Section 8

Section 8
Creative Advanced Attacks
On the downhill slide of our journey with Wireless LAN Security Assessment Toolkit, well show you some of the cutting edge and exciting tools and techniques that exist in the WLAN ecosystem. Your kit includes a professional Honeypot to trap would be attackers to your Wireless LANs. Plus we’ve included some unique ‘tools’ on a USB ‘Attack Stick’ – remember, only WITH PERMISSION.

08 - Creative Advanced Attacks.v7 1/12/11

© 2007 Institute for Network Professionals


www.inpnet.org • www.HOTLabs.org


Section 8

Lab 8.1: Create a Honeypot KF Sensor
KFSensor is a Windows based Honeypot Intrusion Detection System (IDS). It acts as a honeypot to attract and detect hackers and worms by simulating vulnerable system services and trojans. By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information than can be achieved by using firewalls and NIDS alone. KFSensor is designed for use in a Windows based corporate environment and contains many innovative and unique features such as remote management, a Snort compatible signature engine and emulations of Windows networking protocols. With its GUI based management console, extensive documentation and low maintenance, KFSensor provides an effective way of improving an organization's network security.

Product Information Source
Key Focus KF Sensor Professional – Commercial License $999.00 http://www.keyfocus.net/kfsensor/index.php

Where, When, Why
When you want to ‘catch’ someone in the act of attacking your network, a Honeypot is the tool of choice. KF Sensor is a robust, professional Honeypot that can also be used attached to a ‘rogue’ access point of your design to ‘catch’ folks attempting to access your network via the Wireless LAN.

Usage and Features
Monitors every port - KFSensor Professional monitors attacks on every TCP and UDP port, as well as detecting ICMP or ping messages. It also monitors all network activity of native Windows server applications. Allowing these to act as part of a Honeypot configuration. Remote administration - KFSensor Enterprise Edition contains the ability to manage and monitor multiple honeypot installations. Events from different sensors across the network are concatenated in real time allowing an immediate view of attacks as they happen. KFSensor uses 3072 bit RSA public/private key authentication and 256 bit AES encryption to provide the top of the range security for communication between sensors. IDS signature engine - KFSensor is the first product to combine the benefits of signature-based IDS with a honeypot system. Its fast signature search engine, has a minimal impact on system performance and can handle thousands of rules.

08 - Creative Advanced Attacks.v7 1/12/11

© 2007 Institute for Network Professionals


www.inpnet.org • www.HOTLabs.org

using the following words somewhere in your domain name may get you more hits: . Requirements / Dependencies • • • • Windows NT.it may be a different color).v7 1/12/11 © 2007 Institute for Network Professionals 3 www.Creative Advanced Attacks. For example. Now you need to give your system a name. The Set Up Wizard guides you through the configurations of: Step 3. Port Classes Domain Name Selection Email Alerts Systems Service Click the Next button to begin configuring KF Sensor. Step 1.accounting .bank . Launch KFSensor (it may already be started on your system. Step 4.private . Perhaps your computer has ports currently in use (Listened) Step 2.internal 08 .financial .investment . Select Settings > Set Up Wizard .Configuring KF Sensor In this lab exercise you configure KFSensor using the Wizard and the individual settings windows.WLSAT Section 8 It is easy to update the rulebase with new rules from different sources and to create new rules directly from an event. Use a fictitious name that may be attractive to someone who is doing discovery for “juicy” targets. Windows 2003 Server 500mb hard disk space 512mb RAM 1 NIC card and/or direct internet connection Lab Part 1 . Click Next to accept this configuration using all port classes. Windows XP.org • www. Look for the KFSensor icon in the system tray .HOTLabs.credit .org . By default all the port classes will be selected. Windows 2000.inpnet.

.org . Step 6. Step 5.org • www.No external connections Network Protocol Analyzer .net or whatever extension you are going to use).WLSAT Section 8 Enter your domain name (don’t forget to include the .Normal/Cautious Port Activity . You can change between users without affecting the system service. 08 . enter your target email address and the source email address in this window.com. If you would like to receive email alerts of events. ”Install as a system service” should be selected. .org.v7 1/12/11 © 2007 Institute for Network Professionals 4 www. A system service allows KFSensor to run like a daemon on your system regardless of who is logged into it. Step 7. Click Next . Denial of Service .Enable packet dump files Use the following settings for this lab exercise: Click Next .Creative Advanced Attacks. Now you are on the system service set up window.inpnet.1-12 Hours Proxy Emulation . You must be logged in as the administrator to install the system service.HOTLabs.Allow banner grabs and loop backs . Now you can configure the system services. Click Next . Click the Wizard Help button for more details on each option.Disable packet dump files .

Select Settings > DOS Attack Settings . Configure your KFSensor as shown next. Now we are going to customize KF Sensor. In this area you define the alert behavior. Click Finish . Now you are ready to review the DOS Attack Settings and see if you want to stay with Normal – or use Cautious – or a customized setting. Step 10.inpnet. We definitely want to disable the audible alarm and we want to increase the number of events that are displayed when KFSensor starts up.HOTLabs. Select Settings > Customize . 08 . KFSensor should now be ready to configure your system.Creative Advanced Attacks.org . Step 9.org • www.v7 1/12/11 © 2007 Institute for Network Professionals 5 www. Click OK when you have set these configurations. KFSensor window behavior. startup behavior and the maximum number of events to keep loaded. Step 8. recent activity intervals.WLSAT Section 8 Click Next .

We enabled this feature in the Set Up Wizard. You can select either setting or define a customized setting for this lab exercise. Click OK when you are done. Step 13. Now we are ready to configure the network analyzer function of KF Sensor. Select Settings > Network Protocol Analyzer . In this area you can select to monitor specific interfaces and define the types of packets that you want to capture. choose all adapters that are displayed in the list (which include your wired and wireless adapter and the generic Microsoft adapter).inpnet.HOTLabs.Creative Advanced Attacks.v7 1/12/11 © 2007 Institute for Network Professionals 6 www.org .WLSAT Section 8 Step 11. NOTE: This system has a dial-up adapter loaded. Configure your KFSensor network protocol analyzer as shown on the below. Step 12.org • www. To compare the two default settings – Normal and Cautious – click on each separately and review the settings . On your systems. Click OK when you are finished. 08 .

Select Settings > Email Alerts and review the configuration. If you need to know more about any setting.WLSAT Section 8 Note: Your analyzer trace files are stored in the c:\kfsensor\dumps directory. This is not unusual – it indicates that certain ports were in use already when KFSensor started.HOTLabs. however. We are going to back out and make a new scenario called WLSAT Scenario. You should have only one scenario defined on your system – the Main Scenario. In the KFSensor window.org • www. You may want to select a Message Title or rethink the sender’s address so you can easily apply email filters for your KFSensor alerts. Step 18. If you install more than one KF Sensor.v7 1/12/11 © 2007 Institute for Network Professionals 7 www. 08 . Note: It might warn about restarting KF Sensor in the ‘normal’ way and shuts down. Step 15. Click OK when you are finished. For example. Now select Settings > Local Sensor Configuration .inpnet. We’ll keep this default port and the log level setting at this time. NOTE: First we are going to look at the Main Scenario – we are not going to edit that scenario. Click OK . select Scenario > Edit Scenarios . Click Edit . Step 17. Look through the other options under the Settings menu option . Just restart to return.Creative Advanced Attacks. assign a unique ID to each since this number is kept in the logs to enable you to determine which KFSensor server was hit. Lab Part 2 . Change your KFSensor ID value to kfsensor-zzz where zzz are your first. This is the active scenario at this time. on Windows systems the NBT (NetBIOS) ports are enabled by default and will generate errors.Viewing. At this time you might see a KF Warning box appear. Editing and Creating New Scenarios In this lab exercise you continue to configure KFSensor by viewing the Main Scenario.org . In this area you also define the email alert interval and the message severity level. middle and last initials. creating a new scenario and defining the Listens and KFSensor behavior for those Listens. Here you will see the Sensor ID of your KFSensor server. click the Help button on the setting window. Step 16. Click OK to accept this setting. Step 14. You can select “Convert to Native” on those ports to have KFSensor listen to activity on them.

Creative Advanced Attacks. This is also where you define the KFSensor action when that Listen is hit as well as the severity level.v7 1/12/11 © 2007 Institute for Network Professionals 8 www. Step 19. Finally you can define the DOS attack limits to protect KFSensor from being overwhelmed by 08 . Double-click on FTP Guild (see previous graphic) to get more detail on the configuration of the FTP Listen.inpnet.WLSAT Section 8 We don’t want to edit this scenario – we only want to look at it.org . Here you can get an idea of how a Listen is defined – you define the port number and protocol and address to bind the Listen to.org • www. This window is showing you “Listens” or defined ports that we are listening on using this scenario.HOTLabs.

Step 23. Enter the scenario name WLSAT Scenario . Click Cancel to close the Edit Listen window and Cancel to close the Edit Scenario Window.WLSAT Section 8 too many connections on that Listen.Creative Advanced Attacks. Click OK to close the warning window. You may receive the warning about ports in use. Check off all the classes listed except Linux and click OK .org . Click Add to create a new scenario. Now we are ready to build a brand new scenario. Click Add/Remove Classes… button .v7 1/12/11 © 2007 Institute for Network Professionals 9 www. Step 21. 08 . You should now be viewing the Edit Scenarios window as shown below.inpnet.HOTLabs. Step 22.org • www. Enter the domain name that you defined in the Set Up Wizard. Step 20.

Lab Part 3 . Click Add .Viewing and Adding Visitor Rules In this lab exercise you view and edit rules related to visitors that hit KF Sensor. We are going to add a Listen to this group. Click OK to close the Edit Scenario window. Now you will see all the Listens for these classes show up in your new scenario. NOTE: KFSensor hesitates for a moment as it switches scenarios – be patient. You are going to add a Listen for Laura’s Attack . Enter the information as shown in the configuration below. It might need to be restarted – the switch might cause the services to stop.HOTLabs. Select your WLSAT Scenario from the drop-down list and click OK . Your new Listen should show up in the list now. Now your NAST Scenario should be listed in the Edit Scenario window. Step 25.org • www.inpnet.Creative Advanced Attacks.v7 1/12/11 © 2007 Institute for Network Professionals 10 www. Select Scenario > Switch Scenario . Click OK when you are done. Click OK to save this scenario and close the New Scenario window. You will work with your WLSAT Scenario only. First IP Address: Last IP Address: ___________________________________ ___________________________________ 08 . Step 26.org .WLSAT Section 8 Step 24.

Creating Signature Rules In this lab exercise you create a signature rule based on traffic received and review how signatures are created and imported. Enter the following rule information: Name: First IP: Last IP: Host DNS name: Protocol: Sensor Port: Visitor Port: Min. Step 6.inpnet. click the Ports View button . This might be enabled by default when the server starts. 08 . This column shows the data related to the event (if any).v7 1/12/11 © 2007 Institute for Network Professionals 11 www. Connections: Actions: Set Severity: Click OK to close the Edit Rule window. Step 5. Step 3.Creative Advanced Attacks. Your new rule is visible when you edit the active scenario and click the Rules button . Click Add .org • www.org . Visitor rules are only used to close connections with. Maximize the window so you can see the Received column information. Use signatures to do lockouts based on ports or payload. Step 1. select Scenario > Edit Active Visitor Rules to open the Visitor Rules window. Step 2. In KF Sensor.WLSAT Section 8 NOTE: If you are going to connect to the KFSensor system using a Listen port (perhaps one that has been converted to native. Instructor Machine See above See above Leave blank Any Leave blank Leave blank Leave blank Leave blank Ignore No change Step 4. or ignore visitors. Lab Part 4 .HOTLabs. enter a Visitor Rule to exclude your connection on that port. In KF Sensor. Connections: Max. such as the FTP port) and you don’t want your communication to be logged. They are NOT a “lockout” feature.

v7 1/12/11 © 2007 Institute for Network Professionals 12 www. Step 9.WLSAT Section 8 Step 7. 08 . The Edit Signature window appears showing the signature data definition.org • www.HOTLabs. click the Create button. If no signature is associated with this event. Double-click one of the events that show data was transferred. The Add Signature window is now displayed. Click the Signature tab . Step 8.Creative Advanced Attacks.inpnet. Click OK to accept this configuration. The Event Detail window appears.org . You can provide a message with your signature and include a Source Reference (such as a website that contains additional information on this signature).

org .snort. KFSensor uses signatures to provide information on an attack and not to identify attacks.org/rules/ Another important source of rules is Bleeding Snort: http://www.Creative Advanced Attacks. you’ll only see your own little network’s Windows traffic.com/index. The official Snort and community rules sets can be obtained at: http://www. KFSensor can import rules written in Snort format. Unlike a network IDS.inpnet.php 08 .bleedingsnort. It is therefore possible to use experimental and non-certified rule sets.WLSAT Section 8 Note: Unless you are actively working with a ‘partner’ to see live traffic. There are a number of different sources for Snort rules and the first stage is to download copies of different rule sets. The signature will be defined as “hand coded” which means it takes precedence over the other KF signatures.HOTLabs.v7 1/12/11 © 2007 Institute for Network Professionals 13 www.org • www. It is that easy to add signatures from existing events. In order for KFSensor's signature engine to be most effective it is best to build up and maintain a large rule base.

HOTLabs.Creative Advanced Attacks.inpnet.org .WLSAT Section 8 Lab 8.org • www.2: Creative Wireless Attacks Instructor will now demonstrate creative wireless attacks. 08 .v7 1/12/11 © 2007 Institute for Network Professionals 14 www.

When.v7 1/12/11 © 2007 Institute for Network Professionals 15 www. WARNING: ALWAYS HAVE PERMISSION BEFORE USING ANY OF THESE RECOVERY UTILITIES IMPORTANT NOTE: Many of these utilities might trip your Anti-Virus alarms – not as a ‘virus’ per se. with these simple tools you can quickly find the passwords and get back to happy computing. Why Security—Password and History Recovery Utilities (multiple applications) Have you or any of your friends or family ever forgotten a password? Of course you have had this experience.inpnet.nirsoft. Well. history from IE and Cookies as well as recover those pesky Microsoft Product Keys.3: NirSoft Password & History Utilities This group is a series of individual software packages aimed at Password Recovery. copy the original files from the Student DVD to the appropriate location on your Ultimate USB stick \5 – Security\Toolname\Tool Usage and Features • • • • • MessenPass – Recovery of instant messenger passwords MailPassView – Recovery of popular e-mail client passwords Protected Storage PassView – Recovery of all passwords and AutoComplete strings from Protected Storage Dialupass – Recovery of VPN and Internet dialup connection passwords Asterisk Logger – Reveal passwords hidden behind asterisk (******) characters in password boxes 08 .Creative Advanced Attacks. with this great power comes great responsibility as well.org .’ Some AV products will delete the offending files directly from your USB Stick –to replace them.HOTLabs.WLSAT Section 8 Lab 8. Product Information Source NirSoft Freeware www. Now. Because of the sensitive nature of the information obtained by these tools – please be careful and always have permission first before deploying these recovery tools. History Recovery or Product Key Recovery.net Where. but as a ‘hacking tool. Use the ProduKey BEFORE you need to reinstall and you can be ready for those Office and XP keys – you’ll be all ready to reinstall after a crash.org • www. You need to use these tools for good and not for evil! You can recover passwords.

Messenpass Step 1.Creative Advanced Attacks.inpnet. As a penetration test – showing what information is vulnerable Lab Part 1 . Did it find any of your Instant Messenger accounts and passwords? _______ Step 2.HOTLabs. FTP and HTTP passwords Network Password Recovery – Recover network passwords stored by Windows XP WirelessKeyView – View Wireless LAN WEP and WPA keys IE PassView – View Internet Explorer passwords IECookiesView – View and Modify cookies stored on your computer IEHistoryView – View and Delete URLS you’ve visited in the last few days WinUpdatesList – Display all the Windows updates on the target machine ProduKey – Recover Microsoft Office/Windows Product CD-Keys Requirements / Dependencies • Any Windows operating system Where to Go for More Information • www. IMAP4.nirsoft.org .org • www.v7 1/12/11 © 2007 Institute for Network Professionals 16 www.WLSAT Section 8 • • • • • • • • SniffPass – Listen on the network for POP3. Try exporting an HTML file of the results 08 . Launch MessenPass . SMTP.net This is the ‘Manual’ way of running these… in the next lab we will use an ‘Attack’ Stick to automate the process What you will do in this lab: • • Run through a series of hands-on lab exercises testing a variety of password and history recovery utilities.

The 'View' menu allows you to filter the main window content by displaying only certain types of passwords Step 1.MailPassView Step 1.Creative Advanced Attacks. This registry key contains the passwords stored on your computer by Internet Explorer.org . Protected Storage PassView displays in its window all the passwords it's able to find. Outlook Express and MSN Explorer. The usage is trivial: once executed. showing the resource name.WLSAT Section 8 Lab Part 2 . the password type. 08 . Did it find any of your Mail accounts and passwords? ________ Step 2. Lab Part 3 – Protected Storage Passview Protected Storage PassView is a small utility to reveal the content of the "Protected Storage" registry key. Launch Protected Storage PassView . You can export an HTML file of the results.org • www.HOTLabs. the username (if available) and the password.v7 1/12/11 © 2007 Institute for Network Professionals 17 www.inpnet. Launch MailPassView .

– These items are clearly and easily available to anyone who has access to your computers! What was discovered on *your* computer? _____________________________ How does this make you feel about the security of your private information? ____________________________________________________ Step 3. passwords.HOTLabs. 08 . Note the wealth of information this quickly provides – web sites. this too can export to an HTML file.v7 1/12/11 © 2007 Institute for Network Professionals 18 www. etc.org • www. Like the other NirSoft products.org .Creative Advanced Attacks.inpnet.WLSAT Section 8 Step 2.

Step 3.WLSAT Section 8 Lab Part 4 – Asterisk Logger Step 1. After you reveal all the passwords you need.org . and save them into a text or HTML file. Step 2. you can select the desired passwords in the main window of Asterisk Logger.org • www.v7 1/12/11 © 2007 Institute for Network Professionals 19 www. Open the window that contains the asterisk text-box you want to reveal. 08 . and in addition.HOTLabs. The password will be instantly revealed inside the password box. a record containing the password and other information will be added to the main window of Asterisk Logger utility.Creative Advanced Attacks. Launch Asterisk Logger .inpnet.

Generate some traffic by using the browser to login to a site where you must enter your name and password. A Capture Options window opens.v7 1/12/11 © 2007 Institute for Network Professionals 20 www. Step 5.WLSAT Section 8 Lab Part 5 .SniffPass Step 1. Launch SniffPass .org • www. Step 3. Highlight the adaptor you are using for packet captures and select either RAW Sockets or WinPcap Packet Capture Driver . Click OK .HOTLabs.org .inpnet. Step 2. Step 4.Creative Advanced Attacks. 08 . Note: Choose RAW Sockets if you don’t have WinPcap loaded already on your target machine. Click on Fileà Start Capture or click on the green arrow.

Step 2. Did it find any of your Windows Network accounts and passwords? _______ You can export an HTML file of the results Lab Part 7 . Step 2. Launch Network Password Recovery .WirelessKeyView Step 1.WLSAT Section 8 Lab Part 6 – Network Password Recovery Step 1. Launch WirelessKeyView . Did it find any of your Wireless accounts and passwords? ____________ Note: The keys are shown in both HEX and ASCII values Step 3.Creative Advanced Attacks. Step 3.org • www.inpnet. You can export an HTML file of the results 08 .org .HOTLabs.v7 1/12/11 © 2007 Institute for Network Professionals 21 www.

org • www.WLSAT Section 8 Lab Part 8 – IE PassView Step 1. Did it find any of your Internet Explorer accounts and passwords? You can export an HTML file of the results 08 .v7 1/12/11 © 2007 Institute for Network Professionals 22 www.HOTLabs. Step 3. Launch IE PassView .Creative Advanced Attacks.org .inpnet. Step 2.

Now using the options in Microsoft IE. Launch IECookiesView . Step 3.inpnet. clear out your history and cache and try running this utility again. Step 2. Launch IEHistoryView .Creative Advanced Attacks. Look through the column headings by scrolling to the right. L Step 2.IEHistoryView Step 1.v7 1/12/11 © 2007 Institute for Network Professionals 23 www.org .HOTLabs.WLSAT Section 8 Lab Part 9 – IECookiesView – Internet Explorer Cookies Manager Step 1. You can export an HTML file of the results Lab Part 10 . Did you know your surfing history was this easy to see? Step 3.org • www. Did it clear your data? 08 .

When it’s time to restore. Launch ProduKey . You can export an HTML file of the results Lab Part 12 . Launch WinUpdatesList .WinUpdatesList Step 1.HOTLabs. you’ll have your CD-Keys all ready to go. 08 . Step 2.org • www.inpnet.v7 1/12/11 © 2007 Institute for Network Professionals 24 www.Creative Advanced Attacks.ProduKey Step 1. How many times has the target machine been ‘patched’ or updated by Microsoft for the Windows OS? _______ Step 3.WLSAT Section 8 Lab Part 11 .org . Step 2. Cut and paste these keys into a text file and save as part of your backup.

3. 08 .Creative Advanced Attacks. 2.org .v7 1/12/11 © 2007 Institute for Network Professionals 25 www. View all the different types of saved passwords and history files that are available to anyone with access to your computer These tools can all be run remotely if a hacker has control of your computer As an example in a penetration test. you can show the clients the vulnerabilities of their machines to a anyone with these simple software utilities Your Anti-Virus software might have caught a few of these tools. but what about those the AV didn’t catch? 4.HOTLabs.inpnet.org • www.WLSAT Section 8 What you learned in this Lab: In this Lab you learned to use Password & History Recovery Utilities to: 1.

.hak5. Windows. Why Ok. XP. or 2003 logged in with Administrative privileges and physical access. A single USB stick designed to ‘hack’ into an unsuspecting computer. Protected Storage. IP information.4: Attack and Recovery .org • www. Passwords from IE.USB Switchblade The goal of the Attack & Recovery tools (based on USB Switchblade ) is to silently recover information from a target Windows 2000 or higher computer.v7 1/12/11 © 2007 Institute for Network Professionals 26 www.php?title=USB_Switchblade 08 . the beauty lies in the fact that the payload can run silently and without modifying the system or sending network traffic.5 Team Combination of Freeware Where. etc. Protected storage and more! DO NOT USE THIS WITHOUT APPROPRIATE PERMISSIONS! Requirements / Dependencies • Windows Target Machine with physical access to USB Port Where to Go for More Information • • • http://www. very easily.hak5.hak5. very quickly.inpnet. IE history.org .org/wiki/index. Passwords. copy down the SAM files.HOTLabs.php?p=31505 http://www.org/wiki/Switchblade_Packages http://www. As a penetration testing demonstration.WLSAT Section 8 Lab 8.. now this one is going to be hard to justify the Where. Product Information Source Hak. For example the USB Switchblade can be used to retrieve information from a target system at a LAN party by lending the key to an unsuspecting individual with the intent to distribute a game patch or the like. this small USB device excels at ‘scaring’ the target. By showing how easy it is to learn a very large amount of information about the target machine. While the USB Switchblade does require a system running Windows 2000. When.org/forums/viewtopic. the original Amish technique of using social engineering to trick a user into running the payload when choosing "Open folder to display files" upon insertion. When and Why— Unless you have the correct permissions to do a Penetration Test on the target devices. including password hashes. Wireless.Creative Advanced Attacks. Usage and Features • • Using this tool to stealthily retrieve passwords. Firefox. Internet browsing history and detailed information from a target machine. etc. LSA secrets. Shows Product Keys. making it near invisible.

WLSAT Section 8 What you will do in this lab: • Use the ‘Attack Stick’ to run USB Switchblade on a target device to retrieve passwords.Creative Advanced Attacks.org .BAT file in the \WIP\CMD\ directory – or at your USB drive prompt. Try turning off Anti-Virus for a period of time. etc.bat . Please review each of these files. With only a few seconds. When the attack is complete. remove the USB stick. Step 6. Step 5. Step 3.v7 1/12/11 © 2007 Institute for Network Professionals 27 www.org • www. type: \WIP\CMD\go. Lab Part 1 – Penetration Test Demonstration DO NOT USE THIS WITHOUT APPROPRIATE PERMISSIONS! Using this tool in a penetration testing mode can be used to ‘scare’ unaware individuals of the items on their computer that ‘share’ their personal information.HOTLabs. detailed information. Step 7. Use with Caution. Step 9. IMPORTANT! Please delete the contents of the \win\dump folder before continuing – it contains private information! Step 4. You might have tripped an Anti-Virus alarm by running this Attack. On a different computer (or the same as the target – it doesn’t matter) retrieve the ‘found’ information by opening the \WIP\DUMP folder and finding a folder with a name of the target computer. Step 8. many pieces of personal information and history can be gathered. Start the GO. Inside you’ll find a set of files containing massive amounts of personal information.inpnet. etc. If Autorun does not launch – they you will need to Launch USB SwitchBlade. and physical access to a USB port. What you learned in this Lab: In this Lab you learned to use USB Switchblade to: • • • Wow! Was it really that easy to find all that personal information? How am I going to protect myself and my computer from this type of attack in the future? What else might I do with this type of platform? 08 . Did you find passwords? For what programs? Did it find ALL passwords? Why or why not? _________________________________________________ There are other sets of tools that can use this same method for good and not for evil! Running scripts to update A/V packages. Insert ‘Attack Stick’ in target computer.

Sign up to vote on this title
UsefulNot useful