Name: IT Intrusion FinFisher Product Suite

Text: IT INTRUSION – FinFisher Product Suite

Usage
• Information Gathering
• PC Surveillance
• Hacking
• Information Exploitation
• Information Interception

2

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

3

FinFisher USB Suite
• Suite to locally extract information from
target systems with little or no user
interaction
• Data analysis/Report generation at HeadHead
quarters

4

Components
• FinFisher USB Suite
– FinFisher HQ
– FinFisher 1
– FinFisher 2
– FinFisher 3

• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
• New Products - 2008
5

FinFisher HQ
• Graphical User Interface for FinFisher 1 and 2
• Used
U d tto configure
fig
operational
ti
l options
ti
• Generates certificates for encryption
• Deciphers and imports data from dongles
• Generates reports
p
from g
gathered data
• Updates FinFisher 1 and 2 systems

6

FinFisher HQ

7

Components
• FinFisher USB Suite
– FinFisher HQ
– FinFisher 1
– FinFisher
Fi Fi h 2
– FinFisher 3

• FinFisher Remote Hacking Kit
• FinSpy
py
• FinFly
• FinTraining
Fi T i i
• FinAudit
• New Products - 2008
8

FinFisher 1
• U3 USB Dongle
• Executes on insertion with little or no user
intervention
• Obtains system and account information for:
• Windows Accounts
E-Mail
Mail Accounts (Microsoft Outlook / Express,
Express …))
• E
• Instant Messenger Accounts (MSN, Yahoo, ICQ, …)
Keys, Hotfixes
Hotfixes, …))
• System Details (Product Keys
• Network Information (Open Ports, Cookies, History,
…))

• All gathered data is asymmetrically enciphered
• Bypasses installed Anti-Virus/Anti-Spyware
Anti Virus/Anti Spyware
software

9

FinFisher 1

10

Components
• FinFisher USB Suite
– FinFisher HQ
– FinFisher 1
– FinFisher
Fi Fi h 2
– FinFisher 3

• FinFisher Remote Hacking Kit
• FinSpy
py
• FinFly
• FinTraining
Fi T i i
• FinAudit
• New Products - 2008
11

FinFisher 2
• U3 USB Dongle
• Executes on insertion with little or no user
intervention
• Gets a copy of all locally stored E
E-Mails
Mails from
the target system
• Obtains specific files by file-extension
file extension (e
(e.g.
g all
.doc and .xls files)
• All gathered
h d data
d
is
i asymmetrically
i ll enciphered
i h d
• Bypasses installed Anti-Virus/Anti-Spyware
software

12

FinFisher 2

13

Components
• FinFisher USB Suite
– FinFisher HQ
– FinFisher 1
– FinFisher
Fi Fi h 2
– FinFisher 3

• FinFisher Remote Hacking Kit
• FinSpy
py
• FinFly
• FinTraining
Fi T i i
• FinAudit
• New Products - 2008
14

FinFisher 3
• 2 Bootable CD-Roms:
1. Removes password for selected Windows
user account
2. Securely wipes local hard-disks

15

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

16

FinFisher Remote Hacking Kit
• Used for remote information gathering
• Provides
P id up-to-date
t d t h
hacking
ki environment
i
t
• Can target
g p
public servers and p
personal
computers

17

FinFisher Remote Hacking Kit
• Ruggedized notebook
• FinTrack
Fi T k operating
ti system
t
• Various scripts
p for automating
g attack
procedures
• All major up-to-date hacking tools

18

FinFisher Remote Hacking Kit
• High-power Wireless LAN adapter
• Bluetooth
Bl t th adapter
d t with
ith antenna
t
plug
l
• Directional/Omni-directional antenna
• 500 GB USB disk containing Rainbow Tables,
default password lists, etc.
• USB
USB-to-Ethernet
to Ethernet adapter
• PS/2 and USB Keylogger
• Other

19

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

20

FinSpy
• Professional Trojan Horse
• Monitor and remotely access one or multiple
systems
• Presence on target system is hidden
• All communication is hidden and enciphered
• Components:
– FinSpy Client
– FinSpy Server
– FinSpy Target
– FinSpy USB-U3 Dongle (Target)
– FinSpy Antidote

21

FinSpy
• Features:
– Custom Executables
– Bypasses Anti-Virus/Anti-Spyware Software
– Location Tracing
– Scheduled Operations
gg g
– Keyy Logging
– Password Gathering
p
Access
– Webcam/Microphone
– Communication Sniffing:
• Skype
yp
• Instant Messengers (ICQ, Yahoo, …)
– Other
22

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

23

FinFly
• Used to infect executables while downloading
• Components:
– Transparent HTTP Proxy
– EXE Loader
• Proxy attaches Trojan Horse software to
downloaded executables on-the-fly
• Loader removes attached software from
downloaded executable after installation
• Can be used on local networks (e.g. Wireless
LANs)
• ISP Version
V i to come in
i 2008

24

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

25

FinTraining: Basic Hacking Courses
• 1 or 2 week basic hacking overview
• Covers various common hacking techniques
• Practical examples, demonstrations and
exercises
• Topics include:
– Footprinting/Scanning/Enumeration
ootp t g Sca
g
u e at o
– Networks
– Exploits
– Wireless LANs
– Bluetooth
Bl t th
– Other
26

FinTraining Advanced: Exploiting Software
• 1 week
k course
• Covers bugs in software and exploiting
these
• Practical examples, demonstrations and
exercises
• Topics include:
– Software Bugs
– Exploit Archives/Frameworks
– Shellcode
– Finding Bugs
– Customizing Exploits
– Other
27

FinTraining Advanced: Rootkits
• 1 week course
• Covers RootKit and Trojan horse
techniques
• Practical examples, demonstrations and
exercises
• Topics include:
– Analysis
– Usage
– Detection
– Development
– Other
28

FinTraining Advanced: Hacking VoIP
• 1 week course
• Covers Voice-over-IP eavesdropping and
various attack techniques
• Practical examples, demonstrations and
exercises
• Topics include:
– RTP Sniffing
– RTP Insertion
– SIP Account Brute-Forcing
– SIP Account Cracking
– Other
29

FinTraining Advanced: Wireless Hacking
• 1 week course
• Covers Wireless LANs, Bluetooth and
Wireless Keyboards
• Practical examples, demonstrations and
exercises
• Topics include:
– Wireless LAN WEP/WPA Cracking
– Bluetooth Link
Link-Key
Key Cracking
– Wireless Keyboard Sniffing
– Other

30

FinTraining Advanced: Covert Comms
• 1 week course
• Covers steganography, encryption, network
and application protocols
• Practical examples, demonstrations and
exercises
• Topics include:
– Hiding data in objects
– Hiding data in streams
– Hiding VoIP communication
– Other

31

FinTraining Advanced: More
• More topics upon request
• Courses are customized according to
customers needs and skill-set

32

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

33

FinAudit
• 1 or 2 week penetration test
• Security check of networks, systems and
software
• Helps analyzing various attack vectors and
fi di vulnerabilities
finding
l
bili i
• Prevents data disclosure and intrusion
• Finalizing report and consulting services

34

Components
• FinFisher USB Suite
• FinFisher Remote Hacking Kit
• FinSpy
• FinFly
• FinTraining
• FinAudit
Fi A dit
• New Products - 2008

35

News 2008:
2008: FinFly ISP
• FinFly that is capable of working in ISP
networks
• Can infect en-masse or targeted systems
• Ready: Mid/End of 2008

36

News 2008:
2008: FinCrack
• Super-Cluster to crack Passwords/Hashes
• Size and Speed customized to requirements
• Supports:
– Microsoft Office Documents
– NTLM/LM
– WPA Networks
– Unix DES
– WinZIP
– PDF
• Other modules can be provided upon request
• Ready: Mid/End of 2008

37

News 2008:
2008: FinWifiKeySpy
• Wireless Keyboard Sniffer
• Sniffs all keystrokes of wireless keyboard within
antenna range
• Able to inject keystrokes to remote computers
• Supports all major vendors (Microsoft, Logitech)
• Ready: End of 2008

38

News 2008:
2008: FinBluez
• Product for various Bluetooth attacks, e.g.:
– Utilize Bluetooth headsets as audio bugs
– Record audio stream between headset and
mobile phone
• Ready: End of 2008

39

Document Path: ["365-elaman-presentation-it-intrusion-finfisher.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh