Tactical Control Center lets you identify and infest devices:
The identification method should be agreed with the operating center.
With Tactical Control Center you can:
When Tactical Control Center opens, a password must be entered, the same as the notebook on which it's running.
This is what the page looks like:
Area | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
1 |
Window toolbar. |
||||||||||
2 |
Single application access tabs. Descriptions are provided below:
|
||||||||||
3 | Area with buttons to reload the device list, start network connections and enable synchronization | ||||||||||
4 | Device list area. |
For a description of Tactical Control Center data
To learn more about Tactical Control Center
How to enable synchronization with RCS is explained below:
Steps | Result |
---|---|
In the Network Injector tab, click Config: synchronization is enabled and the foreseen injection rules will be received and logs sent at the end of the next interval. IMPORTANT: routinely enable synchronization to guarantee constant operating center updates and infection success. To stop synchronization, click Stop. |
![]() |
How to acquire a protected WiFi network password is described below:
Steps | Result |
---|---|
In the Wireless Intruder tab, select the WiFi network interface in Wireless interface In ESSID network, select the network whose password is to be identified. NOTE: manage network interface connections/disconnections from the operating system and click In Attack type select the type of attack. |
![]() |
Click Start: the system launches various attacks to find the access password. |
![]() |
Click Details to view the various attack logs: if attacks are successful, the password appears over the status indicator. |
![]() |
Once the password has been obtained, click Stop. Using the operating system Network Manager use the password to connect to the WiFi network. The password is saved by the system and no longer needs to be entered. Open the Network Injector section to start identification and infection. |
- |
To start automatic identification and infection:
Steps | Result |
---|---|
In the Network Injector tab, select the network interface for injection in the Network Interface list box. In the Sniffing interface list box, select a different network interface to be used for sniffing or select the same interface used for injection. NOTE: manage network interface connections/disconnections from the operating system and click Tip: use two different interfaces to guarantee better device identification. |
![]() |
Click Start. The network sniffing process starts and all devices identified as targets appear. The Status column displays identification status. Target devices begin to be infected. Infection start is recorded in the log. NOTE: non target devices don't appear in the list and are thus excluded from automatic infection. |
![]() |
To stop infection, click Stop. |
- |
To select target devices using data traffic filters:
Steps | Result |
---|---|
In the Network Injector tab, click Network filters. For a wider search, enter a regular expression in the Regular expression text box. Or, to refine the search, enter a BPF expression in the BPF Network Filter text box. The system selects devices based on filters and displays them in the list. |
![]() |
Manually infect devices as described in the procedure |
- |
To force an unknown device authentication:
Steps | Result |
---|---|
In the Network Injector tab, select unknown devices from the list (status |
![]() |
Click Reauth selected: devices are forced to re-authenticate. Tip: in certain cases, all devices must be authenticated. To do this, click Reauth All. |
- |
If re-authentication is successful, automatic identification starts: device status will be |
- |
To manually infect network devices:
Steps | Result |
---|---|
In Network Injector, select one or more devices to be infected from the device list and identify them using the displayed data. Tip: if there are a lot of devices in the list, filter the selection. |
- |
Click Infect selected: all injection rules are "customized" with the device data and applied. Device attacks will be displayed in the logs. IMPORTANT: this operation requires a special rule in RCS. Tip: in certain cases, all connected devices must be infected, even non target devices or those not yet connected. To do this, click Infect All. |
- |
To remove an infection from a device, the agent must be closed on the RCS Console.
To identify a target:
Steps | Result |
---|---|
In the Network Injector tab, double-click the device to be checked: a window opens with the chronology of the websites visited by the browser and indicate the type of browser used. |
![]() |
If the device is the target device, close the chronology and run procedure |
- |
IMPORTANT: before emulating an Access Point, stop any current attacks in the Network Injector tab.
To transform Tactical Network Injector into an Access Point known by targets:
Steps | Result |
---|---|
In the Fake Access Point tab, select the network interface to listen to in the Wireless Interface list box. |
![]() |
Click Start: Tactical Network Injector recovers the names of the WiFi networks devices usually connect to and displays them. At the same time, it establishes communications with the single devices, emulating the access point for each network. |
![]() |
In Network Injector, select the same network interface displayed as the access point in the Network interface list box Click Start: connected devices are displayed
|
![]() |
Manually infect devices as described in the procedure |
- |
No special procedure is foreseen. Normal computer shutdown.