1.9k likes | 2.04k Views
FINFISHER: FinSpy 3.10 Product Training. Table of Content. Introduction FinSpy Agent FinSpy Administration FinSpy Master FinSpy Relay Troubleshooting. Portfolio Overview. Introduction.
E N D
FINFISHER: FinSpy 3.10 Product Training
Table of Content • Introduction • FinSpy Agent • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
Introduction • FinSpy is designed to help Law Enforcement and Intelligence Agencies remotely monitor computer systems and gain full access: • Key Features: • Online Communication • Skype, Messengers, VoIP, E-Mail, Browsing and more • Internet Activity • Social Networks, Discussion Boards, Blogs, File-Sharing and more • Stored Data • Remote access to hard-disk, deleted files, Recently Opened Files, crypto containers and more • Surveillance Devices • Use of Integrated webcams, microphones and more • Location
Introduction • Strategic use of the FinSpy System: • IT Intrusion System • Internal Monitoring System • Covert Surveillance Device • Remote Control System
FinSpy Agent • Introduction • FinSpy Agent • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Components • Provides Graphical User Interface for FinSpy System • Shows Target List • Provides Interface for Target Analysis • Allows Target Configuration • Facilitates Target Updates • Enables Target Trojan Creation • Facilitates Creation of differing Infection Techniques
FinSpy Agent – Contents • Overview • Target List • Target Options • Evidence Protection • Target Creation • Infection Techniques • Analyses
FinSpy Agent – Overview • FinSpy Agent – Login Window • Username and Password • IP Address or DNS Name and Port of FinSpy Master • Logoff from the FinSpy Master
FinSpy Agent – Overview • FinSpy Agent – Main Window
FinSpy Agent – Overview • The FinSpy Agent Main Window offers the following functionalities: • Data Analysis – Analysis of selected or multiple Targets • Create Target – Wizard to create a new Target Trojan • Configuration – Basic Settings for FinSpy Agent and FinSpy Master • Show Logfiles – To view the Logfiles on the FinSpy Master • Agent List – To view which Agents are connected to which Target(s) • License Information – To view the actual License and Import one • LEMF – Data Management – To configure the LEMF • About – Shows the FinSpy Version and License • Online Help – Visit Support Website • Logoff – Disconnect the FinSpy Agent from FinSpy Master
FinSpy Agent • Introduction • FinSpy Agent • Target List • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Target List • FinSpy Agent – Target List
FinSpy Agent – Target List • The FinSpy Agent Target List displays information about a Target. • FinSpy Target Name • Unique FinSpy System Name of Target System • Username under which the FinSpy Infection operates • Country & City in which the FinSpy Targets ISP Access point is located • Global IP & Public IP address of the FinSpy Target • Operating System including Service Pack • Target Time & Target Time Zone • Software Version of the FinSpy Target • Install Mode (MBR, Kernel Mode, User Mode)
FinSpy Agent – Target List – Online • FinSpy Agent – Target List – Online
FinSpy Agent – Target List – Online • Configuration • Live Session • Download Now • Update • Remove Infection • Disconnect • The Online List of Targets offers the following functionalities to manage, monitor and reconfigure an active FinSpy Target: • Analyse Data • Visualize Data • Evidence Protection
FinSpy Agent – Target List – Offline • FinSpy Agent – Target List – Offline
FinSpy Agent – Target List – Offline • The Offline List of Targets offers the following functionalities to manage and monitor a FinSpy Target: • Analyse Data • Visualize Data • Evidence Protection • Configuration • Remove Infection
FinSpy Agent – Target List – Archived • The Archived List of Targets offers the following functionalities to manage a FinSpy Target, where, the infection was removed but data is still on the FinSpy Master Server: • Analyse Data • Visualize Data • Evidence Protection • Remove Data
FinSpy Agent – Target List – Target Licensing • If the maximum number of infection is reached, the Target is unavailable as long as no license is freed and an infected Target is uninfected. • First come – first serve principle
FinSpy Agent – Target List – Recorded Data Availability • Symbols indicate availability of new data • Star indicates Data on FinSpy Master is available • Bullet indicates Data on FinSpy Target is available for download to Master Server
FinSpy Agent • Introduction • FinSpy Agent • Target Analysis • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Target Analysis • All or Selected recorded data can be shown or replayed • Data is stored on the FinSpy Master • Data can be viewed, deleted, exported and commented on
FinSpy Agent – Target Analysis • FinSpy Agent – Target Analysis Main Window
FinSpy Agent – Target Analysis • The FinSpy Agent Target List Main Window shows the following information: • Identifies the Infection module (device/application) • An importance level can be associated with specific stored data • FinSpy Target Name • Unique internal FinSpy System reference to the Specific FinSpy Target • Size of the stored data set in bytes • The date when the data was recorded on the Target PC
FinSpy Agent – Target Analysis • Possible actions each entry: • Opens & shows the recorded data • Deletes the data set from the FinSpy Master Server • The data can be exported to the FinSpy Agent computer. • Comments to the data can be stored
FinSpy Agent – Target Analysis • Recorded Comments: • Comments cannot be deleted • Importance Levels are also comments • Descending order
FinSpy Agent – Target Analysis • Filter Search: • Start / End Date • Module • Advanced Options
FinSpy Agent – Target Analysis • Embedded Audio Player (Skype, VoIP, Microphone): • Start / Pause / Stop • Equalizer for each channel • Volume control
FinSpy Agent – Target Analysis • Embedded Video Player (Webcam, Screen, Mouse Clicks): • Play / Pause, Stop, One Screenshot Backward, One Screenshot Forward • Current Time, Total Length • Preview Images (generated at runtime)
FinSpy Agent – Target Analysis – Hands-On • Hands-On:
FinSpy Agent – Target Analysis – Hands-On • Hands-On: • Select a Target • Search for Microphone Recordings only • Open Microphone Recording • Change Priority Level to High • Write a Comment
FinSpy Agent • Introduction • FinSpy Agent • Visualize Data • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Visualize Data • Analyzing Data on a graphical way.
FinSpy Agent – Visualize Data • Analyzing Data on a graphical way. • The art of visualization • The recorded data on each day • Setting the importance level
FinSpy Agent – Visualize Data • Analyzing Data on a graphical way. • Overview divided by module • Amount of recordings for each module • Meta Information
FinSpy Agent • Introduction • FinSpy Agent • Evidence Protection • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Evidence Protection • Prove collected Data has not been altered, for use as evidence in court • Import of a Security certificate • Digital Check for each item • Activity Logging (Who, What, Where) • Signature Verification
FinSpy Agent – Evidence Protection • Certificate Management
FinSpy Agent – Evidence Protection • Status of Evidence • Signature Checking • Export of Evidence
FinSpy Agent – Evidence Protection • Activity Log • Event Description (Who/What/Where)
FinSpy Agent – Evidence Protection • Exported evidence can generate a report
FinSpy Agent – Evidence Protection • Evidence history can be viewed
FinSpy Agent – Evidence Protection • External Verification Tool • Can be used portable
FinSpy Agent – Configuration – Hands-On • Hands-On:
FinSpy Agent – Configuration – Hands-On • Hands-On: • Select a Target • Go to Evidence Protection • Export the Evidence • Use external Evidence Verification Tool • Run the external Evidence Verification Tool
FinSpy Agent • Introduction • FinSpy Agent • Configuration • FinSpy Administration • FinSpy Master • FinSpy Relay • Troubleshooting
FinSpy Agent – Configuration • Configuration of the FinSpy Target: • General settings • Network settings • Download Schedule • Alert Settings • User Permissions • Modules
FinSpy Agent – Configuration • Configuration Window: