TEAM Betatesters &

Editor-in-Chief
 Proofreaders
Joanna Kretowicz 

joanna.kretowicz@eforensicsmag.com
Lee McKenzie
Managing Editor
Avi Benchimol
Magdalena Jarzębska
Amit Chugh
magdalena.jarzebska@hakin9.org
Alexandre D’Hondt
Editors:
Olivier Caleff
Marta Sienicka

sienicka.marta@hakin9.com
Jordan Bonagura
Marta Strzelec

marta.strzelec@eforensicsmag.com Gabriel Carvalhaes

Bartek Adach Vinicius Mucuge

bartek.adach@pentestmag.com
Jason Ross
Michalina Szpyrka

michalina.szpyrka@eforensicsmag.com Jaimandeep Singh

Proofreader: Paul Mellen

Lee McKenzie
Bernhard Waldecker
Senior Consultant/Publisher: 

Paweł Marciniak  Da Co

CEO: 
 Sushant Kamble

Joanna Kretowicz 

joanna.kretowicz@eforensicsmag.com  Clancey

Marketing Director: 
 Sumit Kumar

Joanna Kretowicz 

joanna.kretowicz@eforensicsmag.com

DTP 

Magdalena Jarzębska

magdalena.jarzebska@hakin9.org

Cover Design
Hiep Nguyen Duc
Joanna Kretowicz

Publisher 

Hakin9 Media Sp. z o.o.

02-676 Warszawa

ul. Bielawska 6/19

Phone: 1 917 338 3631 

www.hakin9.org

All trademarks, trade names, or logos mentioned or used are the property
of their respective owners. The techniques described in our articles may
only be used in private, local networks. The editors hold no responsibility
for misuse of the presented techniques or consequent data loss.
Dear readers, 

In March we wanted to touch on the topic that is rapidly gaining popularity and made its way even

into the mainstream - Blockchain Hacking. Inside of this issue, you’ll learn both many offensive

techniques, as well as how to protect yourself. Without further ado, let’s dive into it!

We start off with Guidance for Improving your Security as a Crypto User, in which Dr. Dennis

Kengo Oka focuses on potential risks and vulnerabilities of crypto protocols, and how a crypto

user can defend themselves against security threats. Later on, coming with a more offensive topic,

we have An Introduction to Blockchain Dis-Assembly with Octopus by Atlas Stark. 

Next we have Exploring Common DeFi Attacks, in which Anthony Zamore will cover, among oth-

ers, reentrancy attacks, draining a smart contract, flash loan attacks, and how to prevent them. In

the Cloud Cryptojacking - Millionaire Loses, Felipe Hifram will explain what a cryptojacking attack

is and how to use it to hijack a cloud environment. 

In the next article, Takshil Patil will present some of the less common Smart Contract Vulnerabili-

ties. If you’re blockchain security savvy, this one's for you!

But that’s not all! This issue is enriched with amazing articles on such topics as converting a router

into Kali Linux desktop, hacking into Linux with various kinds of cyber attacks, SQL injections and

web application firewalls, user input sanitization, and more!

We hope this issue will keep you entertained while the spring is setting in, and that you’ll enjoy

those amazing tutorials as much as we did. 

Stay safe, 

Magdalena Jarzębska and Hakin9 Editorial Team

3
4
5
GUIDANCE FOR
IMPROVING
YOUR SECURITY
AS A CRYPTO
USER
 DR. DENNIS KENGO OKA
Principal Automotive Security Strategist, Synopsys

Dr. Dennis Kengo Oka is an automotive cybersecurity expert with more than 15 years

of global experience in the automotive industry. He received his Ph.D. in automotive

security focusing on solutions for the connected car. As a Principal Automotive Secu-

rity Strategist at Synopsys, he focuses on security solutions for the automotive soft-

ware development lifecycle and supply chain. Dennis has over 70 publications consist-

ing of conference papers, journal articles and books, and is a frequent public speaker

at international automotive and cybersecurity conferences and events. His latest pub-

lished book is "Building Secure Cars: Assuring the Automotive Software Development

Lifecycle" (Wiley, 2021).

www.denniskengooka.com

www.synopsys.com

dennis.kengo.oka@synopsys.com
7
 Guidance for Improving your Security as a Crypto User

Introduction

The introduction of blockchain technology in 2008 using a distributed public ledger of all transactions has jump started a
new era of innovation. Governments, businesses and different organizations are heavily investing in using blockchain for
various use cases. Blockchain offers several lucrative advantages including immutability, traceability, decentralization and
transparency across a distributed network. One of the most common use cases is cryptocurrency. The first cryptocurrency
was launched in 2009 when Bitcoin mined its first block, the so-called Genesis block [1]. With a global cryptocurrency mar-
ket cap of over $2 trillion [2], blockchain technology is changing the financial industry with the emergence of decentralized
finance (DeFi) solutions. These DeFi solutions offer more people access to various new services with options to trade, bor-
row, loan, or invest in cryptocurrencies, often with more lucrative earning potential than traditional financial solutions.
However, these new DeFi solutions also attract financially motivated cybercriminals. It is important to recognize that there
have been attacks in the past against centralized crypto exchanges [3] and vulnerabilities in protocols [4] and smart con-
tracts [5] that have resulted in the loss of millions of dollars. But protection against these risks is often out of the control of
the traditional crypto user. Instead, this article focuses on security risks that typical users are exposed to and provides prac-
tical guidance on how you can protect yourself against such risks.

Security risks for crypto users

There are several security risks related to cryptocurrencies that crypto users need to be aware of. A few examples are de-
scribed in the following, together with suggested guidance on how to protect against the risks.

Many crypto users engaged in DeFi are often using a non-custodial crypto wallet rather than a custodial wallet, where the
private keys are held by a third party such as a centralized crypto exchange. For a non-custodial wallet, you as the user have
full control of your own wallet and your private keys.

1) Compromised wallet

An attacker compromising your crypto wallet has the biggest consequence since the attacker can steal everything from your
wallet. A wallet is protected by its seed phrase, which consists of 12 or 24 human-readable words. These words are based on
a list of 2048 unique words as part of the Bitcoin Improvement Proposal 39 (BIP39) [6]. The private and public keys used
for transactions are generated based on the seed phrase [7]. This means that if an attacker can gain access to the seed
phrase, they can take over your wallet. There are several ways an attacker can try to get access to your seed phrase.

a) Scammers

One common example is scam websites and scam support groups. In Figure 1, scammers have used a paid Google ad to be
listed first in the list of search results above the real https://www.convexfinance.com. Notice the scam website is
https://www.convexfinanc.com, which is missing the ‘e’ at the end [8].

8
AN INTRODUCTION
TO BLOCKCHAIN
DIS-ASSEMBLY WITH
OCTOPUS
 ATLAS STARK
Atlas Stark is a security researcher at Stark Industries Inc.

with 16+ years in the technology industry. Currently provid-

ing cyber security solutions and OSINT services to anti-

human trafficking non-profits that aid in investigation and

victim recovery. He also consults with state level law en-

forcement agencies concerning hacking related incidents.

He splits his time between California and Tennessee.

Q/C: Please email stark@starkinternational.se with any

questions or concerns.

10
 An Introduction to Blockchain Dis-assembly with Octopus

Today, very few innovations, if any, have changed the actual course of technology or have become as popular and controver-
sial as Blockchain has become over the years. Although in recent history, there have been some amazing technologies cre-
ated, few can hold a candle to Blockchain.

Blockchain, like any other ground breaking technology, is shrouded by a certain amount of mystery and mythical origin sto-
ries which only adds to the technology’s legendary status and elusive lore, however, with this being said, let’s take a look at
how it all started.

Stuart Haber and W. Scott Stornetta introduced Blockchain in 1991 according to a variety of historical sources including ex-
cerpts from the Blockchain Council. At the time, Haber and Stornetta, with the help of cryptography, were trying to intro-
duce a new way of protecting data (blocks) within a tamper proof system (chain), hence the name “Blockchain”. Their im-
portant work would later lead to the formation of a corporation by the Merkle Trees. Their work also empowered cryptogra-
phy activist Hal Finney to implement a digital cash system known as “Reusable Proof of Work” in 2004, which, according to
sources, assisted with maintaining the ownership of tokens. Fast forward to 2008 and introducing a name I am sure you all
are familiar with, Satoshi Nakamoto who introduced the concept of “Distributed Blockchain” that was released within the
white paper titled “A Peer to Peer Electronic Cash System”. Doesn’t that sound familiar? Yeah, I thought so.

Aside from the super resilient nature of Blockchain within a monetized environment, it has also given birth to more mali-
cious implementations as well. Recently, you may have read about ransomware attacks that impacted healthcare, a pipe-
line, as well as other organizations, holding their data hostage and injuring countless lives, not to mention the bottom line
impact we all felt at the pump. Now, just imagine if that ransomware was based on Blockchain, just think of the impact that
would have, not to mention the ferocity of that particular implementation. In the links and resources section, you will find a
link to an article that was written about the implementation of the first blockchain-based, semi-autonomous ransomware,
and information about the researchers involved. I urge you to read the PoC (proof of concept), it is quite compelling, how-
ever, we will not be discussing it in depth in this particular article. Aside from ransomware and new ways to distribute data,
we will be taking another path altogether; we will be looking at hacking the Blockchain, which will be super cool, so let’s get
started.

Blockchain is most commonly known as the engine behind Bitcoin and has become increasingly more acceptable as cur-
rency, but there are more use cases for the technology. Blockchain is not Bitcoin or vice versa. Blockchain is a distributed
database and, as it is the tech behind the popular cryptocurrency, has a multitude of uses beyond monetization. At face
value, hacking Blockchain would appear to be unthinkable, however, like an onion, as we peel back the layers, we find that
it is indeed able to be compromised and executing a hack is a bit more approachable than you might think. Blockchain can
be hacked in a number of ways, you can utilize smart contracts, which are basically legitimate programs that are designed to
run on the Blockchain itself, or by exploiting weaknesses in the protocol itself, much like exploiting a weak implementation
of encryption in regards to reverse tunneling a VPN connection, more on that in another article.

Blockchain for data protection and authenticity purposes has become highly attractive to organizations trying to safeguard
critical assets and maintain complete accuracy of client data. It’s also extremely attractive to adversaries that want to ab-
scond the assets that are being protected. Instead of trying to launch a 51% attack, which takes a wealth of resources and

11
 EXPLORING
COMMON DEFI
ATTACKS
 ANTHONY ZAMORE
BA, FCCA, CISA, CISSP, GPEN, CBSP

Anthony is an Executive Director and leads the PwC Trini-

dad and Tobago Cybersecurity Practice. Anthony has

over 17 years professional services experience and is a

Chartered Accountant, a Certified GIAC Penetration

Tester, a Certified Information Systems Auditor, Certified

Information Systems Security Professional and Certified

Blockchain Security Professional.

13
 Exploring Common DeFi Attacks

Introduction

In 2008, Statoshi Nakamoto solved the long standing Byzantine generals’ problem (achieving consensus in decentralized
networks) through the use of blockchain technology and mining to create a verifiable, counterfeit-resistant and trustless cur-
rency, i.e. bitcoin. The underlying blockchain technology has since been at the heart of what is commonly known as Web
3.0 or the decentralized application revolution. Decentralized applications are based on smart contracts written in turing-
complete bytecode language. The power of a turing-complete language that is able to execute code in a decentralized man-
ner has enabled developers to build a variety of applications, ranging from simple wallet applications to complex financial
systems for the banking industry.

The ethereum blockchain has been leading the charge in terms of developer activity with a significant percentage of develop-
ers working on Decentralized Finance (‘DeFi’) applications. According to a recent Electric Capital report, over 2,500 devel-
opers are working on DeFi projects and less than 1,000 full-time developers are responsible for over $100 billion in total
value locked in smart contracts.1 As of the writing of this article, approximately $200 billion worth of crypto currencies is
locked in DeFi protocols (according to defillama).

The volume of developer activity in the space and the value of smart contracts has attracted many bad actors. According to
the Block’s Data Dashboard2, the amount of funds stolen in DeFi attacks reached $680 million in 2021. The Block Research
data showed that $1.4 billion was initially taken from DeFi protocols through exploits and bugs but $760 million has been
returned. A significant percentage of these attacks exploit reentrancy vulnerabilities and flash loans.

Reentrancy Attacks

Reentrancy attacks are one of the most common attacks against ethereum smart contracts. The most famous example of
this was the DAO Hack, where $70 million worth of Ether was siphoned off in 2016. Despite being one of the oldest smart
contract vulnerabilities, reentrancy attacks are still quite common; recent reentrancy attacks include:

• Uniswap/Lendf.Me hacks (April 2020) – $25 million stolen;

• The BurgerSwap hack (May 2021) – $7.2 million stolen;

• The SURGEBNB hack (August 2021) – $4 stolen;

• CREAM FINANCE hack (August 2021) – $18.8 stolen; and

• Siren protocol hack (September 2021) – $3.5 million stolen

14
 CLOUD
CRYPTOJACKING
- MILLIONAIRE
LOSES
 FELIPE HIFRAM
Social Engineering professional focused on behavioral analysis

and internet privacy. He has a history of international work in-

cluding countries such as Brazil, Germany, Ukraine, Oman and

Bahrain.

Today he is also a designer and fashion student.

16
 Cloud Cryptojacking - Millionaire Loses

Summary

I. Introduction

II. Cloud Mining

III. Cryptojacking Attack

III.I. How decentralized transactions work

III.II. The Attack

IV. Cloud Cryptojacking Attack

V. Cryptojacking Prevention

VI. About the Author

VII. Bibliography

I. Introduction

More than at any other time, malware and ransomware have targeted cloud services, due to the obvious fact that this type
of service has become widely used by virtually all large companies in all sectors.

According to an article published by Bitglass, it is possible that around 44% of all organizations have malware in at least one
of their cloud services. And taking into account the growth in cases of 358% for common malware and 435% for ransom-
ware, in the year 2020 alone, we come to the conclusion that most companies can actually be infected right now.

To illustrate the greatest source of concern at the moment, we need to look at the general state of the society in which we
live.

After we went through a pandemic, social restrictions led companies to adopt the remote work model, and this conse-
quently forced the adoption of BYOD, and here is the problem.

How do you protect an organization from its own employees?

At the moment, attention has turned to the use of secure tools, which are appropriate for companies working with BYOD,
but these tools are still not widely used, and what happens is that each personal endpoint, that is, each employee connected
to an Enterprise SaaS software from your own computer is a point of risk. Some malware can already easily scale corporate
SaaS applications, being able to access connected [cloud] services using personal endpoints as a gateway.

17
SMART CONTRACT
VULNERABILITIES
 TAKSHIL PATIL
Takshil Patil is a Security Analyst. He is a blogger and writes arti-

cles on Application Security and Bug Bounty. You can visit his

medium blog https://takshilp.medium.com/.

19
 Smart Contract Vulnerabilities

Introduction

This article discusses common Smart Contract Vulnerabilities. Smart Contracts are critical lines of code; developers need to
develop smart contracts in such a way that only necessary code and logic is present, which needs to be run on blockchain, as
rest of the functionalities can be handled by frameworks such web3.JS, which acts as an interface to smart contracts. This
developed Smart Contract code is then audited, generally by multiple 3rd party auditors to ensure the Smart Contract does
not have any vulnerabilities. The need for multiple audits is because once a Smart Contract is deployed in a live Blockchain,
one cannot change even a single word of the contract. Hence, in case a Smart Contract deployed in a live Ethereum chain
has vulnerabilities, the only solution left for the business is to bring down the complete application.

This article focuses on the area of finding vulnerabilities and bugs. The article only discusses one approach and gives just
enough practical details to realize why a particular bug is a security issue and how attackers can exploit the vulnerabilities.
This article does not focus on how to patch these security issues.

The details in this article are more relatable to Ethereum Smart Contracts and Solidity Programming as a working environ-
ment, but the approach is applicable for all smart contracts testing. The article uses crowdsource as an example to explain
the vulnerabilities. There is an entity called Owner of a Smart Contract who delivers the project to its Contributors. Con-
tributors are the entities that have paid money to Owner and who will get some deliverable from Owner in return. For ex-
ample, a person has skills to create tutorials on Solidity Development, this person decides to create a new crowdsource pro-
gram to have an alternative income source, so this person can be labelled as Owner. People who want to learn Solidity De-
velopment can send a minimum amount decided by the Owner, to access the contents. The Owner will only start creating
videos if a predefined amount of money is collected.

Requirements

• The reader should have some understanding of programming.

• They should know what “Blockchain” means.

• They should know what “Smart Contracts” are.

• This is an intermediate-level article that focuses on Smart Contract Auditing.

1. Re-entrancy Vulnerability

What is re-entrancy vulnerability?

Ethereum contracts can store money, for example, if an owner of a smart contract receives some contribution from a sup-
porter, rather than transferring this money directly to the owner’s personal address, the money is transferred to an
Ethereum Contract itself. In this way, Ethereum contracts will have some balance with them.

20
EVIL ROUTER -
KALI DROPBOX
 DANIEL W. DIETERLE
Daniel W. Dieterle, aka “CyberArms”, has been in the computer

industry for over 20 years, and currently is a security author, re-

searcher & consultant. He is an internationally published author

and just released his seventh book, “Advanced Security Testing

with Kali Linux”. Daniel runs two tech blogs -

cyberarms.wordpress.com & DanTheIOTMan.com. He is also

very active as a mentor, helping those new to the security field.

22
 Evil Router - Kali Dropbox

Introduction

In this article, we will take a look at using the SeeedStudio Dual Giga Port OpenWRT Router as a Kali Linux Pentest Drop-
box. This article is a continuation of my previous article from the December 2021 Hakin9 issue. In that issue we covered the
actual conversion of the router into a Kali Desktop. In this article we will look at running some enumeration and web app
testing tools on it. This article is an adaptation of two of my chapters from my latest book, “Advanced Security Testing with
Kali Linux”. The difference being this article is focused solely on using them on the SeeedStudio Router instead of a regular
Kali Desktop system. Spoiler alert, there really is no actual difference. The Raspberry Pi version of Kali is almost exactly
identical to the normal Desktop version - only a handful of tools won’t work on the Pi.

Previous Article Overview

If you didn’t catch the first part of this article, we introduced the new Dual Gigabit OpenWRT Mini Router from SeeedStu-
dio. We also revealed that it is actually a specially modified Raspberry Pi CM 4 under the hood. It contains extra interfaces,
like Dual Ethernet ports.

23
HACKING INTO
LINUX
 FALL ABDOU AZIZ
First year student in master of cybersecurity at Paris Cite Univer-

sity, CTF player, passionate about the intrusion test.

25
 AMEURLAIN ABDELAZIZ
First year student in master of cybersecurity at Paris Cite Univer-

sity.

26
 Hacking into Linux

Introduction

To conduct this hacking experiment, we can download the machine in this link. The machine covers a weak configuration of
a samba server, brute force attack to identify user’s credentials and privilege escalation by wildcard.

Table of Contents

1. Network Scanning

1.1. Nmap

2. Enumeration

2.1. Directory enumeration to find admin page

2.2. Samba enumeration to find hidden admin directory

3. Exploitation

3.1. Generate a dictionary with cewl

3.2. Dictionary attack with hydra

3.3. Generate a reverse shell with msfvenom

3.4. Upload a reverse shell and gain initial access

3.5. Recover SSH private key for remote shell and login as the user with bash

3.6. Use script Linux-Smart-Enumeration (LSE)

4. Privilege Escalation

4.1. Recover the SSH private key

4.2. Enumerate the machine using LSE

4.3. Privilege Escalation using Tar

1. Network Scanning

We want to target a network, so we want to find an effective tool to help us manage repetitive tasks and answer the follow-
ing questions:

27
SQL INJECTION AND
WEB APPLICATION
FIREWALLS:
A NEVER-ENDING
LOVE STORY
 EGIDIO ROMANO
Egidio has been doing web security research since 2007, and

starting from 2016 he is also a freelance IT security consultant,

specialized in code review and penetration testing of web appli-

cations. But he is open to any kind of “hacking project” and al-

ways willing to tackle new challenges.

mail: n0b0d13s@gmail.com

website: http://karmainsecurity.com

linkedin: https://www.linkedin.com/in/romanoegidio

29
 SQL Injection and Web Application Firewalls

Introduction

In this article, we will see how to bypass a security mechanism designed to mitigate some web attacks, such as SQL Injec-
tion. This allows us to exploit an SQL Injection vulnerability I discovered about a year ago in ImpressCMS, an open source
Content Management System (CMS). Successful exploitation of this vulnerability might eventually allow unauthenticated
attackers to execute arbitrary PHP code on the web server (Remote Code Execution). Furthermore, we will see how the very
same SQL Injection technique could be abused to bypass certain Web Application Firewalls, such as OWASP ModSecurity
CRS, Cloudflare, and probably others, too…

SQL Injection and Web Application Firewalls:

Let’s start to try to understand the main players of this story: SQL Injection attacks and Web Application Firewalls (WAF).
In a nutshell, a WAF is an application-level firewall that filters, monitors, and blocks HTTP traffic to and from a web serv-
ice. This is accomplished by applying a set of rules to an HTTP conversation. Generally, these rules cover common web at-
tacks such as Cross-Site Scripting (XSS), SQL Injection, Remote Command Execution, etc. Typically, a WAF is logically de-
ployed in front of web applications and APIs, and analyzes bi-directional web-based HTTP traffic - detecting and blocking
anything malicious:

SQL Injection attacks have been around since 1998 [1]. Nevertheless, they are still a very common and popular kind of web
attack nowadays! An SQL Injection vulnerability may occur when you ask a user for some input, like their username, and
then you use this input to dynamically craft an SQL query in your application. Example:

UserId = getRequestString("UserId");

SQL = "SELECT * FROM Users WHERE UserId = " + UserId;

Result = ExecuteQuery(SQL);

The original purpose of the above code was to create an SQL query to select a user with a given user ID. However, if proper

30
 USER INPUT
SANITIZATION
 TAQIE TAQIAZADEH
Holds MSc. On Electrical Engineering (Electronic, Microelectron-

ics), Urmia University, Iran www.urmia.ac.ir 

BSc. On Electrical Engineering (Electronics), Guilan University,

Iran www.guilan.ac.ir

A ten-year work experience in the field of computer networking

as network security staff with tendency on web security devices.

32
 User Input Sanitization

Introduction

In this paper, we’re going to investigate a few methods and their implementation in PHP code to perform sanitization on
web server and database data entry places. Sanitizing data is one of the key phases coming after designing and configuring
web sites. That is a method to alleviate vulnerabilities stemming from data construction techniques exploited by attackers.
Maybe it blows your mind, how about Data Validation? But as a matter of fact, Data Validation is a way to assure data ap-
pearance sounds healthy but that data can still be risky because many parts of our application respond to special strings in
several ways, from the database to HTML. Instead of detecting threats embedded in a string (which in turn could be tough
enough and untouchable), to be practical, one should first do some sort of data analysis in order to reduce the risk of render-
ing unprocessed input data. This process is called sanitizing or filtering. Depending on where the data is going to be used,
different sanitization approaches would be taken. If you plan to deliver the data to some database, browser page or even use
it in JavaScript, you have to use compatible sanitization procedures for each one.

Sanitization Functions in PHP:

Sanitization can be implemented in two main approaches: either encoding characters or escaping them. Encoding is con-
verting special harmful characters to their corresponding identical harmless characters. However, escaping is neutralizing
these special characters using escaping characters. Since PHP has its built-in sanitization functions ready to use, no need to
write your own functions. Let’s go through and have an introduction to some famous PHP sanitization functions. First off,
htmlspecialchars(), which is one character, is going to look for those characters that have special meaning to HTML
and we’re making them harmless by encoding them into HTML entities. The HTML entities function htmlentities() is
going to do a similar thing but it goes a little further. It does not only look for potentially dangerous characters. It is going to
look for any character for which there is an equivalent HTML entity. Instead of encoding those characters, Strip_tags()
removes anything that has an HTML or PHP tag. Next we have urlencode(), which will allow you to encode strings that
can be used in a link, which will then eventually become a URL once the link is clicked. If you’re using a database, you need
to escape strings before you use them with the database; both for inserting data into the database as well as for querying the
database. Most databases offer some kind of function with them that will escape things specifically for that database. If
you’re using MySQL, then mysqli_real_escape_string() is the way to do this. We don’t have a database specific func-
tion available. PHP also offers addslashes(), which is the more generic function that looks for those key meta charac-
ters that are typically going to be associated with databases and escapes them (primarily quotation marks) but any database
specific function always is going to be preferable. Now, we bring up some example pieces of code for each sanitization func-
tion already declared.

33
 CREATING
PHISHING
CAMPAIGNS
WITH GOPHISH
 JOAS ANTONIO DOS SANTOS
Red Team Expert | CEO Cyber Security UP | InfoSec Leader |

OWASP Member | Speaker and Teaching | Cyber Security Men-

tor | Article Writer | Miter Att&ck Contributor | Hacking is NOT a

Crime Advocate | Cyber Security Analyst in Mobile

35
 Creating Phishing Campaigns with Gophish

Introduction

Cyber attacks are increasingly recurrent and APT groups are using end-user-focused strategies, as exploiting systems ends
up generating logs and becoming a great risk. However, affecting an ill-prepared and untrained user is the best way of hack-
ing; we can even see this in Mr. Robot. Because of this, many groups are using phishing techniques to compromise their tar-
gets and execute malicious files. And here I come to share my case study of a phishing totally directed to the legal depart-
ment of the company I work for. First I will explain the types of social engineering techniques, then I’ll show you how to con-
duct a phishing campaign using GoPhish.

Adversaries can send spear phishing emails with a malicious link in an attempt to gain access to victims' systems, but spear
phishing with a link is a specific variant. It differs from other forms of spear phishing in that it employs the use of links to
download malware contained in the email, rather than attaching malicious files to the email itself, to avoid defenses that
could inspect email attachments. Spear phishing can also involve social engineering techniques, such as impersonating a
trusted source, and that’s what I’ll briefly explain to you first.

Types of Social Engineering techniques

Baiting

Through this technique, hackers make a device infected with malware, such as a flash drive or CD, available to the user. The
intention is to arouse the individual's curiosity to insert the device into a machine in order to check its contents.

The success of baiting attacks depends on three actions made by the individual:

finding the device,

opening its contents,

installing the malware without realizing it.

Once installed, the malware allows the hacker to gain access to the victim's systems.

Phishing

Phishing emails, despite having been around for years, are still one of the most common social engineering techniques due
to its high level of efficiency. Phishing occurs when a hacker produces fraudulent communications that can be interpreted
as legitimate by the victim.

In a phishing attack, users can be coerced into installing malware on their devices or sharing personal, financial or business
information.

36