Dragnet: Your Social Engineering Sidekick

Video thumbnail (Frame 0) Video thumbnail (Frame 4089) Video thumbnail (Frame 5570) Video thumbnail (Frame 6564) Video thumbnail (Frame 8238) Video thumbnail (Frame 10747) Video thumbnail (Frame 12297) Video thumbnail (Frame 12751) Video thumbnail (Frame 13530) Video thumbnail (Frame 15705) Video thumbnail (Frame 16385) Video thumbnail (Frame 16882) Video thumbnail (Frame 20927) Video thumbnail (Frame 22332) Video thumbnail (Frame 23235) Video thumbnail (Frame 23621) Video thumbnail (Frame 24397) Video thumbnail (Frame 25297)
Video in TIB AV-Portal: Dragnet: Your Social Engineering Sidekick

Formal Metadata

Dragnet: Your Social Engineering Sidekick
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet one hell of a catch.
Ocean current Email Information State of matter Multiplication sign State of matter Analytic set Physicalism System call Social engineering (security) Social engineering (security) Template (C++) Type theory Process (computing) Phase transition Website Right angle Software testing Software framework Bounded variation Information security Associative property
Ocean current Slide rule Statistics Observational study State of matter Decision theory Multiplication sign Analytic set Revision control Heegaard splitting Facebook Type theory Different (Kate Ryan album) Website Software testing Right angle Game theory Window
Ocean current Context awareness Focus (optics) State of matter 1 (number) Bit Mass Client (computing) Mereology Social engineering (security) Hand fan Wave packet Spherical cap Network topology Pauli exclusion principle Software testing Information security
Point (geometry) Open source Wage labour Sequel INTEGRAL View (database) Multiplication sign Virtual machine Stack (abstract data type) Template (C++) Front and back ends Number Mathematics Cross-correlation Different (Kate Ryan album) Software testing Software framework Endliche Modelltheorie Website Game theory Physical system Machine learning Email Dataflow Demo (music) Debugger Projective plane Open source Bit Database Stack (abstract data type) Port scanner Social engineering (security)
Demon Electronic data processing Cross-correlation
Point (geometry) Email Gender Login Template (C++) Template (C++) Facebook Type theory Bit rate Prediction Estimator Videoconferencing Endliche Modelltheorie Form (programming) Computer worm
Execution unit Sheaf (mathematics) Client (computing) Arithmetic progression
Type theory Software testing Client (computing)
Slide rule Group action Sine Computer file INTEGRAL Multiplication sign MIDI Client (computing) Disk read-and-write head Template (C++) Number Goodness of fit Bit rate Software testing Endliche Modelltheorie Nichtlineares Gleichungssystem Fingerprint Predictability Area Scripting language Addition Email Information Electronic mailing list Sampling (statistics) Bit System call Type theory Auditory masking Hill differential equation Right angle
Goodness of fit Server (computing) Right angle Client (computing) Login System call
Area Email Phishing Hill differential equation Line (geometry) System call Landing page Template (C++)
Avatar (2009 film) Sheaf (mathematics) Information Landing page Emulation Template (C++)
Type theory Mobile app Multiplication Link (knot theory) Software repository Demo (music) Pauli exclusion principle Mobile Web Drop (liquid) Software framework System call Social engineering (security)
all right truant king social engineering yeah another claps face it had too much to say about me so he figured there wasn't enough time okay so who here is from the abstract to who here read the abstract and that's why they wanted to come raise a hint yeah dragging that one hell of a catch one hell of a catch okay so I'm Truman cane I'm a security associate fruit Evora we do our security and testing out that type of thing and I decided to make a social engineering framework called dragnet and that's what we're going to talk about today so if you didn't read the abstract basically you're conversions on phishing emails phishing calls physical engagements those conversions are all going to increase when you use this framework what do I mean by conversions basically things like credentials being entered people giving you information they're not supposed to be giving you that type of thing so that's why I'm considering a conversion for these purposes first I'm gonna I'm gonna get into the current states VOSA analytics social engineering engagements and then we'll and then we'll we'll talk about the tool but I also wanna let you guys know that these are my insights you guys might not feel the same way about everything that I say hey I recognize you and so this is just what I've observed okay so when I think about Osen I think that I want high quality reliable data that I'm collecting on my target and the collection process usually ends up being manual because when you when you see a successful spear phishing attack there's almost always manual Osen going on it can be for a few reasons a couple it might be that you want to verify the information that you're getting is accurate also so that you can tailor your attack to your target as you learn more about them but all of it is so that you have a higher chance of conversion when you when you execute the attack so aside from some minor variations this process is extremely repetitive at once you've gone through the ocean phase on a couple of targets you kind of have down your process maybe you have a couple targets from each industry you kind of you know you get down what you're gonna be doing so you think of hey why can't why can't this be automated and sometimes you can automate things but once the the automation starts turning into the heavy lifting a lot of the times you'll see big sites start to change their templating and they just coincidentally roll out an update that just destroys the most popular you know scraping tool so so that would be why when we see automation work it's fleeting it doesn't last very long so
here's the current state of analytics sorry I had something else I want to say about the last slide so why do these sites care so much about protecting their publicly available data it's because analytics as a side note I'm going to use big data and analytics interchangeably for the purposes of this talk so regardless of what the company does or what they say they do if you look at the companies with the biggest online presence Amazon Google Facebook that type of thing if you were to take away their analytics in my opinion they would not last great long you might not all agree but I believe that when you're a company that big you can't act on intuition alone so not only is every major decision driven by analytics even the smallest decisions are driven by data as well an example would be the way that Facebook has its split testing thousands of different versions of their website at any one time and pushing only the highest performing features add to the public version of the site but not only do these big companies live off analytics sometimes it's the way the
companies are born this is a quote by Jeff Bezos in 1997 I'm not gonna read it in the Jeff Bezos voice from the video if you've seen it he says three years ago I was working in a quantitative hedge fund when I came across a startling statistic so that statistic stated just how rapidly consumers were moving online it's also what caused Jeff to leave the company use that to start Amazon and it's now why we're impatient when we can't get things delivered the same day so you're sold right you're gonna go out you're going to study the blade and we study the data and and start the next Amazon right as I look around the room I'm not so convinced because fortunately for those
of you who take Jeff's quote to heart the data is already out there and it can be used for things other than starting your growing businesses like destroying it no like social engineer so I'm a fan
of Amazon by the way I don't need my account shut down this is all educational purposes at this tool so for those of you who conduct social engineering engagements legally you may resonate with this chart the client doesn't even get to choose to they get to choose one effective quick or inexpensive in this current state I'm generalizing a little bit but the companies with big budgets are the only ones getting social engineering pen testing and I believe that needs to change the caps mark so fortune 5,000 companies are already being targeted in mass I believe that smaller businesses in certain industries are gonna quickly become the next big focus for social engineering attacks based on the data that they hold and the lack of security awareness training i needed to include duck somewhere in here so i think i'm depressed everyone enough with that last part so what can we do about this so
dragnet is this social engineering framework that i'm gonna get into now we'll watch them in a little bit but i believe that dragnet is going to be a popular solution for pen testers I'm committed to continually improving on it as long as the demand is there when I said about hosting automate automation being fleeting for every star on the github that's gonna be an hour of me and you know going back and re improving so free labor basically I mean it's a cheap it's cheap labor for you guys so I would recommend starring this project if you like it maybe you know the host it stops working start the project and that's an hour I'm just gonna be sitting them in mom's basement so where was I here so I'm gonna quickly cover the frameworks ocean automation of machine learning capabilities and then we're going to check out a quick demo I'm also happy to see say that dragnet is and will continue to be open source so I believe that this target template correlation machine learning thing so the whole correlation thank you or star that very nice they're a whole recommendation system thing you know AI is being implemented into everything the data is already out there I think pretty much every fishing tool is going to start implementing this that's why I'm really excited to to try to be on the cutting edge I think this is a cool thing and becoming a lot easier to for guys like me to implement this into projects so this is essentially the stack tensorflow for machine learning firebase for the is a no sequel database back-end and view jeaious for the front end things like asterisk in flask are also used and there's a bunch of different integrations as well so here's
how dragnet hosting works you're gonna start a new engagement you're going to drag and drop in a CSV with your with your targets names and emails or phone numbers and then Osten begins now if a particular target already exists within the company that the engagement is for then the ocean is going to restart changes are going to be tracked and a new recommendation is soon be made this is almost entirely automated hence keep your hands near the wheel this is using lead enrichment integrations and also manual scraping at times so the reason for the hands near the wheel is because sometimes you're gonna get people with the same name from the same company and so you need to decide who is your actual target because if you choose wrong you could skew the model or you could skew the entire model so that the recommendations for someone completely different that you think there's no correlation between it gets a different suggestion one that's not accurate because you chose the wrong person and because the data points about them weren't correct so this is the
sorry guys that didn't work this where I'm supposed to still start like dancing like Ashley Simpson okay so
okay so this is the model essentially I really don't know how any of this works I kind of just like watched a bunch of videos and was just like trying to get it to work it barely makes sense to me but essentially how it works is essentially how it works is you're going to tag the templates that you're using so you're gonna say say for example unusual login detected so you're gonna say urgency might get attacked and it's from LinkedIn so you're gonna give it a linked intact maybe you're doing an Amazon wish Amazon wishlist phishing template and you're gonna use tags like Amazon shopping maybe it's a Facebook poke email and you use things like lust you know for example things like that then the ocean automation is going to create data points which essentially we're calling Target features things like someone's age their name maybe maybe their gender maybe previous work experience that's happening labels are going to be but are taken from your previous engagements the data on whether a target you know clicked filled out a form they weren't supposed to execute a payload that type of thing it's gonna give them a rating all to end up with a probability of pound so that's what we're we're left with so put simply you're going to tack your templates you're going to import the prior conversion data and then you're gonna say your prayers alright so we're going to do
all right so here we are in the dashboard engagement section you can see that we have an upcoming in progress and completed filter we have some clients that we worked with recently but we're
gonna we're gonna start a new pen test for Pied Piper they're a client we decided to take on so we're gonna choose from the existing companies we're gonna choose the type of test that we're running this one's fishing and fishing and we're gonna choose a start and end date okay so these three contacts are
essentially targets that we've already uploaded for Pied Piper they've already already run an engagement against them but I'm gonna drag in a new file with some new targets the target list is populated and now I can choose who I want to include you know and also choose which type of test they're gonna be involved in so guilfoyle is only going to be doing fishing we're gonna get rid of Jerrod so we're gonna get rid of him completely he's just too easy big head so we're gonna hear him and then we're gonna run just the fishing on a couple of other of the targets here and I think yeah okay so now we're gonna say no soon begins so as you can see on the right this says attack ready that's how fast I don't think I can go back that's how fast essentially that the ocean is being done and now because the model is already trained and will be retrained each time someone converts or or we get one of those labels that you saw from the from the equation slide the models will be retrained once that happens to create the prediction is going to be extremely quick so we can see we have things like starting ml prediction this last update column on the right is going to show what the last thing to happen was but we we also see that we have an action required in addition to the attack rate the action required is on jinyang interesting ok click the button this is prerecorded they started didn't want us to pre-record these so which is probably a good thing ok so which of these is jinyang this is what I was talking about where hands near the wheel I have to pick which one is my target I just happen to know that this is a male maybe maybe I've seen the target maybe I know roughly what age he is I can call the client maybe and try to get that data so she was a he's the target it started us into completed O sin because I'm I have an integration like clear bit or full contact and that's why the oceans can be faster ok so now I just launched you can see some people say email scheduled some people say sending email this is based on the ego what's this so I won't explain a little bit more but it looks like we have a notification that jinyang already opened our email what we like to vish him now so this is because it's a linked template that wants you to call and
follow-up as soon as the target opens an email not all of these templates need to be linked on the right you can see a mini dossier area this is gonna be that check mark indicates that it's confirmed the data is confirmed the fingerprint indicates that this was using Osen that we found this things like education history background info work history and so we see an attack log that shows the email was sent and opened and at what time we have our script right here that we're gonna be using with his name included and we can place the call whenever we're ready there should be hopefully samples so this is following my attack phone and calling jinyang from the mask number Richard you are ugly okay so he
apparently knew knew that this was not a legit call so did we get the goods no he's not home and the the recording if
the client allows is going to be uploaded to our servers and we would be able to play that here okay okay so we see the attack log on the bottom right has updated and we can go back and we
see now there are some other updates on last updated we see call unsuccessful from jinyang and call scheduled and we see creds captured for Monica okay so we're gonna click on the phishing
template and we see the email of a center Gavin Belson wants to connect we see the credentials captured there right on the top right or in the middle we have her mini dossier area and we can see the credentials entered on the attack log as well so if we click you can see that this and click on this email here basically we're gonna we're gonna be able to see the landing page that she was sent to he is not linked in it is line could did so so this is the
landing page and where she fell for the credentials captured attack so we can
click on her little avatar there and see the full dossier it's essentially just a I'm more spread out personally mini dossier that you saw and also one cool thing is that this in the target history section is not just about the attack it's it's all attacks and it's also things like when she was added to a certain company when Austin started was completed when templates were suggested that type okay so I believe that is it yep cool okay so that's the demo and
what's next things like bring this voicemail drops you know want to be inbound calling set up you'll be able to do things like this earlier in the morning even someone is not gonna be around their phone and I try to get them to call you back things like really focusing on individual targeting so that you don't have to do things through a company again for educational purposes distributed fishing so you might be able to have a team set up and be able to get them set up with multiple attack phones that type of thing native mobile I think would be really cool to be able to have an app to manage this and to be able to do all the calls through an app I think I'll be really cool and your request here is the bottom one so I really am committed to working on this I'm not gonna be the guy that's like this has been a pull request like I'll do the work you guys see if there are enough people that want something they can +1 it if someone else suggested suggest it on on get up side we really appreciate if you guys give your ideas there thank you so Jack Nets gonna be released on github in the next few days the repo is live you can get it through the door threat link but I'd like you to watch the repo so that you're notified as soon as the framework is released which will be in a few days also thank you to Kevin Stephen Clayton and Ray from Tabora this framework wouldn't exist without them thanks again guys