschoner Freeware

8 “Real hacker”

APT 28 / Sofacy / ‒ RUAG, Thyssen Krupp ‒ DeutscherBundestag ‒ En Marche, US Demokraten DNC ‒ Most probably Russian Government

Lazarus Group ‒ Sony Hack ‒ SWIFT Hack / Bangladesh Bank heist ‒ WannaCry ‒ Most probably North Korean Gov.

Equation Group ‒ ‒ Eternal Blue ‒ NSA ANT Catalog ‒ “Most probably” U.S.A. Gov. / NSA APT 10 / MenuPass / Stone Panda ‒ Managed Service Providers ‒ ”Cloud Hopper” ‒ “Red Leaves” ‒ Most probably Chinese Government

9 State backed hacking, the threat is real!

10 Question 2: Do you have a dedicated Cybersecurity team? Five steps to a happy hack

Reconnaissance Assessment Exploitation Execution Have fun

12 Recon

Reconnaissance

Intelligence

SIGINT (COMINT, ELINT): Signal Intelligence (Communication Intelligence & Electronic Intelligence) OSINT: Open Source Intelligence HUMINT: Human Intelligence 13 Assess

Assessment

Vulnerabilities

Electronic vulnerabilites: Software bugs Social vulnerabilites: Human weaknesses Physical vulnerabilites: Building access, etc.

14 Exploit

Exploitation

Exploits

Electronic exploits: Specific software, malicious data packages Social exploits: (Spear) Phishing, calls, manipulation Physical exploits: Installation Rogue WLAN access points, MITM devices 15 Exec

Execution

Payloads

RAT: Remote Access Tools Logging: Video, Screen, Keystrokes Shells: Remote accessible shells 16 Party

Have fun

17 Small selection

▪ Vulnerability scanner: checks ▪ Password cracking: recovering assets for known weaknesses passwords from data stored or transmitted by computer systems ▪ Root kit: represents a set of programs which work to subvert ▪ Packet sniffer: capture data control of an operating system packets in transit over networks from legitimate operators ▪ Social engineering: an attack ▪ : serves as a back vector that relies heavily on door in a computer system to human interaction allow an intruder to gain access to the system later ▪ Spoofing attack: involves websites which falsify data by ▪ Viruses: self-replicating programs, mimicking legitimate sites inserting copies of the same program into other executable ▪ Post exploitation: Tools used code files or documents after successful infiltration. Popular tools are psexec, ▪ Key loggers: tools designed to mimikatz, wmic and powershell record every keystroke

18 Question 3: Do you implement and operate Cybersecurity Resilience? Let´s be a h4x0r From leaked cyber weapons to WannaCry, & NotPetya

20 Cyber weapons gone wild

1 3 5

Equation Group WannaCry NotPetya Linked to NSA Damage, ransom, credential stealing

2 4

ShadowBrokers Petya Software Dump Wiper disguised as ransomware

21 Try it yourself

▪ https://github.com/x0rz/EQGRP_Lost_in_Translation

▪ https://usa.kaspersky.com/resource- center/infographics/equation ▪ https://securelist.com/equation-the-death-star-of-malware- galaxy/68750/ ▪ https://securelist.com/files/2015/02/Equation_group_questi ons_and_answers.pdf ▪ https://www.kaspersky.com/about/press- releases/2015_equation-group-the-crown-creator-of-cyber- espionage

22 Framework Metasploit Aka Fuzzbunch

Vulnerability Exploit Payload MS17-010 Metasploit Exploit RAT Meterpreter aka EternalBlue by risksense Aka DoublePulsar

23 But… patch? But… ZeroDay!

Microsoft president Brad Smith said WannaCry "represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent- 24 collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/ TYPICAL PATCH MANAGEMENT PROCESS in ITIL

Patch Config. Release Sources Mgmt Mgmt.

Deploy Prio & Start Schedule Plan Build Test & Install

Chng. Mgmt

True Audit & Success? Close Assess End False

25 , a phishy PDF and

a RAT (GoldenEye)

26 Hacking HR

1 3 5

Bewerbung Gefälschte BfA Your files have Reale Jobangebote Ausführen des Exploits been encrypted der BfA

2 4

”Sauberes PDF” Fake System Check Der Türöffner Verschlüsselungs- payload

27 References

▪ https://nakedsecurity.sophos.com/2016/12/08/golden eye-ransomware-the-resume-that-scrambles-your- computer-twice/

▪ https://www.heise.de/ct/ausgabe/2017-1- Verschluesselungstrojaner-Goldeneye-greift-gezielt- deutsche-Personalabteilungen-an-3575058.html

▪ https://de.business.f-secure.com/author/delayo16

28 Framework Metasploit

Vulnerability Exploit Payload CVE-2010-1240 Social Engineering & RAT Adobe PDF Metasploit Exploit Meterpreter embedded EXE by attackresearch

29 Heartbleed 3 years later, still bleeding

https://www.slideshare.net/TomHofmann/ heartbleed-2017-3-years-later-still-bleeding

30 Don’t always focus on the OS

Bluetooth protocol BlueBorne

Wifi Chipset BroadPwn

Headphones SPEAKE(a)R

the x86 processor fuzzer sandsifter

31 “…enable the installation of beacon implants directly into our targets' electronic devices. These devices are then re-packaged and placed back into transit…” Tailored Access Operations/Access Operations (AO - S326) Remote Operations Center (S321)

32 “(TS//SI//NF) In one recent case, after several months a beacon implanted through supply- chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.” Security by obscurity doesn´t work Not even with three letter agencies

On the Viability of Conspiratorial Beliefs 34 https://doi.org/10.1371/journal.pone.0147905 Recap

What have we seen What can we do ▪ A quick peek at Cybersecurity ▪ Multi Factor Authentication ▪ Remote Exploit and ▪ SIEM ▪ Manual Exploit with Social Engineering ▪ Privileged Account Management ▪ Cybersecurity matters ▪ Active Configuration Change Management ▪ Hacks happen on various different levels and ▪ Enterprise & Web Access Management come in all shapes and sizes

▪ There is not only „one“ solution More to read

MELANI on the RUAG Hack https://www.melani.admin.ch/melani/de/home/dokumentation/ber ichte/fachberichte/technical-report_apt_case_ruag.html

BroadPwn (Chip level exploit) https://hackaday.com/2017/07/29/broadpwn-all-your-mobiles-are- belong-to-us/

Rogue WLAN Access Points http://www.hackingarticles.in/hack-password-using-rogue-wi-fi- access-point-attack-wifi-pumpkin/

Turning headphones into mics https://www.usenix.org/system/files/conference/woot17/woot17- paper-guri.pdf

Breaking the x86 ISA https://github.com/xoreaxeaxeax/sandsifter

Oauth and phishing attack at En Marche in France https://media.scmagazine.com/documents/295/trend_micro-two- years-of-pawn-_73730.pdf

36 MicroFocus Advanced Authentication

37 Hard Token Advanced Authentication

Time based Event based OATH TOTP OATH HOTP Soft Token Infrastructure Authenticators Services OS Login Windows MacOS

SMS eMail OTP

Radius Client Server Firewall

Features VPN Fingerprint Finger Vein Biometric Advanced Analytics & Authentication Reporting

NFC Group & Event Offline Login based controls Smartcard Contact less Contact based RFID 2nd Factor skipping

iOS Android Windows FIDO U2F Phone

Multi Site Smartphone Support Geolocation & Out of Band Live Ensure API Geofencing

Yubikey USB & Smartcard FIDO U2F OATH Swisscom Bluetooth NFC HOTP & TOTP MobileID BLE Q&A

39 Questions, idea, anything else…

http://linkedin.com/in/onlinesecurity/ SE LinkedIn

http://slideshare.net/TomHofmann/ Slideshare

http://twitter.com/WickedProbl3ms Twitter

Tom Hofmann System Engineer IAS

40 Thank you.

www.microfocus.com