This post is the second of four that I am planning to write about social
engineering specifically about phishing. The form of phishing that I am
going to talk about is where an email is sent to a user, a link or an
attachment is in the email, it entices a user to click the link or open
the attachment, executes a payload and then it provides control of the
infected computer.
Here is the link to the first post called, "Prepare, Bait, Hook, Execute and Control - Phishing"
Lab
1. In the first port we explored what happens after a host is infected and how it can be controlled as a bot in a botnet. This control can be conducted through a C2 server which is usually another infected device on the internet. For this post we are going to evaluate what happens when a person clicks on a malicious link inside of an email or browses to a website that is infected.
2. When someone visits an infected website it may redirect them to an exploit kit. An exploit kit is used to establish control of the computer if a vulnerability exists. I am going to now refer to the following site as a reference that you should read. It defines what an exploit kit is, how it works and the different stages. This site was created by Palo Alto. Here is the link to "What is an Exploit Kit?".
3. Now with the understanding of how an exploit kit works, I am going to refer you to another site. The site Malware-Traffic-Analysis.net has a scenario that I would like you to work through. The scenario is of how a computer became infected by visiting an infected site that led them to an exploit kit.
Before you start working on the scenario, skip to step 4 in this post and setup Security Onion as an Analyst VM.
Please answer and show your work based on the scenario presented. Remember this is being written for a college class being taught soon. Feel free to look at his answers he has placed on the site but I need the work submitted to be your own work. Here is the link to the scenario on Malware-Traffic-Analysis.net.
Remember that the payload in the pcap that you are analyzing potentially contains malware. Be careful with it..
4. To setup security onion so that you can replay the pcap you could build an Anaylsts VM as talked about in this post.
I apologize if most of you do not appreciate the references to other materials on my post. I felt the references discussed and presented how an exploit kit works better than I could do it.
Enjoy...
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I ran a Nikto scan and found the following vulnerability in the report that it produces: "OSVDB-637: Enumeration of users is possible...
-
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
No comments:
Post a Comment