it intrusion – finfisher product suite
TRANSCRIPT
![Page 1: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/1.jpg)
IT INTRUSION IT INTRUSION FinFisher Product SuiteFinFisher Product SuiteIT INTRUSION IT INTRUSION –– FinFisher Product SuiteFinFisher Product Suite
![Page 2: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/2.jpg)
UsageUsage
• Information GatheringInformation Gathering
• PC Surveillance
• Hacking
• Information Exploitation
• Information Interception
2
![Page 3: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/3.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
3
![Page 4: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/4.jpg)
FinFisher USB SuiteFinFisher USB Suite
• Suite to locally extract information from target systems with little or no user target systems with little or no user interaction
• Data analysis/Report generation at Head• Data analysis/Report generation at Head-quarters
4
![Page 5: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/5.jpg)
ComponentsComponents
• FinFisher USB Suite
– FinFisher HQ
– FinFisher 1
– FinFisher 2
– FinFisher 3
• FinFisher Remote Hacking Kit• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining• FinTraining
• FinAudit
• New Products - 20085
![Page 6: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/6.jpg)
FinFisher HQFinFisher HQ
• Graphical User Interface for FinFisher 1 and 2
U d t fig ti l ti• Used to configure operational options
• Generates certificates for encryption
• Deciphers and imports data from dongles
• Generates reports from gathered datap g
• Updates FinFisher 1 and 2 systems
6
![Page 7: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/7.jpg)
FinFisher HQFinFisher HQ
7
![Page 8: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/8.jpg)
ComponentsComponents
• FinFisher USB Suite
FinFisher HQ– FinFisher HQ
– FinFisher 1
Fi Fi h 2– FinFisher 2
– FinFisher 3
• FinFisher Remote Hacking Kit
• FinSpypy
• FinFly
Fi T i i• FinTraining
• FinAudit
• New Products - 20088
![Page 9: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/9.jpg)
FinFisher FinFisher 11
• U3 USB Dongle
• Executes on insertion with little or no user intervention
• Obtains system and account information for:Obtains system and account information for:• Windows Accounts
• E-Mail Accounts (Microsoft Outlook / Express )E Mail Accounts (Microsoft Outlook / Express, …)
• Instant Messenger Accounts (MSN, Yahoo, ICQ, …)
• System Details (Product Keys Hotfixes )System Details (Product Keys, Hotfixes, …)
• Network Information (Open Ports, Cookies, History, …))
• All gathered data is asymmetrically enciphered
• Bypasses installed Anti Virus/Anti Spyware • Bypasses installed Anti-Virus/Anti-Spyware software 9
![Page 10: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/10.jpg)
FinFisher FinFisher 11
10
![Page 11: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/11.jpg)
ComponentsComponents
• FinFisher USB Suite
FinFisher HQ– FinFisher HQ
– FinFisher 1
Fi Fi h 2– FinFisher 2
– FinFisher 3
• FinFisher Remote Hacking Kit
• FinSpypy
• FinFly
Fi T i i• FinTraining
• FinAudit
• New Products - 200811
![Page 12: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/12.jpg)
FinFisher FinFisher 22
• U3 USB Dongle
• Executes on insertion with little or no user intervention
• Gets a copy of all locally stored E-Mails from Gets a copy of all locally stored E Mails from the target system
• Obtains specific files by file extension (e g all • Obtains specific files by file-extension (e.g. all .doc and .xls files)
All h d d i i ll i h d• All gathered data is asymmetrically enciphered
• Bypasses installed Anti-Virus/Anti-Spyware software
12
![Page 13: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/13.jpg)
FinFisher FinFisher 22
13
![Page 14: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/14.jpg)
ComponentsComponents
• FinFisher USB Suite
FinFisher HQ– FinFisher HQ
– FinFisher 1
Fi Fi h 2– FinFisher 2
– FinFisher 3
• FinFisher Remote Hacking Kit
• FinSpypy
• FinFly
Fi T i i• FinTraining
• FinAudit
• New Products - 200814
![Page 15: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/15.jpg)
FinFisher FinFisher 33
• 2 Bootable CD-Roms:
1. Removes password for selected Windows user account
2. Securely wipes local hard-disks
15
![Page 16: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/16.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
16
![Page 17: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/17.jpg)
FinFisher Remote Hacking KitFinFisher Remote Hacking Kit
• Used for remote information gathering
P id t d t h ki i t• Provides up-to-date hacking environment
• Can target public servers and personal g p p
computers
17
![Page 18: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/18.jpg)
FinFisher Remote Hacking KitFinFisher Remote Hacking Kit
• Ruggedized notebook
Fi T k ti t• FinTrack operating system
• Various scripts for automating attack p g
procedures
• All major up-to-date hacking tools
18
![Page 19: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/19.jpg)
FinFisher Remote Hacking KitFinFisher Remote Hacking Kit
• High-power Wireless LAN adapter
Bl t th d t ith t l• Bluetooth adapter with antenna plug
• Directional/Omni-directional antenna
• 500 GB USB disk containing Rainbow Tables,
default password lists, etc.
• USB-to-Ethernet adapter• USB to Ethernet adapter
• PS/2 and USB Keylogger
• Other
19
![Page 20: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/20.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
20
![Page 21: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/21.jpg)
FinSpyFinSpy
• Professional Trojan Horse• Monitor and remotely access one or multiple
systems• Presence on target system is hidden• All communication is hidden and enciphered• Components:
– FinSpy Client– FinSpy Server– FinSpy Target– FinSpy USB-U3 Dongle (Target)– FinSpy Antidote
21
![Page 22: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/22.jpg)
FinSpyFinSpy
• Features:– Custom Executables– Bypasses Anti-Virus/Anti-Spyware Software– Location Tracing– Scheduled Operations– Key Loggingy gg g– Password Gathering– Webcam/Microphone Accessp– Communication Sniffing:
• Skypeyp• Instant Messengers (ICQ, Yahoo, …)
– OtherOther
22
![Page 23: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/23.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
23
![Page 24: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/24.jpg)
FinFlyFinFly
• Used to infect executables while downloading• Components:
– Transparent HTTP Proxy– EXE Loader
• Proxy attaches Trojan Horse software to downloaded executables on-the-fly
• Loader removes attached software from downloaded executable after installation
• Can be used on local networks (e.g. Wireless LANs)ISP V i i 2008• ISP Version to come in 2008
24
![Page 25: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/25.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
25
![Page 26: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/26.jpg)
FinTraining: Basic Hacking CoursesFinTraining: Basic Hacking Courses
• 1 or 2 week basic hacking overview• Covers various common hacking techniques• Practical examples, demonstrations and
exercises• Topics include:
– Footprinting/Scanning/Enumerationootp t g Sca g u e at o– Networks– Exploits– Exploits– Wireless LANs
Bl t th– Bluetooth– Other
26
![Page 27: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/27.jpg)
FinTraining Advanced: Exploiting SoftwareFinTraining Advanced: Exploiting Software1 k • 1 week course
• Covers bugs in software and exploiting thesethese
• Practical examples, demonstrations and exercisesexercises
• Topics include:Software Bugs– Software Bugs
– Exploit Archives/FrameworksShellcode– Shellcode
– Finding BugsCustomizing Exploits– Customizing Exploits
– Other
27
![Page 28: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/28.jpg)
FinTraining Advanced: RootkitsFinTraining Advanced: Rootkits
• 1 week course• Covers RootKit and Trojan horse
techniques• Practical examples, demonstrations and
exercises• Topics include:
– Analysis– UsageUsage– Detection
Development– Development– Other
28
![Page 29: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/29.jpg)
FinTraining Advanced: Hacking VoIPFinTraining Advanced: Hacking VoIP
• 1 week course• Covers Voice-over-IP eavesdropping and
various attack techniques• Practical examples, demonstrations and
exercises• Topics include:
– RTP Sniffing– RTP InsertionRTP Insertion– SIP Account Brute-Forcing
SIP Account Cracking– SIP Account Cracking– Other
29
![Page 30: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/30.jpg)
FinTraining Advanced: Wireless HackingFinTraining Advanced: Wireless Hacking
• 1 week course• Covers Wireless LANs, Bluetooth and
Wireless Keyboards• Practical examples, demonstrations and
exercises• Topics include:
– Wireless LAN WEP/WPA Cracking– Bluetooth Link-Key CrackingBluetooth Link Key Cracking– Wireless Keyboard Sniffing
Other– Other
30
![Page 31: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/31.jpg)
FinTraining Advanced: Covert CommsFinTraining Advanced: Covert Comms
• 1 week course• Covers steganography, encryption, network
and application protocols• Practical examples, demonstrations and
exercises• Topics include:
– Hiding data in objects– Hiding data in streamsHiding data in streams– Hiding VoIP communication
Other– Other
31
![Page 32: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/32.jpg)
FinTraining Advanced: MoreFinTraining Advanced: More
• More topics upon request• Courses are customized according to
customers needs and skill-set
32
![Page 33: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/33.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
33
![Page 34: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/34.jpg)
FinAuditFinAudit
• 1 or 2 week penetration test• Security check of networks, systems and
software• Helps analyzing various attack vectors and
fi di l bili ifinding vulnerabilities• Prevents data disclosure and intrusion• Finalizing report and consulting services
34
![Page 35: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/35.jpg)
ComponentsComponents
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy• FinSpy
• FinFly
• FinTraining
Fi A dit• FinAudit
• New Products - 2008
35
![Page 36: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/36.jpg)
News News 20082008: FinFly ISP: FinFly ISP
• FinFly that is capable of working in ISP networksnetworks
• Can infect en-masse or targeted systems• Ready: Mid/End of 2008• Ready: Mid/End of 2008
36
![Page 37: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/37.jpg)
News News 20082008: FinCrack: FinCrack
• Super-Cluster to crack Passwords/Hashes• Size and Speed customized to requirements• Supports:
– Microsoft Office DocumentsNTLM/LM– NTLM/LM
– WPA NetworksUnix DES– Unix DES
– WinZIP– PDFPDF
• Other modules can be provided upon request• Ready: Mid/End of 2008Ready: Mid/End of 2008
37
![Page 38: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/38.jpg)
News News 20082008: FinWifiKeySpy: FinWifiKeySpy
• Wireless Keyboard Sniffer• Sniffs all keystrokes of wireless keyboard within
antenna range• Able to inject keystrokes to remote computers• Supports all major vendors (Microsoft, Logitech)• Ready: End of 2008
38
![Page 39: IT INTRUSION – FinFisher Product Suite](https://reader030.vdocuments.net/reader030/viewer/2022012417/6172534329e4e924165f5984/html5/thumbnails/39.jpg)
News News 20082008: FinBluez: FinBluez
• Product for various Bluetooth attacks, e.g.:– Utilize Bluetooth headsets as audio bugs– Record audio stream between headset and
mobile phone• Ready: End of 2008
39