In digital era computer networks are all around us; at home, at job, public places, etc. Some networks are open, some have basic security, while some have high level security. However, all networks have weakness and some level of vulnerability and the main weakness are usually people. So, with the development of digitalization and the widespread usage of internet also security threat grow every day. In the past hackers were hacking more for the fun and not with the goal to harm, steal or spy. But today the game has changed. Hacking into systems and networks are happening every day with the goal of spying, stealing informations, etc. A lot of companies are under attack each day. For example, in company where I work, we receive 280M of emails per month and 80 % of them are blocked as spam. Yeah, you read it right, 280M per month. I could not imagine if our security would not be on high level as is and the mail server would not filter and detect threats on the proper way. I think that the worst job today is being network and security administrator. They always sleep with one eye open, if even they sleep.
Ok, enough bull shiting and let’s talk about the real stuff. Let’s assume that we want to attack the company network, where they are using windows systems. What are our options? We can attack it over the internet or on the site. But most of attacks are performed over the internet. So, if we decided to attack them over the internet, first we need to perform some information gathering. We need to find as much as possible about them on legal way. Due to the most attacks were done by phishing, finding emails of employers is most important. Then we need to decide the way of phishing attack. Will we make word or excel macro file or will we make embedded powershell payload in pdf, mp4, etc. There is a lot of options, and today still the most popular method is with macro and powershell. Also the VBA and VBS will do the job very good. Ok, when we decided the way, we need to create the payload that will not be detected by antivirus and if the company has good email filtering, that email will not be marked as spam. So, when we have prepared technical plan about our attack, and when we decided the way of handling the payload (usually C2 server – command & control server), we need to make a good plan how would we trick the victim to open malicious file. Here will come in front our imagination and social engineering skills. We also need to decide from which email we will send it, that this will not looks suspicious. The best way would be if we spoof the email, that it will look like it was sent by other employer from the same company. But those days most of companies are well protected by spoofing and this will not work in many cases. But anyway you will still be surprised how many email servers are not protected good. Maybe we could check if some other company partners are able to spoof email, etc. The point is, more that our email will looks like legit email more chances we have for successful attack. And once attack is successful and we gain access to one computer in the network, we need to set persistence connection and perform further actions, which depends on attacker goal.
This was really basic and rough explanation about attacking of network. In the further posts I will explain more in details about macros, powershell payloads, evading detection, embedding files, spoofing emails, moving around network with less noise as possible and many more. Also I will explain some techniques for on site attack by using some cool gadgets.