interactive_reverse_http_s_sessions
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
interactive_reverse_http_s_sessions [2016/10/12 11:17] – [Can I upload my custom payload to the client?] lucy | interactive_reverse_http_s_sessions [2019/05/22 17:47] – lucy | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== Background Info ===== | ===== Background Info ===== | ||
- | Not only does the popular perimeter-based approach to security provide little risk reduction today; it is in fact contributing to the increased attack surface criminals are using to launch potentially devastating attacks. In general, the perimeter-based approach assumes two types of agents: insiders and outsiders. The outsiders are considered to be untrusted while the insiders are assumed to be extremely trustworthy. This type of approach promotes the development of architectures where networks are clearly broken into delineated “trusted” zones and “untrusted” zones. The obvious flaw with the perimeter approach is that all the insiders — that is the employees of a business — are assumed to be fully trustworthy. | + | Not only does the popular perimeter-based approach to security provide little risk reduction today; it is, in fact, contributing to the increased attack surface criminals are using to launch potentially devastating attacks. In general, the perimeter-based approach assumes two types of agents: insiders and outsiders. The outsiders are considered to be untrusted while the insiders are assumed to be extremely trustworthy. This type of approach promotes the development of architectures where networks are clearly broken into delineated “trusted” zones and “untrusted” zones. The obvious flaw with the perimeter approach is that all the insiders — that is the employees of a business — are assumed to be fully trustworthy. |
- | With LUCY, we are now able to expose how the emerging breed of attackers are able to leverage application and browser flaws to launch “inside-out” attacks, allowing them to assume the role of the trusted insider; a type of attack used in the "1 Billion Dollar Heist" (see page 9 https:// | + | With LUCY, we are now able to expose how the emerging breed of attackers are able to leverage application and browser flaws to launch “inside-out” attacks, allowing them to assume the role of the trusted insider; a type of attack used in the "1 Billion Dollar Heist" (see page 9 https:// |
===== About the Tool ===== | ===== About the Tool ===== | ||
- | The tool is called " | + | The tool is called " |
Line 19: | Line 19: | ||
- | The Tool only runs in the memory (called “file” in Process View). After the termination, | + | The Tool only runs in the memory (called “file” in Process View). After the termination, |
===== Configuration ===== | ===== Configuration ===== | ||
Line 26: | Line 26: | ||
- | You can either choose to send the attachment via Email (use the network activity report) or create a download page (e.g. select the VPN Download scenario). The specific Malware Simulation Settings can then be edited, either within the landing page template or the email template. To perform an attack with the interactive shell, please select " | + | You can either choose to send the attachment via Email (use the network activity report) or create a download page (e.g. select the VPN Download scenario). The specific Malware Simulation Settings can then be edited either within the landing page template or the email template. To perform an attack with the interactive shell, please select " |
{{ 120.jpg?600 }} | {{ 120.jpg?600 }} | ||
Line 32: | Line 32: | ||
If you only want the executable to be provided as a download link and not an email attachment, simply select the " | If you only want the executable to be provided as a download link and not an email attachment, simply select the " | ||
- | If you don't choose to select to show a custom error upon execution, then the file runs silently in the memory. Otherwise a popup will appear when the user executes the file. | + | If you don't choose to select to show a custom error upon execution, then the file runs silently in the memory. Otherwise, a popup will appear when the user executes the file. |
\\ | \\ | ||
Line 50: | Line 50: | ||
- | The tool allows you to use a limited set of commands. Some commands in Windows are not executable, they are built into the command line (Example of command with executable: whoami). | + | The tool allows you to use a limited set of commands. Some commands in Windows are not executable, they are built into the command line (Example of command with executable: whoami). |
* cmd /c dir | * cmd /c dir | ||
Line 70: | Line 70: | ||
- | Within a session you can upload your own custom payload to the victim' | + | Within a session, you can upload your own custom payload to the victim' |
{{ uploadpayload.png? | {{ uploadpayload.png? |
interactive_reverse_http_s_sessions.txt · Last modified: 2021/03/15 17:58 by lucy