Professional Documents
Culture Documents
VOIP RAT
If the accounts are still online, this means hackers will be able
to grab any private correspondence associated with the
account
The hackers, called the Impact Team, demanded that Avid Life
Media, owner of AshleyMadison.com and its companion site
Established Men , take down the two sites.
“Avid Life Media has been instructed to take Ashley Madison and
Established Men offline permanently in all forms, or we will
release all customer records, including profiles with all the
customers’ secret sexual fantasies and matching credit card
transactions, real names and addresses, and employee documents
and emails,” the hackers wrote
The hackers appeared to target AshleyMadison and
EstablishedMen over the questionable morals they
condoned and encouraged, but they also took issue with
what they considered ALM’s fraudulent business
practices: women accounts are mainly fakes …
The My Friend Cayla doll, which is also sold in Australia, uses bluetooth, an
internet connection and speech-to-text technology to interact with children.
Germany's Federal Network Agency, the country's telecommunications
watchdog, said the seemingly-innocuous toy was an example of "unauthorised
wireless transmitting equipment".
All toys capable of transmitting signals and recording images or sound without
detection are banned under German law.
Each relay decrypts a layer of encryption to reveal only the next relay
in the circuit in order to pass the remaining encrypted data on to it.
The final relay decrypts the innermost layer of encryption and sends
the original data to its destination without revealing, or even
knowing, the source IP address.
TOR
Il est désormais facile d'acheter des données personnelles volées, des armes, de la drogue
ou de faire appel à un tueur à gage, …Une fausse pièce d'identité d’un pays européen se
négocie aux alentours de 1000 euros et il faut verser 4000 euros pour un passeport.
Si de nombreuses entreprises se ruinent pour acheter des bases de données leur permettant
d'envoyer de la publicité et ainsi, démarcher de nouveaux clients potentiels, le marché noir
propose des prix défiant toute concurrence : en moyenne, comptez 75 dollars pour un
million d'adresses mails valides
Advanced persistent threat
• An APT is a set of continuous computer hacking processes, often
orchestrated by human(s) targeting a specific entity. APT usually
targets organizations and/or nations for business or political
motives. APT processes require a high degree of covertness over a
long period of time. The "advanced" process signifies sophisticated
techniques using malware to exploit vulnerabilities in systems. The
"persistent" process suggests that an external command and
control system is continuously monitoring and extracting data from
a specific target.
• The term is commonly used to refer to cyber threats, using a
variety of intelligence gathering techniques to access sensitive
information.
• The purpose of these attacks is to place custom malicious code on
one or multiple computers for specific tasks and to remain
undetected for the longest possible period.
Advanced persistent threat
Life cycle
Different Actors – Different Motivations
Nations (Affiliates)
nels
Cyber-Criminals
‘Hacktivists'
« Ha
• “Client-side” Attacks
Plutot que de tenter de compromettre les serveurs bien protégés contenant les données à exfiltrer, les
hackers ont réalisé qu’il était bien plus aisé de compromettre les terminaux de utilisateurs (virtual
drives) pour pénétrer leur cible (Malware)
• Attaques Personnalisées
Les Attaques sont conçues pour
évader les système de detection (NG-
x, AV, Sandbox, …)
Hackers can take several months to
prepare their attacks (> 1 million $
« income »)
• Social Engineering
Activités
Schéma du Réseau
OS / Logiciels / Progiciels
…
Cible et Legende
Site Compromis
Sheldon C.
VP Recherche Leonard Fake ID
et Dev. Assistant Dr. Forum
Sheldon
LeonardH
Sois à l’heure demain –
Lancement du projet
2. Choice and Customisation of an existing malware
• Clés USB
• Navigation
Web
• Usurpation de site Légitime
• Compromission de site Legitime
• Hijack DNS
• Mail
• Instant Messaging
Email scam (fraud) is an unsolicited email that claims the prospect of a bargain or
something for nothing (except shipping costs …). Some scam messages ask for business,
others invite victims to a website
1 Fishing Email
Malware is executed
transparently (not to be
detected) on the target machine:
exploit kit use
3
Exploit / Infection
Action Utilisateur
Exploit kit
3
Exploit / Infection
Action Utilisateur
1 Fishing Email
3
Exploit / Infection
Exfiltration
Action Utilisateur
5
Exfiltration is not the only feature:
Remote control is easily provided through RAT tools use
(example with poison ivy)
When the user (target) will use his browser, the hacker with the
RAT management tool (considered as the client part) will have full
access to the user machine.
Poison Ivy
File manager
Registry manipulator
Process viewer and manipulator
Services and drivers viewer
Persister
• Installation d’outil
• Installation nouvelles variantes du Mission Remplie
Action on malware
Target • Observation / Keylogger
• Mouvement Lateral
•
Vulnérabilité
Pivot Locale
• Partage
• Mail
• Rebonds
• The program can also be used to detect attacks, Snort can be configured in
three main modes: sniffer, packet logger, and network intrusion detection.In
sniffer mode, the program will read network packets and display them on
the console. In packet logger mode, the program will log packets to the disk.
• In intrusion detection mode, the program will monitor network traffic and
analyze it against a rule set defined by the user. The program will then
perform a specific action based on what has been identified
Classical FW
• the typical functions of traditional firewalls
such as packet filtering, network- and port-
address Translation (NAT), stateful inspection,
and virtual private network (VPN) support.
• They include more layers of the OSI model (in
fact TCP/IP model) to improve filtering of
network traffic dependent on the packet
contents
Next-Generation Firewall