Sei sulla pagina 1di 82

Tactical Surveillance

Look at me now

THANK YOU

My Credentials?

Not a L33t H4x0r

Old
Loudmouth Security Punk who talks $hit Tells lies (professionally) Is called all sorts of bad words.. That I will likely say throughout this talk Cant code well

Ive done PenTesting and security work for the last 14+yrs
Has a bunch of certs Helped create PTES

Worked for Sprint, KPMG and others in InfoSec


My opinions are my own (but also my companies) And

-me

What the F*ck is this talk about?


Corporate Surveillance
Business Profiling
Personnel Profiling Work 2.0

Individual Surveillance
Social Profile

Gettin all up in it

Show Me

24x7 Doxin Like a boss

Onsite

Corporate Surveillance

Watching an entire company isnt feasible so lets boil it down


Employees Social Threat surface

Partners
Competitors Adversaries Trustees Financials Sensitive Info Leakage Electronic Threat surface

Corporate communications
Key relationships and individuals of influence Corporate events Manipulation points or general shadiness =)

Business intel goes a LONG way Hoovers

Im a bit more of a visual learner MARKETVISUAL.COM

Mucking around

Ask yer

Littlesis

Linked IN anyone?

Jigsaw contact (target) listing

News and other fun with ENTITY CUBE

Personnel Intelligence

Simon Says
Names Aliases Emails IM Screen names Social Landscape Interaction Clients Web Apps used Type of hardware Physical Locations Carriers

Who

What

How
Raw Intel leakage Tone Timing Key Terms

Why
Collusion Relationship strengths Relationship Age Com. Patterns

Who am I?

Who Am I?

What am I doing??

Who Am I?

If you are going to drink the ocean, you may as well have a straw
Manipulations points Clubs / Hobbies

Interests/ Habits
Leverage areas Points of similarity

Haunts
Personal Relationships Business Relationships

Date Specific events (wedding,bday, etc)


Religion Race Creed Affiliations

Photos
Family Heritage Socioeconomic class

Affinities
Travel schedules & Physical movement patterns

Maps are awesome

Mapping relationships (this is an entire talk by itself, so Ill go fast)


The ideas are simple
Find yow who you are Who you know Why you know them Then do magic and build your relationship profile. Get all of the info that is relevant to target ocmpany Find all People Target a few Find the gaps Exploit them
*ex. Social Net vs IRL

We want to use them like a Vuln scanner

And TONS of people are trying to use them to figure out how a person is connected to a company or another human

Finding the MASSES MALTEGO www.paterva.com

Finding the MASSES SalesForce Apps http://appexchange.salesforce.com/category/intelligence

Who is talking to who?

Touchgraph

Ps.. If all the graphical stuff doesnt work. GO MANUAL

Other fun relationship maps generated from current content LinkedIn Maps

There are TONs more, but remember you can Roll your own
Underlying Maps (Geo and some data)
Map Data with API access
ESRI UMAPPER ArcGIS Bing Maps Openscales Yandex (with facial recognition) MapQuest OpenStreetMap

Overlay and analysis


Linkedin Facebook

Twitter
Flickr Banjo Tripit 4square (everything u can get for free or find free api keys on github) Mo da bettah

NodeXL (omfgwtfBBQ awesome) http://nodexl .codeplex.com /

NodeXL (omfgwtfBBQ awesome)

Now to pick a target using the Relationship paths identified


Yep the big maps will now get to smaller maps =)

Finding People of SIGNIFIGANCE not just someone on higher influence

Maltego Casefile

Immunity Stalker

Snoopy

Snoopy (because Eye of Saron and Big Brother were taken) since its distributed sniffing and tracking network for wireless attack.

Figure out who u wanna go after yet?


If information is power, you now have a BIG ASS ARMY! Lets get em some weapons!

Individual Surveillance

We Know who we want, so lets take down the easy ones first
Phishing
External compromise Onsite Attack

Creating spys & Intel leaks


Corporate manipulation Creating Shell companies and potential partners Just get in U have a whole con to learn how to do that.

How do you get all this $h1T near the person you REALLY want?
Compromise the badge system
Compromise the camera systems Find out where their boxxen is and OWN IT

Bug all the things


Make sure to own all of their closest relationships in the office and business

Once ya get all that you think you want. Stay in you can never have too much root =)

Automate finding stuff


Whip up some python (or whatever u write in) to import your nessus scan of the ports u are going after and open them all in a tab in the browserremember.. LOOK at the results. Dont just assume u know whats on the port
Try logging ALL the banners in the scan and then pasre for the google dorks u would use if it was external Update frequently for new manuals u download =)

I WANNA SEE
LOOK at anything that is running a website *allports* people rarely change defaults.

http://www.exoticliability.com/profiles/blog/show?id=3125850%3ABlogPost%3A155 90&commentId=3125850%3AComment%3A18834

Make sure ya KNOW their passwords. Wouldnt want ya to miss anything

If u get impatient be smart =)


meterpreter > run smartlocker [*] Found WINLOGON at PID:644 [*] Migrating from PID:2532 [*] Migrated to WINLOGON PID: 644 successfully [*] System has currently been idle for 12 seconds [*] Current Idletime: 12 seconds [*] Current Idletime: 42 seconds [*] Current Idletime: 73 seconds [*] Starting the keystroke sniffer... [*] Keystrokes being saved in to /home/user/.msf3/logs/scripts/smartlocker/10.0.0.155_20101101.2157.txt [*] Recording [*] They logged back in! Money time! [*] Stopping keystroke sniffer... meterpreter > background msf > cat /home/user/.msf3/logs/scripts/smartlocker/10.0.0.155_20101101.2157.txt [*] exec: cat /home/user/.msf3/logs/scripts/smartlocker/10.0.0.155_20101101.2157.txt

Also dont forget the obvious stuff


Search for password

Make password lists based on profiles


Search for keepass and LOOk at all XML * edit config to unhide and decrypt too =) Batch updates to send keylogger traffic to you .purple = Pidgin shit Watch their MAIL! xfce4-mailwatch,Gwatch..etc

If the AV fu is strong dont be embarrassed to use hardware. U HAVE to see it all.

http://keepass.info/ plugins.html

Get up in it

Plan to watch them 24x7

Getting the target

Bug All the things

Its ok to be cheap. Make stuff. Like a laser mic.

http://www.lucidscience.com/

Ewwweee. bugs

GPS TRACKING

Geo Fencing. Sometimes its better to be alerted when they leave the area for you to follow.

On Star

If you know where they are why not get a view from EVERY angle?

Wireless Data drive / podslurping

GSM Cracked, Cloned, spoofed


RFID Cloning / Attacking RealID, Verichip, Wireless ID Theft

Wireless SD Cards

BarCode Attacks

Transponder Cloning, trunk code rolling, bluetooth car jacking

Mobile Computers, iPad, eReaders, UltraPortables. Lets not go there

Bluetooth Hijacking, Rogue pairing, Interception, sniffing, Cloning GPS Hacking and Forgery +OnStar

Autonet In car internet. WiFi, 3g/4g, LTE, VoIP

2.4ghz, 5.8ghz, x10 Wireless security systems DECT Hacks

Wireless headset Eavesdropping HID, RFID, Proxcard Badge system Hacking Cordless Keyboard / Mouse sniffing

----- THIS is an AWESOME listening device.

Go watch the ccc talk on the Thingpwner Speaker: Ang Cui, Michael Costello EventID: 5400 Event: 29th Chaos Communication Congress (29c3) by the Chaos Computer Club [CCC]

http://www.youtube.com/watch?v=f3zUOZcewtA

Get the KIES to the kingdom @cron_ talk at HackMiami http://mcaf.ee/pt5sy Yum

Use a GOOD Cellphone bugging kit www.mobistealth.com www.flexispy.com

More cellphone bugging


USRP (Software defined Radio Platform)
Set up a cell tower (OpenBTS), identify as the relevant cell provider, either transmit stronger, or cause other towers to drop the targets Associated targets still get connectivity (cell + data), just through YOU Push updates? OsmocomBB, aeroprobe, etc..

Or You can do it for free =)

Dont forget to make it AWESOME

PS. Get a good Lawyer


And know the laws. Many states are 1 party and with a good lawyer it is 100% admissable if you do all of this stuff to prove your wife was cheating on ya. ;)

Potrebbero piacerti anche