Ads 468x60px

16 de octubre de 2017

How to create a Backdoor for Android systems

There are lots of documentation, how-to and videos today on the net to create our own backdoor for Android devices. Therefore, it’s increasingly easy to “develop” a backdoor and trojan to spy someone and thus this is extremely dangerous in the wrong hands. Once again, if we don’t want to be the victim, security awareness is too important to detect social engineering attacks and block access to malicious websites or unknown mail.

I’m going to write an easy how-to today to create a backdoor for Android devices although there are many tutorials on the net like this. Of course, I’m not responsible for any illegal activity performed by the reader because this is for education purpose only.

Step 1: We are going to create a payload .apk file from Kali Linux with the MSFvenom tool. This tool is a combination of msfpayload and msfencode, which are no longer used.

MSFvenom payload

-p = Payload to be used
LHOST = Localhost IP to receive a back connection. We have used private IP address for testing into the lab while if the victim are going to be on the Internet, LHOST should be a public IP address.
LPORT= Localhost Port on which the connection listen for the victim.
R = Raw format (We select apk).
Location = to save the file.

Step 2: Once successfully created .apk file, we have to sign the .apk file because Android devices don’t allow installing apps without the appropriately signed certificate. Therefore, we are going to sign the .apk file manually.

First, if we don’t have a valid keystore, we have to create our own keystore.

Keytool making Keystore

Second, we are going to sign the .apk file with our own key.

Signing an apk file with JARsigner

Third, we are going to align the .apk file into a new file with zipalign. It’s important to highlight that zipalign package isn’t installed by default in Kali Linux thus we’ll have to install zipaling previously with apt-get install zipalign.

Aligning the apk into new file using zipalign
Step 3: We have already finished with the backdoor app and it’s time for starting the listener with multi/handler exploit using Metasploit.

Starting Metasploit
We’ll also have to setting up the parameters for listening in the right IP address and TCP port number with a reverse TCP meterpreter:

Setting up the exploit

Finally, we run the exploit and wait for victims:

Executing the exploit

Step 4: It’s time for sharing and installing the android.apk file to the victim mobile device. If we have configure a public IP address into the apk payload, we can use the android.apk file everywhere, which is what attackers actually do. On the other hand, the way to share the android.apk file is up to you because what attackers actually do is sharing by social networks, mail, etc.

Installing the application on an Android device

Step 5: Once the App is installed into the victim mobile device, we can go back to Kali Linux to see a session meterpreter is opened, which means we have access to the mobile device.

Successfully got the meterpreter session
From a session meterpreter we can get contacts (dump_contacts), last calls (dump_calllog), upload/download files, record audio with the microphone (record_mic), even take picture or open the webcam.

Webcam Streaming
As we can see, it’s easy to create a backdoor for Android mobile devices. From my point of view, it’s a cyberweapon for spying that in the wrong hands, and with a little bit creativity, could be harmful for innocent people.

Regards my friends and be a good guy!

9 de octubre de 2017

Governance of Information Security

Six years ago, I got my first certification about best practices for IT service management (ITSM), which was my first steps into processes, procedures and tasks to know how to align my daily tasks into the business needs. Next, the company where I work, Ariadnex, decided to get the ISO 20000 and the ISO 27001 to implement service quality and information security, which was a hard time because we were developing and writing many policies and procedures to define, measure and improve services, and at the same time, protecting the systems and information. After that, I got CISA and CISM certifications where I learnt about Information Systems Auditing and Information Security Management as well as about strategies, policies and procedures.

Today, after 8 years of working in IT, I've come across with many Security Frameworks, and IT Service Management Frameworks as well. Everybody knows about ISO 27001 and ISO 20000 but when we speak about COSO for Corporate Governance; COBIT, Val IT or ISO 38500 for IT Governance and Management; or ISO 27014 for Information Security Governance, it's difficult to understand well enough the differences. However, there are many other frameworks like SABSA, TOGAF, etc.

Topology of IT-related standards

Nevertheless, most of these frameworks are created for big companies where there is a department for compliance, monitoring and control, but Spain is different because most companies are medium and small companies where there is no department about compliance, monitoring and control nor security department either. I’m wondering how many companies there are in Extremadura with more than five people in the security department? One? Two?

I think the most known security standard is the ISO 27001 but, maybe, there should be a light ISO 27001 for medium and small companies as well because 14 security domains and 114 controls is too much for companies with less than 25 employees. On the other hand, if we speak about Governance of Information Security or the ISO 27014, most medium and small companies don’t know what I’m talking about because their needs are not to establish organization-wide information security, adopt a risk-based approach, set the direction of investment decisions, ensure conformance with internal and external requirements, foster a security-positive environment or review performance in relation to business outcomes, but they don’t have time to think about it and they are working without any alignment to the business needs.

ISO/IEC 27014

This last week, I read about a governance framework I didn’t know which is called Val IT. I came across to Val IT when I was reading about ISO 38500 and ISO 27014, and it’s a framework to create business value from IT investments which has three domains (Value Governance, Portfolio Management and Investment Management). This is an old framework developed by ISACA in 2008 that along with Risk IT and COBIT 4.1 was released the new COBIT 5.

Governance of Enterprise IT

I’m finishing of writing this post and I’ve just realised that I wrote about Information Security Governance two years ago when I was studying for CISA and CISM certifications thus this is a new thinking about Governance of Information Security.

Regards my friends and keep studying!

1 de octubre de 2017

Computer Forensics

Technology grows exponentially and this is good for our society because we can live better, we can keep in touch easily with each other regardless where we are and even there will be more jobs opportunities in jobs that nobody knows today because they still have to be invented. However, this growth is challenging because there are increasingly more threats and we also have to keep studying again and again to learn new things. Therefore, I'm going to write about computer forensics this time which is a new field I’m studying these days, and it’s unknown for many IT engineers, but it is very important when we have to analyse an attack.

The forensic process has four phases which are collection, examination, analysis and reporting. The first one, collection, is for identifying, labelling, recording and collecting a data related to a specific event. The second one, examination, forensic tools and techniques are executed to identify and extract the relevant information from the collected data. The third one, analysis, is for analysing the results of the examination to get useful information. The last one, reporting, is for reporting the result of the analysis, which may include describing the actions performed, determining what other actions need to be done, etc.

Forensic Process

The investigator role is very important in forensics because if the investigator makes something wrong with digital evidences, they can be modified or destroyed, thus the evidence would be useless. This is the reason why there are usually two roles into the investigation. One role called Digital Evidence First Responder (DEFR) for identification, gathering, acquisition and preservation of the digital evidence, and another role called Digital Evidence Specialist (DES) to help DEFR with the expertise of analysing determined evidences.

Investigators should work in a laboratory where they can store evidences securely because the integrity and security of evidences are very important. On the other hand, investigators should have all kind of operating systems and many hardware and software tools like password recovery software, forensic analysis suites, virtualization software, management project software, antivirus, etc.

Forensic Analysis Suites

Investigators should also keep the chain of custody which is a process where evidences are handled without any modification to assure the integrity, authenticity, traceability, preservation and location of digital evidences. The chain of custody is done through documentation and hashing.

Chain of Custody

Finally, it’s important to highlight that everyone could be an investigator to perform forensic activities because it’s not required any certification, although it helps. What’s really mandatory is to say always the truth and we must be unbiased to show clearly and understandably to the judge those technical aspects difficult to understand in a court of law.

Regards my friends, extends your knowledge, keep studying!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares