Gray Hat Hacking

Grand Computers Club New Technologies SIG

January 20, 2016

Topics

• January Newsletter

• Overview

• Intrusion attack steps

• Future targets

• Open discussion

• Questions

1/20/2016 www.grandcomputers.org 2

Overview

Definitions

• Black-hat hackers, or simply “black hats,” are the type of hacker the popular media seems to focus on. Black-hat hackers violate computer security for personal gain or for pure maliciousness.

howtogeek.com

1/20/2016 www.grandcomputers.org 3

Overview

Definitions

• White-hat hackers are the opposite of the black-hat hackers. They’re the “ethical hackers”, experts in compromising computer security systems who use their abilities for good, ethical, and legal purposes rather than bad, unethical, and

criminal purposes. howtogeek.com

1/20/2016 www.grandcomputers.org 4

Overview

Definitions

• A gray-hat hacker falls somewhere between a black hat and a white hat. A gray hat doesn’t work for their own personal gain or to cause carnage, but they may technically commit crimes and do arguably unethical things.

howtogeek.com

1/20/2016 www.grandcomputers.org 5

Overview

Attack objectives

C.H.E.W.

• Criminal – for financial gain

• Hacktivism – for political leverage

• Espionage – for information gathering

• Warfare – disrupt, destroy, damage

1/20/2016 www.grandcomputers.org 6

Intrusive Attack

Stages of a intrusive attack

• Reconnaissance

• Incursion

• Discovery

• Capture

• Exfiltration

1/20/2016 www.grandcomputers.org 7

Intrusive Attack

Reconnaissance – most time consuming & very important; non-intrusive

• Broad

• Targeted

• Direct

• Much easier with Internet & social media

• Goal is to find cracks in the armor

1/20/2016 www.grandcomputers.org 8

Intrusive Attack

Scenario - Reconnaissance –

• Target – government contractor

• Sells equipment to government agencies

• Has public/private web sites with org charts, leadership profiles & bios

• Officers have pictures, & LinkedIn pages

• Company has BYOD policy

• Parking lot open to visitors

• IT support by external contractors

1/20/2016 www.grandcomputers.org 9

Intrusive Attack

Incursion

• Gain access to network/computer resources

• Preliminary capture of stuff (also next stage)

• Initial incursion (foothold) on network resources

• Use exploit to attack vulnerability on target system & determine landing point

• May use software payload as exploit

1/20/2016 www.grandcomputers.org 10

Intrusive Attack

Incursion

• Hire on as IT contractor, cleaning staff

• “Drop” USB drive in parking lot

• Install malware via email

• Lure to compomised web page

1/20/2016 www.grandcomputers.org 11

Intrusive Attack

Discovery

• Obtain information from inside the target

• Create backdoor for quick & easy access

• Network & vulnerability scans from inside

• Access directories; steal credentials

1/20/2016 www.grandcomputers.org 12

Intrusive Attack

Discovery

• Find software used and release/maintenance levels

• Check for default passwords

• Discover logging and audit habits

• Note maintenance and upgrade windows

• Find ACL (access control lists)

1/20/2016 www.grandcomputers.org 13

Intrusive Attack

Capture

• Prepare info for “move” in next stage

• Use credentials from discovery to access files and databases

• Try to find encryption keys for sensitive info (may not be on main computers)

1/20/2016 www.grandcomputers.org 14

Intrusive Attack

Capture & control

• Obtain passwords, credentials, encryption keys

• Access desired files, email

• Add additional malware, backdoor access, place tools and data on other servers & workstations; hide and encrypt all of this

• Decide what to do about detection & surveillance

1/20/2016 www.grandcomputers.org 15

Intrusive Attack

Exfiltration – last & most important stage

• Remove info from target & copy/send to other network

• Bundle data to use existing channels such as web pages and external resources

• Be patient; objective is to not get caught

• Beware of data loss protection methods

• Use of drop sites to store and share

1/20/2016 www.grandcomputers.org 16

Intrusive Attack

Exfiltration – last & most important stage

• Bundle desired data & move to external sites or media using existing resources

• Complete above actions without disrupting data loss protection methods

• Use other compromised sites to store and share your booty

1/20/2016 www.grandcomputers.org 17

Intrusive Attack

Tools & Concepts

• View web pages for HTML source code

• Note URLs and addresses on web page by moving cursor around page

• Build a good collection of recent tools and methods

• Become familiar with what versions of software have unpatched flaws

• Take lots of time to prevent detection

1/20/2016 www.grandcomputers.org 18

Intrusive Attack

Internet defense components

• Network firewall

• Network intrusion protection & network detection protection

• Client firewall

• Client intrusion protection & client detection protection (AV, antimalware)

1/20/2016 www.grandcomputers.org 19

Intrusive Attack Targets

• Banks not customers

• Infrastructure – power, water, food, roads, rail, air

• Manufacturing, supply chains

• Medical records, hospitals,

• Police, fire, military, national guard

• Cyber devices – disks, computers, routers, firewalls

1/20/2016 www.grandcomputers.org 20

Other Links

• Anatomy of cyber attach

• Seven stages of advanced threats

• Cyber exploitation life cycle

• Protect Myself from Cyber Attacks

• Watch live attack traffic

1/20/2016 www.grandcomputers.org 21

Next Meeting

Windows 10 Troubleshooting

Wednesday, February 17, 2016

4:00-5:30pm

Havasupai/Maricopa Rooms

Chaparral Center

1/20/2016 22 www.grandcomputers.org

Discussion

1/20/2016 23 www.grandcomputers.org