The Social-Engineer Toolkit (SET)

Similar documents
How To Use Powerhell For Security Research

Hacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) Twitter: Dave_ReL1K

Social Engineering Toolkit

PowerShell. It s time to own. David Kennedy (ReL1K) Josh Kelley (Winfang) Twitter: dave_rel1k

Social-Engineering. Adaptive Pentesting. Kevin Mitnick Dave Kennedy

Kali Linux Social Engineering

Presented by:!!dave Kennedy (RELIK)"!!!!!Ryan Macfarlane "

Defcon 20 Owning One To Rule Them All. Dave DeSimone Manager, Information Security Fortune 1000

The Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) Twitter: Dave_ReL1K

A New Era. A New Edge. Phishing within your company

Course Content: Session 1. Ethics & Hacking

Targeted attacks: Tools and techniques

BSIDES Las Vegas Secret Pentesting Techniques Shhh...

Wordpress Security. A guide on how to not get hacked when using wordpress. David Kennedy (ReL1K) Twitter: Dave_ReL1K

Introduction to Penetration Testing Paul D.

Social-Engineering. Hacking a mature security program. Strategic Penetration Testing

Kautilya: Teensy beyond shells

MetaXSSploit. Bringing XSS in Pentesting A journey in building a security tool. Claudio

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

FSOEP Web Banking & Fraud: Corporate Treasury Attacks

How To Fix A Web Application Security Vulnerability

Hack Yourself First A Beginner s Guide to Penetration Testing

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Worms & Browser Insecurity

APT Advanced Persistent Threat Time to rethink?

Attacking Layer 8: Client-Side Penetration Testing

Finding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft

The Prevalence of Flash Vulnerabilities on the Web

Vulnerability Assessment and Penetration Testing

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Learn Ethical Hacking, Become a Pentester

TACKYDROID. Pentesting Android Applications in Style

Audience. Pre-Requisites

The Importance of Patching Non-Microsoft Applications

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Why The Security You Bought Yesterday, Won t Save You Today

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Creation of Pentesting Labs

Protecting Your Organisation from Targeted Cyber Intrusion

BUILDING AN OFFENSIVE SECURITY PROGRAM BUILDING AN OFFENSIVE SECURITY PROGRAM

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Malicious Network Traffic Analysis

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Application Security Best Practices. Wally LEE Principal Consultant

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

The Roles of Software Testing & QA in Security Testing

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

Cross Site Scripting in Joomla Acajoom Component

CS 558 Internet Systems and Technologies

How We're Getting Creamed

Cross-Site Scripting

Last Updated: July STATISTICA Enterprise Server Security

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Threat Events: Software Attacks (cont.)

Project Artillery Active Honeypotting. Dave Kennedy Founder, Principal Security Consultant

Advancements in Botnet Attacks and Malware Distribution

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Enterprise Incident Response: Network Intrusion Case Studies and Countermeasures

Managing Web Security in an Increasingly Challenging Threat Landscape

Real World Web Service Testing For Web Hackers

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Fighting Advanced Threats

Penetration Testing The Red Pill

I Hunt Penetration Testers!

Smart Card APDU Analysis

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Quick Start Guide to Ethical Hacking

Client-Side Penetration Test Report

Evolution of PenTesting

2015 TRUSTWAVE GLOBAL SECURITY REPORT

Threat Spotlight: Angler Lurking in the Domain Shadows

Bypassing NoScript Security Suite Using Cross-Site Scripting and MITM Attacks

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

WHITEPAPER. Nessus Exploit Integration

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

A Survey on Virtual Machine Security

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

The evolution of virtual endpoint security. Comparing vsentry with traditional endpoint virtualization security solutions

Penetration Test Report

CLASS FINAL REPORT UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910

BEST SECURITY PRACTICES IN ONLINE BANKING PLATFORMS

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith


IRON-HID: Create your own bad USB. Seunghun Han

Web attacks and security: SQL injection and cross-site scripting (XSS)

Transcription:

The Social-Engineer Toolkit (SET) Putting the cool back into SE David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K

Social-Engineering in the 21 st Century Social-Engineering attacks are at an all time high. Harder to break in on the external perimeter, adaptation occurs towards our weakest link, the human element.

SET v0.6 Codename Arnold Palmer

Basics of SET Open-Source purely Python driven. Integration into Metasploit for both the exploit repository for client-side attacks and payloads. Multiple attack vectors specifically designed for Social- Engineering. For good, not bad, help pentesters and organizations test their security program.

SET Attack Vectors Spear-Phishing Spoof or utilize already established email addresses to do spear-phishing attacks with fileformat attack vectors. Web Attacks Multiple attack vectors including java applet, client-side exploits, tabnabbing, man left in the middle, and the credential harvester. Malicious USB/DVD/CD Autorun creation, allows you to deploy MSF payloads in a simple autorun.

SET Attack Vectors Cont. Arduino / Teensy USB HID Attack Vector Multiple payload selection for the USB keyboard HID attacks.

SET DEMO USB HID Attack Vector

USB HID Attack Vector Simulates a keyboard being plugged in (not flash) Drop a payload onto a system either through PowerShell or WSCRIPT. Can also drop executables through similar hex2bin conversion methods.

Integrating into Existing Hardware Most new keyboards have integrated USB Hubs.

All put together Keyboard still works perfectly We have our malicious stuff just sitting there waiting

SET DEMO TabNabbing

SET TabNabbing User visits site, it states please wait Victim switches to different tab. Cloned site is now presented, victim thinks he/she was logged off or forgot about this tab. Enter information into post parameters and credentials are harvested.

SET No-DEMO Man-Left-In-The-Middle

SET MLITM Special thanks to Kos for his hard work, it s his baby, just added to SET. Utilizing either a pre-compromised site or XSS, injecting website of SET into the vulnerable site. HTTP Referrers are used in order to harvest the credentials off of the site.

SET Credential Harvester

SET Credential Harvester Allows you to clone a website and automatically rewrite the post parameters to allow you to intercept and harvest credentials. Redirects victim back to the original site to make it seem less conspicuous. Can be used in wide-scale harvesting, reports export in both HTML and XML formats and can be easily used to generate reports.

SET DEMO Java Applet Attack Vector

Thomas Werth Attack Vector Released at ShmooCon, this attack vector allows you to create a malicious Java Applet. User hits run and the payload is executed on the victims machine. Redirects user back to original site to make attack less conspicuous. New in SET v0.6, heavy obfuscation of java and payload for A/V bypass and fixed major issues with Linux/OSX payload deployment. Applet source just opened today!

SET DEMO Spear Phishing

Spear Phishing Attack Vector Utilize Sendmail, Gmail, or your own open-mail relay to perform targeted attacks. Utilizes fileformat exploits in order to compromise the victim. Spoof email addresses to the victim. Allow as many email addresses as you want.

SET No-Demo USB/DVD/CD Infectious Method

USB/DVD/CD Infectious Method Simple yet effective, will create a folder in the SET root that automatically creates the autorun.inf and generates a metasploit payload for you. Used when deploying CD/DVD s for social-engineering attacks. Still somewhat of a basic attack vector but plans on improvement.

SET v0.6 Improvements from 0.5

SET 0.6 CodeName: Arnold Palmer Added the new TabNabbing Attack Vector Java Applet is now OPEN SOURCE! Ability to select either Pythons HTTP server or Apache integration Added the new Man Left in the Middle Attack vector Added the new Teensy USB HID Attack Vector Over 45 bug fixes. Added the latest Adobe, LNK, and IE exploits. Added Ettercap DNS poison attacks

So why SET? Hackers are doing this to us on a regular basis, they are only getting more sophisticated and we aren t doing squat to fix it. SET is aimed at user awareness and security program testing, FIX YOUR HUMANS! Making sure the security controls you put in place stop these types of attacks. Because contributing to the community in an open-source fashion is great.

Why is it effective? We are humans, we are programmed from birth through our lives to act and behave a certain way. Our brains all work the same way, we are all vulnerable and there really is no patch.

If you aren t doing this If you aren t doing SE as apart of your regular penetration tests you are seriously missing out. If you don t know about this, you should learn Success ratio s for compromise with SET are estimated at around 94%.

Learning more about SE http://www.social-engineer.org

The SE.org Framework

The SE.org Podcast Main Host: LoganWHD Co Host: Muts, Elwood, and ReL1K

How do you fix this issue? Put an emphasis on user restrictions and limiting users from hurting themselves. That means tight egress controls, no administrative rights, kernel level process hooks for monitoring and preventing, behavioral analysis, and heavy monitoring. Training the users on common attack vectors, your never going to be bulletproof but at least the ability to thwart the majority of them makes you much better than the most. Remove all employees from your organization and replace them with robots.

Questions? http://www.secmaniac.com davek@social-engineer.org Twitter: Dave_ReL1K

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information