Tactical Control Center

Purpose

Tactical Control Center lets you identify and infest devices:

The identification method should be agreed with the operating center.

What you can do

With Tactical Control Center you can:

Password request

When Tactical Control Center opens, a password must be entered, the same as the notebook on which it's running.

 

What the function looks like

This is what the page looks like:

Area Description
1

Window toolbar.

2

Single application access tabs. Descriptions are provided below:

Function Description
Network Injector

Manages sniffing and target device infection and synchronizes RCS rules.

Wireless Intruder

Enters a protected WiFi network by identifying the password.

Fake Access Point

Emulates an Access Point.

Log System Lists logs in real time.
3 Area with buttons to reload the device list, start network connections and enable synchronization
4 Device list area.

 

To learn more

For a description of Tactical Control Center data see "Tactical Control Center data".

To learn more about Tactical Control Center see "What you should know about Tactical Control Center".

Procedures
Enable synchronization with RCS

How to enable synchronization with RCS is explained below:

Steps Result

In the Network Injector tab, click Config: synchronization is enabled and the foreseen injection rules will be received and logs sent at the end of the next interval.

IMPORTANT: routinely enable synchronization to guarantee constant operating center updates and infection success.

To stop synchronization, click Stop.

 

Acquiring a protected WiFi network password

How to acquire a protected WiFi network password is described below:

Steps Result

In the Wireless Intruder tab, select the WiFi network interface in Wireless interface

In ESSID network, select the network whose password is to be identified.

NOTE: manage network interface connections/disconnections from the operating system and click .

In Attack type select the type of attack.

Click Start: the system launches various attacks to find the access password.

Click Details to view the various attack logs: if attacks are successful, the password appears over the status indicator.

Once the password has been obtained, click Stop.

Using the operating system Network Manager use the password to connect to the WiFi network. The password is saved by the system and no longer needs to be entered.

Open the Network Injector section to start identification and infection.

-

 

Infecting targets using automatic identification

To start automatic identification and infection:

Steps Result

In the Network Injector tab, select the network interface for injection in the Network Interface list box.

In the Sniffing interface list box, select a different network interface to be used for sniffing or select the same interface used for injection.

NOTE: manage network interface connections/disconnections from the operating system and click .

Tip: use two different interfaces to guarantee better device identification.

Click Start.

The network sniffing process starts and all devices identified as targets appear. The Status column displays identification status.

Target devices begin to be infected. Infection start is recorded in the log.

NOTE: non target devices don't appear in the list and are thus excluded from automatic infection.

To stop infection, click Stop.

-

 

Setting filters on tapped traffic

To select target devices using data traffic filters:

 

Steps Result

In the Network Injector tab, click Network filters.

For a wider search, enter a regular expression in the Regular expression text box.

Or, to refine the search, enter a BPF expression in the BPF Network Filter text box.

The system selects devices based on filters and displays them in the list.

Manually infect devices as described in the proceduresee "Infecting targets using manual identification ".

-

 

Forcing unknown device authentication

To force an unknown device authentication:

f

Steps Result

In the Network Injector tab, select unknown devices from the list (status)

Click Reauth selected: devices are forced to re-authenticate.

Tip: in certain cases, all devices must be authenticated. To do this, click Reauth All.

-

If re-authentication is successful, automatic identification starts: device status will be and they will be infected.

-

 

Infecting targets using manual identification

To manually infect network devices:

Steps Result

In Network Injector, select one or more devices to be infected from the device list and identify them using the displayed data.

Tip: if there are a lot of devices in the list, filter the selection.See "Setting filters on tapped traffic".

-

Click Infect selected: all injection rules are "customized" with the device data and applied. Device attacks will be displayed in the logs.

IMPORTANT: this operation requires a special rule in RCS.

Tip: in certain cases, all connected devices must be infected, even non target devices or those not yet connected. To do this, click Infect All.

-

 

Cleaning erroneously infected devices

To remove an infection from a device, the agent must be closed on the RCS Console.

 

Identify the target by analyzing web chronology

To identify a target:

Steps Result

In the Network Injector tab, double-click the device to be checked: a window opens with the chronology of the websites visited by the browser and indicate the type of browser used.

If the device is the target device, close the chronology and run procedure "Infecting targets using manual identification ".

-

 

Emulating an Access Point known by the target

IMPORTANT: before emulating an Access Point, stop any current attacks in the Network Injector tab.

To transform Tactical Network Injector into an Access Point known by targets:

Steps Result

In the Fake Access Point tab, select the network interface to listen to in the Wireless Interface list box.

Click Start: Tactical Network Injector recovers the names of the WiFi networks devices usually connect to and displays them.

At the same time, it establishes communications with the single devices, emulating the access point for each network.

In Network Injector, select the same network interface displayed as the access point in the Network interface list box

Click Start: connected devices are displayed

 

Manually infect devices as described in the proceduresee "Infecting targets using manual identification ".

-

 

Turn off Tactical Network Injector

No special procedure is foreseen. Normal computer shutdown.