Phishing:GoingfromRecontoCredsHackcon2016EditionAdamCompton
Agenda
●TalkaLittleAboutMyself●WhatisPhishing?●AStandardPhishingProcess● SpeedPhishingDemo
https://github.com/tatanus/SPF
AdamCompton
Father- 5yrsHusband-16yrsSecurityResearcher- 16yrsProgrammer- 34yrsHillbilly- 39yrs
@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/
[email protected][email protected]
https://github.com/tatanus/SPF
WhatisPhishing?
"theattempttoacquiresensitiveinformation...bymasqueradingasatrustworthyentityinanelectroniccommunication."- Wikipedia(Phishing)
https://github.com/tatanus/SPF
WhyPhish?
PotentialhighreturnoninvestmentMaybeeasiestwayonanetworkItworks!Peoplewanttobehelpful.
https://github.com/tatanus/SPF
GoingBacktothe90s
“AOHell includesa''fisher''thatallowsausertoposeasanAOLofficialandasknewmembersforpasswordsorcredit-cardnumbers.”- SanJoseMercury1995
https://github.com/tatanus/SPF
Whatkindofsensitiveinfo?
CredentialsCreditCardsIdentity- PIIHealthInformationBitcoinWalletsSteamAccounts
https://github.com/tatanus/SPF
TypesofPhishingAttacks
Attack Magnitude Targeting
Phishing Many General
SpearPhishing 10s- 100s Group,Company
Whaling One Executive
https://github.com/tatanus/SPF
StandardPhishingProcess
https://github.com/tatanus/SPF
Thelistoftargetsandanyotherinfothatwillhelp
Findthroughcompanysite,googlesearches,andevensocialmedia
Listmaybeprovidedbycustomer
https://github.com/tatanus/SPF
ReconTools
https://github.com/tatanus/SPF
Settingupweb,dns and/ormailservers
Createaconvincingscenario,writetheemail
Testtheentireprocess!
Thismaybeyouronlychancetofixissues
https://github.com/tatanus/SPF
CredentialHarvesting =>LoginInformation
ExploitingClient =>MetasploitSessions
Thisstepisbasedonscopeofwork
https://github.com/tatanus/SPF
AttackTools- SetuptoPostCompromise
https://github.com/tatanus/SPF
Everyone’sFavoritePart!AtMinimum:•DescribetheAttackScenario•Targets•CollectedCredentialsorCompromisedSystemsIncludeStatistics
https://github.com/tatanus/SPF
Iamlazy- Canwemakethiseveneasier?
Yes...Automation!
ProgramAPIs•BeEF RESTFul API•Recon-cli•SET- seautomateParseCommandlineToolOutputPython,Perl,&Bash
https://github.com/tatanus/SPF
SpeedPhishingFramework- SPF
Automatescommontasksneededtoperformaphishingexercise
WritteninPython
Minimalexternaldependencies
https://github.com/tatanus/SPF
CurrentFeatures
HarvestsEmailAddressSetups&HostsWebsitesSendsphishingemailstotargetsRecordsCreds andKeystrokesCreatesVERYSimpleReport
https://github.com/tatanus/SPF
SPF- UsageStatement/Options
https://github.com/tatanus/SPF
SPF- ConfigFile
https://github.com/tatanus/SPF
SPF- StandardPhishingProcess
https://github.com/tatanus/SPF
SPF- Reconnaissance
Searchesonlinesearchengineslike:◦Google,Bing,andDuckDuckGo
CanuseexternaltoolssuchastheHarvester
https://github.com/tatanus/SPF
SPF- IdentifyingPotentialTargets
https://github.com/tatanus/SPF
SPF- SetupandDeploy
Built-inwebserverbasedonTwistedpythonlibrary
Templated samplewebsiteswithaccompanyingemailtemplates
Abilitytodynamicallycloneadditionalloginportalsasneeded
https://github.com/tatanus/SPF
SPF- LoadingWebSites
https://github.com/tatanus/SPF
SPF- WebSites
https://github.com/tatanus/SPF
SPF- SendingEmails
Cansimulatesendingofemails
Sendsemailsinaroundrobinstylealternatingacrossallphishingsites
Sendsemailsvia3rdpartySMTPserverorbyconnectingdirectlytothetarget'smailserver
https://github.com/tatanus/SPF
SPF- SendingEmails
SPF- CollectResponses&PostExploitation
LogsallaccesstothewebsitesLogsallformsubmissionsLogsallkeystrokes
Hasabilitytopillageemailaccounts
https://github.com/tatanus/SPF
SPF- CollectingResults
https://github.com/tatanus/SPF
Reports
SavesalldataandactivitylogstoassessmentspecificdirectorystructureGeneratessimpleHTMLreport
https://github.com/tatanus/SPF
SPF- SimpleReport
Advanced/ExperimentalFeatures
CompanyProfiler◦ Identifywhichifanytemplatesshouldbeused◦ Dynamicallygeneratenew"target-specific"phishing sitesPillage◦ Verifycredentials◦ Downloadattachments◦ Searchfor"SSN,password, login,etc…)
https://github.com/tatanus/SPF
SPFDemo
Weshallallnowpraytothedemogods
https://github.com/tatanus/SPF
FutureWork/Features
MoreexternaltoolsBetterProfiling/PillagingFancyReportsIncorporateSSL(possiblyviahttps://letsencrypt.org/).
Suggestions?
https://github.com/tatanus/SPF
AHUGEThankYouto:
Recon-ng- TimTomes(lanmaster53)BeEF - WadeAlcorntheHarvester - ChristianMartorellaSocialEngineeringToolkit- DaveKennedyMorningCatch- RaphaelMudge
https://github.com/tatanus/SPF
Defense
Preparation◦UserAwareness&PeriodicTesting
Detection&Analysis◦Alerts,MailProxies
Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested
https://github.com/tatanus/SPF
Defense
Preparation◦UserAwareness&PeriodicTesting
Detection&Analysis◦Alerts,MailProxies
Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested
https://github.com/tatanus/SPF
ThankYou!
411
AdamCompton@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/[email protected][email protected]
https://github.com/tatanus/SPF