TY - GEN
T1 - White-hat hacking framework for promoting security awareness
AU - Al-Sharif, S.
AU - Iqbal, F.
AU - Baker, T.
AU - Khattack, A.
PY - 2016
Y1 - 2016
N2 - As the variety of new social media applications are developed at an ever-increasing rate, the number of related potential vulnerabilities and related attack vectors are also increasing. Traditionally, social engineering attacks have always been a major cause of concern for Information Security departments. However, the theft, abuse and manipulation of personal information for malicious purposes has become even prolific since the mass adoption of social media and gaming applications by the average person, largely fueled by the boom in social media and gaming applications. These newly introduced and ever-evolving apps continue to introduce new vulnerabilities due to poor system design and coding practices and have led to a multitude of sophisticated attacks and digital crimes. Attacks such as, Malware infections, ransomware, Session Hijacking, SQL Injection, and Man-in-the-Middle attacks have been facilitated in part by the race to developing social media platforms, and applications. Hence, more effective countermeasures and prevention techniques are introduced to detect and minimize the resulting damage and losses associated with this trend. This paper presents a novel 'credentials crawling' proof of concept exploit to illustrate the ease with which such attacks can be launched. The proof of concept is implemented via a stealthy application, which has been implemented (in part) using a commercial of-the-shelf application (Camera Mouse 2011). The newly developed stealth robot uses stealth techniques to conceal itself from the intended target/victim. The proposed approach enables the developed robot application to remain undetected by leading commercial anti-virus solutions. The developed robot has been tested in different environments, with various operating systems protected by various commercial antivirus solutions. The presented approach was tested on computers belonging to people from different walks of life including graduate and undergraduate students, faculty and staff (with their consent). The initial test result demonstrates that the proposed technique is effective as a tool to assist with promoting awareness against a variety of user-focused cyber-attacks especially phishing attacks.
AB - As the variety of new social media applications are developed at an ever-increasing rate, the number of related potential vulnerabilities and related attack vectors are also increasing. Traditionally, social engineering attacks have always been a major cause of concern for Information Security departments. However, the theft, abuse and manipulation of personal information for malicious purposes has become even prolific since the mass adoption of social media and gaming applications by the average person, largely fueled by the boom in social media and gaming applications. These newly introduced and ever-evolving apps continue to introduce new vulnerabilities due to poor system design and coding practices and have led to a multitude of sophisticated attacks and digital crimes. Attacks such as, Malware infections, ransomware, Session Hijacking, SQL Injection, and Man-in-the-Middle attacks have been facilitated in part by the race to developing social media platforms, and applications. Hence, more effective countermeasures and prevention techniques are introduced to detect and minimize the resulting damage and losses associated with this trend. This paper presents a novel 'credentials crawling' proof of concept exploit to illustrate the ease with which such attacks can be launched. The proof of concept is implemented via a stealthy application, which has been implemented (in part) using a commercial of-the-shelf application (Camera Mouse 2011). The newly developed stealth robot uses stealth techniques to conceal itself from the intended target/victim. The proposed approach enables the developed robot application to remain undetected by leading commercial anti-virus solutions. The developed robot has been tested in different environments, with various operating systems protected by various commercial antivirus solutions. The presented approach was tested on computers belonging to people from different walks of life including graduate and undergraduate students, faculty and staff (with their consent). The initial test result demonstrates that the proposed technique is effective as a tool to assist with promoting awareness against a variety of user-focused cyber-attacks especially phishing attacks.
UR - http://www.scopus.com/inward/record.url?eid=2-s2.0-85011308324&partnerID=MN8TOARS
U2 - 10.1109/NTMS.2016.7792489
DO - 10.1109/NTMS.2016.7792489
M3 - Conference contribution with ISSN or ISBN
BT - 2016 8th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2016
ER -