Swift Phrase Changes
- Data Collection and Gathering There’s no special meaning for the term, It is what It is. Why people collect data? or should I say why do attackers collect data? It can have various reasons, such as further enumeration and data dumping, brewing more attacks based on the collected data(most commonly bruteforce and phishing etc) I don’t know why they should have a “reason”. The question can be “why not?”. The attackers can gather the data once they are in the system/network, It doesn’t take much time. How does it happen? due to the low security on data storage side of the web application which doesn’t contain much input sanitization, once the attacker has activated his shell and got the session on the victim, he can virtually download and dump the data in a safe place. Mostly in throwaway cloud providers such as Mega, Terabox etc. It’s a simple term, I hope no long explanation is needed. 2. Command Control Command control can have many meanings in different contexts, the one I’m referring to in here is, windows traditional command prompt and Windows Powershell. These utilities lets the user perform command line functions, well not very much open as linux but in a closed environment. With the help of these CLIs(command line Interface), an attacker can trick the user into executing malicious scripts. Those scripts can mimic human interaction, let’s say : to do some things such as installation/un-installation the system asks for user’s approval. What If the attacker takes advantage of popular python libraries which do that specific thing? after execution the script can act as a remote and press a few enter buttons and delete Itself after the payload has been executed. I’m sure that It has a catch, but It’s a plausible scenario. The system may not give keyboard access to the unknown script as simple as that. Still, many more things the attacker use to spoof the real scripts and make it executed. cuRL and pip(python package installer) are accessible via the command prompt, they can be done to access a temp browser-like environment and view/download content. Pip is a great CLI utility for both developers and attackers, because It lets us download all the python packages. So, for starters open your command prompt and type:C:\Users\deezsec> pip
Usage:
pip <command> [options]
Commands:
install Install packages.
download Download packages.
uninstall Uninstall packages.
freeze Output installed packages in requirements format.
inspect Inspect the python environment.
list List installed packages.
show Show information about installed packages.
check Verify installed packages have compatible dependencies.
config Manage local and global configuration.
search Search PyPI for packages.
cache Inspect and manage pip’s wheel cache.
index Inspect information available from package indexes.
wheel Build wheels from your requirements.
hash Compute hashes of package archives.
completion A helper command used for command completion.
debug Show information useful for debugging.
help Show help for commands.
So, that’s the pip. It comes prebuilt, You can do some fun activities.C:\Users\deezsec>pip install cowsay
#It’ll start downloading, wait for it.
C:\Users\deezsec> cowsay -t Hey,ThisisSpaceC! -c daemon
_________________
| Hey,ThisisSpaceC! |
=================
\
\
\
\
/- _ `-/ '
(/\/ \ \ /\
/ / | ` \
O O ) / |
`-^--'`< '
(_.) _ ) /
`.___/` /
`-----' /
<----. __ / __ \
<----|====O)))==) \) /====
<----' `--' `.__,' \
| |
\ /
______( (_ / \______
,' ,-----' | \
`--__________) \/
Pretty fun right? Yes! The attackers can do a lot of such activities by downloading python packages to support their attacks.
3. Exfiltration
Exfiltration is a type of method where the attackers download and dump the data from a device without any proper authorization. The data is accessed without any permissions and then downloaded, Even google dorks can spit valuable data regarding particular companies, ExploitDB does a great job putting that info at one place. Check it out later. Why is this serious? the attackers can see the data which they are not supposed to. Where’s the importance of privacy? the company will lose their own employees’ trust. Well, think it once.
Another important thing about this is, once the attacker gets his hands on the data, there’s no way to retrieve the data, It’s forever there in his disposal. It doesn’t work like WhatsApp where once we do “delete for everyone” the media/message magically gets deleted.
4. Impacts of Data Dumps
Huge data dumps effects the users whose data is on that said dumps, they are exposed to the world, anyone can see their personal information. Someone can steal their identity and create fake accounts on social media often by the means of spoiling their reputation or social status. These people might never know that their data has been compromised. They continue using the same mail on various other platforms.It’s not a good thing. Let’s see how a traditional leaked dumped sorted data looks like. This is not how a real dump looks like, this is a sorted credential dump. Real full scaled dump contains literally full details, which I do not want to share.ravipxxxxx@gmail.com:111728
rmerxxx@gmail.com:89431xxxx747
www.nazxxx@gmail.com:0558428186
vishnupriyaxxxx@gmail.com:vishnupriya
rajeexxx2@gmail.com:ranijarajeesh
anakhaanaxxx@gmail.com:anakhaanandnjan
beenajaxxxx@gmail.com:12345678
sudhixxxx@gmail.com:kpsudhi
jinooxxxx@gmail.com:nair@9746
aaxxxx@gmail.com:75xxxx13245a
neetxxxx@gmail.com:aradhya
dasayxxx@gmail.com:956xxxx0515
renjxxxx@hotmail.com:Arnniv123@
bixxxxx@live.com:Jijueb1
rejikurxxxxe79@gmail.com:appoose
nijilxxxxl@gmail.com:9xxxx74444
vksubraxxxxn@gmail.com:jaisriram
akshaxxxx3@gmail.com:anugraha#1
chinxxxxxment2@gmail.com:chinjuaashish
aneesxxxxrier5@gmail.com:Ansh24154680
amithkrxxxxxhnan61@gmail.com:Focusonit1
rohitxxxx@gmail.com:india11!
smritxxxxir30@gmail.com:ganpatibappa
maneesxxxxn0@gmail.com:123456
Mahesxxxx13@gmail.com:Makku34314949
jyothixxxxk6@gmail.com:jyothirdasneethuK1
renjixxxx@gmail.com:horo@60777
anirudhxxxr@gmail.com:949xxxx81827
sojusaxxxgmail.com:saarang
ajaxxxx61@gmail.com:AJAYAN
Ajithxxxxxlil@gmail.com:7025050075
nairbxxxxx6@gmail.c:devutty3388
divyaxxxx50@gmail.com:akhilkrishnan
shine2345xxxxxes@gmail.com:70xxx67884
I had to cover their full mail address due to privacy concerns. I cannot believe that some people just used their phone numbers as their passwords. As you can see, this same data is used to do bruteforce attacks on wide range of websites. Even til this day, some of this people could be using the same password, we never know.
5. Data from Removable Devices
These are external storage devices that are connected to the CPU, When a network has been compromised, the devices which are still connected to the same network can be accessed remotely by the attacker. And of course the external devices too, this data can be straight away dumped and downloaded, USB devices commonly contain huge sets of employee files and company sensitive information. This can be one of the reasons why we can see a surge in USB based attacks where the attackers focus on stealing information from these small devices.
So, that’s about the basics, you may wonder If there’s any security protection from USB, yes. They contain security protection but only from external hardware trying to access them from outside without authorization. Those implementations can’t do much when the attacks are happening from the inside(with necessary permissions of course, we have the attacker right?).
I hope, I explained it good, I know that I still have to improve, I’ll keep trying my best to make it sound simple. The titles are never in relation with the content being inside. I still have no time to create that index for other publications, anyways. I’ll see you tomorrow again.