In this video, explore how the OilRig attack exfiltrated the information it collected.
- [Narrator] One of the most sophisticated attacks of…recent times is the refreshed OilRig Campaign,…that came out of Iran.…This was first detected in 2015.…And has been used against critical infrastructure;…banks, airlines, and government agencies.…It resurfaced in November 2017 with a number of…enhancements to its TTP's. Its tools,…techniques, and procedures.…In particular, its introduced new exfiltration methods.…
The OilRig Campaign used a number…of common tools in its attack.…Many of which were taken from public source…get up sites and customized for the Campaign.…These include the SmartFile client software,…which it uses to upload and download…files, and execute commands.…It uses a freeware scripting tool called…AutoIT and a remote desktop access tool called Myrtille.…An interpeter payload called RPCEXE is used…indicating the attack also leverages…the Metasploit platform.…
It also uses an innovative Google drive…based remote access tool,…which is named services.exe.…And which is installed into the…systems 32 folder of infected hosts.…
Author
Malcolm Shore
Released
12/11/2018- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS
Skill Level Advanced
Duration
Views
-
Introduction
-
Disclaimer1m 16s
-
1. Preparing the Lab
-
2. Tunneling
-
Introduction to tunneling6m 21s
-
Secure Shell (SSH) tunneling1m 30s
-
Running a local SSH tunnel2m 27s
-
Dynamic SSH tunneling2m 26s
-
-
3. Pivoting
-
What is a pivot?1m 48s
-
Pivoting with Armitage4m 7s
-
Pivoting with Metasploit1m 45s
-
-
4. Exfiltration
-
Introduction to exfiltration3m 44s
-
Beaconing3m 46s
-
Installing PyExfil2m 34s
-
Exfiltrating using DET2m 19s
-
Enhancing the Cachetalk tool3m 26s
-
Exfiltrating using DNS3m 7s
-
Installing OpenPuff1m 50s
-
-
Conclusion
-
Next steps1m 38s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Understanding the OilRig attack's exfiltration