DRDO, PSU and Private Defence Sector News

rone

rone

New Member
Joined
Dec 23, 2016
Messages
951
Likes
3,108
Country flag
AnantS said:
Again it was not remote intrusion, but case of malpractice. Compromised Man is always the weakest link in security.
View attachment 212439
So you are again proving somebody has physical access to isolated n/w - or your local net is isolated from intranet via firewall, and the firewall got breached.

Still which also means truly isolated local networks(not connected to internet at all - and yes they exist even in pvt cos), with strict security policy of preventing even unauthorized plug-in devices(USB storage devices/network drives etc) - shall remain unscathed from hacking. Unless a hacker is flying overhead with powerful emissions(or sitting near the network location close enough to activate wireless link of compromised devices in n/w) which can activate the compromised devices in wired networks but with provision to activate wireless link remotely(for activating exploit ).
Click to expand...
For concluding the long debate, I will explain how can DRDO lan connected CCTV can lead to compromise of Drdo network, to this unrealistic (close to real) scenario to work let us consider segmented network for DRDO , where cctv connected to centralized lan network ( no direct access to Internet) then there is a developmental network which will handle the R&D division data ( including drone telemetry) and finally normal DRDO office network which is not directly Acceable from internet but it can be reached through Intranet, for the intranet access there Industrial grade VPN access points, so this will ensure only authenticated person can reach all three network even there is role based access restrictions in place ( like normal office user can't access the dev and cctv networks) consider this no trust policy as DRDO practice, let's assume I am a star sponsored threat actor who have countless resources ( 0 days on VPN, user Credntails from honeytrapping, etc) and time to breach this network I will explain how I going to achieve my goal, first I start with network recon I will look for DRDO published ip ranges and scan them and finger print them for future vulnerability assessment, second I look for leaked ip ranges ( like from direct ip link on tender documents, leaked documents,) once I have clear picture internet presence of DRDO Device I will move to my next step, I look for vulnerable network elements ( VPN gateways, exchange Servers, etc) if they exist I will exploit them and get my initial foothold, if there is no common vulnerability found I will move to my 0 days exploit lib, which I use to get a persistent initial hold in these network drives, if even my 0 day failed ( 99% never going to happen) I will use my honey trapped victim's Credntails to login to network,

So at this point I am I inside one of DRDO network irrespective to where now I am inside, further down I will be patient and wacth network activities what kind of user traffic is happening, if possible I will backdoor the login portals to these network access so I will have high range of victim Credntails which I can use of my current foothold lacks privilege ( consider the honey trapped victim is low level office worker) if no Credntails I will look for network missconfiguration where I can find preshared network config files ( like IT admin support files contain support user credentials) if not I will tools like responder and do internal network poisoning which will give password hahses of high authority user, which I will use to do a pass the hash attack and get high authority access, or I will use my state sponsored budget and get hash cracking right with pent flops (jk) get clear text password,

So from low level user foothold to now I have high integrity access, from now onwards I can reach any point in network ( including dev network) at this point I will stay hyberabnted and only do occasional monitoring and dat exfil ( like once every 25 days) ,

So in conclusion the takeover of network happen not because a presence of banned CCTV company, the reason I said CCTV is more threat because all Chinese organization by Chinese rule obligated to share user data with ccp, so if DRDO uses Chinese CCTV ( even no direct connection to internet) for a state sponsored hacker can figure out where to look for DRDO network range by checking supposed CCTV companies user logs ( update logs, activation logs, firmware crash report logs) or compare with the exclusive gov ip list they gathered over time, I think now everyone understand what was the real threat

Ps: above explanation is a hypothetical scenario there are some methodologies and names I intentionally made wrong, I hope this post will put a stop to non ending tail chase posts)
 
Last edited:
AnantS

AnantS

New Member
Joined
Jan 10, 2013
Messages
5,890
Likes
15,774
Country flag
rone said:
For concluding the long debate, I will explain how can DRDO lan connected CCTV can lead to compromise of Drdo network, to this unrealistic (close to real) scenario to work let us consider segmented network for DRDO , where cctv connected to centralized lan network ( no direct access to Internet) then there is a developmental network which will handle the R&D division data ( including drone telemetry) and finally normal DRDO office network which is not directly Acceable from internet but it can be reached through Intranet, for the intranet access there Industrial grade VPN access points, so this will ensure only authenticated person can reach all three network even there is role based access restrictions in place ( like normal office user can't access the dev and cctv networks) consider this no trust policy as DRDO practice, let's assume I am a star sponsored threat actor who have countless resources ( 0 days on VPN, user Credntails from honeytrapping, etc) and time to breach this network I will explain how I going to achieve my goal, first I start with network recon I will look for DRDO published ip ranges and scan them and finger print them for future vulnerability assessment, second I look for leaked ip ranges ( like from direct ip link on tender documents, leaked documents,) once I have clear picture internet presence of DRDO Device I will move to my next step, I look for vulnerable network elements ( VPN gateways, exchange Servers, etc) if they exist I will exploit them and get my initial foothold, if there is no common vulnerability found I will move to my 0 days exploit lib, which I use to get a persistent initial hold in these network drives, if even my 0 day failed ( 99% never going to happen) I will use my honey trapped victim's Credntails to login to network,

So at this point I am I inside one of DRDO network irrespective to where now I am inside, further down I will be patient and wacth network activities what kind of user traffic is happening, if possible I will backdoor the login portals to these network access so I will have high range of victim Credntails which I can use of my current foothold lacks privilege ( consider the honey trapped victim is low level office worker) if no Credntails I will look for network missconfiguration where I can find preshared network config files ( like IT admin support files contain support user credentials) if not I will tools like responder and do internal network poisoning which will give password hahses of high authority user, which I will use to do a pass the hash attack and get high authority access, or I will use my state sponsored budget and get hash cracking right with pent flops (jk) get clear text password,

So from low level user foothold to now I have high integrity access, from now onwards I can reach any point in network ( including dev network) at this point I will stay hyberabnted and only do occasional monitoring and dat exfil ( like once every 25 days) ,

So in conclusion the takeover of network happen not because a presence of banned CCTV company, the reason I said CCTV is more threat because all Chinese organization by Chinese rule obligated to share user data with ccp, so if DRDO uses Chinese CCTV ( even no direct connection to internet) for a state sponsored hacker can figure out where to look for DRDO network range by checking supposed CCTV companies user logs ( update logs, activation logs, firmware crash report logs) or compare with the exclusive gov ip list they gathered over time, I think now everyone understand what was the real threat

Ps: above explanation is a hypothetical scenario there are some methodologies and names I intentionally made wrong, I hope this post will put a stop to non ending tail chase posts)
Click to expand...
Thanks for sharing knowledge. Sorry for nitpicking.. I am asking for my knowledge. I think usually companies don't bother to upgrade the firmware of devices once in an isolated network - unless they are unplugged and hooked to another network with updates. Now here the risk could be a worm/virus which could be transmitted by the compromised system and spread in the isolated n/w.

The scenario you painted becomes a vulnerability I guess if they are in habit of occasionally plugging isolated systems to wider LAN for system updates. Even in that scenario, wont new IP be assigned? Also given random mac address generators are available within OS as functionality. What good those sniffed IP's be?

Sorry if my questions seem useless and wrong - but I am just thinking loudly. This also helps in awareness.

Also I must complement you for the good post.
 
rone

rone

New Member
Joined
Dec 23, 2016
Messages
951
Likes
3,108
Country flag
AnantS said:
Thanks for sharing knowledge. Sorry for nitpicking.. I am asking for my knowledge. I think usually companies don't bother to upgrade the firmware of devices once in an isolated network - unless they are unplugged and hooked to another network with updates. Now here the risk could be a worm/virus which could be transmitted by the compromised system and spread in the isolated n/w.

The scenario you painted becomes a vulnerability I guess if they are in habit of occasionally plugging isolated systems to wider LAN for system updates. Even in that scenario, wont new IP be assigned? Also given random mac address generators are available within OS as functionality. What good those sniffed IP's be?

Sorry if my questions seem useless and wrong - but I am just thinking loudly. This also helps in awareness.

Also I must complement you for the good post.
Click to expand...
yes even when isolated system pluged in for firmware upgrade the call back with random public ip may be but the public ip range will be in DRDO allocated ip range ( even that ip range not published publicly) so once you know ip range you can scan the ip range for a network access element ( vpn) once get inside the network using my above post methods he can scan for the cctv web app ports and attack from the initial foot hold ponit,if my replay not clear we can discus this in dm,
 
Photon

Photon

New Member
Joined
Apr 13, 2021
Messages
702
Likes
4,549
Country flag
www.etvbharat.com

Kurulkar Honeytrap Case : डीआरडीओने कुरुलकर यांच्या लॅपटॉप ऐवजी एटीएसला दिला दुसऱ्याच व्यक्तीचा लॅपटॉप

प्रदीप कुरुलकर यांच्या लॅपटॉप ऐवजी डीआरडीओने एटीएसला दुसऱ्याच व्यक्तीचा लॅपटॉप दिल्याची घटना घडली आहे. एटीएसने ही बाब डीआरडीओच्या निदर्शनास आणून दिल्यानंतर अखेर कुरुलकरांचा लॅपटॉप एटीएसच्या ताब्यात देण्यात आला.
www.etvbharat.com www.etvbharat.com
 
SwordOfDarkness

SwordOfDarkness

New Member
Joined
Dec 8, 2021
Messages
2,776
Likes
11,803
Country flag
patriots said:
Altitude,View attachment 212460
Click to expand...
I think its practically impossible that a missile with 20km vertical range has only 25km horizontal range... Unless they made very small batteries that limits the time its radar can work (which would be atrocious), I honestly see either the altitude being overstated or the range understated.
 
Lonewarrior

Lonewarrior

New Member
Joined
Oct 8, 2019
Messages
3,572
Likes
12,154
Country flag
SwordOfDarkness said:
I think its practically impossible that a missile with 20km vertical range has only 25km horizontal range... Unless they made very small batteries that limits the time its radar can work (which would be atrocious), I honestly see either the altitude being overstated or the range understated.
Click to expand...
Even the most advanced Kub; Kub M-4 has a range of 24km and altitude of 14km.
Given that Akash is more or less a Kub only...I would guess the altitude is overstated.
 
ezsasa

ezsasa

Designated Cynic
New Member
Joined
Jul 12, 2014
Messages
32,663
Likes
151,106
Country flag
How is it looking on domestically manufactured air dropped PGM front, will the IAF again ask for emergency procurement(foreign) when the next security escalation happens or self-sufficiency have been attained?
 
Lonewarrior

Lonewarrior

New Member
Joined
Oct 8, 2019
Messages
3,572
Likes
12,154
Country flag
ezsasa said:
How is it looking on domestically manufactured air dropped PGM front, will the IAF again ask for emergency procurement(foreign) when the next security escalation happens or self-sufficiency have been attained?
Click to expand...
Quite opposite...if escalation happens then IAF would get all the good excuses to order whatever foreign junk they want. For example, IAF just needed to drop a Pinaka-II from one of its jet; take a guided Pinaka, weld some pylon lugs and drop it...still they felt the need to procure IAI Rampage.

If no escalation happens then they'll have to go through the regular procurement process, especially those with IDDM constraints
 
ezsasa

ezsasa

Designated Cynic
New Member
Joined
Jul 12, 2014
Messages
32,663
Likes
151,106
Country flag
Lonewarrior said:
For example, IAF just needed to drop a Pinaka-II from one of its jet; take a guided Pinaka, weld some pylon lugs and drop it...still they felt the need to procure IAI Rampage.
Click to expand...
Let's not resort to this level of over-simplification, there are kids here who might actually end up believing these sort of things.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S DRDO UGRAM ASSAULT RIFILE Indian Army 26
cyclops India’s Scientists Working on Strategic Technology(ISRO, DRDO, BARC, etc) - Crime/Accident/Suicide/Early-Death Watch Strategic Forces 5
W DRDO test unmanned armed boat Defence & Strategy 0
cyclops Embraer deal kickbacks: CBI arrests lawyer Gautam Khaitan Indian Air Force 3
Similar threads

Articles

Top