NetRipper - Smart traffic sniffing for penetration testers

Presented at DEF CON 23 (2015), Aug. 7, 2015, 5 p.m. (60 minutes)

The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be sniffed. The implementation of this technique is a tool called NetRipper which uses API hooking to do the actions mentioned above and which has been especially designed to be used in penetration tests, but the concept can also be used to monitor network traffic of employees or to analyze a malicious application.

Presenters:

• Ionut Popescu - Senior Security Consultant at KPMG Romania
  Ionut works as a Senior Security Consultant at KPMG in Romania. He is passionate about ASM, reverse engineering, shellcode and exploit development and he has a MCTS Windows Internals certification. He spoke at various security conferences in Romania like: Defcamp, OWASP local meetings and others and also at the yearly Hacknet KPMG international conference in Helsinki and Berlin. Ionut is also the main administrator of the biggest Romanian IT security community: rstforums.com and he writes technical articles on a blog initiated by a passionate team: securitycafe.ro. Twitter: @NytroRST

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Popescu
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Video.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Ionut Popescu - NetRipper - Smart traffic sniffing for penetration testers - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=YcC3p3HYxA0

Similar Presentations:

• Kawaiicon (2019) / Seeing The Invisible: Finding Fingerprints on Encrypted Traffic
• Black Hat Europe 2017 / Visibility Into Encrypted Traffic Comes at a Cost
• CarolinaCon 14 (2018) / Presenting P@cketR@quet: An Auditory IDS/Network Auralizer