SNSCAT: WHAT YOU DON'T KNOW ABOUT SOMETIMES HURTS THE MOST

A vulnerability exists through the use of Social Networking Sites that could allow the exfiltration /infiltration of data on "secured networks". SNSCat provides a simple to use post-penetration data exfiltration/infiltration and C2 (Command and Control) platform using images and documents on social media sites (Facebook, Google Apps, twitter, imgur, etc). The first part of our presentation will focus on case studies demonstrating the risks assumed by allowing social media sites on business networks both by malicious insiders and outsiders. After coverage of preliminary terms and concepts, we will introduce our tool and show how one can easily move files in and out of a network using social media sites. We will next demonstrate how one can use SNSCat along with the implants we have created to establish full command and control between the controller and the listening agents. Automation of commands is vital in establishing a robust botnet covertly communicating and responding to instructions from the controller. Anonymity is also essential which keeps the attacker and victim networks from ever touching each other. SNSCat is built to provide these very functions! Finally, we will introduce how one can plug in their own home-brewed steganography and cryptology modules as well as how one can build connectors for additional sites into our framework. In a 60 minute presentation, we will show you how to bypass network security equipment via social networking sites to mask data infiltration/exfiltration and C2 from any network with access to social networking sites.

Presented by