High Stakes

February 11, 2024

image Photo by Avi Richards on Unsplash >Sorry, Went against the plan, sick of the headlines on the papers at the stand. “Extree Extree” It’s all a big scam. Publishing lies to make a couple hundred grand. What’s a man to do in a world like this? live my whole life to get burnt to a crisp.

Hey folks, How was Sunday? no surprise though, the same relaxation. It’s ordinary, ordinary is nice. Welcome to the part-17, Let’s see what do we have today.

  • Searching Victim-Based Websites We will discuss some OSINT things in this one, OSINT is short for open source intelligence, It basically means fetching and scrapping openly available information about a particular person, be it from social media accounts or by different websites’ presence such as forum interaction. People think of one unique username and continue to use it in every site they register, It’s so easy to scrap information if you use the same username everywhere, the person who’s interested in knowing you can simply give it a search and uncle google will just spit everything out. There are more user friendly tools which can spoon-feed the user such details(sherlock). OSINT is so broad that it has many ways we can explore, many methods we can use to fetch information. We’ll cover them one by soon, very soon. We can use Ghunt which is by far my favorite one. Its code isn’t that complex or advanced, whats impressive is how it has been put together. Try it out sometime. Searching for a target becomes tough if they are less social and have multiples aliases under their disposal, while it may seem tough, we as humans cannot be perfect always, there would be times where we do mistakes. Simple mistakes, just gotta keep searching to get to those mistakes. Jaane kya dikh jaaye!. 2. Resource Development Resources are a set of curated applications/scripts created by attacker groups to use them in their attacks, they can range from simple helping aid scripts to full scaled application level malware, like the saying goes “You can learn any skill if you spend 10,000 hours on it.” Malware creation is a lengthy process, It requires a keen interest in compromising and controlling machines. Without any interest, there’s no curiosity. These resources are private, they are only accessible by their group members so that they can do their stuff. Using Publicly available resources won’t help, because they are already been patched, to explore unpatched vulnerabilities one needs to develop his own malware. It can be in any form, doesn’t need to be perfect, just has to be consistent. Why all this hassle in the first place? an attacker can only thrive in his ecosystem with a right set of arsenal. Resources doesn’t have to be malware, it can be simplified versions of applications with better security. 3. Initial Access It simply is the way of getting the first entry into the system, we can then make it more sophisticated and pwn our way into the crucial parts of the system. Initial access can be done with the help of many attacking vectors such as social engineering attacks, MITM and with the help of key loggers. Like all the things, it requires pre understanding on how different systems with different architectured. 4. Execution This is the part where the attacker tries to the run the payload and get a session on victim’s system. The code can be bluffed as.jpg, .png or even .pptx, the real extension can only be seen when we go through its properties in settings, execution determines whether the group will get in or get kicked out by triggering a IDS. It’s possible to hide a malware in a .png files, they are forcefully made into those extensions to own the trust of the user and then make him/her click it and execute the files. The user may get suspicious if a popup window comes when he/she is doing something that doesn’t require it. That’s why only when downloading selected tools it should display it(the malware should act as sleeper cell), I guess that’s so far fetched. But that’s a safe play coming from an attacker side. 5. Persistence So the above is for the execution, now what’s after it? The next part is persistence, After the system has been compromised, It must contain the the interaction between the attacker and victim. We are talking stages here, for different stages the attackers prepare different scripts to use, Like we discussed above initial access and execution, those two are completely different stages, they also contain substages and don’t forget about the exception handlings. To gain persistence, the attacker has to deploy additional measures and restrict the system to do only set of functions. The more we can supress its capabalities, the more the chance of a successful compromise. Why persistence? The thing we ought to get won’t be downloding in a split second, It takes a few minutes. Those few minutes are extremely important, they decide the entirety of outcomes. The attacker can never know what kind of anti-attacks the company has on their sleeves, that’s why persistence is necessary, once it is gained, the attackers can sit back and relax while it does it’s work . That’s it for today, I apologise if i made some blunders on the words, Wrote it while half asleep. Gotta say my brain still talks like a crazy server. I’ll see you again tomorrow.