A Plan for Permanent Network Compromise¶
Date: | 2012-07-28 |
---|---|
Speakers: | Phil Purviance, Josh Brashars |
Slides: | http://media.blackhat.com/bh-us-12/Briefings/Purviance/BH_US_12_Purviance_Blended_Threats_Slides.pdf |
Browser-Based Attacks¶
Old Skool¶
- Exploit Windows
- Exfiltrate data
- Detected/removed by AV
Nu Skool¶
- aka “Blended threats”
- multiple vectors (worm gets email, back-door for infection)
- Break free of the browser and into the network
Why Attack Network Devices?¶
- Hard to detect w/ AV
- Non-standard upgrade model
- Ignored by users if service keeps running
Compromising Network Devices¶
- Rogue SOHO/wifi routers (!!)
- More common than you think
- Engineers, careless QA plugging into Enterprise
- Default settings!!
- Bridging enterprise via VPN from compromised home users (!!)
- Worst case scenario:
- Make browser do as much as possible
- Make end-user do all the work
- Proof-of-concept: 1 JavaScript program
- Hijack ad networks, upload sites, online surveys
- Social network sites
- Exploiting non-technical friends/family with spam posts
Network Scanning w/ JS¶
- JSScan
- JS-Recon
- jslanscanner
- Enumerate IP addreses/ports with dynamic element creation (to load an image) - code makes a request on the LAN to see if reachable
- WebSockets
- Pwning SOHO/home routers w/ default credentials
- HTTP Basic Authentication