The Power. Chema. of FOCA 3

Similar documents

How to Add Domains and DNS Records

gathering Dave van Stein 9 april 2009

How-to: DNS Enumeration

How To Guide Edge Network Appliance How To Guide:

A fresh new look into Information Gathering. Christian Martorella IV OWASP MEETING SPAIN

How to Configure the Windows DNS Server

Hacking Techniques & Intrusion Detection

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

Migration Quick Reference Guide for Administrators

SPAM, VIRUSES AND PHISHING, OH MY! Michael Starks, CISSP, CISA ISSA Fellow 10/08/2015

PineApp Surf-SeCure Quick

1 You will need the following items to get started:

Hosted Exchange 2010

V Series Rapid Deployment Version 7.5

Penetration Testing with Kali Linux

Configuration Guide BES12. Version 12.2

Si no quieres que sepa tu nombre, por que llevas el DNI en la frente? Christian Martorella CISSP, CISA

Important Information

How to Configure Split DNS

Talk-101 User Guide. DNSGate

Configuring Security for SMTP Traffic

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

How to set up the Integrated DNS Server for Inbound Load Balancing

What is a Mail Gateway?... 1 Mail Gateway Setup Peering... 3 Domain Forwarding... 4 External Address Verification... 4

DNS and BIND. David White

IceWarp to IceWarp Server Migration

Presto User s Manual. Collobos Software Version Collobos Software, Inc!

Configuration Guide BES12. Version 12.1

Trend Micro Worry- Free Business Security st time setup Tips & Tricks

Use Domain Name System and IP Version 6

Pwning Intranets with HTML5

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

SMTP Settings. Magento Extension User Guide. Official extension page: SMTP Settings. User Guide: SMTP Settings

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Working With Virtual Hosts on Pramati Server

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Migration Project Plan for Cisco Cloud Security

So today we shall continue our discussion on the search engines and web crawlers. (Refer Slide Time: 01:02)

Configuring a Domain to work with your Server

"Charting the Course... Enterprise Linux Networking Services Course Summary

Configuring an External Domain

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Windows 2008 Server. Domain Name System Administración SSII

Step-by-Step Configuration

Pass Through Proxy. How-to. Overview:..1 Why PTP?...1

provides several new features and enhancements, and resolves several issues reported by WatchGuard customers.

BorderWare Firewall Server 7.1. Release Notes

Understand Names Resolution

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Secure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification

Internet Security [1] VU Engin Kirda

Websense Web Security Gateway: Integrating the Content Gateway component with Third Party Data Loss Prevention Applications

Managing Qualys Scanners

DYNAMIC DNS: DATA EXFILTRATION

HW9 WordPress & Google Analytics

ENTERPRISE LINUX NETWORKING SERVICES

Chapter 9: Name Services. 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory services 9.6 Summary

ZENworks 11 Support Pack 4 Management Zone Settings Reference. May 2016

How to scan/exploit a ssl based webserver. by xxradar. mailto:xxradar@radarhack.com. Version 1.

How to use ArGoSoft Mail Server.NET Freeware

Smart Card Authentication. Administrator's Guide

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Vulnerability Assessment and Penetration Testing

Protecting the Infrastructure: Symantec Web Gateway

DNS: How it works. DNS: How it works (more or less ) DNS: How it Works. Technical Seminars Spring Paul Semple psemple@rm.

Core Protection Suite

GL275 - ENTERPRISE LINUX NETWORKING SERVICES

Domain Name System Security

Classifying DNS Heavy User Traffic by using Hierarchical Aggregate Entropy. 2012/3/5 Keisuke Ishibashi, Kazumichi Sato NTT Service Integration Labs

Lab Tasks 1. Configuring a Slave Name Server 2. Configure rndc for Secure named Control

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

WildFire Features. Palo Alto Networks. PAN-OS New Features Guide Version 6.1. Copyright Palo Alto Networks

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

Switching Your DNS WiredTree

graphical Systems for Website Design

Penetration Testing Scope Factors

NTT Web Hosting Service [User Manual]

WHM Administrator s Guide

Computer Services Documentation

Networking Domain Name System

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Module 2. Configuring and Troubleshooting DNS. Contents:

FortiGate Multi-Threat Security Systems I

Click Studios. Passwordstate. Installation Instructions

Wikto how does it work and how do I use it?

Yandex: Webmaster Tools Overview and Guidelines

Configuration Guide to Hosted Exchange User Documentation for Customers & Resellers

Penetration Testing Automation System

Rally Installation Guide

Presto User s Manual. Collobos Software Version Collobos Software, Inc

ADFS for. LogMeIn and join.me authentication

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

Configuring Sponsor Authentication

Client logo placeholder XXX REPORT. Page 1 of 37

Transcription:

The Power of FOCA 3

What s a FOCA? 5/25/12 2

Al principio fue el Metadato 5/25/12 3

Metadata, hidden info Mala ges.ón Mala conversión Opciones inseguras & lost data Buscadores Arañas Bases de datos Mala ges.ón Formatos embebidos Conversión errónea Opciones Inseguras Ficheros embebidos Nuevas aplicaciones o nuevas versiones Ficheros embebidos 5/25/12 4

Printers 5/25/12 5

Malware Dirigido 5/25/12 6

Targeting Malware 5/25/12 7

Electing the entry point 5/25/12 8

Social Engineering Attack 5/25/12 9

Anonym0us case 5/25/12 10

Lost Data 5/25/12 11

Metadata Risks Relaciones Ocultas Historia de Acciones Entre empresas Entre personas Piratería de Software Información táctica Ataques 5/25/12 12

Drug Dealer 5/25/12 13

Forensic FOCA hjp://www.elladodelmal.com/ 2012/02/forensic- foca- beta- 5/25/12 14

Show Me Your Metadata 5/25/12 15

Internal Fingerprinting with FOCA 5/25/12 16

Phase 1: Metadata

FOCA 2 5/25/12 18

FOCA 2.5: Exalead 5/25/12 19

Network Discovery 5/25/12 20

Búsqueda de URLS en buscadores 5/25/12 21

Bing IP 5/25/12 22

Shodan 5/25/12 23

Network Discovery: Well Known Records Zone Transfer DNS SOA, MX, SPF, DKIM, LDAP, VoIP, Active Directory. AXFR Diccionary Search Server1, Intranet, Private, DNS, etc. 5/25/12 24

PTR Scannig 5/25/12 25

Huge domains case 5/25/12 26

Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 1) http -> Web server 2) GET Banner HTTP 3) domain.com is a domain 4) Search NS, MX, SPF records for domain.com 5) sub.domain.com is a subdomain 6) Search NS, MX, SPF records for sub.domain.com 7) Try all the non verified servers on all new domains 1) server01.domain.com 2) server01.sub.domain.com 8) Apple1.sub.domain.com is a hostname 9) Try DNS Prediction (apple1) on all domains 10) Try Google Sets(apple1) on all domains 5/25/12 27

Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 11) Resolve IP Address 12) Get Certificate in https://ip 13) Search for domain names in it 14) Get HTTP Banner of http://ip 15) Use Bing Ip:IP to find all domains sharing it 16) Repeat for every new domain 17) Connect to the internal NS (1 or all) 18) Perform a PTR Scan searching for internal servers 19) For every new IP discovered try Bing IP recursively 20) ~chema -> chema is probably a user 5/25/12 28

Network Discovery Algorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 21) /, /~chema/ and /~chema/dir/ are paths 22) Try directory listing in all the paths 23) Search for PUT, DELETE, TRACE methods in every path 24) Fingerprint software from 404 error messages 25) Fingerprint software from application error messages 26) Try common names on all domains (dictionary) 27) Try Zone Transfer on all NS 28) Search for any URL indexed by web engines related to the hostname 29) Download the file 30) Extract the metadata, hidden info and lost data 31) Sort all this information and present it nicely 32) For every new IP/URL start over again 5/25/12 29

Click & Go 5/25/12 30

Phase 2: Network

How Foca found a data 5/25/12 32

Role Oriented View 5/25/12 33

Fingerprinting 404 Not Found Options messages Domain names and software Aspx Error Messages HTTP Banner Hostname IP Addres SMTP Banner Digital Certificates Shodan 5/25/12 34

DNS Version.bind 5/25/12 35

Primary Master 5/25/12 36

Vulnerabilites View 5/25/12 37

Phase 3: Vulnerabilities

Customizable Search 5/25/12 39

FOCA + Spidering 5/25/12 40

FOCA + Spidering 5/25/12 41

Digital Certificates 5/25/12 42

FOCA 2.5 URL Analysis 5/25/12 43

.listing 5/25/12 44

Unsecure Http Methods 5/25/12 45

Search & Upload 5/25/12 46

Proxy 5/25/12 47

Fuzzing options 5/25/12 48

DNS Cache Snooping 5/25/12 49

DNS Cache Snooping 5/25/12 50

DNS Cache Snooping Internal Software Windows Update Gtalk Evilgrade Detecting vulnerable software to Evilgrade attacks AV evassion Detecting internal AV systems Malware driven by URL Hacking a web site ussually visited by internal users 5/25/12 51

DNS Cache detection 5/25/12 52

Log filter 5/25/12 53

FOCA Reporting Module 5/25/12 54

FOCA Reporting Module 5/25/12 55

Fear The FOCA 5/25/12 56

FOCA Online 5/25/12 57

Cleaning documents OOMetaExtractor hjp://www.codeplex.org/oometaextractor 5/25/12 58

IIS MetaShield Protector hjp://www.metashieldprotector.com 5/25/12 59

FOCA on Linux? 5/25/12 60

Buy a FOCA T-Shirt 5/25/12 And be «Sexy» }:)) 61

Questions? 5/25/12 62