Sunday, September 30, 2018

2018-035-software bloat is forever; malicious file extensions; WMIC abuses


Pizza Party Link -

https://www.eventbrite.com/e/brakesec-derbycon-pizza-meetup-tickets-50719385046

 

News stories-

 

Software/library bloat

 

http://tonsky.me/blog/disenchantment/

 

https://hackernoon.com/how-it-feels-to-learn-javascript-in-2016-d3a717dd577f

 

https://gbhackers.com/hackers-abusing-windows-management-interface-command-tool-to-deliver-malware-that-steal-email-account-passwords/

    https://hackerhurricane.blogspot.com/2016/09/avoiding-ransomware-with-built-in-basic.html

 

https://www.zdnet.com/article/windows-utility-used-by-malware-in-new-information-theft-campaigns/

 

https://attack.mitre.org/wiki/Technique/T1170  - HTA file malware examples

 

https://nakedsecurity.sophos.com/2018/09/26/finally-a-fix-for-the-encrypted-webs-achilles-heel/

 

https://www.bbc.com/news/technology-45686890 -

(facebook account hack)

 

https://github.com/eset/malware-ioc/blob/master/sednit/lojax.adoc  IOC’s from various malware

 

UEFI rootkit - https://www.bleepingcomputer.com/news/security/apt28-uses-lojax-first-uefi-rootkit-seen-in-the-wild/


Block These Extensions:

 

File Extension    File Type

.adp Access Project (Microsoft)

.app Executable Application

.asp Active Server Page

.bas BASIC Source Code

.bat Batch Processing

.cer Internet Security Certificate File

.chm Compiled HTML Help

.cmd DOS CP/M Command File, Command File for Windows NT

.cnt Help file index

.com Command

.cpl Windows Control Panel Extension(Microsoft)

.crt Certificate File

.csh csh Script

.der DER Encoded X509 Certificate File

.exe Executable File

.fxp FoxPro Compiled Source (Microsoft)

.gadget Windows Vista gadget

.hlp Windows Help File

.hpj Project file used to create Windows Help File

.hta Hypertext Application

.inf Information or Setup File

.ins IIS Internet Communications Settings (Microsoft)

.isp IIS Internet Service Provider Settings (Microsoft)

.its Internet Document Set, Internet Translation

.js JavaScript Source Code

.jse JScript Encoded Script File

.ksh UNIX Shell Script

.lnk Windows Shortcut File

.mad Access Module Shortcut (Microsoft)

.maf Access (Microsoft)

.mag Access Diagram Shortcut (Microsoft)

.mam Access Macro Shortcut (Microsoft)

.maq Access Query Shortcut (Microsoft)

.mar Access Report Shortcut (Microsoft)

.mas Access Stored Procedures (Microsoft)

.mat Access Table Shortcut (Microsoft)

.mau Media Attachment Unit

.mav Access View Shortcut (Microsoft)

.maw Access Data Access Page (Microsoft)

.mda Access Add-in (Microsoft), MDA Access 2 Workgroup (Microsoft)

.mdb Access Application (Microsoft), MDB Access Database (Microsoft)

.mde Access MDE Database File (Microsoft)

.mdt Access Add-in Data (Microsoft)

.mdw Access Workgroup Information (Microsoft)

.mdz Access Wizard Template (Microsoft)

.msc Microsoft Management Console Snap-in Control File (Microsoft)

.msh Microsoft Shell

.msh1 Microsoft Shell

.msh2 Microsoft Shell

.mshxml Microsoft Shell

.msh1xml Microsoft Shell

.msh2xml Microsoft Shell

.msi Windows Installer File (Microsoft)

.msp Windows Installer Update

.mst Windows SDK Setup Transform Script

.ops Office Profile Settings File

.osd Application virtualized with Microsoft SoftGrid Sequencer

.pcd Visual Test (Microsoft)

.pif Windows Program Information File (Microsoft)

.plg Developer Studio Build Log

.prf Windows System File

.prg Program File

.pst MS Exchange Address Book File, Outlook Personal Folder File (Microsoft)

.reg Registration Information/Key for W95/98, Registry Data File

.scf Windows Explorer Command

.scr Windows Screen Saver

.sct Windows Script Component, Foxpro Screen (Microsoft)

.shb Windows Shortcut into a Document

.shs Shell Scrap Object File

.ps1 Windows PowerShell

.ps1xml Windows PowerShell

.ps2 Windows PowerShell

.ps2xml Windows PowerShell

.psc1 Windows PowerShell

.psc2 Windows PowerShell

.tmp Temporary File/Folder

.url Internet Location

.vb VBScript File or Any VisualBasic Source

.vbe VBScript Encoded Script File

.vbp Visual Basic project file

.vbs VBScript Script File, Visual Basic for Applications Script

.vsmacros Visual Studio .NET Binary-based Macro Project (Microsoft)

.vsw Visio Workspace File (Microsoft)

.ws Windows Script File

.wsc Windows Script Component

.wsf Windows Script File

.wsh Windows Script Host Settings File

.xnk Exchange Public Folder Shortcut

.ade ADC Audio File

.cla Java class File

.class Java class File

.grp Microsoft Widows Program Group

.jar Compressed archive file package for Java classes and data

.mcf MMS Composer File

.ocx ActiveX Control file

.pl Perl script language source code

.xbap Silverlight Application Package

 ------------------------------

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Monday, September 24, 2018

2018-034-Pentester_Scenario


Interesting email from one of our listeners. Detailing an issue that came up on a client engagement. We walk through best ways to store information post-engagement, and what you need to do to document test procedures so you don't get bit by a potential issue perhaps months down the line.

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Here is a new episode of Brakeing Down Security Podcast!

Saturday, September 15, 2018

2018--033-Chris_Hadnagy-SE-OSINT-vishing-phishing-book_interview-pt2


Part 2 of our interview with Chris Hadnagy
Discuss more about his book,
best ways to setup your pre-text in an engagement
how you might read someone on a poker table
a great story about Chris's favorite person “Neil Fallon” from the rock band “Clutch”
and we talk about “innocent lives foundation”, something near and dear to Chris' heart.

We start the second part of our interview with Chris with the question “are the majority of your SE engagements phishing and calls, or is it physical engagements?”

 

Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9

SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/

Chris’ Podcast: https://www.social-engineer.org/podcast/

 

SECTF at Derby (contestants are chosen)

   

 

Remembering - attention to detail

    Remembering details

    Can be the difference between success and failure

 

Social Engineering - the different aspects:

  1. Info Gathering
    1. Time constraints
    2. Accommodating non-verbals
    3. Body language must match mood
    4. Using a slower rate of speech
    5. Suspending ego
    6. RSVP
  2. Rapport
  3. Psychology
    1. “Getting information without asking for it”
  4. Elicitation
    1. ‘The Dark Art’ -negative outcome for the target
  5. Manipulation
    1. “Getting someone to do what you want them to do”
    2. Understanding the science of compliance
  6. Influence
  7. Profiling
  8. Communications Modeling
  9. Facial Expressions
  10. Body Language
    1. Don’t overextend your reach
    2. Knowledge that comes from a point of truth, or is easily faked
  11. Pretexting
  12. Emotional Hijacking
  13. Misdirection
  14. Art
  15. Science

 

   

Questions:

    What precipitated the need to write another book?

    You bring up several successful operations, and several failures…

        How do you regroup from a failure, especially if the point of entry is someone that ‘got you’...

“The level of the assistance you request must be equal to the level of rapport you have built” -

    Seems like understanding this is an acquired skill, not set in stone…

 

Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy?

Work place? On the commute?

Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage?

        Get Ryan on the show…        

                   

Lots of items

(8 principles of influence)   

 

Typical daily SE activities

    Holding a door open, then the person reciprocates

 

Framing

    We don’t ‘kill our dogs’, we ‘put them to sleep’.

 

Questions from our Slack:

 

Ben:

Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world?

 

What does an interview at Chris’ company look like?

 

https://www.innocentlivesfoundation.org/

 

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Here is a new episode of Brakeing Down Security Podcast!

Saturday, September 8, 2018

2018-032-chris Hadnagy, discusses his new book, OSINT and SE Part 1


Christopher Hadnagy Interview:

Origin story

  • connoisseur  of moonshine

Social Engineering: The Science of Human Hacking 2nd Edition



Sponsored Link (paperback on Amazon): https://amzn.to/2NKxLD9

SEORG book list: https://www.social-engineer.org/resources/seorg-book-list/

Chris’ Podcast: https://www.social-engineer.org/podcast/

 

SECTF at Derby (contestants are chosen)

   

 

Remembering - attention to detail

    Remembering details

    Can be the difference between success and failure



Social Engineering - the different aspects:

  1. Info Gathering
    1. Time constraints
    2. Accommodating non-verbals
    3. Body language must match mood
    4. Using a slower rate of speech
    5. Suspending ego
    6. RSVP
  2. Rapport
  3. Psychology
    1. “Getting information without asking for it”
  4. Elicitation
    1. ‘The Dark Art’ -negative outcome for the target
  5. Manipulation
    1. “Getting someone to do what you want them to do”
    2. Understanding the science of compliance
  6. Influence
  7. Profiling
  8. Communications Modeling
  9. Facial Expressions
  10. Body Language
    1. Don’t overextend your reach
    2. Knowledge that comes from a point of truth, or is easily faked
  11. Pretexting
  12. Emotional Hijacking
  13. Misdirection
  14. Art
  15. Science

 

   

Questions:

    What precipitated the need to write another book?

    You bring up several successful operations, and several failures…

        How do you regroup from a failure, especially if the point of entry is someone that ‘got you’...

“The level of the assistance you request must be equal to the level of rapport you have built” -

    Seems like understanding this is an acquired skill, not set in stone…

 

Many of us in the infosec world are introverts… how do you suggest we hone our skills in building rapport without coming off as creepy?

Work place? On the commute?

Does being an introvert mean that it might take longer to get to the goal? Can we use our introverted natures to our advantage?

        Get Ryan on the show…        

                   

Lots of items

(8 principles of influence)   

 

Typical daily SE activities

    Holding a door open, then the person reciprocates

 

Framing

    We don’t ‘kill our dogs’, we ‘put them to sleep’.



Questions from our Slack:

 

Ben:

Do you feel there's an importance for non-InfoSec adjacent folks to learn about Social Engineering, and maybe go through some sort of training in order to navigate day-to-day life in the modern world?

 

What does an interview at Chris’ company look like?

 

https://www.innocentlivesfoundation.org/

 

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!