Litcius/Paper detail

Air‐Gapped Networks: Exfiltration without Privilege Escalation for Military and Police Units

Nachaat Mohamed, Saif Khameis Almazrouei, Adel Oubelaid, Mahmoud Elsisi, Basem M. ElHalawany, Sherif S. M. Ghoneim

2022Wireless Communications and Mobile Computing28 citationsDOIOpen Access PDF

Abstract

Several security tools have been described in recent times to assist security teams; however, the effectiveness and success remain limited to specific devices. Phishing is a type of cyberattack that uses fraudulent emails and websites to obtain personal information from unsuspecting users, such as passwords and credit card numbers. Hackers can gain access to your information through a variety of methods, and the most common of which are king, phishing, spear phishing, social engineering, and dictionary attacks. Each of these techniques is unique, but they all have the same goal: to obtain your personal information. Nevertheless, there is the potential to exploit this problem in terms of security. In this paper, we used the Bash Bunny (BB), a new tool designed to assist military, law enforcement, and penetration tester teams with their work to conduct exfiltration without privilege escalation through T1200, T1052, and T1052.001 techniques in air‐gapped networks with effectiveness/success 99.706%.

Topics & Concepts

PhishingComputer securityComputer scienceHackerPasswordLaw enforcementExploitCredit cardSocial engineering (security)Privilege (computing)Personally identifiable informationInternet privacyData breachThe InternetWorld Wide WebLawPaymentPolitical scienceNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesOpportunistic and Delay-Tolerant Networks