Mobile Pen Testing with Dagah
Instructor Georgia Weidman covers all the methods used by the Shevirah Red Team in conducting penetration tests of mobile systems including phishing, man-in-the-middle, rogue access point, rogue cell tower, client-side, and remote attacks With Dagah, security analysts can design a campaign of penetration test attacks against targets, launch them, and review the results. Attacks simulate phishing, harvesting, iOS profile, and malicious application exploitations. Each attack can be delivered over Short Message Service (SMS), Quick Response (QR) Codes, Near-Field Communications (NFC), or messaging applications. A penetration tester designs CAMPAIGNs consisting of ATTACKs and runs them against TARGETs. Targets are phone numbers. Any number of attacks can be run within a campaign and a campaign can be run against a set of targets. The various attack types: - **Basic Phishing:** Simulating phishing to draw mobile users into following a line - **Harverster:** Simulating a phishing attack to draw mobile users to a fake website to harvest their user credentials - **Agent:** Simulating a phishing attack to trick users into side loading a “malicious” application containing a backdoor remote agent - **Client Side:** Exploiting mobile devices with client-side vulnerabilities - **Agent:** Simulating a phishing attack to trick users into side loading a settings profile or trust chain to the iPhone. Each attack can be delivered via four methods - **SMS:** Text messages - **QR Codes:** A graphic image that contains an encoded URI that can be printed and displayed - **NFC:** A broadcast message that can be received by nearby mobile devices taking them to a URI - **Messaging Apps** Text messages over messaging applications like Twitter or WhatsApp. - **EXTERNAL:** A message delivered outside of dagah such as via emails A campaign is designed, staged, and then run against groups of targets. The same campaign can be run against another group of targets later for A/B testing. Results are reported per campaign. For all attacks using SMS or NFC methods, a “modem” is used to bridge to the mobile network. The DagahModemBridge application will need to be installed on a penetration tester’s mobile device and configured to connect to the engine. All SMS and NFC methods will appear to be coming from the phone number of the mobile device running the modem application.
Instructor Georgia Weidman covers all the methods used by the Shevirah Red Team in conducting penetration tests of mobile systems including phishing, man-in-the-middle, rogue access point, rogue cell tower, client-side, and remote attacks With Dagah, security analysts can design a campaign of penetration test attacks against targets, launch them, and review the results. Attacks simulate phishing, harvesting, iOS profile, and malicious application exploitations. Each attack can be delivered over Short Message Service (SMS), Quick Response (QR) Codes, Near-Field Communications (NFC), or messaging applications. A penetration tester designs CAMPAIGNs consisting of ATTACKs and runs them against TARGETs. Targets are phone numbers. Any number of attacks can be run within a campaign and a campaign can be run against a set of targets.
The various attack types:
Each attack can be delivered via four methods
A campaign is designed, staged, and then run against groups of targets. The same campaign can be run against another group of targets later for A/B testing. Results are reported per campaign. For all attacks using SMS or NFC methods, a “modem” is used to bridge to the mobile network. The DagahModemBridge application will need to be installed on a penetration tester’s mobile device and configured to connect to the engine. All SMS and NFC methods will appear to be coming from the phone number of the mobile device running the modem application.
