Knowledge Gathering

2533 days ago, 1031 views
PowerPoint PPT Presentation
Knowledge Gathering. DefCon X Vic Vandal Vital DISCLAIMER: This discussion examines different illicit procedures and ideas. The creator does not underwrite nor does he support the execution of any of those unlawful exercises examined.

Presentation Transcript

Slide 1

Knowledge Gathering DefCon X Vic Vandal

Slide 2

NECESSARY DISCLAIMER: This discussion talks about different illicit systems and ideas. The creator does not embrace nor does he overlook the execution of any of those illicit exercises talked about. Particularly the Information Warfare ideas.

Slide 3

Types of Intelligence Gathering Competitive Intelligence Corporate Espionage Information Warfare Personal Investigation (*This speak is NOT about going to class to "wind up distinctly keen", in the event that anybody anticipated that that would be secured.)

Slide 4

Competitive Intelligence Relies entirely on lawful and moral intends to assemble information, sort it out to shape data, and examine it to make insight for the utilization of leaders Over 95 percent of the data organizations require to contend effectively is accessible in general society space Helps associations better comprehend their aggressive condition and settle on sound business choices Includes elements, for example, controllers, clients, providers, wholesalers, contenders and potential contenders

Slide 5

Corporate Espionage

Slide 6

Corporate Espionage "Undercover work" - the accumulation, assemblage, and examination of unlawfully picked up data "Corporate Espionage" - the burglary of prized formulas for financial pick up "Competitive innovation" - property right which has an incentive by giving preference in business over contenders who don't have a clue about the mystery International Trade Commission gauges current yearly misfortunes to U.S. enterprises because of corporate undercover work to be over $70 billion

Slide 7

How It's Generally Done Over 70% of tricks include "Inside Jobs" Disgruntled representatives Bribes from a contender Cleaning teams Industrial mole False Pretenses Companies enlist a contenders worker for their exchange learning Applicant talks with just to pump potential manager for data, or the other way around Spy professes to be an understudy, columnist, or investor

Slide 8

Who's Doing It? Outside governments and partnerships Russia, China, South Korea, India, Pakistan, Germany, Israel, Argentina, Taiwan, Indonesia, France, and so forth. FBI shows that 57 of 173 countries are running operations to effectively target U.S. organizations U.S. "authoritatively" does not partake… (COUGH) Employees Professional modern spies Members of the Society for Competitive Intelligence Professionals Business specialists (some in this room?) H4x0rs (likewise some in this room?)

Slide 9

What's Useful to an Attacker? Structure – association various leveled structures, departmental outlines, and so on. Framework – telephone framework organize outlines, undertaking IT arrange charts, IT bunches, bolster bunches, utilities suppliers (telephone/control/water and so on), People – Phone catalogs, email address books', who registries and so forth, guest directions, new starter enlistment packs (i.e., all that you have to know to get around!). Topography – super-forced on progressive structures – where is the IT division, where are the servers, and so forth. Security Enforcing Functions – physical get to control, secret word arrangement, equipment re-utilize, firewall/IDS utilize, email strategies, telephone utilize approaches, and so on. Systems – point by point arrange topologies IP & telephone – including firewall, switch, and intermediary positions. Programming/equipment – what machines are utilized, working frameworks (benefit pack & hot settle/fix levels), server programming, have programming, database programming, web server programming, and organization approaches.

Slide 10

The Basic Methodology Initial Public Intelligence Social Engineering Physical Security Analysis Network Analysis Information System Attacks

Slide 11

Initial Public Intelligence Meta-Search motors (DogPile, WebFerret), utilized at first and as more communitarian information is accumulated Company seeks - the SEC Edgar database ( ) - all data is free Gathering names (for later personality satirizing, social building, following) Gathering telephone numbers (for later contacts or war-dialing) Finding IT providers (to help decide arrange segments) Check newsgroups, web sheets, and industry criticism destinations for organization information (may yield LOTS of data)

Slide 12

Social Engineering Generally done remotely - requires a level of double dealing, disguise, and inspiration Examples are: Gain get to benefits by questioning managerial faculty over correspondences medium, for example, phone, fax, email, postal mail visit, or notice sheets from a false " special " position (administrator, evaluator, law implementation, and so on.) Gain get to benefits by questioning authoritative or help work area staff over an indistinguishable mediums from above from a fake " non-advantaged " position (confounded end client, new contractual worker, and so on.) Invite inside faculty out to a "social business capacity", to test them to uncover data outside of the workplace (over beverages, strippers, rapture, and so forth.)

Slide 13

Physical Security Analysis Identify observed get to focuses, scope, and courses (both by physical watch or potentially electronic means) Identify alert hardware, triggers, reaction staff and strategies Identify get to benefits through physical get to focuses (side/secondary passages, under/over wall, windows, rooftop, feeble locks, and so forth.) Identify shortcomings in the area (viewable pathway unmistakable/perceptible ranges into the objective) Identify supply conveyance faculty/associations Identify waste transfer or reusing techniques

Slide 14

Network Analysis Network Survey Derive space name (organization name, web nearness, and so forth.) Query ARIN for IP squares and sub-areas "burrow" space for DNS servers Zone exchange all accessible DNS areas and sub-areas Check open web server hotspot for server joins Send email and check headers of ricocheted sends or read receipts Search P2P administrations for association associations

Slide 15

Network Analysis (cont.) Network Survey War-dial to find modem-empowered frameworks and fax machines Test for default validation, effectively speculated secret key, and remote upkeep accounts Test for exploitable PBX get to Attempt PIN-hacking of voice message boxes

Slide 16

Network Analysis (cont.) IP/Port Scanning Use communicate ICMP reverberate to decide presence of frameworks Try DNS interface endeavors on all hosts Use "firewalking" to confirm ports open through any firewall Use nbtstat and "net utilize" (invalid session) filters for Netbios (Windows) has (port 137) Send bundles with TCP source port 80 and ACK set on ports 3100-3150, 10001-10050, 33500-33550, 35000-35050 on all hosts Send TCP pieces backward request with FIN, NULL, and XMAS examines on ports 21, 22, 23, 25, 80, and 443 on all hosts

Slide 17

Network Analysis (cont.) IP/Port Scanning (cont.) Send TCP SYN parcels on ports 21, 22, 23, 25, 80, and 443 on all hosts Send TCP sections backward request to any rundown of well known ports that might be liable to an assortment of adventures Use UDP filters on any rundown of mainstream ports that might be liable to an assortment of endeavors Use flag getting and other fingerprinting procedures to distinguish O/S's & applications Infer administrations/conventions/applications by means of open ports discovered

Slide 18

Network Analysis (cont.) Retrieve valuable data from concealed field factors of HTML structures and from HTML remarks Retrieve valuable data from application pennants, use guidelines, help messages, blunder messages Retrieve helpful data put away in treats Retrieve helpful data from reserve or serialized objects Determine remote get to focuses (remote sniffer, aeropeek, and so forth.)

Slide 19

Information System Attacks Use openly known endeavors against recognized applications by means of fingerprinting and port-checking Attack by means of default framework indirect accesses (O/S, DB, applications) Use lexicon or beast compel watchword assaults Gather PDF's, Word docs, spreadsheets and run secret key saltines on scrambled or ensured docs Capture and replay verification accreditations Attack printers to re-course printouts

Slide 20

Information System Attacks (cont.) Use registry traversal or direct direction assaults on web applications Use long character-strings to discover cradle floods Use cross-side scripting assaults against web applications Execute remote charges by means of server-side incorporates Manipulate session treats, shrouded fields, or referrer/have fields to assault server applications Exploit confided in framework connections

Slide 21

Can Organizations Stop It? Recognize touchy data, distinguish the dangers, and give satisfactory shields (information naming, get to control, encryption, destroying, organize get to controls, IDS, and so on.) Don't overlook security notices, best practices, or master exhortation Educate workers about ensuring secret data Fight for a sufficient security spending plan Have representatives, merchants, and accomplices consent to non-divulgence arrangements Routinely test all security ranges (physical, coherent, social, and so forth.) Sweep for reconnaissance gear

Slide 22

Information Warfare

Slide 23

Information Warfare "Data Warfare" – state-supported data and electronically conveyed moves made to accomplish data prevalence in support of national military technique Meant to influence foe data and data frameworks while securing our data and data frameworks Includes electronic fighting, observation frameworks, exactness strike, and propelled combat zone administration

Slide 24

Who's Doing It? Governments China, South Korea, Russia, India, Pakistan, Germany, Israel, Argentina, Taiwan, Indonesia, France, U.S., Al Qaeda, and so forth. Planted workers Ex-Cold War spies Former insight representatives Professional programmers PhD's in Computer Science - with millions in government backing The U.S. Flying corps, Army, and Navy have set up Information Warfare (IW) focuses Military data "war amusements" are currently being directed to get ready for such possibilities (both unpleasantly and protectively)

Slide 25