Announcement

Collapse
No announcement yet.

Phirautee

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Phirautee

    Short Abstract:


    Over the past few years, ransomware has gone wild and organisations around the world are getting targeted leading to the damage and disruption. As we all know that the threat landscape is changing rapidly and we hear the fuss about ransomware infection at the offices or read about it in the news.

    Have you ever wondered how threat actors are writing ransomwares? What level of sophistication and understanding is required to target an organisation? In this demo, we will utilise the native Windows commands to build ransomware and target a host via phishing.

    Introducing Phirautee, a proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation's data to hostage for payments or permanently encrypts/deletes the organisation data. The tool uses public-key cryptography to encrypt the data on the disk.

    Before encrypting, it exfiltrates the files from the network to the attacker. Once the files are encrypted and exfiltrated, the original files are permanently deleted from the host and then tool demands a ransom. The ransom is asked using the cryptocurrency for payments, so transactions are more difficult for law enforcement to trace.

    During the demonstration of Phirautee, you will see a complete attack chain i.e. from receiving ransomware attack via a phishing email and how the files get encrypted on the compromised systems. A detailed walkthrough of the source code would be provided to understand how hackers utilise simple methods to create something dangerous. I will end the demo with several defence mechanisms by performing forensics analysis on Phirautee using publicly available tools.



    Short Developer Bio:

    Viral Maniar is currently working as Technical Manager at RiskIQ managing the attack surface outside of the firewall for clients in the APAC region through his boutique cyber security firm Preemptive Cyber Security (www.preemptivecybersec.com) providing offensive and defensive consulting services based in Australia. Viral has provided security consulting services for over 8 years including infrastructure (internal-external), application penetration testing, vulnerability assessments, wireless penetration testing, social engineering, red team engagements, API testing, Thick & Thin client testing and cloud architecture security reviews to numerous clients across various industries in the APAC region. Viral has presented at conferences like Black Hat, ROOTCON and (ISC)2. Viral has also participated in a number of bug bounty programs and won awards for responsible disclosure of security vulnerabilities. In his leisure time, he enjoys developing security tools and maintains several projects on the GitHub. He has achieved industry certifications such as Offensive Security Certified Professional (OSCP) and SANS GPEN - Network Penetration Testing. Twitter: @ManiarViral / @PreemptiveCyber


    URL to any additional information:

    The tool will be released along with the presentation in the public repository on the GitHub: https://github.com/Viralmaniar/Phirautee

    There will be detailed steps to set the tool along with necessary information to get it working to create a proof of concept during the penetration testing or internal infrastructure testing.


    Detailed Explanation of Tool:

    The tool is open source using the MIT License. It uses windows commands and PowerShell commands to build ransomware which can be utilised to send as the phishing campaign. All the commands come preinstalled with vanilla Windows installation and do not require third-party libraries when building this ransomware. Phirautee uses public-key cryptography to encrypt files on the user machine.

    The tool is going to get released during the DEF CON Demo Labs presentation.
    ----
    MIT License:

    Copyright (c) 2020 Viral Maniar

    Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

    The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Working...
X