Ninja Hacking

Some notes about Ninja Hacking – Dirty and “no rules” Hacking

 

 

 

 

Attack powersupplies

Call Sys Admin at 2am, demoralise them

Confuse Admins

Play on Bad News and make them nervous

Spear Phishing attention grabbing via Insurance – Very american

More playing on fear to Spear Phish – loss of job

More playing on fear to Spear Phish – Mergers

 

Investigators

Soc Eng

Fake Facebook of sexy woman

Don’t take an Ninja hack untill you have done all the other basic hardening first

Unique access methods

Only find one way in, not all ways in

Get contact phone numbers

Vendors, contractors, suppliers – Physical attacks

Hijack VPN connection

Attack the users home system, not the corp network

Multifunction devices

Wheelchairs

Identify peak network access times, start of day etc

Fan/Hate sites

Physical attacks going after apps, not OS

Looking the part for physical access

TOR

Physical Access

Spear Phishing

Certs

Biometrics

Job Listing

CVs

EXIF Data

ClickJacking

TCP/IP

LogFiles

IDS

Blocking physical access

Wireshark

BlueTooth