1 reply to this topic

[No Dice]

Some of the biggest threats happen from the inside out.

I’ve noticed a lot of empty cubicles where I work and a lot of open ports. The threat behind this common mistake is that it gives an open invitation for anyone to anonymously scan users and servers for vulnerabilities. Here I’ll describe a real world scenario that takes advantage of this negligence and propagates into multiple users (Coworkers) being compromised.

Monday 8:00am - Dice takes a look around the 5,000 sq ft office and notices that a lot of people have called in sick or being that it’s a holiday many people have taken extended vacations. Hmmm…

8:05am – Dice casually walks around and finds a sweet spot where he can hide and plug his preconfigured laptop into the Corporate LAN. He setup a Trojan listening and has multiple commercial scanning and exploiting apps (Retina & Canvas) already open.

8:07am – At this point he’s back in his own cube and starts to tunnel out to a remote zombie that he configured earlier. With port redirection already setup on the zombie, his SIN connection can now be established to the attacking laptop.

8:12am – After opening a VNC on the attacking laptop, Dice begins scanning a range of user IP’s that he knows are not servers. With in a matter of 20 minutes, Dice now has several targets that are vulnerable to exploits and begins the attack.

8:40am – Now that Dice has multiple shells he slowly begins to upload his Trojans one by one.

9:00am – Eight users have now been compromised with out any “Red Flags” going off or being detected.

9:05am – Dice now heads outside to have a Victory cigarette.

9:20am – Like before Dice casually walks over and retrieves his attacking laptop and slips it back into his bag.


This method allows Dice to have a full view of the attack that is not normally available. In the end, even a skiddie can be a major threat and shouldn’t be taken lightly.. I’m not really sure where I’m going with this but it’s what I see everyday and thought I’d share…

Dice,

[Juno]

Agreed. I'm suprised that more and more networks don't go attacked. Just go to a Sears store and look at how the kiosks are setup; you can pretty easily get out of the program and really wreak some havok, all with the anonymity of a common mall rat. Not that I actually suggest doing that, but it fits in with what Dice was saying. Security it the users responsibility! You can't afford to depend on your company's sysadmin to hold your hand; if you get hacked, it's your machine that get's trashed, not the admin's.