White-hat hacking framework for promoting security awareness

S. Al-Sharif, F. Iqbal, T. Baker, A. Khattack

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review

Abstract

As the variety of new social media applications are developed at an ever-increasing rate, the number of related potential vulnerabilities and related attack vectors are also increasing. Traditionally, social engineering attacks have always been a major cause of concern for Information Security departments. However, the theft, abuse and manipulation of personal information for malicious purposes has become even prolific since the mass adoption of social media and gaming applications by the average person, largely fueled by the boom in social media and gaming applications. These newly introduced and ever-evolving apps continue to introduce new vulnerabilities due to poor system design and coding practices and have led to a multitude of sophisticated attacks and digital crimes. Attacks such as, Malware infections, ransomware, Session Hijacking, SQL Injection, and Man-in-the-Middle attacks have been facilitated in part by the race to developing social media platforms, and applications. Hence, more effective countermeasures and prevention techniques are introduced to detect and minimize the resulting damage and losses associated with this trend. This paper presents a novel 'credentials crawling' proof of concept exploit to illustrate the ease with which such attacks can be launched. The proof of concept is implemented via a stealthy application, which has been implemented (in part) using a commercial of-the-shelf application (Camera Mouse 2011). The newly developed stealth robot uses stealth techniques to conceal itself from the intended target/victim. The proposed approach enables the developed robot application to remain undetected by leading commercial anti-virus solutions. The developed robot has been tested in different environments, with various operating systems protected by various commercial antivirus solutions. The presented approach was tested on computers belonging to people from different walks of life including graduate and undergraduate students, faculty and staff (with their consent). The initial test result demonstrates that the proposed technique is effective as a tool to assist with promoting awareness against a variety of user-focused cyber-attacks especially phishing attacks.
Original languageEnglish
Title of host publication2016 8th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2016
DOIs
Publication statusPublished - 2016

Cite this