94 lines
2.4 KiB
Markdown
94 lines
2.4 KiB
Markdown
# Physical attacks
|
|
|
|
## Physical recon
|
|
|
|
* Google street view is handy
|
|
* can be outdated
|
|
* drive-by
|
|
* just stalk them
|
|
|
|
## Physical barriers
|
|
|
|
* doors, gates
|
|
* motion sensor door locks
|
|
* canned air can trigger motion sensor from outside
|
|
* doors with keys and padlocks
|
|
* lock picking (manual and electronic) open these easily
|
|
* door unlock button
|
|
* RFID door locks
|
|
* backend systems often very dumb
|
|
* plenty of devices can copy cards
|
|
* Flipper Zero
|
|
|
|
## Drop boxes
|
|
|
|
* device that gets stealthily added to local network
|
|
* preconfigured to provide connection for attacker
|
|
* make it inconspicuous
|
|
* in cable tray
|
|
* behind desktops
|
|
* ...
|
|
* when using multiple, make sure they don't communicate
|
|
* finding one shouldn't find the others
|
|
|
|
### Lan turtle
|
|
|
|
* looks like USB ethernet dongle
|
|
* routes attacker traffic through VPN into victim network
|
|
|
|
### Packet squirrel
|
|
|
|
* [https://shop.hak5.org/products/packet-squirrel-mark-ii]
|
|
* mostly aimed at network interception and manipulation
|
|
* logs network traffic
|
|
* captures print spool jobs
|
|
* intercepts DNS request and directs them to server of your choosing
|
|
|
|
### Hidden camera
|
|
|
|
* drop boxes that contain hidden camera
|
|
* look like ordinary devices (e.g. USB charger)
|
|
* position is key
|
|
|
|
## HID injection attacks
|
|
|
|
* attacks using devices that act as Human Interface Devices (HID), e.g.
|
|
keyboard
|
|
* Rubber Ducky
|
|
* USB that acts like HID
|
|
* sends lots of keystrokes to e.g. install malware
|
|
* Bash Bunny
|
|
* more advanced Rubber Ducky
|
|
* emulates ethernet, serial and flash storage as well
|
|
* typical attacks
|
|
* QuickCreds: run Responder on device to extract NTLMv2 hashes
|
|
* BunnyTap: funnel cookies of user to attacker
|
|
* Kon-Boot: allows access into password-protected PC by booting with
|
|
Kon-Boot enabled on USB
|
|
* drop attacks
|
|
* leave thumb drive for people to find
|
|
* curious people will plug it in
|
|
* devices that look like cables also exist
|
|
* destructive attacks
|
|
* killer USBs that send high voltage through device
|
|
* destroy mission critical devices
|
|
|
|
## WiFi attacks
|
|
|
|
* capture handshakes of devices
|
|
* pass handshake to hashcat
|
|
* most tools require monitor mode
|
|
* not present on most devices
|
|
* WiFi pineapple
|
|
* preconfigured WiFi attack tool
|
|
* rogue access point
|
|
* reroute traffic
|
|
* capture handshakes
|
|
* ...
|
|
|
|
## Mitigation
|
|
|
|
* proper training of staff
|
|
* network scans for unauthorised devices
|
|
* monitoring and incident response
|