cryton
play

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo - PowerPoint PPT Presentation

Oct 14, 2022 •438 likes •666 views

CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutr Outline Breach & Attack Simulation Cryton Cryton Page 2 / 22 About me Where I work CSIRT-MU KYPO What I Do Cryton B&S Penetration testing CyberEx GT/RT

  1. CRYTON BREACH AND ATTACK SIMULATION Thursday 4 th October, 2018 Ivo Nutár

  2. Outline Breach & Attack Simulation Cryton Cryton Page 2 / 22

  3. About me Where I work CSIRT-MU KYPO What I Do Cryton B&S Penetration testing CyberEx GT/RT http://a.openalt.cz/33 Cryton Page 3 / 22

  4. Terminology Comparison Vulnerability Scanning Low hanging fruits False positives Cheap Penetration Testing Real attacker tools Depends on tester’s skill Once in a while/once a year/ ... External Red Teaming Pentest + social engineering, physical attacks ... Silent, aims to also test detection capabilities May be also internal Skilled personnel Cryton Page 4 / 22

  5. Breach & Attack Simulation Cryton Page 5 / 22

  6. Breach & Attack Simulation According to Gartner, " BAS tools simulate a broad range of malicious activities (including attacks that would circumvent their current controls), enabling customers to determine the current state of their security posture. " Gartner also granted the first patent for BAS to tool SafeBreach . Automatization of Killchain to: Detect soft spots Test detection systems Train blue teams https://www.esecurityplanet.com/threats/ breach-and-attack-simulation.html Cryton Page 6 / 22

  7. Breach & Attack Simulation Figure: Cyber Kill Chain by Lockheed Martin Cryton Page 7 / 22

  8. Turn this ... Cryton Page 8 / 22

  9. ... into this Cryton Page 9 / 22

  10. B&S tools Open source Metta Uber Local execution MITRE attack matrix DumpsterFire "Security Incidents In A Box!" Local execution Simulate infected hosts APTSimulator ... Commercial AttackI Q, Cymulate, Safebreach, ThreatCare ... https://www.esecurityplanet.com/threats/ breach-and-attack-simulation.html Cryton Page 10 / 22

  11. Cryton Cryton Page 11 / 22

  12. Cryton Description Cryton is being developed at CSIRT-MU as a part of KYPO project. It’s original objective was to automate some of Red Team tasks during CyberEx. Create JSON/YAML describing attack scenario Feed to Cryton Execute Wait... Read report Original thesis on https://is.muni.cz/th/cry3j/ Cryton Page 12 / 22

  13. Cryton Attack scenario Plan - Stage - Step Plan has a start time Stage has a delta (diff from plan start time) Steps are organized into attack trees Successors based on success or string result Execution of attack module Sessions management (using msfrpc) Various attributes Cryton Page 13 / 22

  14. Cryton Plan Plan contains a description of whole attack scenario . Name Owner (optional) Start time (optional) Slave List of Stages Cryton Page 14 / 22

  15. Cryton Stage One logical part of attack scenario, typically oriented on one specific target . Name Delta (optional) Target (optional) Slave List of Steps Cryton Page 15 / 22

  16. Cryton Step Step in context of Cryton is an execution of attack module . It might be a nmap scan, vuln scanner run or a metasploit module execution. Name Action (optional) List of Successors (optional) Target (optional) Slave Cryton Page 16 / 22

  17. Cryton Session management Heavily depends on Metasploit framework msfrpcd + pyMetasploit Can create and use sessions create_session use_session vs use_named_session Shared throughout the Plan Cryton Page 17 / 22

  18. Cryton Slaves Figure: Master - Slave Cryton Page 18 / 22

  19. Cryton Attack scenario Figure: Example topology Cryton Page 19 / 22

  20. Cryton Attack scenario Example Cryton Page 20 / 22

  21. Cryton Execution Example Cryton Page 21 / 22

  22. THANK YOU Ivo Nutár https://csirt.muni.cz/ @csirtmu nutar@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in

On the design of security games: From frustrating to engaging learning 2016 USENIX Advances in Security Education Workshop August 9, 2016 Jan Vykopal , Milo Bartk Masaryk University, Brno Who am I? Ph.D. graduate in flow-based intrusion

291 views • 17 slides
KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational

KYPO A PLATFORM FOR CYBER DEFENCE EXERCISES Symposium on M&S Support to Operational Tasks Including War Gaming, Logistics, Cyber Defence (MSG- 133 ), Munich, Germany 15 th October, 2015 Pavel ELEDA, Jakub EGAN Jan VYKOPAL,

644 views • 19 slides
Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING

BARO BA ROSS SSA 2 0 1 9 T h i n k T a n k Ba Barossa First ssa First The he Bel Belongi nging BAROSSA FIRST: THE BELONGING Investm Inv stment o of $ $800k 00k + to to gr grow ow wine wine ex expor ports by by showc

396 views • 22 slides
Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and

Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and

November 2012 Bishkek Project Presentation Kyrgyzstan shares borders with China, Kazakhstan, Uzbekistan and Tajikistan; situated less than 200 miles from Afghanistan Total area is 77,181 sq miles Population is 5, 8 million Capital city of

314 views • 17 slides
Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data

Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data

Matthew Foval Chase Forbes Larry Francioni Xochitl Roman IPSEC Encrypts each data packet during the connection Transport mode and Tunneling mode Creates a tunnel between two L2TP connection points L2TP Usually paired with

510 views • 16 slides
IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March

IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March

SpaceNet: IPv6 Introduction 1 IPv6 deployment - an ISP view Gert D oring SpaceNet AG, Munich ICANN Meeting, Lisbon, March 25, 2007 SpaceNet: IPv6 Introduction Overview Introduction ISP network

656 views • 14 slides
The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October

The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October

The Phone Co-op Limited The mobile industry time for re-regulation Comms Provider 16 October 2008 Vivian Woodell Chief Executive The Phone Co-op 1 Ofcoms review is timely The mobile and fixed line industries work in quite

439 views • 24 slides
exo.cat contributions in internet access (ISP perspective) hack4glarus 2019 request-tracker

exo.cat contributions in internet access (ISP perspective) hack4glarus 2019 request-tracker

exo.cat contributions in hack4glarus 2019 Roger Garcia and Pedro who we are exo.cat contributions in internet access (ISP perspective) hack4glarus 2019 request-tracker ipv6 issues in our org cdist Roger Garcia and Pedro 2019-12-01

434 views • 6 slides
HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University

HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University

The 5 th ATS at Fukuoka HD- -SCR and Tele SCR and Tele- -Pointer Pointer HD Nobuhiro Torata, Kyushu University Hospital. 2 HD-SCR: High Definition Streaming Combined Remote conference system Concepts of New system Hi quality HD image

108 views • 7 slides
ELVAC EMS Energy Management System Jan Grossmann EMS Energy Management System Measurement

ELVAC EMS Energy Management System Jan Grossmann EMS Energy Management System Measurement

www.elvac.eu ELVAC EMS Energy Management System Jan Grossmann EMS Energy Management System Measurement and control of power flow (1) Each building or technological complex contains a number of energy consuming appliances, but today there

2.55k views • 17 slides
2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld. Jim Hutc hins So uth So und I T Olympia , WA 866.827.9889 T o da y Curre nt T hre a ts Pre ve ntio n Mitig a tio n Re c o ve ry

514 views • 24 slides
Welcome! From your hosts Collection Development, Diversity, and Self-Censorship in Libraries

Welcome! From your hosts Collection Development, Diversity, and Self-Censorship in Libraries

5/13/2010 Welcome! From your hosts Collection Development, Diversity, and Self-Censorship in Libraries Angela Maycock Office for Intellectual Freedom Sara McFarland Angela Maycock Cindi Hickey Library Development Assistant Director,

550 views • 6 slides
Introduction to Social Media and the Benefits for You and Your Organisation Aim and learning

Introduction to Social Media and the Benefits for You and Your Organisation Aim and learning

Introduction to Social Media and the Benefits for You and Your Organisation Aim and learning outcomes Aim of the workshop - to understand the benefits of social media and how to apply it to your organisation Learners will be able to:

268 views • 15 slides
Working Group Meeting #1 #1 Ancaster Thursday December 8, 2016 HWDSB Ancaster Senior 1 Agen

Working Group Meeting #1 #1 Ancaster Thursday December 8, 2016 HWDSB Ancaster Senior 1 Agen

2016-12-09 Working Group Meeting #1 #1 Ancaster Thursday December 8, 2016 HWDSB Ancaster Senior 1 Agen enda 1. Welcome & Introductions 2. House keeping items 3. Correspondence 4. Overview of Binder 5. Public Meeting

414 views • 20 slides
Hamilton Urban Core Community Health Center Update Hamilton Niagara Haldimand Brant Local Health

Hamilton Urban Core Community Health Center Update Hamilton Niagara Haldimand Brant Local Health

Hamilton Urban Core Community Health Center Update Hamilton Niagara Haldimand Brant Local Health Integration Network Board of Directors August 28, 2013 1 Presentation Outline: Pre-Capital Submission March 2013 Review and

399 views • 19 slides
Learning to love the SAS LAG function Phuse 9-12 October 2011 Herman Ament, MSD, Oss NL Phuse

Learning to love the SAS LAG function Phuse 9-12 October 2011 Herman Ament, MSD, Oss NL Phuse

Learning to love the SAS LAG function Phuse 9-12 October 2011 Herman Ament, MSD, Oss NL Phuse 9-12 October 2011 Contents Introduction Definition of LAG and DIF function LAG explained in detail Examples 2 Introduction In

478 views • 19 slides
Implementation Lags of Fiscal Policy Doug Elmendorf Director June 2, 2009 The American Recovery

Implementation Lags of Fiscal Policy Doug Elmendorf Director June 2, 2009 The American Recovery

Congressional Budget Office IMF Fiscal Affairs and Research Departments Conference on Fiscal Policy Implementation Lags of Fiscal Policy Doug Elmendorf Director June 2, 2009 The American Recovery and Reinvestment Act (ARRA) During

275 views • 15 slides
Civil Protection Act Government Bill 2002/03:119 Reformed rescue services

Civil Protection Act Government Bill 2002/03:119 Reformed rescue services

Civil Protection Act Government Bill 2002/03:119 Reformed rescue services legislation Civil Protection Act Ch. 1 Introductory provisions Ch. 2 The obligations of the individual Ch. 3 The obligations of the municipality Ch. 4

438 views • 19 slides
Fair Labor Standards Act NOVEMBER, 2019 Dr. Gena Jones; Asst VP HRS Human Resource Services

Fair Labor Standards Act NOVEMBER, 2019 Dr. Gena Jones; Asst VP HRS Human Resource Services

Fair Labor Standards Act NOVEMBER, 2019 Dr. Gena Jones; Asst VP HRS Human Resource Services Fair Labor Standards Act (FLSA) What is FLSA? The Fair Labor Standards Act (FLSA) is a federal law administered by the Department of Labor.

198 views • 15 slides
Bulgaria experience with planning and preparing for LEADER LAG formation and Local Development

Bulgaria experience with planning and preparing for LEADER LAG formation and Local Development

Bulgaria experience with planning and preparing for LEADER LAG formation and Local Development Strategy elaboration Marina Brakalova & Methody Methodieff FORA Community Development Foundation FORA Community Development Foundation

321 views • 16 slides
EUROPEAN RURAL PARLIAMENT 2015 THE PROCESS IN PORTUGAL Lus Chaves I / 1

EUROPEAN RURAL PARLIAMENT 2015 THE PROCESS IN PORTUGAL Lus Chaves I / 1

EUROPEAN RURAL PARLIAMENT 2015 THE PROCESS IN PORTUGAL Lus Chaves I / 1 lmchaves@minhaterra.pt MINHA TERRA NETWORK FEDERATION OF LOCAL DEVELOPMENT ASSOCIATIONS BEGINNING: February 2000 LEADER II animation network (1999-2001)

352 views • 9 slides
Proje jects Lynn Hamilton FVL LAG/VisitScotland Anne-Michelle Ketteridge FVL LAG Larry Rosie SG

Proje jects Lynn Hamilton FVL LAG/VisitScotland Anne-Michelle Ketteridge FVL LAG Larry Rosie SG

Commissioning and LAG-led Proje jects Lynn Hamilton FVL LAG/VisitScotland Anne-Michelle Ketteridge FVL LAG Larry Rosie SG RPID What do we mean by Commissioning ? When: the LAG agrees amongst itself that it wants to design and be

321 views • 10 slides
PRESENTATION TO THE LANDSAT SCIENCE TEAM ON THE NGAC LANDSAT ADVISORY COMMITTEE FEB. 12, 2012

PRESENTATION TO THE LANDSAT SCIENCE TEAM ON THE NGAC LANDSAT ADVISORY COMMITTEE FEB. 12, 2012

PRESENTATION TO THE LANDSAT SCIENCE TEAM ON THE NGAC LANDSAT ADVISORY COMMITTEE FEB. 12, 2012 1 National Geospatial Advisory Committee NGAC The National Geospatial Advisory Committee (NGAC) is a Federal Advisory Committee sponsored by

410 views • 10 slides
Progress Update Presentation AGM October 2016 Presentation to cover: Overview &

Progress Update Presentation AGM October 2016 Presentation to cover: Overview &

Progress Update Presentation AGM October 2016 Presentation to cover: Overview & interim strategy Animation & Communication Financial Update Schemes Update Overview LAG Structures LAG Team Interim

549 views • 28 slides

More recommend