Tactical Control Center

Purpose

Tactical Control Center lets you:

Password request

When Tactical Control Center opens, a password must be entered, the same as the notebook on which it's running.

What the function looks like

This is what the page looks like:

Area Description
1

Single application access tabs. Descriptions are provided below:

Function Description
Network Injector

It manages target device sniffing and infection, synchronizes RCS rules, updates Tactical devices and displays current Tactical Network Injector rules.

Wireless Intruder

Enters a protected WiFi network by identifying the password.

Fake Access Point

Emulates an Access Point.

Physical Unlock Unlocks an operating system password.
System Management Set the Anonymizer for communications with RCS, enable manual synchronization with RCS and set remote application access.
Log System Viewing logs.
2 Area with keys specific to the tab.
3 Filters to filter internet traffic on devices.
4 Device list area.

 

To learn more

For a description of Tactical Control Center data see "Tactical Control Center data".

To learn more about Tactical Control Center see "What you should know about Tactical Control Center".

Enabling synchronization with RCS server to receive new rules

NOTE: if an injection is in progress, Network Injector is already synchronized with RCS server and thus the rules are automatically loaded. Go to step 4. See " Checking Network Injector status".

Following is the procedure on how to enable synchronization with RCS to receive updated rules:

Steps Result

In the System Management tab, click Configure: synchronization is enabled.

During synchronization, Network Injector queries RCS every 30 seconds. Sent injection rules will be received at the end of the next interval.

IMPORTANT: updates are only received if sent from RCS Console. See "Network Injector management".

IMPORTANT: enable synchronization as usual to guarantee constant control room updates.

To stop synchronization, click Stop.

To view the rules received from RCS Console, in Network Injector click Rules: all Network Injector rules appear.

IMPORTANT: make sure rule synchronization is successful after requesting updated from RCS Console.

Running a network test

The network test procedure for sniffing and/or injection is provided below:

Steps Result

In the Network Injector tab or Wireless Intruder tab or Fake Access Point tab, select the network interface.

Click Link test: a window appears where test results are displayed.

If the test failed, move to a better position where the signal is stronger and repeat the test.

IMPORTANT: attack will not be successful if the test fails.

Acquiring a protected WiFi network password

How to acquire a protected WiFi network password is described below:

Steps Result

In the Wireless Intruder tab, select the WiFi network interface in Wireless interface

In ESSID network, select the network whose password is to be identified.

NOTE: manage network interface connections/disconnections from the operating system and click Refresh.

In Attack type select the type of attack.

If necessary, click Wordlist to load an additional dictionary to attack WPA or WPA 2 protected networks

IMPORTANT: the additional dictionary must be loaded at each attack.

Click Start: the system launches various attacks to find the access password.

Click Stop to stop the attack.

If attacks are successful, the password appears over the status indicator.

Using the operating system Network Manager use the password to connect to the WiFi network. The password is saved by the system and no longer needs to be entered.

Open the Network Injector section to start identification and infection.

-
Infecting targets using automatic identification

To start automatic identification and infection:

Steps Result

In the Network Injector tab, click Rules: all rules available for Network Injector appear.

Only enable the rules to be used for the infection, flagging the corresponding Enable field.

To confirm, click Apply.

In the Network Injector tab, select the network interface for injection in the Injecting Interface list box.

In the Sniffing interface list box, select a different network interface to be used for sniffing or the same interface used for injection.

NOTE: manage network interface connections/disconnections from the operating system and click Refresh.

Tip: use two different interfaces to guarantee better device identification.

Check signal power and, if necessary, run the network test (Link test key).

NOTE: signal power must be at least 70%. A single value will be returned if the same network interface is used for injection and sniffing.

Click Start: the network sniffing process starts and all devices identified as targets appear. The Status column displays identification status.

WARNING: check identification status. See "Tactical Control Center data".

Target devices begin to be infected. Infection start is recorded in the log.

NOTE: rules can be enabled/disabled when the infection is in progress by clicking Rules.

NOTE: non target devices don't appear in the list and are thus excluded from automatic infection.

To stop infection, click Stop.

-
Forcing unknown device authentication

To force an unknown device authentication:

Steps Result

In the Network Injector tab, select unknown devices from the list (status)

Click Reauth selected: devices are forced to re-authenticate.

Tip: in certain cases, all devices must be authenticated. To do this, click Reauth All.

NOTE: the Reauth selected key is displayed if devices are selected, Reauth All if no device is selected.

-

If re-authentication is successful, automatic identification is started: device status will be and can be infected from now on.

-
Infecting targets using manual identification

To manually infect network devices:

Steps Result

In the Network Injector tab, click Rules: all rules available for Network Injector appear.

Only enable the rules to be used for the infection, flagging the corresponding Enable field.

To confirm, click Apply.

In Network Injector, select one or more devices to be infected from the device list and identify them using the displayed data.

Tip: if there are a lot of devices in the list, use selection filters. See "Setting filters on tapped traffic".

Click Infect selected: all injection rules are "customized" with the device data and applied. Device attacks will be displayed in the logs.

IMPORTANT: this operation requires a special rule created in RCS Console.

Tip: to infect all connected devices, even non target or not yet connected one, click Infect All.

NOTE: the Infect selected key is displayed if devices are selected, Infect All if no device is selected.

Result: if the infection was successfully started, device status is .

-
Setting filters on tapped traffic

To select target devices using data traffic filters:

 

Steps Result

In the Network Injector tab, click Network filters.

For a wider search, enter a regular expression in the Regular expression text box.

Or, to refine the search, enter a BPF expression in the BPF Network Filter text box.

Result: the system only displays filtered devices in the list.

Manually infect devices as described in the procedure see "Infecting targets using manual identification ".

-
Identify the target by analyzing web chronology

To identify a target:

Steps Result

In the Network Injector tab, double-click the device to be checked: a window opens with the chronology of the websites visited by the browser.

If the device is the target device, close the chronology and run procedure "Infecting targets using manual identification".

-
Cleaning erroneously infected devices

To remove the infection from devices, close the agent on RCS Console.

Emulating an Access Point known by the target

IMPORTANT: before emulating an Access Point, stop any current attacks in the Network Injector tab.

To transform Tactical Network Injector into an Access Point known by targets:

Steps Result

In the Fake Access Point tab, select the network interface to listen to in the Wireless Interface list box.

Select the type of Access Point emulation

-

Click Start: Tactical Network Injector recovers the names of the WiFi networks devices usually connect to and displays them.

Tactical Network Injectors establish communications with the single devices, emulating the access point for each network.

-

In Network Injector, select the same network interface displayed as the access point in the Injecting interface list box

Click Start: connected devices are displayed

 

Manually infect devices as described in the procedure see "Infecting targets using manual identification ".

-
Unlocking an operating system password.

To unlock an operating system password:

Steps Result

Connect Tactical Network Injector to the target's computer via Thunderbolt or FireWire connection. Use the ExpressCard/34 port on the side of Tactical Network Injector.

In the Physical Unlock tab, click Refresh: the system recognizes the target computer's operating system and displays it in Operating System.

In the Operating System list box, select the operating system version.

Click Unlock: the system tries to unlock the password and displays operation progress. The operation result appears when finished.

To lock the operating system, click Lock: the password is restored and the computer is returned to the conditions prior to the unlock procedure.

NOTE: the Lock key only appears if the unlock procedure was successfully completed.

Setting remote application access

To remotely access Tactical Control Center:

Steps Result

Insert an SD memory card in the notebook slot.

In the System Management tab, click Refresh: the system recognizes the SD card and displays it in SD card.

If several SD cards are installed, select the required card from the SD card list box and click Create.

Enter the system administrator password and click OK: the system generates a new password and saves it on the SD card.

Connect the modem to the device.

In the System Management tab click Refresh: the system recognizes the model and displays it in Modem Interface.

If several modems are installed, select the required modem from the Modem Interface list box.

To enable e-mail delivery with the device IP address at each connection, follow the steps below:

  1. In Notification e-mail enter the address where the e-mail is to be sent.
  2. Click Mail test to send a test e-mail
  3. If the email is not received, click Advanced to manually set the mail server: the Email advanced configuration window appears.
  4. Enter the required data and click Save.
  5. Click Mail test to send a test email with the set server.

To enable automatic connection with the selected modem, click Enable.

NOTE: the modem enabled in this tab also appears in the Network Injector tab, in the Injecting Interface list box and will be used to infect agents.

Select the network protocol to be used for remote access.

NOTE: you can directly open some helpful operating system windows using the buttons at the bottom of the screen. See "What you should know about remote access to Control Center".

Turn off Tactical Network Injector

No special procedure is foreseen. Normal computer shutdown.