Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lunker: The Advanced Phishing Framework Joshua Perrymon CEO, PacketFocus.

Similar presentations

Presentation on theme: "Lunker: The Advanced Phishing Framework Joshua Perrymon CEO, PacketFocus."— Presentation transcript:

1 Lunker: The Advanced Phishing Framework Joshua Perrymon CEO, PacketFocus

2 Agenda Intro What is Lunker? What can it do? Attack Theory Payloads The Old Way Demo Questions

3 Who am I? Joshua Perrymon, CEO PacketFocus 12 yrs Experience “Ethical Hacking” Over 200 Spear-Phishing attacks in 4-5 languages 85% Success ratio using “Blacklist” s from the Internet MUCH higher using “Whitelist” s

4 What is Phishing Phishing is a method of Social Engineering used to gain credentials, or have users perform a specific action. We have all gotten these types of s. Sent out to Millions Usually triggers SPAM filtering alerts Uses a known phishing site that is usually takes down within a couple days if possible

5 What is Spear Phishing A directed Phishing Attack Only targets a handful of users s are harvested from the Internet or other public places Very hard to stop as the attack isn’t sent out all over the Internet

6 Attacking up the OSI We have been moving up the OSI (Open System Interconnection) model with attacks.

7 Attacking up the OSI model cont.


9 How these attacks work

10 Doing this the “OLD” Way This takes time. But doesn’t require a lot of technical skills. Find s Find site to be phished Create the site Setup php mail spoof Test Send Monitor

11 Using the Phishing Framework Easy and repeatable

12 Step 1. Jperrymon

13 Step 2: Enter Client Info Jperrymon

14 Client Details This is entered into the local database. This allows an audit trail of tests configuration and results. The idea is to document each step automatically, because no-one else wants to do it. Enter URL and IP Info if provided Jperrymon

15 Step3: Recon Jperrymon

16 But everyone uses their company address right???? This is hard to protect against most times. Usually, internal addresses must be used in business communication. This can be leaked to the Internet Search Engines. Search and look through the results. Jperrymon

17 Step 4: Phishing Analysis Jperrymon

18 On the lookout This module will actively search the target URL’s and IP’s in scope to identify potential Phishing Targets. Any site that requires credentials remotely should be considered and identified. Top targets include Webmail, VPN, and website logins. The tool will identify these portals and return analysis based on previous information gathered. Jperrymon

19 Step5: Select the Bait Jperrymon

20 is easy Most often, a simple from spoofed technical support will be enough to have a user form over login and password details. Analysis will identify token passwords. Numeric entries should trigger token MITM functions. Start analysis timers. Jperrymon

21 Verify it works Jperrymon

22 Now what? Login to the Phishing site locally to make sure it captures the password. It’s easy to the credentials. Be responsible and store them encrypted. Modules could auto login based on template used. Get (), Get Attachment(), Get Keyword(), Get Subject(). Jperrymon

23 Redirect Confusion Jperrymon

24 Where am I? Redirection must be used after the user logs in the first time. Error message, Google, etc Redirect to real site. Delete sent to user after getting credentials. Jperrymon

25 Spoof the Jperrymon

26 Tony.. Tony Montana Setup a spoofed . To goal is to have the user perform a pre-defined action. Authority, realism, and language play a vital role in a successful attacks. The key is gain trust as soon as possible. NLP (Neuro-Linguistical Programming) Milgram Experiment Jperrymon

27 Select Footer Jperrymon

28 Footer If you want to write a custom body, select a footer template to give the attack structure. Jperrymon

29 Scenario Options Jperrymon

30 Pick one. Pre-defined spoofed scenarios are included with the framework. These are selected conversations that usually get the response desired based on actual field results. Scenarios: ▫Tech Support ▫Internal IT ▫3 rd Party IT ▫End-User Jperrymon

31 Stealthy Jperrymon

32 Head Sometimes you need to modify the headers. We will probably put something in here to identify the tool once it goes public. Jperrymon

33 Load the Ammo Jperrymon

34 Money Shot. This is what makes the framework stand out. The ability to add custom payloads to the phishing . XSS, Browser Exploit, Recon, Trojans, Exploits, Backdoors, etc.. Welcome to hack 2.0 Jperrymon

35 Test Environment Jperrymon

36 Test This module launches the local client and the locally hosted phishing site at the same time. The tester sends the spoofed to a locally configured account. This account is checked by the Client as would a normal user. Look for mistakes. The smallest error can cause the attack not to work. Jperrymon

37 Local Mode

38 Start the Audit Jperrymon

39 Just a little patience… Monitor the web server, db, MTA, and monitor. Setup MITM scripts to auto Configure alarms and real-time logic. Setup login options ▫Capture ▫Capture/Login ▫Capture/Login/Scrape Jperrymon

40 DEMO Lets have a look at the current working version. How to bypass Outlook 2007 Phishing filters.

41 What's Next MITM- 2 nd Factor Authentication Advanced Payloads ▫XSS ▫CRSF ▫Browser Exploits ▫Recon to determine user browser, OS, etc. Reporting Forum Support Template Sharing Training Modules User reaction analysis module Ability to customize the Templates Jperrymon

42 Thank You Thanks for sitting through this presentation. The main aspect to take away from this is how attacks are moving up the OSI model and targeting the user (layer 8). It doesn’t take a lot of technical skills to perform these types of attacks. User Awareness is the only way to mitigate this risk. We can’t rely on technology.

Download ppt "Lunker: The Advanced Phishing Framework Joshua Perrymon CEO, PacketFocus."

Similar presentations

Ads by Google