create_a_campaign_with_portable_media_devices
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
create_a_campaign_with_portable_media_devices [2018/12/25 12:33] – lucy | create_a_campaign_with_portable_media_devices [2020/08/13 01:50] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | LUCY allows you to create | + | LUCY allows you to create |
===== Background Info about Portable Media Attacks===== | ===== Background Info about Portable Media Attacks===== | ||
Line 12: | Line 12: | ||
**BadUSB – Turning devices evil**: Once reprogrammed, | **BadUSB – Turning devices evil**: Once reprogrammed, | ||
- | * 1.A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer. | + | * 1. A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example, to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer. |
- | * 2.The device can also spoof a network card and change the computer’s DNS setting to redirect traffic. | + | * 2. The device can also spoof a network card and change the computer’s DNS setting to redirect traffic. |
- | * 3.A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot. | + | * 3. A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot. |
===== Our Portable Media Attack Approach ===== | ===== Our Portable Media Attack Approach ===== | ||
- | With LUCY we provide a template for the " | + | With LUCY we provide a template for the " |
===== Setup ===== | ===== Setup ===== | ||
- | In order to create | + | In order to create |
- | | + | **STEP 1 - Create |
- | {{ portablemedia1.png?600 }} | + | {{:file-1.png|}} |
+ | |||
+ | **STEP 2 - Choose Attack Type:** In order to configure the campaign choose Portable Media Attacks. | ||
+ | |||
+ | {{:: | ||
+ | |||
+ | **STEP 3 - Select or Create a Client:** Create a client or choose the built-in client (a client can be your own organization or the company that asked you to perform a phishing test). This is important because you can also create view only accounts that are associated with those clients. | ||
+ | |||
+ | **STEP 4 - Select your Attack Template:** Select the scenario called **Portable Media Attack**. If you don't have this scenario among your templates then please download it using the " | ||
+ | |||
+ | {{: | ||
* Give the scenario a name and pick a domain or IP address (this is the domain or IP which is used upon execution: the malware simulation will send the data back to this host) | * Give the scenario a name and pick a domain or IP address (this is the domain or IP which is used upon execution: the malware simulation will send the data back to this host) | ||
+ | |||
+ | {{:: | ||
{{ portablemedia2.png? | {{ portablemedia2.png? | ||
Line 36: | Line 48: | ||
* Next configure the File template. This template defines what malware simulation should be running upon execution of the file on the Portable Media Device. Make sure you have the latest malware simulations installed in LUCY. You can download the malware simulations using the " | * Next configure the File template. This template defines what malware simulation should be running upon execution of the file on the Portable Media Device. Make sure you have the latest malware simulations installed in LUCY. You can download the malware simulations using the " | ||
- | |||
{{ portablemedia3.png? | {{ portablemedia3.png? | ||
Line 45: | Line 56: | ||
- | * In the last step you need to add the recipients to the campaign and go back into the base settings of your scenario and download the according malware simulations. Once you started the campaign LUCY will wait for incoming requests from executed files. | + | * In the last step you need to add the recipients to the campaign and go back into the base settings of your scenario and download the according |
{{ portablemedia5.png? | {{ portablemedia5.png? | ||
Line 59: | Line 70: | ||
d) The campaign must be running | d) The campaign must be running | ||
- | *You could also purchase USB sticks that will emulate | + | *You could also purchase USB sticks that will emulate external hardware (like keyboard) and execute the file automatically when attached to a computer (http:// |
Line 65: | Line 76: | ||
* Does it need admin rights to execute the files? No - to execute the malware simulations it does not need admin rights. The standard windows user rights will do. | * Does it need admin rights to execute the files? No - to execute the malware simulations it does not need admin rights. The standard windows user rights will do. | ||
- | * Can I only place an executable on the USB? No - you can place any type of malware simulation on the USB (.exe, doc with Macro, archived format etc.) | + | * Can I only place an executable on the USB? No - you can place any type of malware simulation on the USB (.exe, doc with Macro, archived format, etc.) |
* How can I get the users to execute the file? You could use simple social engineering techniques and just place some sticks in a public area, rename the executable to something like " | * How can I get the users to execute the file? You could use simple social engineering techniques and just place some sticks in a public area, rename the executable to something like " | ||
- | * How do I know if users executed the files? The moment the files get executed and the user has internet access the data will be transferred back to LUCY using the build in browser. | + | * How do I know if users executed the files? The moment the files get executed and the user has internet access the data will be transferred back to LUCY using the build-in browser. |
* Will the tool get detected by an AV? No - this should not happen (please let us know if this occurs) | * Will the tool get detected by an AV? No - this should not happen (please let us know if this occurs) | ||
- | * Will the tool be able to bypass USB filters or windows security settings (like UAC)? No - if you don't allow files from an USB drive to be executed this won't work. | + | * Will the tool be able to bypass USB filters or windows security settings (like UAC)? No - if you don't allow files from a USB drive to be executed this won't work. |
===== Create an Attack with CD & DVD's ===== | ===== Create an Attack with CD & DVD's ===== | ||
- | LUCY > 3.1 offers the administrator to create also .ISO images which can be used to burn a CD or DVD. Most CD-ROM burning applications recognize this type of image file. Once the ISO file is burned as an image, then the new CD/DVD is a clone of the original and bootable. | + | LUCY > 3.1 offers the administrator to create also ISO images which can be used to burn a CD or DVD. Most CD-ROM burning applications recognize this type of image file. Once the ISO file is burned as an image, then the new CD/DVD is a clone of the original and bootable. |
- | To create an attack with .ISO image you first need to create | + | To create an attack with ISO image you first need to create |
{{ portablemedia6.png? | {{ portablemedia6.png? |
create_a_campaign_with_portable_media_devices.txt · Last modified: 2020/08/13 02:32 by lucy