honeysap
play

HoneySAP Who really wants your money? M ARTIN G ALLO M ARCH 2015 P - PowerPoint PPT Presentation

Mar 19, 2023 •283 likes •748 views

HoneySAP Who really wants your money? M ARTIN G ALLO M ARCH 2015 P A G E AGENDA SAP SAP security Threat landscape Have Needs Honeypots HoneySAP Approach Goal Design Architecture Services Integration Example profiles Demo

  1. HoneySAP Who really wants your money? M ARTIN G ALLO M ARCH 2015 P A G E

  2. AGENDA SAP SAP security Threat landscape Have Needs Honeypots HoneySAP Approach Goal Design Architecture Services Integration Example profiles Demo Challenges Call to contributions Conclusions P A G E 2

  3. WHAT IS SAP? software company business processes critical systems $$$ P A G E 3

  4. SECURITY IN SAP? specialized skills commitment risk culture $$$ P A G E 4

  5. SECURITY IN SAP? manual test tools focus on users, roles, SoD automated test tools GRC platforms P A G E 5

  6. THREATS IN SAP? complexity customization lack of knowledge business dynamics P A G E 6

  7. THREATS IN SAP? fraud espionage sabotage insider & outsider P A G E 7

  8. Targeted known for years traditional attacks targets not disclosing data attacks now started appearing in media Broad more recent malware looking for SAP attacks entry point for targeted attacks P A G E 8 P A G E

  9. THREATS Targeted attacks Broad Attacks LANDSCAPE P A G E 9

  10. WHAT DO WE HAVE? some knowledge distributed weak defenses P A G E 1 0

  11. WHAT DO WE NEED? learn share act P A G E 1 1

  12. MEET Honeypots P A G E 1 2

  13. HONEYPOTS types goals implementations P A G E 1 3

  14. HONEYPOTS interaction high / medium / low purpose research / production P A G E 1 4

  15. HONEYPOTS gather information catch malware deceit/distract … P A G E 1 5

  16. HONEYPOTS P A G E 1 6

  17. MEET HoneySAP P A G E 1 7

  18. APPROACH low-interaction research centric open source P A G E 1 8

  19. GOALS specific purpose identify behavior flexibility agility P A G E 1 9

  20. DESIGN extendible add services add feeds P A G E 2 0

  21. DESIGN modular dynamic loader services, feeds & datastore P A G E 2 1

  22. DESIGN easy to configure JSON & YAML default profiles P A G E 2 2

  23. DESIGN easy to deploy vagrant + ansible docker? P A G E 2 3

  24. ARCHITECTURE SERVICES FEEDS SAP ROUTER ICM HPFEEDS DB MESSAGE .. SERVER FILE CONSOLE DATASTORE CORE DATASTORE SERVICE SESSION FEED MANAGER MANAGER MANAGER MANAGER LOGGER LOADER CONFIG LIBS GEVENT PYSAP FLASK P A G E 2 4

  25. ARCHITECTURE SERVICES SAP MESSAGE ICM GATEWAY .. ROUTER SERVER DATA STORE P A G E 2 5

  26. HTTP-based ROUTER services MESSAGE SERVER ICM DISPATCHER MESSAGE SERVER GATEWAY WEB DISPATCHER .. NW GATEWAY PySAP-based .. services P A G E 2 6 P A G E

  27. SERVICES virtual services don’t bind to real addresses allows routing/dispatching P A G E 2 7

  28. SERVICES forwarder service forwards traffic to ext. services can be run as a virtual service P A G E 2 8

  29. INTEGRATION honeypots routing/dispatching, honeynets, deployment actual systems routing/dispatching P A G E 2 9

  30. INTEGRATION standard feeds hpfeeds, taxii, stix .. P A G E 3 0

  31. EXAMPLE PROFILE 3) requests route to HoneySAP internally served virtual services SAP internal virtual services 2) discovers (gateway, dispatcher, open routes ms, icm, etc.) SAPRouter ADVERSARY service 1) identifies Dionaea (smb, ftp, the service mysql, etc.) THE INTERNET Kippo (SSH) 4) requests route to other exposed honeypots P A G E 3 1

  32. EXAMPLE PROFILE 3) access ICF services 2) scans for exposed ICF services HoneySAP SAP internal ICF services (ping, SOAP RFC, etc.) ADVERSARY SAP ICM THE INTERNET service 1) identifies the service P A G E 3 2

  33. EXAMPLE PROFILE 2) access HoneySAP the services SAP internal virtual services (gateway, dispatcher, ms, etc.) INTERNAL NETWORK ADVERSARY SAP internal ICF services (ping, SOAP RFC, etc.) 1) identifies SAP ICM the services service P A G E 3 3

  34. DEMO TIME P A G E 3 4

  35. CHALLENGES core development modular structure gevent + scapy/flask P A G E 3 5

  36. CHALLENGES + knowledge on each service packets not enough behavior P A G E 3 6

  37. CHALLENGES detection non-standard behavior error messages http services P A G E 3 7

  38. CHALLENGES performance ? not sure yet P A G E 3 8

  39. CHALLENGES what to log? determine IoA/IoC P A G E 3 9

  40. CHALLENGES deployments make it easier to deploy integration P A G E 4 0

  41. CALL FOR CONTRIBUTIONS run, test, patch, submit collect & analyze extend P A G E 4 1

  42. CALL FOR CONTRIBUTIONS grab it soon from https://github.com/CoreSecurity/ http://corelabs.coresecurity.com/ GPLv2 license working on data feed P A G E 4 2

  43. CONCLUSIONS more knowledge about services new source of attacks info diff. approach for defense P A G E 4 3

  44. Q&A ??? P A G E 4 4

  45. THANK YOU ! mgallo@coresecurity.com @martingalloar P A G E 4 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Complete addition laws for all elliptic curves over finite fields D. J. Bernstein University of

Complete addition laws for all elliptic curves over finite fields D. J. Bernstein University of

Complete addition laws for all elliptic curves over finite fields D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 Joint work with: Tanja Lange Technische Universiteit Eindhoven Memories of graduate school Early 1990s,

768 views • 40 slides
Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The

Diffusion model Developing diffusion model: kinetic strength of the heat cycle The transformation of pearlite to austenite The homogenization of austenite Volume fraction of martensite Hardness of transformed surface layer

93 views • 7 slides
Vertical Visibility among Parallel Polygons in Three Dimensions GD 2015 Radoslav Fulek (IST,

Vertical Visibility among Parallel Polygons in Three Dimensions GD 2015 Radoslav Fulek (IST,

Vertical Visibility among Parallel Polygons in Three Dimensions GD 2015 Radoslav Fulek (IST, Austria), Rado s Radoi ci c (CUNY) Visibility clique Visibility clique We consider a finite set S of translates/homothetes of two dimensional

822 views • 71 slides
Regular Sequences Eric Rowland School of Computer Science University of Waterloo, Ontario,

Regular Sequences Eric Rowland School of Computer Science University of Waterloo, Ontario,

Regular Sequences Eric Rowland School of Computer Science University of Waterloo, Ontario, Canada September 5, 2011 Eric Rowland (University of Waterloo) Regular Sequences September 5, 2011 1 / 38 Outline Motivation and basic properties 1

507 views • 38 slides
Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots

Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots

Overview Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots What can you do with them? Claire OShea Problems with honeypots COMP 290 Spring 2005 Overview Motivation Examples of

645 views • 15 slides
Using Honeypots for Security Operations Jim Barlow <jbarlow@ncsa.uiuc.edu> Head of

Using Honeypots for Security Operations Jim Barlow <jbarlow@ncsa.uiuc.edu> Head of

Using Honeypots for Security Operations Jim Barlow <jbarlow@ncsa.uiuc.edu> Head of Security Operations and Incident Response National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign National

229 views • 20 slides
Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O.

Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O.

CPS-SPC 16 @ Vienna AU Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O. T IPPENHAUER daniele_antonioli@sutd.edu.sg Towards High-Interaction Virtual ICS Honeypots-in-a-Box 1 Overview In this

922 views • 25 slides
Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian

Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian

Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian Walden *University of Cambridge, Queen Mary University of London 4th International Workshop on Traffic Measurements for Cybersecurity May 23,

423 views • 17 slides
Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. !

Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. !

Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. ! Founder, Honeynet Project & Moderator, honeypot mailing list ! Author, Honeypots: Tracking Hackers & Co- author, Know Your Enemy ! Work

676 views • 52 slides
Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by

Honeywords Making Password-Cracking Detectable By Ari Juels and Ronald L. Rivest Presented by Nunzio Cicone and Hans-Peter Hllwirth Setting Password Attacks Passwords are a notoriously weak authentication mechanism One significant

422 views • 20 slides
Honey, There is a Python in My Android Phone Ing Wei, Tang (James) About the Title: It was

Honey, There is a Python in My Android Phone Ing Wei, Tang (James) About the Title: It was

Honey, There is a Python in My Android Phone Ing Wei, Tang (James) About the Title: It was taken from: Honey, I have shrunk the kids! (1989) Source: https://en.wikipedia.org/wiki/Honey,_I_Shrunk _the_Kids Android Phone vs 486-DX4

539 views • 31 slides
321 Section, Week 2 Natalie Linnell All lions are fierce Discussion Some lions do not drink

321 Section, Week 2 Natalie Linnell All lions are fierce Discussion Some lions do not drink

321 Section, Week 2 Natalie Linnell All lions are fierce Discussion Some lions do not drink coffee Some fierce creatures do not drink coffee Translate into logic (provide defs for predicates) All lions are fierce All lions are fierce

300 views • 3 slides
Copies of the OSBA Profit and Loss Report and Balance Sheet are provided at the OSBA Table, as

Copies of the OSBA Profit and Loss Report and Balance Sheet are provided at the OSBA Table, as

Slide 1 OSBA Income- Jan.-Oct. 21, 2018 Research 11% Education 37% Operations 39% Member Services 14% Income Income- EDUCATION Income- MEMBER SERVICES Income- OPERATIONS Income- RESEARCH Copies of the OSBA Profit and Loss Report and

506 views • 14 slides
Fixed Similes: Measuring Aspects of the Relation between MWE Idiomatic Semantics and Syntactic

Fixed Similes: Measuring Aspects of the Relation between MWE Idiomatic Semantics and Syntactic

Fixed Similes: Measuring Aspects of the Relation between MWE Idiomatic Semantics and Syntactic Flexibility PANAGIOTIS KOURIS STELLA MARKANTONATOU YANIS MAISTROS SCHOOL OF ELECTRICAL AND SCHOOL OF ELECTRICAL AND INSTITUTE FOR LANGUAGE

466 views • 25 slides
Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen |

Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen |

Expanded Perception and Interaction Centre Immersive Analytics of Honey Bee Data Interaction and Visualisation Design Huyen Nguyen | Postdoctoral Fellow Sydney, May 2018 YOW! Data Conference http://epicentre.matters.today Research Background

564 views • 40 slides
20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79

20 Billion IoT Devices In 2023 page 02 * Gemalto The State of IoT Security guidelines 79 % required breach 48 % exists? improve 62 % security page 03 * Gemalto The State of IoT Security Honeypot A honeypot is a computer

631 views • 25 slides
Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 10 CS 245 Logic and Computation Fall 2019 1 / 28 Outline Learning goals Introduction and Motivation Elements of Predicate Logic Translating between English and Predicate

317 views • 29 slides
Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015 Welcome! Purpose of the programme To develop systems leadership skills and capacity amongst public leaders To support public leaders to make

983 views • 94 slides
PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub egan {husakm|cegan}@ics.muni.cz ECTCM 2014 Fribourg, Switzerland Outline Introduction, Phishing incident response, PhiGARo (phishing

270 views • 23 slides
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Masters Student Computer Engineering 1 Overview Introduction/Motivation Challenges

508 views • 30 slides
Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis Northcutt Stanford University Microsoft Research India MIT Edward Cutrell William Thies Microsoft Research India Microsoft

1.19k views • 101 slides
Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 1 / 28 Outline Introduction 1 History 2 Types of honeypots 3 Deception techniques using Honeypots

632 views • 61 slides
Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W. Garrick Gen Grace Coterm, CompSci Senior, Econ Senior, SymSys ran out of facts loves filet-o-fish flamed for liking honeydew Our mission is to help

664 views • 19 slides
Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and

Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and

LiveWell Kids Nutrition Module 5 Training 1 st Grade Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and Nutrition Education Mindful Food Tasting Lesson Delivery Q & A General

438 views • 21 slides

More recommend