Grey bar Blue bar
Share this:

Thu, 2 Aug 2012

BlackOps – Post Exploitation Fun and Games

Brilliant, the client has decided to implement their own CMS and you've found a variable that's vulnerable to SQL injection. Starting up your favourite SQL exploitation tool, you upload a suitable web shell and fire up the browser. In an instant, you control that server, but do you really own the box?

Looking back at the major hacks of the last 18 months, attackers used a variety of techniques to obtain sensitive information. For the RSA hack, social engineering was used, allegedly consisting of a malicious Excel spreadsheet sent from a web master at a recruitment website. Once loaded, Poison Ivy was dropped on the host and the games began. Attackers started recon exercises, pivoting between hosts and finally exfiltrated the data (the rest is well-known and publicised). In the case of HBGary, attackers compromised their systems using a similar approach as the RSA attackers did: target an individual using social engineering using an earlier toehold to expand to a foothold. These types of attackers might have a fancy new name (Advanced Persistent Threats) but at the end of the day, they are using techniques that have been around for a while.

Owning a single host isn't the end of the journey, it's just the start.

At this year's 44Con, students will have the chance to learn how to take their offensive skills to the next level. Think of it as APT-style assessments.

Hacking By Numbers - BlackOps Edition will teach the next stage of the attack: lateral movement within a network, pivoting, and going after business relevant systems and data. Often, the juicier targets are buried deep inside the network, requiring complex tunnelling, evasion so as to not trigger alerts and finally, when you've accessed a target, ways to exfiltrate the data (spreadsheets via Facebook direct message, scp over a DNS tunnel, this can be fun).

The course looks at key areas of post-exploitation, and covers:

  • Working with big data on assessments
  • The difference between exploiting and owning a system
  • OSINT
  • Effective ways to tunnel, pivot and exfiltrate data without being noticed
  • Owning systems using client-side attacks and social engineering
  • Privilege escalation
At the end of the course, students will participate in a final exercise set in a semi-real world environment, where they will need to used what they've learned compromise a target organisation, escalate privileges and tunnel sensitive data out from the network.

This course is aimed at making you think differently. It's offensive security at its best. To join this course, visit our booking page.