Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Presentation Advice
From: Dave Ockwell-Jenner <doj () primeinfosec com>
Date: Wed, 8 Sep 2010 22:13:51 -0400

Hi Craig,

I've given a very similar presentation earlier this year, and shortly dusting it off to deliver it again to a new 
audience.

I took a similar approach to show the limitations of traditional security controls (firewalls, AV, etc.). I have a 
virtual 'lab' consisting of three machines which simulate a small office. There is an endpoint desktop system, running 
AV (in my case it's AVG Free--kept up-to-date), a server system hosting shared files and a web site, and a security 
appliance (Untangle) providing networking routing, firewall, content inspection, etc.

Lastly, I have a separate 'attacker' system, running Metasploit. I took Metasploit's meterpreter payload, ran through 
some AV evasion techniques, and encoded it up as a VBScript, which I embedded in an innocuous looking Word document.

I demonstrate that the endpoint system is fully patched and has fully updated AV. We try to access a few web sites 
which the security appliance blocks, to show that it's working. We then open up the suspect Word document, which is 
hosted on a professional looking web site, such as you might be sent a link to in e-mail, IM, etc. The security 
appliance doesn't see a problem. IE doesn't see anything wrong with it's download checker. We even test the file with 
AV manually, just to be sure.

The 'user' opens up the Word document, the meterpreter payload runs, and we have pwnage.

I then run through a few things in Metasploit: access sensitive files, cracking passwords and pivoting to attack the 
server system.

Last time out, I mostly saw open jaws... and LOTS of questions, which was the purpose of the presentation :)

Good luck!
Dave.

On 2010-09-08, at 4:59 PM, Craig Freyman wrote:

I'm giving a security presentation to a room full of non IT folks in a few weeks. The point I want to drive home is 
that simply having AV and a Firewall doesn't make you bulletproof. There is a big gap between what the bad guys can 
do and what modern security apps can stop or catch. I think one way to help bridge this gap would be to raise user 
awareness and to get users thinking about security issues. I believe most users think that with AV/Firewall and not 
clicking on links, they're safe.

I was planning on doing a live demo (crossing fingers) to make this point. I will set up a rogue AP ("FreeWIFI 
Connect to ME!"), connect a client machine and then demonstrate some MITM attacks. I'll also throw in some SET to 
have some meterpreter fun. Password stealing, key logging, sound recording etc... I know I cant get too technical and 
if I do, I'll loose the group. I think this demo would get their attention but was wondering if anyone has done this 
before and if so, what did you do? 
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

--
Dave Ockwell-Jenner, President
Prime Information Security • Because business is risky enough™
www.primeinfosec.com • (519) 772-4929




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]