Cayman Island Bank Writeup
by Phineas Fisher 2019
https://github.com/Alekseyyy/hacXiv/blob/master/publication/PhineasFisher/cayman-english.md
| Remark |
|---|
| Google Translate |
| Pastebin |
| Unicorn Riot |
| Crimethinc |
| exploit-db |
| Phineas Fisher puppet interview https://www.youtube.com/watch?v=BpyCl1Qm6Xs |
| OPSEC |
| “A DIY guide to rob banks” |
| Cadejo |
| Guy Fawkes |
| Salvador Dali |
| F Society |
| deepfake |
| rants on capitalism |
| Lucy Parsons |
| Colin Jenkins |
| Barack Obama |
| Noam Chomsky |
| Bank of Bangaladesh hack - North Korea |
| black hat hacker |
| Carbanak Group |
| SWIFT network |
| target selection - small bank is “easier” |
| 2FA |
| RSA SecurID |
| GET request |
| ssh |
| tail |
| access.log |
| procdump64 |
| PHPSESSID |
| findstr |
| strings64 |
| hidden VNC (hvnc) |
| bluetooth killswitch - OPSEC |
| accelerometer - wipe disks - OPSEC |
| initial access |
| opportunistic attacks |
| Lulzsec |
| Anonymous |
| scan entire internet |
| VPN |
| zmap |
| zgrab |
| SSL certificate common and alt names |
| reverse DNS |
| SonicWall |
| SSL VPN |
| memory corruption |
| Shellshock |
| cgi-bin/welcome, user-agent payload |
| Dell |
| setuid root dos2unix privesc |
| “the barrier to entry is not as high as you would think. doing the work will surprise you” |
| Citizen Lab |
| SQL injection |
| sometimes you just get lucky |
| file upload vulnerabilities |
| sometimes you hit a wall and cannot proceed |
| Phineas spent ~1 year preparing for Hacking Team |
| Phineas recognized a gap in their knowledge, specifically with Windows, Active Directory, privesc, and lateral movement. They spent time closing this gap. |
| cgi-bin/jarrewrite.sh – Shellshock |
| Phineas felt inspired/empowerd rather than beating themselves up for missing such a trivial method of entry. |
| Phineas was happy to spend extended amounts of time reading, studying, and developing new skills. |
| Phineas wrote a simple wrapper for the login page to siphon passwords. (written in C) |
| single-use passwords |
| “The most complicated part is to understand how they operate and how to get what you want out of their network” |
| “Give a man an exploit and he will have access for a day. Teach them phishing and he will have access for life.” |
| Phineas read the reports about their hack |
| Phineas recognized in a report that another party was also trying to hack the same bank at the same time as them. (due to a registered phishing domain) |
| Phineas asserts that bank hacks happen a lot due to another attacker targeting the bank at the same time. |
| multiple forms of persistence |
| reading emails with Outlook Web Access |
| Project Pallid Nutmeg.pdf https://data.ddosecrets.com/Sherwood/Pallid-Nutmeg.pdf |
| Searching for interesting files |
| download a list of filenames, grep for ‘swift’ |
| keyloggers and screenshots are very effective |
| Phineas layed low after being detected, but maintained backup access |
| meterpreter/post/windows/gather/screen_spy |
| post-exploitation looting |
| Defenders (can be) hackers too |
| Natwest |
| dwell time - how is it measured? |
| UK Fast Payment Service |
| making mistakes leads to being caught |
| Phineas made an irregular transfer, which engated IR at the bank, which led to the discovery of their other transfers. |
| Phineas rants about capitalism and talks about OPSEC |
| Phineas will not disclose dollar amounts because they feel that measurement of damage in monetary value is perverse. |
| Phineas also will not disclose as to not give cluses to where the funds ultimately ended up |
| Monero |
| Zcash |
| Offensive PowerShell getting retired due to defensive advancements in visibility and AMSI. |
| Panama papers |
| lower members of a hierarchy can empathize with those at the top, but not vice-versa. |
| Captain Bellamy |
| Octavia Butler’s advice |
| persistence is one of the most valuable virtues |
| the best way to learn to hack is by hacking |
| build a virtual lab |
| Windows Server as a Domain Controller |
| Workstation attached to the domain |
| development machine with Visual Studio |
| write an Office macro to run a RAT such as meterpreter |
| use meterpreter |
| use mimikatz |
| use Bloodhound |
| perform Kerberoasting |
| perform SMB relaying |
| use psexec and other lateral movement tools |
| use scripts from this guide, other guides, … |
| begin with Windows Defender disabled, but then enable it and try again |
| you should be able to hack 99% of companies with these skills |
| get comfortable using shells and programming |
| learn English |
| The Hacker Playbook |
| Phineas recommends not wasting time on unimportant topics, focusing on the basics first. |
| Phineas recommends basic web app security knowledge, but not too advanced unless you really want to. |
| Phineas recommends focusing on what is important to achieve your goals. |
| Phineas recommends learning how to phish and perform basic social engineering. |
| hacking is a coping mechanism |
| IMSI catcher |
| SIM swapping |
| Phineas gives advice on target selection and offers a bounty for certain types of targets |
| Phineas offers bounties to non-hackers willing to place implants at their places of employment. |
| bug bounty programs |
| reverse engineering to find bugs |
| Phineas recommends hacking prisons |