Following our 2010 Shmoocon special we're joined in studio by security expert and programmer extraordinaire Robin Wood to talk about his proof of concept botnet command and control tool KreiosC2. We also discuss tools for detecting traditional Man-in-the-Middle attacks. And stay tuned for a special season seven announcement.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!
Using social networks as its communications channel, Robin Wood's Kreios C2 is far more sophisticated than the traditional IRC based approach for controlling hordes of zombie computers. Version 3 was recently released and demoed at the Shmoocon 2010 Social Zombies talk (32MB AVI).
With Robin Wood, master of hardware based Man-in-the-Middle tools, in studio Darren decides to give the traditional ARP poisoning method some love. White-hat love that is. Your typical ARP Poisoning Man-in-the-Middle attack which can be easily performed using tools such as ettercap, arpspoof, or even Cain & Abel on Windows. Generally speaking the goal is to convince the victim, using spoofed ARP packets, that your MAC address is associated with the IP address of another machine on the network -- typically the router or gateway.
Of course in the real world the MAC address of your router doesn't happen to change very often, so if it does it's a tell-tale sign that something weird is happening. In this segment we demo Irongeek's ARPWatch-like tool for Windows, DecaffeinatID. On the Linux side check out arpwatch.