Professional Documents
Culture Documents
Sniffing on Wi Fi Networks
Open Wi-Fi sniffable by everyone
Easy-use GUI tools make it easy
to try different attacks on WEP /
WPA / WPA2
Social Engineering
Toolkit used to
generate copy of
legitimate site with an
exploit embedded
4
3
Attacker modifies
the hotspot and
sets up DNS
spoofing
Victim is
redirected to the
modified web
page
SSID:
JoesHome
Modified Access
Point
Generates a deauth
Pretends to be whatever access point the
beacon wants
Attacker controls ALL of the content the
victim sees
This is a
FavIcon
No HTTPS
This is in the
clear!
Web
Server
Victim
Request
SSL
Connectio
n
Modified
Access
Point
SSL Handshake
Server
sends its
Certificate
Session Key
Server sends
encrypted
content
Content
received
iOS7
Traffic
intercepted by
the Pineapple
Downloaded code (plug ins, ad networks) run with the apps permissions
File Binders
Legitimate App
Malware Payload
Binders hide
the malware
to bypass app
verification
Source: Symantec
What it is
What it does
Exploit
Bad application
input usually in
the form of
network traffic.
Targets a
vulnerability to
hijack control of
the target
application or
machine.
Malware
Malicious
application or
code.
Anything
Downloads,
hacks, explores,
steals
Command
and Control
(C2)
Network traffic
generated by
malware.
Keeps the
remote attacker
in control ands
coordinates the
1
Bait the
end-user
End-user lured
to a dangerous
application or
website
containing
malicious
content
2
Exploit
Infected
content
exploits the
end-user, often
without their
knowledge
3
Download
Backdoor
Secondary
payload is
downloaded in
the
background.
Malware
installed
4
Establish
Back-Channel
Malware
establishes an
outbound
connection to
the attacker for
ongoing control
5
Explore
& Steal
Remote attacker
has control inside
the network and
escalates the
attack
Malware by Platform
Victim
In App Purchase
Mobile Ad Network Code
DPlug
Confirm?
Accept
Premium SMS
Attacker
Benefits to Business
Running Your
Business on
Mobile Devices
Accessing
Business Apps
Intranet
Email
Mobile Maturity
29 | 2014, Palo Alto Networks. Confidential and Proprietary.
Exposure to Risk
Block mobile
devices
Hope existing
security
protects mobile
devices
Use basic
mobile security
like ActiveSync
GlobalProtect Gateway
Delivers mobile threat
prevention and policy
enforcement based on apps,
users, content and device
state
Provides device
management, malware
detection, and device state
GlobalProtect App
Enables device management,
provides device state information,
and establishes secure
connectivity
Rooted / jailbroken
GlobalProtect App
GlobalProtect Gateway
GlobalProtect App
GlobalProtect Gateway
GlobalProtect App
35 | 2014, Palo Alto Networks. Confidential and Proprietary.