SlideShare una empresa de Scribd logo

Pushing in, leaving a present, and pulling out slowly without anyone noticing

Iftach Ian Amit
Iftach Ian Amit
TecnologíaNoticias y política
1 de 110
Descargar para leer sin conexión
Iftach Ian Amit | September 2011 Pushing in, leaving a present and pulling out without anybody noticing Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.com Tuesday, September 20, 11
Iftach Ian Amit | September 2011 whoami • Not certified • VP Consulting at Security-Art • Hacker, researcher, developer • I like crime, and war :-) • DC9723, PTES, IL-CERT, IAF All rights reserved to Security Art ltd. 2002-2011 2 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 1. Infiltration • Technical factors • Human factors • Command & Control in loosely connected environments All rights reserved to Security Art ltd. 2002-2011 4 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff • 3rd party tools used (LinkedIn, SalesForce, SaaS applications)... All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff • 3rd party tools used (LinkedIn, SalesForce, SaaS applications)... • Harder to get *although nice to have as reproducible on many targets All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical The problem: Small attack surface All rights reserved to Security Art ltd. 2002-2011 6 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal • Attack surface is much broader (spell Adobe, Symantec, WinZip, AOL, Mozilla, etc...) All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” • “did you get my memo with the new price-list <link to .xls file>” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” • “did you get my memo with the new price-list <link to .xls file>” • You get the idea... All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 2. Data Targeting & Acquisition • Weaponizing commercial tools • Creating “APT” capabilities • But first - targeting... All rights reserved to Security Art ltd. 2002-2011 12 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Step 1: Basic Intel What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Step 1: Basic Intel What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 15 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 15 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Just make sure to pack Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Just make sure to pack Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 And set measurable goals • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 From mass infection to APT PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 3. Exfiltration • Avoiding DLP • Avoiding IPS/IDS egress filters • Encryption • Archiving • Additional techniques All rights reserved to Security Art ltd. 2002-2011 23 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 24 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 24 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 How about them SSLs? • Cool. • Although sometimes may be intercepted • Pesky content filters... All rights reserved to Security Art ltd. 2002-2011 25 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 26 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 27 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 27 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 28 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 29 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 But you have no network • They killed 80, 443, 53 and cut the cable to the interwebs! • Go old-school! All rights reserved to Security Art ltd. 2002-2011 30 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 31 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 To shred or not to shred? All rights reserved to Security Art ltd. 2002-2011 32 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 To shred or not to shred? All rights reserved to Security Art ltd. 2002-2011 32 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Yeah, good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 33 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call Call, leave a message, don’t OR a voicemail box expect to be called back... All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 36 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 37 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Conclusions • Available controls • Information flow path mapping • Asset mapping and monitoring All rights reserved to Security Art ltd. 2002-2011 38 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Controls • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 39 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Controls • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 39 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 40 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Map your assets “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 41 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 And monitor them! They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 42 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 2 tips for monitoring • Pre-infiltration - social media • Check out SocialNet for Maltego from packetninjas.net... :-) • Post-infoltration - ALL your channels • Yes - VoIP is one of them. Record, transcribe, feed to DLP. Simple as that. All rights reserved to Security Art ltd. 2002-2011 43 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Then... TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 44 Tuesday, September 20, 11
Iftach Ian Amit | September 2011 Questions? Thank you! Whitepapers: www.security-art.com Data modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 45 Tuesday, September 20, 11

Recomendados

What is Bitcoin? (May 2011)
What is Bitcoin? (May 2011)What is Bitcoin? (May 2011)
What is Bitcoin? (May 2011)weusecoins
 
YouTipIt Ignite Webmontag Präsentation
YouTipIt Ignite Webmontag PräsentationYouTipIt Ignite Webmontag Präsentation
YouTipIt Ignite Webmontag PräsentationKarsten Grombach
 
YouTipIt Global Ignite Munich
YouTipIt Global Ignite Munich YouTipIt Global Ignite Munich
YouTipIt Global Ignite Munich Karsten Grombach
 
Bitcoin
BitcoinBitcoin
BitcoinIftach Ian Amit
 
A Bitcoin intro
A Bitcoin introA Bitcoin intro
A Bitcoin introGraham L
 
How to Create AltCoin(Alternative Cryptocurrency)?
How to Create AltCoin(Alternative Cryptocurrency)?How to Create AltCoin(Alternative Cryptocurrency)?
How to Create AltCoin(Alternative Cryptocurrency)?Abdullah Khan Zehady
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 

Recomendados

What is Bitcoin? (May 2011)
What is Bitcoin? (May 2011)What is Bitcoin? (May 2011)
What is Bitcoin? (May 2011)weusecoins
 
YouTipIt Ignite Webmontag Präsentation
YouTipIt Ignite Webmontag PräsentationYouTipIt Ignite Webmontag Präsentation
YouTipIt Ignite Webmontag PräsentationKarsten Grombach
 
YouTipIt Global Ignite Munich
YouTipIt Global Ignite Munich YouTipIt Global Ignite Munich
YouTipIt Global Ignite Munich Karsten Grombach
 
Bitcoin
BitcoinBitcoin
BitcoinIftach Ian Amit
 
A Bitcoin intro
A Bitcoin introA Bitcoin intro
A Bitcoin introGraham L
 
How to Create AltCoin(Alternative Cryptocurrency)?
How to Create AltCoin(Alternative Cryptocurrency)?How to Create AltCoin(Alternative Cryptocurrency)?
How to Create AltCoin(Alternative Cryptocurrency)?Abdullah Khan Zehady
 
Advanced Data Exfiltration
Advanced Data ExfiltrationAdvanced Data Exfiltration
Advanced Data ExfiltrationIftach Ian Amit
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Iftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Cyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconCyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconIftach Ian Amit
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT ConferenceIftach Ian Amit
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsIan Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsSource Conference
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for ChinaA.M. Barnard
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for ChinaBroadBrush Ventures
 
Cyber [crime|war deepsec
Cyber [crime|war deepsecCyber [crime|war deepsec
Cyber [crime|war deepsecIftach Ian Amit
 
Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at CimpressIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 KeynoteIftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applicationsIftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamitIftach Ian Amit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
Sexy defense
Sexy defenseSexy defense
Sexy defenseIftach Ian Amit
 
Cyber state
Cyber stateCyber state
Cyber stateIftach Ian Amit
 

Más contenido relacionado

Similar a Pushing in, leaving a present, and pulling out slowly without anyone noticing

Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Iftach Ian Amit
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itIftach Ian Amit
 
Cyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconCyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconIftach Ian Amit
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT ConferenceIftach Ian Amit
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsIan Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsSource Conference
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for ChinaA.M. Barnard
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for ChinaBroadBrush Ventures
 
Cyber [crime|war deepsec
Cyber [crime|war deepsecCyber [crime|war deepsec
Cyber [crime|war deepsecIftach Ian Amit
 

Similar a Pushing in, leaving a present, and pulling out slowly without anyone noticing (8)

Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011Cyber [Crime|War] - SourceBoston 2011
Cyber [Crime|War] - SourceBoston 2011
 
Advanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done itAdvanced Data Exfiltration - the way Q would have done it
Advanced Data Exfiltration - the way Q would have done it
 
Cyber[Crime|War] - Brucon
Cyber[Crime|War] - BruconCyber[Crime|War] - Brucon
Cyber[Crime|War] - Brucon
 
Cyber Terror ICT Conference
Cyber Terror ICT ConferenceCyber Terror ICT Conference
Cyber Terror ICT Conference
 
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The DotsIan Iftach Amit - Cyber[Crime|War] - Connecting The Dots
Ian Iftach Amit - Cyber[Crime|War] - Connecting The Dots
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for China
 
Developing Mobile Apps for China
Developing Mobile Apps for ChinaDeveloping Mobile Apps for China
Developing Mobile Apps for China
 
Cyber [crime|war deepsec
Cyber [crime|war deepsecCyber [crime|war deepsec
Cyber [crime|war deepsec
 

Más de Iftach Ian Amit

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVIftach Ian Amit
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing KeynoteIftach Ian Amit
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk MetricsIftach Ian Amit
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and BackIftach Ian Amit
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and BlueIftach Ian Amit
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?Iftach Ian Amit
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?Iftach Ian Amit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python BytecodeIftach Ian Amit
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer GamesIftach Ian Amit
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723Iftach Ian Amit
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and youIftach Ian Amit
 

Más de Iftach Ian Amit (20)

Cyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLVCyber Risk Quantification - CyberTLV
Cyber Risk Quantification - CyberTLV
 
Devsecops at Cimpress
Devsecops at CimpressDevsecops at Cimpress
Devsecops at Cimpress
 
BSidesTLV Closing Keynote
BSidesTLV Closing KeynoteBSidesTLV Closing Keynote
BSidesTLV Closing Keynote
 
Social Media Risk Metrics
Social Media Risk MetricsSocial Media Risk Metrics
Social Media Risk Metrics
 
ISTS12 Keynote
ISTS12 KeynoteISTS12 Keynote
ISTS12 Keynote
 
From your Pocket to your Heart and Back
From your Pocket to your Heart and BackFrom your Pocket to your Heart and Back
From your Pocket to your Heart and Back
 
Painting a Company Red and Blue
Painting a Company Red and BluePainting a Company Red and Blue
Painting a Company Red and Blue
 
"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?"Cyber" security - all good, no need to worry?
"Cyber" security - all good, no need to worry?
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applications
 
Seeing Red In Your Future?
Seeing Red In Your Future?Seeing Red In Your Future?
Seeing Red In Your Future?
 
Hacking cyber-iamit
Hacking cyber-iamitHacking cyber-iamit
Hacking cyber-iamit
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Sexy defense
Sexy defenseSexy defense
Sexy defense
 
Cyber state
Cyber stateCyber state
Cyber state
 
Infecting Python Bytecode
Infecting Python BytecodeInfecting Python Bytecode
Infecting Python Bytecode
 
Exploiting Second life
Exploiting Second lifeExploiting Second life
Exploiting Second life
 
Dtmf phreaking
Dtmf phreakingDtmf phreaking
Dtmf phreaking
 
Cheating in Computer Games
Cheating in Computer GamesCheating in Computer Games
Cheating in Computer Games
 
Telecommunication basics dc9723
Telecommunication basics dc9723Telecommunication basics dc9723
Telecommunication basics dc9723
 
Stuxnet - the worm and you
Stuxnet - the worm and youStuxnet - the worm and you
Stuxnet - the worm and you
 

Último

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Pushing in, leaving a present, and pulling out slowly without anyone noticing

  • 1. Iftach Ian Amit | September 2011 Pushing in, leaving a present and pulling out without anybody noticing Iftach Ian Amit VP Consulting DC9723 CSA-IL Board member IL-CERT Visionary All rights reserved to Security Art ltd. 2002-2011 www.security-art.com Tuesday, September 20, 11
  • 2. Iftach Ian Amit | September 2011 whoami • Not certified • VP Consulting at Security-Art • Hacker, researcher, developer • I like crime, and war :-) • DC9723, PTES, IL-CERT, IAF All rights reserved to Security Art ltd. 2002-2011 2 Tuesday, September 20, 11
  • 3. Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
  • 4. Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
  • 5. Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
  • 6. Iftach Ian Amit | September 2011 Agenda All rights reserved to Security Art ltd. 2002-2011 3 Tuesday, September 20, 11
  • 7. Iftach Ian Amit | September 2011 1. Infiltration • Technical factors • Human factors • Command & Control in loosely connected environments All rights reserved to Security Art ltd. 2002-2011 4 Tuesday, September 20, 11
  • 8. Iftach Ian Amit | September 2011 Infiltration - Technical All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 9. Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 10. Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 11. Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 12. Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff • 3rd party tools used (LinkedIn, SalesForce, SaaS applications)... All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 13. Iftach Ian Amit | September 2011 Infiltration - Technical • Exploits! of what??? • Web, FTP, mail, SSL-VPN... • Will only get you the basic stuff • 3rd party tools used (LinkedIn, SalesForce, SaaS applications)... • Harder to get *although nice to have as reproducible on many targets All rights reserved to Security Art ltd. 2002-2011 5 Tuesday, September 20, 11
  • 14. Iftach Ian Amit | September 2011 Infiltration - Technical The problem: Small attack surface All rights reserved to Security Art ltd. 2002-2011 6 Tuesday, September 20, 11
  • 15. Iftach Ian Amit | September 2011 Infiltration - Technical All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 16. Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 17. Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 18. Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 19. Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 20. Iftach Ian Amit | September 2011 Infiltration - Technical • How about them windows? • Win XP still the dominantly deployed OS on clients (both in corporate and government settings) • Win 7 is no big deal • Attack surface is much broader (spell Adobe, Symantec, WinZip, AOL, Mozilla, etc...) All rights reserved to Security Art ltd. 2002-2011 7 Tuesday, September 20, 11
  • 21. Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
  • 22. Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
  • 23. Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
  • 24. Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” • “did you get my memo with the new price-list <link to .xls file>” All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
  • 25. Iftach Ian Amit | September 2011 Infiltration - Human • Not as in “I got your guy and I want $1,000,000 to set him free” • More like “dude, check out the pics from the conference we went to last month. Wicked!” • “did you get my memo with the new price-list <link to .xls file>” • You get the idea... All rights reserved to Security Art ltd. 2002-2011 8 Tuesday, September 20, 11
  • 26. Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
  • 27. Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
  • 28. Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 9 Tuesday, September 20, 11
  • 29. Iftach Ian Amit | September 2011 Infiltration - Human All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 30. Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 31. Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 32. Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 33. Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 34. Iftach Ian Amit | September 2011 Infiltration - Human • eMails, web links, phishing... • Works like a charm! • And can be mostly automated • SET to the rescue All rights reserved to Security Art ltd. 2002-2011 10 Tuesday, September 20, 11
  • 35. Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
  • 36. Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
  • 37. Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
  • 38. Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
  • 39. Iftach Ian Amit | September 2011 Infiltration - Human And... being nice/nasty/ obnoxious/needy always helps! All rights reserved to Security Art ltd. 2002-2011 11 Tuesday, September 20, 11
  • 40. Iftach Ian Amit | September 2011 2. Data Targeting & Acquisition • Weaponizing commercial tools • Creating “APT” capabilities • But first - targeting... All rights reserved to Security Art ltd. 2002-2011 12 Tuesday, September 20, 11
  • 41. Iftach Ian Amit | September 2011 Step 1: Basic Intel What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Tuesday, September 20, 11
  • 42. Iftach Ian Amit | September 2011 Step 1: Basic Intel What is the target “willing” to tell about itself? All rights reserved to Security Art ltd. 2002-2011 13 Tuesday, September 20, 11
  • 43. Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
  • 44. Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
  • 45. Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
  • 46. Iftach Ian Amit | September 2011 Who’s your daddy? And buddy, and friends, relatives, colleagues... All rights reserved to Security Art ltd. 2002-2011 14 Tuesday, September 20, 11
  • 47. Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 15 Tuesday, September 20, 11
  • 48. Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 15 Tuesday, September 20, 11
  • 49. Iftach Ian Amit | September 2011 Select your target wisely And then craft your payload :-) All rights reserved to Security Art ltd. 2002-2011 16 Tuesday, September 20, 11
  • 50. Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
  • 51. Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
  • 52. Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 • SpyEye: $2500-$4000 • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
  • 53. Iftach Ian Amit | September 2011 Not as expensive as you think • ZeuS: $3000-$5000 E! RE • SpyEye: $2500-$4000 F • Limbo: $500-$1500 All rights reserved to Security Art ltd. 2002-2011 17 Tuesday, September 20, 11
  • 54. Iftach Ian Amit | September 2011 Just make sure to pack Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Tuesday, September 20, 11
  • 55. Iftach Ian Amit | September 2011 Just make sure to pack Experienced travelers know the importance of packing properly All rights reserved to Security Art ltd. 2002-2011 18 Tuesday, September 20, 11
  • 56. Iftach Ian Amit | September 2011 And set measurable goals • File servers • Databases • File types • Gateways (routes) • Printers All rights reserved to Security Art ltd. 2002-2011 19 Tuesday, September 20, 11
  • 57. Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
  • 58. Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
  • 59. Iftach Ian Amit | September 2011 From mass infection to APT Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 20 Tuesday, September 20, 11
  • 60. Iftach Ian Amit | September 2011 From mass infection to APT PATIENCE Mass infection: APT: 5-6 days before 5-6 months before detection detection Frequent updates No* updates * Almost All rights reserved to Security Art ltd. 2002-2011 21 Tuesday, September 20, 11
  • 61. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 62. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 63. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 64. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 65. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 66. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 67. Iftach Ian Amit | September 2011 Control? • What happens when you are so far behind? Internet • Just use your friends (peers) • Expect a one-way 3rd party command scheme. You! • Exfiltration is a Target different animal... All rights reserved to Security Art ltd. 2002-2011 22 Tuesday, September 20, 11
  • 68. Iftach Ian Amit | September 2011 3. Exfiltration • Avoiding DLP • Avoiding IPS/IDS egress filters • Encryption • Archiving • Additional techniques All rights reserved to Security Art ltd. 2002-2011 23 Tuesday, September 20, 11
  • 69. Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 24 Tuesday, September 20, 11
  • 70. Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 24 Tuesday, September 20, 11
  • 71. Iftach Ian Amit | September 2011 How about them SSLs? • Cool. • Although sometimes may be intercepted • Pesky content filters... All rights reserved to Security Art ltd. 2002-2011 25 Tuesday, September 20, 11
  • 72. Iftach Ian Amit | September 2011 -----BEGIN PGP MESSAGE----- So... Version: GnuPG/MacGPG2 v2.0.14 (Darwin) hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t -----END PGP MESSAGE----- All rights reserved to Security Art ltd. 2002-2011 26 Tuesday, September 20, 11
  • 73. Iftach Ian Amit | September 2011 Still “too detectable” All rights reserved to Security Art ltd. 2002-2011 27 Tuesday, September 20, 11
  • 74. Iftach Ian Amit | September 2011 Still “too detectable” hQMOA1jQIm6UkL4eEAv/W3r/eYLUmqRNi/Jegt72lK6qdBiBfkg9PZ5YKql9CUZp FGnVk029K3gEVcrA4k7w2aOtP7tYKRF8v4yrZQ9GZ7eXzR7+Tbf1g+7dveH6U8Bf BHo8LRovj5OlGghrvpyKYRPIf/NAgzL2G8dyi/FVB0YB4J7/4x0YFEalQHaLiKyt /gkikyV92njPJ6tPm2sdKUqUHSb20r9AdowZ0VVRrWwdRgUhdNXajjwcbH1BjVuS Gilw8MnmQkmJAT+TAFkTqC9fjiwtnNMNANJbo2Z36RqsAcKbhVh1eMA7ev0pUakp Tm4xN64syk/1DEc0VHFbanAreTV3tCbUUIoPQDFGFpiu3oS6/089oUvRtBBbC5p6 leYKEnDllcGWAomRSiYBFWjTca/DIw43QIW/lmdBnwcWLuQmDCmwr3HuhEaOmqfO hdgaxM4GuVdJCDdwXzwpuaPElCd18weH2XNzudLdeRKN+wjl/4D6bIo+038BcLei SyhWrMFB7mKSmEzQufQUDACFamtMCn9YOo3mgo+YYk505qhIDLNwZXqyVUqOHvIG vu7gzuNwUdY5idLqsGEs0K0xVwYntTKUh61tNS/HDfNTVm4Y3p8M88JHhcg7npY5 gJuhWuHkgp2CTsQT+gRjthm3l3AlnIvAfuC5uWLMsjA4sCw2FRDOARxrN9El8maX /vCxN9aB3dK4S9MSGJ5HhaYpTfpc9CdFkFryzb2sFWfW85nSzNo7dVFCy0jmSr19 o4Jsfj0J0izS3MeGYYz5NSsfBz+6o/IYURL3OXrm4DuJNHY0DvVbYqSQRRx3o2S+ uZekwXwYsqpei/f/sYo875p5NeX3g62zgjy2Vly+n58WaZWoHb5Y0QCxNfpjdcAQ 3tuZQaUvlqrkQeSRxKXD7pxlHdwHDgfvw01RU8NsMkfsBoTZY27BjFvIg5S/pv9O 6IznXaJu9jRWDj6tvSypx8X2iiVgtSHYahlqEUH1RusAMCILkx0DydCvUud/qRbT YcnkVVgA8ojeDoVpp3AabRrSmgEAOwW6M0KvnSuMKniLIKe7kolqGjEuLAx7s5Kg mMHfNki5dYWvQzHv03ID9UG+uW6o54BnsajEVe2EcYTPT+8pg2bCxnMElK0ds9Is qvf2Kx4kqO0qMeJG1II2zfAFqmMiTMtgA2CZ0Y42hA/bQK/CCM8QVo9JcGn3Jf6N 0X1TVob7xDo/fkRROHv74dIh2Kxa0SH8iGdb4kI= =jN3t All rights reserved to Security Art ltd. 2002-2011 27 Tuesday, September 20, 11
  • 75. Iftach Ian Amit | September 2011 Much better • Throws in some additional encodings • And an XOR for old time’s sake • And we are good to go... • 0% detection rate All rights reserved to Security Art ltd. 2002-2011 28 Tuesday, September 20, 11
  • 76. Iftach Ian Amit | September 2011 Resistance is futile All rights reserved to Security Art ltd. 2002-2011 29 Tuesday, September 20, 11
  • 77. Iftach Ian Amit | September 2011 But you have no network • They killed 80, 443, 53 and cut the cable to the interwebs! • Go old-school! All rights reserved to Security Art ltd. 2002-2011 30 Tuesday, September 20, 11
  • 78. Iftach Ian Amit | September 2011 Kill some trees All rights reserved to Security Art ltd. 2002-2011 31 Tuesday, September 20, 11
  • 79. Iftach Ian Amit | September 2011 To shred or not to shred? All rights reserved to Security Art ltd. 2002-2011 32 Tuesday, September 20, 11
  • 80. Iftach Ian Amit | September 2011 To shred or not to shred? All rights reserved to Security Art ltd. 2002-2011 32 Tuesday, September 20, 11
  • 81. Iftach Ian Amit | September 2011 Yeah, good ol’e DD... All rights reserved to Security Art ltd. 2002-2011 33 Tuesday, September 20, 11
  • 82. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 83. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 84. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 85. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 86. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 87. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 88. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 89. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 90. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 91. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 92. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call OR a voicemail box All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 93. Iftach Ian Amit | September 2011 Back to hi-tech (?) ET Phone Home Got VOIP? Excellent! Target a handset/switch Collect your data Set up a public PBX Encode OR a conference call Call, leave a message, don’t OR a voicemail box expect to be called back... All rights reserved to Security Art ltd. 2002-2011 34 Tuesday, September 20, 11
  • 94. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 95. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 96. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 97. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 98. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 99. Iftach Ian Amit | September 2011 Voice exfiltration demo All rights reserved to Security Art ltd. 2002-2011 35 Tuesday, September 20, 11
  • 100. Iftach Ian Amit | September 2011 All rights reserved to Security Art ltd. 2002-2011 36 Tuesday, September 20, 11
  • 101. Iftach Ian Amit | September 2011 Killing paper isn’t nice • Fax it! • Most corporations have email-to-fax services • heard of the address 555-7963@fax.corp.com ? • Just send any document (text, doc, pdf) to it and off you go with the data... All rights reserved to Security Art ltd. 2002-2011 37 Tuesday, September 20, 11
  • 102. Iftach Ian Amit | September 2011 Conclusions • Available controls • Information flow path mapping • Asset mapping and monitoring All rights reserved to Security Art ltd. 2002-2011 38 Tuesday, September 20, 11
  • 103. Iftach Ian Amit | September 2011 Controls • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 39 Tuesday, September 20, 11
  • 104. Iftach Ian Amit | September 2011 Controls • Start with the human factor • Then add technology All rights reserved to Security Art ltd. 2002-2011 39 Tuesday, September 20, 11
  • 105. Iftach Ian Amit | September 2011 • Where people leave data • Hint - spend time with developers. • “Hack” the business process • Test, test again, and then test. Follow with a surprise test! All rights reserved to Security Art ltd. 2002-2011 40 Tuesday, September 20, 11
  • 106. Iftach Ian Amit | September 2011 Map your assets “be true to yourself, not to what you believe things should look like” Old chinese proverb All rights reserved to Security Art ltd. 2002-2011 41 Tuesday, September 20, 11
  • 107. Iftach Ian Amit | September 2011 And monitor them! They are YOUR assets after all No reason to be shy about it... And remember to add honey... All rights reserved to Security Art ltd. 2002-2011 42 Tuesday, September 20, 11
  • 108. Iftach Ian Amit | September 2011 2 tips for monitoring • Pre-infiltration - social media • Check out SocialNet for Maltego from packetninjas.net... :-) • Post-infoltration - ALL your channels • Yes - VoIP is one of them. Record, transcribe, feed to DLP. Simple as that. All rights reserved to Security Art ltd. 2002-2011 43 Tuesday, September 20, 11
  • 109. Iftach Ian Amit | September 2011 Then... TEST SOME MORE For hints/guides see: www.pentest-standard.org All rights reserved to Security Art ltd. 2002-2011 44 Tuesday, September 20, 11
  • 110. Iftach Ian Amit | September 2011 Questions? Thank you! Whitepapers: www.security-art.com Data modulation Exfil POC: Too shy to ask now? http://code.google.com/p/ iamit@security-art.com data-sound-poc/ Need your daily chatter? twitter.com/iiamit All rights reserved to Security Art ltd. 2002-2011 45 Tuesday, September 20, 11