Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Let’s spread Phishing and escape the blocklists

Il talk vuole simulare la creazione di una campagna di phishing finalizzata a carpire credenziali o a divulgare file malevoli. Analizzeremo durante una demo diverse tecniche utili ad evadere le blocklist di safe browsing o le regole di filtraggio dei filtri anti-spam.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Let’s spread Phishing and escape the blocklists

  1. 1. LET’S SPREAD PHISHING AND ESCAPE THE BLOCKLISTS H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I Tecniche sfruttate dai criminali per protrarre una campagna di phishing Photo by Nahel Abdul Hadi on Unsplash
  2. 2. WHOAMI + Phishing Analysis and Contrast @ D3Lab + Python Developer Matteo Flora + Team Member @ BackBox Linux H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I Andrea Draghetti
  3. 3. Il Phishing è un tipo di truffa effettuata su Internet attraverso la quale un malintenzionato cerca di ingannare la vittima convincendola a fornire informazioni personali, dati finanziari o codici di accesso, fingendosi un ente affidabile in una comunicazione digitale. {Wikipedia} PHISHING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  4. 4. STATISTICHE 400000 800000 1200000 1600000 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Number of unique phishing e-mail reports Number of unique phishing web sites Fonte: Anti-Phishing Working Group H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  5. 5. STATISTICHE Countries targeted by malicious mailings Fonte: Securelist H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  6. 6. STATISTICHE Rating of categories of organizations attacked by phishers Fonte: Securelist H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  7. 7. VETTORI: EMAIL, SMISHING, VISHING, ADS, ETC.. H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  8. 8. CONTRASTO Blocklist Abuse Team H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  9. 9. CONTRASTO: BLOCKLIST H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I Fonte: https://www.inrialpes.fr/planete/people/amkumar/papers/gsb-security.pdf
  10. 10. CONTRASTO: GOOGLE SAFE BROWSING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I https://safebrowsing.google.com/safebrowsing/report_phish/
  11. 11. CONTRASTO: GOOGLE SAFE BROWSING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I Fonte: https://www.inrialpes.fr/planete/people/amkumar/papers/gsb-security.pdf
  12. 12. CONTRASTO: GOOGLE SAFE BROWSING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I Fonte: https://www.inrialpes.fr/planete/people/amkumar/papers/gsb-security.pdf
  13. 13. BLOCKLIST E TECNICHE DI EVASIONE: GEO-BLOCKING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script> <script> $.getJSON('https://api.ip.sb/geoip?callback=?', function (data) { if (data.continent_code == "EU"){ $(location).attr('href', ‘http://example.xsph.ru/phishing-page/')} else { $(location).attr('href', ‘https://google.it/')} }); </script>
  14. 14. BLOCKLIST E TECNICHE DI EVASIONE: IP-BLOCKING H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I $ip_blocking_array = ["^192.168.*.*"] foreach ($ip_blocking_array as $ip) { if (preg_match("/" . $ip . "/", $ipaddress_visitor)) { header("HTTP/1.0 404 Not Found"); die("<h1>404 Not Found</h1>The page that you have requested could not be found."); } }
  15. 15. BLOCKLIST E TECNICHE DI EVASIONE: HOSTNAME BLOCKING $blocked_hostname = array( "google", "phishtank", “netcraft", "yandex", ...); foreach($blocked_hostname as $word) { if (substr_count(gethostbyaddr($_SERVER['REMOTE_ADDR']), $word) > 0) { header("HTTP/1.0 404 Not Found"); die("<h1>404 Not Found</h1>The page that you have requested could not be found."); } } H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  16. 16. BLOCKLIST E TECNICHE DI EVASIONE: USER-AGENT BLOCKING $useragent = $_SERVER['HTTP_USER_AGENT'];
 if (strpos($useragent, "google") OR strpos($useragent, "phishtank") !== false ) { header("HTTP/1.0 404 Not Found"); die("<h1>404 Not Found</h1>The page that you have requested could not be found."); } H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  17. 17. BLOCKLIST E TECNICHE DI EVASIONE: USER-AGENT BLOCKING $useragent = $_SERVER['HTTP_USER_AGENT']; if (strstr($useragent, "iPhone") === false ) { header("HTTP/1.0 404 Not Found"); die("<h1>404 Not Found</h1>The page that you have requested could not be found."); } H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  18. 18. BLOCKLIST E TECNICHE DI EVASIONE: RANDOM PATHS https://www.officialsite.it.examplesite.com/login/caf93d0f225c7a59d52ad3c4a0afc575/ https://www.officialsite.it.caf93d0f225c7a59d52ad3c4a0afc575.examplesite.com/login/ 
 
 https://www.officialsite.it.caf93d0f225c7a59d52ad3c4a0afc575.examplesite.com/login/caf93d0f225c7a59d52ad3c4a0afc575/ H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  19. 19. ANTI-SPAM E TECNICHE DI EVASIONE H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I mail-tester.com
  20. 20. ANTI-SPAM E TECNICHE DI EVASIONE Invisible characters:
 
 <style>span.hc {font-size:0;}</style> P<span class='hc'>1</span>a<span class='hc'>2</ span>y<span class='hc'>3</span>P<span class='hc'>4</span>a<span class='hc'>5</ span>l<span class=‘hc’>6</span>….. Allowed URL: 
 https://bit.ly/2WwFPyB H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I
  21. 21. DEMO H A C K I N B O S A F E E D I T I O N - 2 4 M A G G I O 2 0 2 0 - A N D R E A D R A G H E T T I https://github.com/drego85/HackInBoSafeEdition/
  22. 22. CONCLUSIONE Photo by NeONBRAND on Unsplash

×