forked from techfolios/template-old
-
Notifications
You must be signed in to change notification settings - Fork 0
ceh_15_hacking_mobile_platforms
amaskey edited this page Apr 22, 2018
·
2 revisions
- mobile devices has changed access to information dramatically
- anyon with these devices can access information from any time or location
- can edit documents on the go
- send messages
- share file
- mobile is slowing replacing desktop and laptop
- access email, internet
- stores password, calendar
- transactions
- BYOD
- unpatched mobile devices at work
- Creating binary payloads using Kali linux to hack android
- comapny security might be strong
- attacker can hack employees mobile devices connected to company network
- android gets network IP
- kali --> metasploit
- create android payload
- set the options like target ip --> exploit
- install payload to android
- time for footprinting and enumeration
- collect information about the target machine
- traverse the directory structure
- create new folders
- upload files from kali to android
- access sdcard in android
- download files from android into kali
- harvesting users' credentials using social engineering toolkit
- social engineering applies to mobile devices just like any other devices
- better than any toolkits available
- attach malicious files in email or attached files
- malicious links
- Social Engineering Toolkit (SET) is standard for social engineering pen testing
- python tool
- designed specifically to perform advanced attacks against human element
- kali --> socialEngineeringToolkit
- list of social engineering attacks presented
- website attack vector --> credential harvesting attack
- clone site
- when android device logs into clone website --> creadential sent to attacker
- using mobile platform to enforce a DoS attack on victim machine
- LOIC performs Denial of service attack or DDoS by flodding TCP or UDP packets
- install LOIC in android
- set target machine --> fire
- DoS or DDoS attack using mobile device
- securing android device from malicious applications
-
scan mobile device for any unsecure settings
- advice accordingly
- privacy advisor --> 3 categories
- apps that may cost you
- harm privacy
- apps that access internet
- Spam protection
- call and SMS filter
- app protection
- lock apps
-
Sophos Mobile Security
- scans all apps during installation
- anti-virus
- protects device from attack via USSD
- remote lock
- wipe personal info
-
install Sophos app in android
- malware scanner --> remove threats found
- security advisor --> disable app install from unknown sources
foot
- TODO
- troubleshoot
- Tutorials
- Security Onion Overview
- Elastic Stack
- bro
- Snort
- sguil
- squert
- netsniff-ng
- ossec
- cif
- beat
- banyard
- pulled pork
- pf ring
- CapMe
- apache
- my-sql
- python basic
- Sequences - list, dict, string...
- Regular expression
- functions
- Data Abstraction
- Trees
- containers
- object
- Libraries
-
useful libs
- datetime, json, pyperclip, io
- numpy
- matplotlib
- wavelets
- pandas
- pickle
-
useful libs
- Tutorial
- foot printing and reconnaissance
- scanning networks
- enumeration
- System Hacking
- Malware Threats
- Sniffing
- Social Engineering
- Denial-of-Service
- Session Hijacking
- Hacking Webservers
- Hacking Web Application
- SQL Injection
- Hacking Wireless Networks
- Hacking Mobile Platforms
- Evading IDS, Firewalls, and Honeypots
- Cloud Computing
- Cryptography