Presentation is loading. Please wait.

Presentation is loading. Please wait.

FINFISHER: FinSpy 3.10 Product Training.

Similar presentations


Presentation on theme: "FINFISHER: FinSpy 3.10 Product Training."— Presentation transcript:

1 FINFISHER: FinSpy 3.10 Product Training

2 Table of Content Introduction FinSpy Agent FinSpy Administration
FinSpy Master FinSpy Relay Troubleshooting

3 Portfolio Overview

4 Introduction FinSpy is designed to help Law Enforcement and Intelligence Agencies remotely monitor computer systems and gain full access: Key Features: Online Communication Skype, Messengers, VoIP, , Browsing and more Internet Activity Social Networks, Discussion Boards, Blogs, File-Sharing and more Stored Data Remote access to hard-disk, deleted files, Recently Opened Files, crypto containers and more Surveillance Devices Use of Integrated webcams, microphones and more Location

5 Introduction Strategic use of the FinSpy System: IT Intrusion System
Internal Monitoring System Covert Surveillance Device Remote Control System

6 FinSpy – Components

7 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
FinSpy Master FinSpy Relay Troubleshooting

8 FinSpy Agent – Components
Provides Graphical User Interface for FinSpy System Shows Target List Provides Interface for Target Analysis Allows Target Configuration Facilitates Target Updates Enables Target Trojan Creation Facilitates Creation of differing Infection Techniques

9 FinSpy Agent – Contents
Overview Target List Target Options Evidence Protection Target Creation Infection Techniques Analyses

10 FinSpy Agent – Overview
FinSpy Agent – Login Window Username and Password IP Address or DNS Name and Port of FinSpy Master Logoff from the FinSpy Master

11 FinSpy Agent – Overview
FinSpy Agent – Main Window

12 FinSpy Agent – Overview
The FinSpy Agent Main Window offers the following functionalities: Data Analysis – Analysis of selected or multiple Targets Create Target – Wizard to create a new Target Trojan Configuration – Basic Settings for FinSpy Agent and FinSpy Master Show Logfiles – To view the Logfiles on the FinSpy Master Agent List – To view which Agents are connected to which Target(s) License Information – To view the actual License and Import one LEMF – Data Management – To configure the LEMF About – Shows the FinSpy Version and License Online Help – Visit Support Website Logoff – Disconnect the FinSpy Agent from FinSpy Master

13 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Target List FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

14 FinSpy Agent – Target List

15 FinSpy Agent – Target List
The FinSpy Agent Target List displays information about a Target. FinSpy Target Name Unique FinSpy System Name of Target System Username under which the FinSpy Infection operates Country & City in which the FinSpy Targets ISP Access point is located Global IP & Public IP address of the FinSpy Target Operating System including Service Pack Target Time & Target Time Zone Software Version of the FinSpy Target Install Mode (MBR, Kernel Mode, User Mode)

16 FinSpy Agent – Target List – Online

17 FinSpy Agent – Target List – Online
The Online List of Targets offers the following functionalities to manage, monitor and reconfigure an active FinSpy Target: Analyse Data Visualize Data Evidence Protection Configuration Live Session Download Now Update Remove Infection Disconnect

18 FinSpy Agent – Target List – Offline

19 FinSpy Agent – Target List – Offline
The Offline List of Targets offers the following functionalities to manage and monitor a FinSpy Target: Analyse Data Visualize Data Evidence Protection Configuration Remove Infection

20 FinSpy Agent – Target List – Archived
The Archived List of Targets offers the following functionalities to manage a FinSpy Target, where, the infection was removed but data is still on the FinSpy Master Server: Analyse Data Visualize Data Evidence Protection Remove Data

21 FinSpy Agent – Target List – Target Licensing
If the maximum number of infection is reached, the Target is unavailable as long as no license is freed and an infected Target is uninfected. First come – first serve principle

22 FinSpy Agent – Target List – Recorded Data Availability
Symbols indicate availability of new data Star indicates Data on FinSpy Master is available Bullet indicates Data on FinSpy Target is available for download to Master Server

23 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Target Analysis FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

24 FinSpy Agent – Target Analysis
All or Selected recorded data can be shown or replayed Data is stored on the FinSpy Master Data can be viewed, deleted, exported and commented on

25 FinSpy Agent – Target Analysis
FinSpy Agent – Target Analysis Main Window

26 FinSpy Agent – Target Analysis
The FinSpy Agent Target List Main Window shows the following information: Identifies the Infection module (device/application) An importance level can be associated with specific stored data FinSpy Target Name Unique internal FinSpy System reference to the Specific FinSpy Target Size of the stored data set in bytes The date when the data was recorded on the Target PC

27 FinSpy Agent – Target Analysis
Possible actions each entry: Opens & shows the recorded data Deletes the data set from the FinSpy Master Server The data can be exported to the FinSpy Agent computer. Comments to the data can be stored

28 FinSpy Agent – Target Analysis
Recorded Comments: Comments cannot be deleted Importance Levels are also comments Descending order

29 FinSpy Agent – Target Analysis
Filter Search: Start / End Date Module Advanced Options

30 FinSpy Agent – Target Analysis
Embedded Audio Player (Skype, VoIP, Microphone): Start / Pause / Stop Equalizer for each channel Volume control

31 FinSpy Agent – Target Analysis
Embedded Video Player (Webcam, Screen, Mouse Clicks): Play / Pause, Stop, One Screenshot Backward, One Screenshot Forward Current Time, Total Length Preview Images (generated at runtime)

32 FinSpy Agent – Target Analysis – Hands-On

33 FinSpy Agent – Target Analysis – Hands-On
Select a Target Search for Microphone Recordings only Open Microphone Recording Change Priority Level to High Write a Comment

34 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Visualize Data FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

35 FinSpy Agent – Visualize Data
Analyzing Data on a graphical way.

36 FinSpy Agent – Visualize Data
Analyzing Data on a graphical way. The art of visualization The recorded data on each day Setting the importance level

37 FinSpy Agent – Visualize Data
Analyzing Data on a graphical way. Overview divided by module Amount of recordings for each module Meta Information

38 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Evidence Protection FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

39 FinSpy Agent – Evidence Protection
Prove collected Data has not been altered, for use as evidence in court Import of a Security certificate Digital Check for each item Activity Logging (Who, What, Where) Signature Verification

40 FinSpy Agent – Evidence Protection
Certificate Management

41 FinSpy Agent – Evidence Protection
Status of Evidence Signature Checking Export of Evidence

42 FinSpy Agent – Evidence Protection
Activity Log Event Description (Who/What/Where)

43 FinSpy Agent – Evidence Protection
Exported evidence can generate a report

44 FinSpy Agent – Evidence Protection
Evidence history can be viewed

45 FinSpy Agent – Evidence Protection
External Verification Tool Can be used portable

46 FinSpy Agent – Configuration – Hands-On

47 FinSpy Agent – Configuration – Hands-On
Select a Target Go to Evidence Protection Export the Evidence Use external Evidence Verification Tool Run the external Evidence Verification Tool

48 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Configuration FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

49 FinSpy Agent – Configuration
Configuration of the FinSpy Target: General settings Network settings Download Schedule Alert Settings User Permissions Modules

50 FinSpy Agent – Configuration
Configuration Window:

51 FinSpy Agent – Configuration
If all modules are installed, the following can be configured: General – Information on Trojan, Network, Heart-beat and Removal Download Schedule Alert Settings User Permissions Accessed Files Changed Files Command Shell Deleted Files File Access Forensics Tools

52 FinSpy Agent – Configuration
If all modules are installed, the following can be configured: Keylogger MouseClicks Microphone Printer Scheduler Skype Screen & Webcam VoIP

53 FinSpy Agent – Configuration – General
Infection Executable Information: Cannot be changed as fixed in the FinSpy Target

54 FinSpy Agent – Configuration – General
Hiding Techniques: Hide the network connections Hide the registry entries Hide the trojan process

55 FinSpy Agent – Configuration – General
Infection Self Removal: Scheduled Removal of the FinSpy Target Time-Out Removal

56 FinSpy Agent – Configuration – General
Target Settings: Target Name displayed in the Target List Heartbeat – Communication period between FinSpy Target and FinSpy Master Download Speed Limit

57 FinSpy Agent – Configuration – General
Relay Settings: Different Hosts / FinSpy Relay Possible Ports where FinSpy Proxy / FinSpy Relay can be contacted Randomness

58 FinSpy Agent – Configuration – General
The Application Based Events specify the communication: Active and Running Applications Stop the communication

59 FinSpy Agent – Configuration – Hands-On

60 FinSpy Agent – Configuration – Hands-On
Select a Target Configure General Settings Give Target another Name

61 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Download Schedule FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

62 FinSpy Agent – Configuration – Download Schedule
To configure: Automated Downloads Time & Date based Application based

63 FinSpy Agent – Configuration – Download Schedule
Application Events: Screensaver Active Screen Locked Data Available

64 FinSpy Agent – Configuration – Download Schedule
Time Events: Start Event Date Event Time Interval Time Zone

65 FinSpy Agent – Download Schedule – Hands-On

66 FinSpy Agent – Download Schedule – Hands-On
Select a Target Create a Download Schedule If Screensaver is active Every Monday morning at 10 am

67 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Alert Settings FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

68 FinSpy Agent – Alert Settings
Sending s if Event occurs Based on Events (Target Online, Data Available, Data Downloaded)

69 FinSpy Agent – Alert Settings – Hands-On

70 FinSpy Agent – Alert Settings – Hands-On
Select a Target Create an Alarm for a certain event Let the event occur and check your Inbox

71 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
User Permissions FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

72 FinSpy Agent – User permissions
Different users System Administrator Administrator User Detailed configuration per user & target Action allowed / Action not allowed

73 FinSpy Agent – User permissions
Hands-On:

74 FinSpy Agent – User permissions
Hands-On: Select a Target Choose one user and give him the following rights Live Session Configuration Are the rights correct displayed afterwards?

75 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Modules FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

76 FinSpy Agent – Configuration – Accessed Files
Recording Accessed Files: In predefined directories & hard drives Exceptions can be set Defining of file types

77 FinSpy Agent – Configuration – Changed Files
Recording Changed Files: In predefined directories & hard drives Exceptions can be set Defining of file types

78 FinSpy Agent – Configuration – Deleted Files
Recording Deleted Files: In predefined directories & hard drives Exceptions can be set Defining of file types

79 FinSpy Agent – Configuration – Keylogger
Indication as to which application used (e.g. Mail-Client, Browser, Explorer, Notepad) Helps to remove unnecessary information for faster analysis Entries are based on Process and Window Name

80 FinSpy Agent – Configuration – MouseClicks
Video Quality (Low, Normal, Good, Best) & Mode (Color, B&W) Definition of Mouse Click Type (Left, Right, Double) Rectangle Size (captured area around the click in pixel) Sensitivity (distance from previous click) Application Based Events

81 FinSpy Agent – Configuration – Microphone
Configuring the Microphone Quality: Low- to Best Quality Will affect the recording size Depending on distance of the Target to the Speaker

82 FinSpy Agent – Configuration – Scheduler
Scheduling of the following: Module (Webcam, Microphone, Screen) Different intervals (Once, Daily, Weekly, Monthly) Duration

83 FinSpy Agent – Configuration – Scheduler
No live session necessary (Use when Target Offline) Automatic, defined recording

84 FinSpy Agent – Configuration – Skype
Skype module: Interception of Voice & Chat Communication Interception of File Transfers Retrieving the Skype Contact List No need for Live Session

85 FinSpy Agent – Configuration – Screen & Webcam
Quality & Size can be defined Useful for indication of Disk space on the Target Computer Automatic Recording of the Screen if certain applications are running

86 FinSpy Agent – Configuration – VoIP
Application based recording Recording if Microphone/Speaker are used Initial Screenshot for information gathering Sound quality

87 FinSpy Agent – Configuration – Add/Remove Module
Add Module: Remove Module:

88 FinSpy Agent – Configuration – Activate/Deactivate Module
Active Module

89 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Live Session FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

90 FinSpy Agent – Live Session
The Live Session gives the possibility of the following options: Establishing a live session to the Target’s Display Establishing a live session to the Target’s Webcam Establishing a live session to the Target’s Microphone Will show a live session of the Target’s keys pressed Commands can be entered at the Target’s command shell Will show a live File Browser for the Target’s file system Execute Applications on Target’s system

91 FinSpy Agent – Live Session
Record Display / Record Webcam / Record Microphone Start the Live Session

92 FinSpy Agent – Live Session
Record Display / Record Webcam / Record Microphone Stop the Live Session

93 FinSpy Agent – Live Session
Recorded Keystrokes includes the following information: Process Name Date and Time of the Keylogging Application Name & Window Title Enable/Disable Special Chars

94 FinSpy Agent – Live Session
Command Shell offers - Shutting down the FinSpy Target Creating Files Executing Files Creating Accounts Accessing Other Computers Uploading Data Access to Powershell And many more

95 FinSpy Agent – Live Session
Access Files offers: Easy browsing through the whole Target PC File System including Hidden, System and Locked Files Downloading Files and Folders Uploading Files Directory Refresh (right-click)

96 FinSpy Agent – Live Session
Forensic tools offers: Execution of applications Reading out saved passwords Retrieving system information

97 FinSpy Agent – Live Session – Hands-On

98 FinSpy Agent – Live Session – Hands-On
Select a Target Establish two Live Sessions Watch the Screen Browse Files Upload a File

99 FinSpy Agent – Live Session – Hands-On
Select a Target Establish Forensic Tools Live Session Upload & Execute Application to FinSpy Target View the Data Remove the Application from FinSpy Target

100 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Download Data FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

101 FinSpy Agent – Download Data
Immediate Manual Download from Target to FinSpy Master Server Indicated by a bullet Download Data can be chosen

102 FinSpy Agent – Download Data
Immediate Manual Download from Target to FinSpy Master Server Separated by module Separated by time Separated by size

103 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Update Modules FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

104 FinSpy Agent – Update Modules
Update Active Modules on Target Automatically / Manually Always latest functionality Restart required to apply

105 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Remove Data FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

106 FinSpy Agent – Remove Infection
Complete removal of FinSpy Infection, Trojan, Stored Files and Modules FinSpy Target needs restart before re-infection

107 FinSpy Agent – Remove Data
Removing Data on FinSpy Master Server Only works on Archived Targets

108 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Create Target FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

109 FinSpy Agent – Create Target
Creating a FinSpy Target

110 FinSpy Agent – Create Target
Giving an infection name To identify the FinSpy Target in Target List Choosing a unique, easy to remember name

111 FinSpy Agent – Create Target
Choosing the Target Operating System Currently possible: Microsoft Windows Mac OS X Linux

112 FinSpy Agent – Create Target
Network Configuration, Heartbeat & Download Speed Limit Application based Events

113 FinSpy Agent – Create Target
Self Removal Max Infection Avoid accidental Mass Infections and wasting of license limits Scheduled Removal On given date the FinSpy Target removes itself Time-Out Removal After being out of Communication with the Finspy Master for a given time, FinSpy Target removes itself

114 FinSpy Agent – Create Target
Module Selection

115 FinSpy Agent – Create Target
Module Availability – 1

116 FinSpy Agent – Create Target
Module Availability – 2

117 FinSpy Agent – Create Target
Modules can be selected Recommendation for Physical and Remote Infection Use no modules - FinSpy Installer at minimum and lack of activity of modules does not attract attention from Antivirus/Antispyware upon initial installation. Minimum size: ~ 590 KB (no modules) Maximum size: ~ 1.8 MB (all modules)

118 FinSpy Agent – Create Target
Target Options Installing into Master Boot Record Vista and Windows 7 infection (UAC Popup) More hidden infection!

119 FinSpy Agent – Create Target
User Permissions Allowing certain users, certain actions for this Trojan

120 FinSpy Agent – Create Target
Summary of created FinSpy Target Name Operating System Network Information Modules Etc.

121 FinSpy Agent – Create Target
Generate Infection Infected Application – Original exe still opens as usual with original ICON Infected Screensaver – Original screensaver still runs with original ICON Infected Office Document – Add Macro to Word & Excel File Infected File (Extension Rename) – Adds .exe extension, original File still opens Infected File (Advanced File Name Converstion) Bootable ISO Image – Burns Trojan to a bootable CD/DVD

122 FinSpy Agent – Create Target
Generate Infection Bootable Infection Dongle – Install Trojan on a bootable USB device For infection of Harddrive encrypted systems (TrueCrypt, PGP, etc.) Runtime Infection Dongle For infection of running systems via Autorun

123 FinSpy Agent – Configuration – Hands-On

124 FinSpy Agent – Configuration – Hands-On
Create a Target Following Modules: Microphone, Keylogger, Skype Choose MBR Infection Any Infection Path How big is the file size of the Target? Useful for which kind of distribution?

125 FinSpy Agent Introduction FinSpy Agent FinSpy Administration
Infection Techniques FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

126 FinSpy – Infection Techniques – FinFly USB
FinSpy Target on USB Stick Physical Access needed Automated Execution Little or No User Interaction (Dependant on Autoplay configuration on Target)

127 FinSpy – Infection Techniques – FinFly USB
Created through FinSpy Agent

128 FinSpy – Infection Techniques – FinFly USB
Trojan will be generated and copied to FinFly USB Stick

129 FinSpy – Infection Techniques – FinFly USB
Automatic execution behaviour on: Operating System Default behavior Windows 2000 <= SP3 Manual interaction required Windows 2000 SP4 Windows XP Autorun on Insertion Windows Vista Windows 7 Depending on the configuration interaction might be required

130 FinSpy – Infection Techniques – FinFly USB
Manual infection: OR

131 FinSpy – Infection Techniques – Application CD
Create an Autorun CD with Infected Installer of: Games (World of Warcraft) DVD (Video Player) Etc.

132 FinSpy – Infection Techniques – Application CD
Using FinSpy to infect an application

133 FinSpy – Infection Techniques – Application CD
Creating the according autorun.inf within the same directory of FinSpy target Burn to a CD / DVD

134 FinSpy – Infection Techniques – Application CD
Distribute to the following locations: Mailbox of the Target Internet Cafes Business Centres Offices

135 FinSpy – Infection Techniques – Office Document
Office Document Infection No *.exe or *.scr File Word or Excel Document can be infected Will pass Attachment scanner (e.g. Gmail, Hotmail, ...)

136 FinSpy – Infection Techniques – Office Document
Make the Document look real

137 FinSpy – Infection Techniques – FinFly Lite

138 FinSpy – Infection Techniques – FinFly Lite
Key Features: Binary Infection: Downloads of Executables or Screensavers will be infected with the pre-configured “payloads” Update Injection: Several Client-Software can be forced to update and install the configured software when checking for updates Website Infection Infect Target Systems through Websites which install the software by using the Web-browser module functionalities Custom Payloads: The software that will be injected can be uploaded and configured and is not bound to any other product Traffic Inspection: Identify Target Systems by IP Address or Radius username

139 FinSpy – Infection Techniques – FinFly Web
FinFly Web Example with IFrame Injection:

140 FinSpy – Infection Techniques – FinFly Web
Key Features: Different Infection Modules JavaScript / IFrame / Sun Java / XPI Plugin / ActiveX Multiple Browser support Internet Explorer, Mozilla Firefox, SeaMonkey, Safari, Google Chrome, Opera Multiple Operation System support Windows 2000, Windows XP, Windows Vista, Windows 7, MacOS Snow Leopard Implementation into Standard Websites

141 FinSpy Administration
Introduction FinSpy Agent FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting

142 FinSpy Administration
FinSpy Administration offers: FinSpy Configuration through the FinSpy Agent Configuration of FinSpy Master Logfile Viewer of FinSpy Master FinSpy Agent Connection Viewer Viewing License Information

143 FinSpy Administration
Introduction FinSpy Agent FinSpy Administration Configuration FinSpy Master FinSpy Relay Troubleshooting

144 FinSpy Administration – Configuration
Inside the Configuration Options, the following can be configured: Configuration of the FinSpy Agent Data Download/Export FinSpy Master Internal/External Network Interfaces Connection configuration for the FinSpy Target Configuring Settings for Alerts FinSpy Master and FinSpy Target Updates Certificates, Activity Logging & Functionality Database Integration of a LEMF Target Modules Definition

145 FinSpy Administration – Configuration
User Management Users can be added, changed or deleted Four different user roles User Privileged User Administrator System Administrator

146 FinSpy Administration – Configuration
User Management

147 FinSpy Administration – Configuration
Agent Configuration Download Data Folder Created Targets will be placed here Exported Evidence Updated Installer Files

148 FinSpy Administration – Configuration
Network Configuration FinSpy Agent Connection Internal / External Connection Port FinSpy Master to Internet Connection DHCP / Static

149 FinSpy Administration – Configuration
Relay Network Configuration This data will be retrieved at the Target Creation Can contain multiple Hosts/IPs Can contain multiple Ports Partly randomness

150 FinSpy Administration – Configuration
Notification Alerting system for FinSpy Targets Template system Local MTA Predefined Free Mailer Custom

151 FinSpy Administration – Configuration
Updates Update Check for a new FinSpy version Updating Targets automatically

152 FinSpy Administration – Configuration
Evidence Protection Enable / Disable Evidence Protection Certificate Import Logging Level

153 FinSpy Administration – Configuration
LEMF Interface Only needed if existing LEMF system is available & connected Database can be set for data transmission

154 FinSpy Administration – Configuration
Target Modules System Administrator can define modules Only enabled modules can be used on Trojan Creation

155 FinSpy Administration
Introduction FinSpy Agent FinSpy Administration Show Logfiles FinSpy Master FinSpy Relay Troubleshooting

156 FinSpy Administration – Show Logfiles
This will show the FinSpy Master Logfile Live refresh Separation (Info, Warning, Error) Export for further or external analysis

157 FinSpy Administration
Introduction FinSpy Agent FinSpy Administration Agent List FinSpy Master FinSpy Relay Troubleshooting

158 FinSpy Administration – Agent List
Overview of all configured User Accounts / FinSpy Agents When did what FinSpy Agent Login? From where is the FinSpy Agent connecting? Where is the FinSpy Agent connected to?

159 FinSpy Administration
Introduction FinSpy Agent FinSpy Administration License Information FinSpy Master FinSpy Relay Troubleshooting

160 FinSpy Administration – Agent List
Overview of current License Information Number of Agents / Targets Validity Import of a new License

161 FinSpy Master Introduction FinSpy Agent FinSpy Administration
FinSpy Relay Troubleshooting

162 FinSpy Master – Components
Software: FinSpy Master FinSpy Proxy Hardware: FinSpy Master Server FinSpy Master Spare Server KVM Console Switch UPS Ruggedized Box

163 FinSpy Master – Contents
Overview Brief Linux Command Instructions Master & Proxy Configuration Monitoring Port Forwarding Dynamic DNS

164 FinSpy Master – Overview
One Server with Software Different Networks Own File-based Database Hardened Kernel and Operating System based on Debian Massive and Robust Space for Data (RAID 6, 1.6 TB)

165 FinSpy Master Introduction FinSpy Agent FinSpy Administration
Linux Commands FinSpy Relay Troubleshooting

166 FinSpy Master – Linux Commands
Directories FinSpy Applications /usr/local/finspy_master/ /usr/local/finspy_proxy/ Log Files /var/log/ Temporary Files /tmp Init-Scripts /etc/init.d/

167 FinSpy Master – Linux Commands
Super User Rights sudo command Changing Directories cd /usr/local/finspy_master/ Rename File mv finspy_master.cfg_template finspy_master.cfg Edit & Read (Configuration File) with Console Text Editor nano /usr/local/finspy_master/data/finspy_master.cfg Show latest Entries (of Logfile) tail –f /var/log/finspy_proxy.log Show Network Config ifconfig

168 FinSpy Master – Linux Commands
Remove Files rm filename Remove Directories rm –r directoryname Copy File cp finspy_master.cfg_template finspy_master.cfg Show content of file (Version of FinSpy Master) cat /usr/local/finspy_master/data/version

169 FinSpy Master Introduction FinSpy Agent FinSpy Administration
Master Configuration FinSpy Relay Troubleshooting

170 FinSpy Master – Master Configuration
Configuration File /usr/local/finspy_master/data/finspy_master.cfg Network for the FinSpy Master FIN_AGENT_NETWORK_INTERFACE = eth1 FIN_PROXY_1 = , 9118 Update Check on Daily basis FINUM_SERVER = update.gamma-international.de FINUM_PORTS = 42662 FINUM_DESTINATION_PATH = ../updates Evidence Protection switch FIN_EVIDENCE_PROTECTION = true

171 FinSpy Master – Master Configuration
Notification (Alert Settings) /usr/local/finspy_master/data/finspy_master.cfg Settings variable begins with FIN_MX_ By default – localhost will be used Settings found under “FIN_MX_xxx” Free Webmail services can be used (including TLS support) E.g. Gmail, Hotmail, Yahoo, …

172 FinSpy Master – Master Configuration
User Management /usr/local/finspy_master/data/.fin_passwd Structure userid ; groupid ; login name ; user description ; password ; database permission ; file permission To change userid ; login name; user description; password

173 FinSpy Master Introduction FinSpy Agent FinSpy Administration
Proxy Configuration FinSpy Relay Troubleshooting

174 FinSpy Master – Proxy Configuration
Configuration File /usr/local/finspy_master/data/finspy_master.cfg Network for the FinSpy Master FIN_AGENT_NETWORK_INTERFACE = eth1 FIN_PROXY_1 = , 9118 Ports where FinSpy Target or FinSpy Relay connect to FIN_TARGET_PORTS = 22,53,80,443,4111

175 FinSpy Master Introduction FinSpy Agent FinSpy Administration
Misc Configuration FinSpy Relay Troubleshooting

176 FinSpy Master – Monitoring
Automatic Check for not running applications “monit” command sudo monit summary Successful: Process ‘finspy_master’ running Failed: Process ‘finspy_master’ not monitored Process ‘finspy_master’ Does not exist

177 FinSpy Master – Port forwarding
To ensure FinSpy Proxy retrieves packets Router must have Port forwarding activated

178 FinSpy Master – Dynamic DNS
If FinSpy Master or Router doesn’t have a static IP Free Service can be used to map hostname <-> dynamic IP Software on FinSpy Master ddclient Possible Free Services

179 FinSpy Master – Dynamic DNS
Configuration File /etc/ddclient.conf Example Content protocol=dyndns2 use=web, web=checkip.dyndns.com, web-skip='IP Address' server=members.dyndns.org login=finspy-test password='dfUc!45XfP'

180 FinSpy Relay Introduction FinSpy Agent FinSpy Administration
FinSpy Master FinSpy Relay Troubleshooting

181 FinSpy Relay – Components
Windows Software: FinSpy Relay FinSpy Relay Monitoring

182 FinSpy Relay – Components
Linux Software: FinSpy Relay

183 FinSpy Relay – Overview
Anonymize FinSpy Connections Can be located anywhere in the world Small piece of software No big hardware requirements Chain of Relays possible

184 FinSpy Relay – Requirements
Windows: Windows Firewall must accept FinSpy Ports Windows Server 2003 or higher Administrator rights Linux: Debian or Ubuntu System 256MB Ram Monitor software installed (monit)

185 FinSpy Relay – Configuration
Configuration File (relay.cfg) Windows: Same directory as installed Linux: /usr/local/ffrelay/data/ Example Configuration File CFG_TARGET_PORTS = 21,80,443,4111 # Incoming Connections CFG_NEXT_HOP_1 = server.ath.cx, # FinSpy Master or Next FinSpy Relay CFG_SOCKET_TIMEOUT = 10 # Socket Read/Write Timeout

186 Troubleshooting Introduction FinSpy Agent FinSpy Administration
FinSpy Master FinSpy Relay Troubleshooting

187 FinSpy Relay – Troubleshooting
FinSpy was distributed but FinSpy Target doesn’t show online Discussion of Activation on Target PC and Network Issues

188 FinSpy Relay – Troubleshooting
FinFly Dongle / Autostart CD didn’t auto execute Is Autostart enabled on FinSpy Target system? Windows Vista and Windows 7 have Autostart disabled by default Correct entry in autorun.inf for Autostart CD?

189 FinSpy Relay – Troubleshooting
FinSpy is detected by Anti-Virus Vendor XYZ (Be careful, as AV and ASW products these days flag every activity, whats important to Gamma are products that physically remove Finfisher. Otherwise press allow on the Application that flagged.) Report to Gamma Group immediately I have a suggestion / bug report. Whom to contact? Login to After-Sales Website https://www.gamma-international.de

190 Vielen Dank für die Aufmerksamkeit
Questions? Thank you for your attention!


Download ppt "FINFISHER: FinSpy 3.10 Product Training."

Similar presentations


Ads by Google