J0hn_D0ugh$ – So there I was once again enjoying my victory. I wasn’t technically done yet, however all of the hard stuff had already been done. I’m not a hacker just for the money. I’ve made enough of that already. Such is the life for a modern day hacker. It’s really more about the challenge. Sadly however, many of these organizations aren’t that much of a challenge, but it’s still fun. I will say it’s getting a little bit tougher as organizations understand what they’re facing, but the fact remains it’s almost always easy to get to this point.
And thus begins our narrative of how a criminal uses multiple hacking techniques to get the gold. From motive and hubris to social engineering mixed with physical security breaches to hardware and network hacking… a successful attack smoothly blends all aspects into a seamless set of fluid decisions. This article will not only share with you the mindset of the hacker and modern tools and techniques, but also address how to address them in your organization. Now let’s humor J0hn_D0ugh$ and allow him to continue his story.
So, where was I? Well I was standing here in the server room of a reasonably sized not-for-profit organization. I didn’t work here; I didn’t belong here; I wasn’t even a contractor. I was here to steal some data and make some money. In my toolbox, I had my trusty Raspberry Pi running Raspbian with autossh already configured and tested, some network cables, power adapters, and everything I need to put this neat little device in their network. It was quite easy to do. They weren’t running any security controls that would prevent me from plugging devices directly into the network. All the ports on all the switches were enabled, and the (Read more...)
*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by MadSqu1rrel. Read the original post at: http://feedproxy.google.com/~r/eh-net/~3/WhA2ddiHaDk/