User Tools

Site Tools


beef_integration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
beef_integration [2015/11/25 18:29] lucybeef_integration [2016/09/06 09:39] lucy
Line 5: Line 5:
 BeEF is short for The Browser Exploitation Framework. By using techniques similar to common drive-by Malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter.  BeEF is short for The Browser Exploitation Framework. By using techniques similar to common drive-by Malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter. 
 Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.  BeEf can be used to "safely" expose Web and browser-based vulnerabilities like cross-site scripting (XSS) using client-side attack vectors. If a user clicks on a link that BeEf put there, it will hook the user's browser into the BeEF server which is now also part of LUCY. The tool can also issue commands to the browser, such as redirection, changing URLs, generating dialogue boxes and more. It has the ability to run Malware on the hooked browser IP address and use it as a launching point to infiltrate other computers on the same network, effectively spreading the Malware. With the integration of BeEf into LUCY, companies can now answer two main questions: Would an employee fall for a phishing attack? And if they do, would their browser security settings have prevented more damage from browser exploitation type Malware? Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.  BeEf can be used to "safely" expose Web and browser-based vulnerabilities like cross-site scripting (XSS) using client-side attack vectors. If a user clicks on a link that BeEf put there, it will hook the user's browser into the BeEF server which is now also part of LUCY. The tool can also issue commands to the browser, such as redirection, changing URLs, generating dialogue boxes and more. It has the ability to run Malware on the hooked browser IP address and use it as a launching point to infiltrate other computers on the same network, effectively spreading the Malware. With the integration of BeEf into LUCY, companies can now answer two main questions: Would an employee fall for a phishing attack? And if they do, would their browser security settings have prevented more damage from browser exploitation type Malware?
 +
 +
 +===== BeEF setup in LUCY =====
 +
 +
beef_integration.txt · Last modified: 2019/07/25 12:49 by 127.0.0.1