LUCY

User Tools

Site Tools

Trace:
beef_integration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
beef_integration [2019/04/02 15:11] lucybeef_integration [2019/04/02 15:34] lucy
Line 4: Line 4:
  
 By using techniques similar to common drive-by Malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter.  By using techniques similar to common drive-by Malware, testers can assess the security of a target’s internal environment, bypassing the hardened perimeter. 
-Unlike other security frameworks, Advanced Information Gathering looks past the hardened network perimeter and client system and examines exploitability within the context of the one open door: the web browser.  Advanced Information Gathering can be used to "safely" expose Web and browser-based vulnerabilities like cross-site scripting (XSS) using client-side attack vectors. If a user clicks on a link that BeEf put there, it will hook the user's browser into the Advanced Information Gathering server which is now also part of LUCY. The tool can also issue commands to the browser, such as redirection, changing URLs, generating dialogue boxes and more. It has the ability to run Malware on the hooked browser IP address and use it as a launching point to infiltrate other computers on the same network, effectively spreading the Malware. With the integration of Advanced Information Gathering into LUCY, companies can now answer two main questions: Would an employee fall for a phishing attack? And if they do, would their browser security settings have prevented more damage from browser exploitation type Malware?+Unlike other security frameworks, Advanced Information Gathering looks past the hardened network perimeter and client system and examines exploitability within the context of the one open door: the web browser.  Advanced Information Gathering can be used to "safely" expose Web and browser-based vulnerabilities like cross-site scripting (XSS) using client-side attack vectors. If a user clicks on a link that Advanced Information Gathering put there, it will hook the user's browser into the Advanced Information Gathering server which is now also part of LUCY. The tool can also issue commands to the browser, such as redirection, changing URLs, generating dialogue boxes and more. It has the ability to run Malware on the hooked browser IP address and use it as a launching point to infiltrate other computers on the same network, effectively spreading the Malware. With the integration of Advanced Information Gathering into LUCY, companies can now answer two main questions: Would an employee fall for a phishing attack? And if they do, would their browser security settings have prevented more damage from browser exploitation type Malware?
  
  
Line 11: Line 11:
 As Advanced Information Gathering is running in the background of a phishing landing page it only will work in scenario's, where a landing page which the user can access, is activated.  As Advanced Information Gathering is running in the background of a phishing landing page it only will work in scenario's, where a landing page which the user can access, is activated. 
  
-To enable Advanced Information Gathering go into the Base Settings of the campaign, select the scenario in which you want to activate BeEF and then go to scenario settings. At the bottom, you will find a checkbox "Advanced Information Gathering" which you need to activate.+To enable Advanced Information Gathering go into the Base Settings of the campaign, select the scenario in which you want to activate it and then go to scenario settings. At the bottom, you will find a checkbox "Advanced Information Gathering" which you need to activate.
  
-{{ beefmodulesii.png?600 }} 
  
 +{{:aig.png?600|}}
  
  
beef_integration.txt · Last modified: 2019/07/25 12:49 by 127.0.0.1