Speaker: Dan Gunter
Title: Social Networking that can allow exfiltration /infiltration of data on "secured networks"
Dan brings a depth and breadth of experience for both the technical and business development side of information security. He has worked and consulted across the commercial, non-profit, academic and government sectors and recognizes the unique needs and constraints within each setting. He has served in roles ranging from proposal development and customer need analysis for high value information security contracts to designing and coding solutions to solve unique and challenging problems in settings with anywhere from a few users to hundreds of thousands of users. Dan holds an Undergraduate Degree in Computer Science and will finish his Masters in Computer Science soon.
A vulnerability exists through the use of Social Networking Sites that could allow the exfiltration /infiltration of data on "secured networks". SNSCat provides a simple to use post-penetration data exfiltration/infiltration and C2 (Command and Control) platform using images and documents on social media sites (Facebook, Google Apps, twitter, imgur, etc). The first part of our presentation will focus on case studies demonstrating the risks assumed by allowing social media sites on business networks both by malicious insiders and outsiders. After coverage of preliminary terms and concepts, we will introduce our tool and show how one can easily move files in and out of a network using social media sites. We will next demonstrate how one can use SNSCat along with the implants we have created to establish full command and control between the controller and the listening agents. Automation of commands is vital in establishing a robust botnet covertly communicating and responding to instructions from the controller. Anonymity is also essential which keeps the attacker and victim networks from ever touching each other. SNSCat is built to provide these very functions! Finally, we will introduce how one can plug in their own home-brewed steganography and cryptology modules as well as how one can build connectors for additional sites into our framework. In a 60 minute presentation, we will show you how to bypass network security equipment via social networking sites to mask data infiltration/exfiltration and C2 from any network with access to social networking sites.