Dropkicks.
A lifetime of experience with specialized tools.
Digital Dropkick has a lifetime of study and usage with the tools required to test the security of different types of networks. From the early 2000's when this software was being developed, we were utilizing it to break in to our own networks for fun. Over the years as the software grew, so did we. To date, we have successfully exploited hundreds of different operating systems, software applications, networks and hardware devices.
If you want to evaluate and understand in simple terms the security of your system, allow us the pleasure of showing you.
We have intimate knowledge of programs like Metasploit, used to deliver payloads like opening a reverse shell inside your system for control from a remote locations. If this bothers you, good. It should bother you. We know how to guard against it as well as operate it. Who better than someone like us to help you? We wear the "White Hate" of the industry - Don't allow the "Black Hat" an easy path to your data. Learn Karate from a black belt.
Below are some tools regularly available on the internet. With limited technical knowledge, a bad actor can utilize these tools and successfully gain access to your systems in different ways. Not only are there tools available to meet this end, but there are people that will tailor fit an attack specifically designed for your network
OSINT (Open Source Intelligence)
You're One The Internet.
All your Social Media is up there for pretty much anyone to see. Where you work - LinkedIn. What you like to do - Instagram. What/Who you care about - Facebook...And so, so much more. These sites include your email addresses. Your phone number. Sometimes even your address. You don't want to take it all down but, you don't exactly want it all up there for everyone to see either. It's a catch 22.
Attackers Are Also On The Internet
People that know how to look can scoop this information out of the internet easily. Search engines make it easy to find specific information about specific people - if you know how to refine your searches properly. With pieces of this information it's surprisingly easy to create a profile on someone with little effort.
You Are Connected
Because of this, people are hacked every day of the week. User names, passwords, emails, phone numbers and addresses are more often than not, readily available on the darkweb in data breaches.
OSINT
Is intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. All this information is free, for those who know how to look.
I mention this to remind you how easily a motivated attacker can find out whatever they want for an attack against you specifically. Some people born of a certain generation...have been doing things like this they're ENTIRE lives and know not only the tricks to find people, but the ones that can best protect them also.
For more information on OSINT visit Wikipedia here.
More reasons to pay attention.
You should regularly change your password.
You should regularly change your password.
You should regularly change your password.
If you don't, there are programs like Hashcat, RainbowCrack, John the Ripper, Medusa, The Hydra, CeWL, Miikats, Dirbuster, Cain and Able...I think you get the idea. There are many, many more. These programs are used to break your passwords and are easy to use.
Verify everyone. EVERYONE.
You should regularly change your password.
You should regularly change your password.
Social Engineering is a way of gathering information, often used in conjunction with both physical and digital testing. With tools like Maltego, an "agent" can easily appear to be someone they aren't by saying all the right things at exactly the right time.
Watch where you type.
You should regularly change your password.
Watch where you type.
Do you have any idea how easy it is to clone a website? Like maybe a website that makes you login with your username and password? SET Tool-Kit is one such tool used to allow for this very thing...One of many tools used to collect login credentials.
WiFi Anyone?
Hello? Hey, it's for you!
Watch where you type.
Once an attacker is connected to your WiFi, they are connected to every computer on that network. Including POS machines. There are so many tools - Reaver, Kismet, AirCrack-NG, coWPAtty...the list goes on. All capable of breaking WPA/WPA2 and PSK encryption - Unless you are protected.
Using Windows?
Hello? Hey, it's for you!
Hello? Hey, it's for you!
Don't feel bad - the majority of desktop computers run Windows. You have a business - of course you have Windows...Just be aware there are a ton of tools out there that allow for exploit and malware development like WinDBG. Real life bad actors know the business world uses Windows too.
Hello? Hey, it's for you!
Hello? Hey, it's for you!
Hello? Hey, it's for you!
Your phone is pretty much your the key to everything you do. Did you know we can not only clone your phone, but take it over remotely? The majority of the tools necessary require physical access at some point, but others just need you to open an email, text, or URL.
Why it Matters
If an attacker has physical access to your network, half their work is already done.
Being within close proximity to a target network is the easiest way in. Take a look at the picture to the right, This is a Raspberry Pi - This device, when coupled with a battery pack can give access to a system for an entire day or longer. Plenty of time to exploit your network, acquire target data and send it anywhere in the world. The only catch? You have to physically plug in.
Ideally, an attacker would break through your outer physical defenses and plug this in to an ethernet port - but Wi-Fi works too. Once connected - Everything else is the easy part.
Beyond that, physical access provides the ability to acquire written materials and security tokens of all kinds.
The majority of those with important data at least try to keep it safe. Systems like RFID locks and long alphanumeric passwords come to mind. But you would be amazed at how trusted you can become by just having a physical presence where everyone ese is trusted. All it takes is a confident demeanor, a friendly disposition and some inside information. Once there, the world in your oyster. Don't believe me? Prove me wrong then.
And the ability to set up continuous back door access - not to mention steal everything not nailed down, should there be sufficient reason to do so
Once on a trusted computer inside the host network, that network believes any action performed is a legitimate command from an administrator. Including sending all incoming and outgoing data to a 3rd party. Data like payment information, emails, and credit card transaction information - pretty much anything that a bad actor could want, could then be on demand and in real time taken on an on goin basis
All this - Plus - physical access grants an attacker the power to physically take whatever they want. Don't forget that part.