how to backdoor invulnerable code
play

How to Backdoor Invulnerable Code Josh Schwartz, Director of - PowerPoint PPT Presentation

Feb 05, 2024 •178 likes •1.03k views

How to Backdoor Invulnerable Code Josh Schwartz, Director of Offensive Security @Salesforce Bio Offensive Security aka Red Team at Salesforce Realistic Adversary Simulation Security Change Catalyst Im a hacker, rule

  1. How to Backdoor “Invulnerable Code” Josh Schwartz, Director of Offensive Security @Salesforce

  2. Bio Offensive Security aka Red Team at Salesforce “Realistic Adversary Simulation” “Security Change Catalyst” I’m a hacker, rule breaker, general troublemaker.

  3. “ “A red team is an independent group that challenges an organization to improve its effectiveness.”

  4. Spoiler Alert No such thing as “invulnerable code”.

  5. Invulnerable Code At best you get code that is “secure enough”

  6. Invulnerable Code What is secure enough?

  7. Invulnerable Code Code without security bugs…?

  8. “ Code that enforces expected states, rather than allowing users to do things with your system that you did not account for.

  9. Invulnerable Code How do you secure code? Obvious!? Don’t write code with bugs! Right?

  10. Yes, you should do that. But, there is more...

  11. Invulnerable Code Let’s imagine that “invulnerable code” is this nickel, and on one side is all the lines of code that you write without any security related bugs

  12. Invulnerable Code Now let’s take a look at the other side and flip that nickel over.

  13. Invulnerable Code The other side is every other aspect that goes into writing that code.

  14. Invulnerable Code The third party libraries that you didn’t write yourself

  15. Invulnerable Code The code repo that stores the code

  16. Invulnerable Code The integration systems that put it together and test it

  17. Invulnerable Code The build pipeline that moves it around and deploys it

  18. Invulnerable Code The humans that create and maintain all of those systems

  19. Invulnerable Code The humans that have access to those human’s computers...

  20. Invulnerable Code Perhaps some of you realize there is still another side of this coin?

  21. Invulnerable Code It’s the side you don’t see.

  22. Invulnerable Code The side you can’t see.

  23. Invulnerable Code The things we can’t account for.

  24. The Black Swan Theory

  25. The best we can do Accept there is no ubiquitous security perfection

  26. On the bright side We can think like an adversary We can challenge where we set the bar

  27. I’m going to share with you some of my tactics as the attacker

  28. What is Social Engineering

  29. You are probably thinking Isn’t that just a fancy word for lying?

  30. “ “Any act that influences a person to take an action that may or may not be in their best interest”

  31. Core Concepts Influence through emotional response Pretext Manipulation vs Elicitation

  32. Social Engineering vs. Phishing

  33. Phishing Examples ⊡ Classic Credential Capturing ⊡ The Nigerian Prince with a Diamond Mine ⊡ The IRS Call

  34. Phishing This type of phishing is weak.

  35. Phishing It’s impersonal.

  36. Spear Phishing ⊡ More targeted ⊡ More personal ⊡ More effort per person ⊡ Less likely to be detected ⊡ More likely to succeed

  37. Spear Phishing Example I’m volunteering with Surf For Life! Vibe Manager Red Team

  38. Spear Phishing Example Red Team

  39. Spear Phishing Example

  40. Spear Phishing Example

  41. Spear Phishing Example Of course there is no form

  42. Spear Phishing Example

  43. How we start a Spear Phish Step 1: Social Recon

  44. Social Recon

  45. Social Recon: LinkedIn

  46. Social Recon: Employment

  47. Social Recon: Personal Site

  48. Social Recon: Twitter

  49. Social Recon: Facebook

  50. Social Recon: Google Sites

  51. Social Recon: Result

  52. Yeah Sorry Attackers can stalk you using the internet to get access to the things that you have access to. This is not a new thing. also it get’s worse.

  53. Identity Duplication: Orig

  54. Identity Duplication: Fake

  55. Identity Duplication: Result Cloning public profiles allows a social engineer to leverage a targets subliminal familiarity with identity based content to gain instant rapport.

  56. Identity Duplication: Result

  57. Gmail Helps Prevent Malware Blocking malicious file types in emails

  58. Google Drive Sharing You can share any type of file through Google Drive

  59. Google Drive Sharing Real Example

  60. Google Drive Sharing They receive this

  61. Google Drive Sharing Google Hosts the file

  62. Google Drive Sharing They send back:

  63. But What if something so simple doesn't work?

  64. Example 2 1. Notice our target has nice offices from pictures they post on social media 2. Create our pretext: Freelance journalist for a magazine that features interior design 3. Contact target asking to feature them alongside other big companies 4. Set up “interview”

  65. Example 2 Our request gets a response and fwd from their PR firm

  66. Example 2 They are totally stoked and set up the interview

  67. Example 2 Interview and tour of offices lasts for about 4 hours ⊡ ⊡ Take pictures of security systems, whiteboards, post-it notes, etc. ⊡ Spring the trap

  68. Example 2

  69. Example 2

  70. What then? So what happens after you get that access? Sure would be nice to get that person’s password...

  71. Local Phishing osascript -e 'tell app "System Events" to display dialog "Software Update requires your password to apply ." & return & return default answer "" with icon file ":System:Library:CoreServices:Software Update.app:Contents:Resources:SoftwareUpdate.icns" with hidden answer with title "Software Update" buttons {"OK"} default button "OK"'

  72. Local Phishing $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", "$env:username", "NetBiosUserName") $credential.Password | ConvertFrom-SecureString $env:username $credential.GetNetworkCredential().password

  73. Local Phishing DISPLAY=:0 gksudo -p -m "Enter your password to apply changes."

  74. 2FA is Good We are good at stealing passwords. 2FA will go a long way here. It makes it way harder for us but it isn’t perfect. Here are a few ways we get around it:

  75. Cookie Stealing

  76. SSH Multiplexing Bypassing 2FA

  77. Continuous Integration JENKINS!

  78. Backdooring Code you understand the company you have access internally you have passwords you can bypass 2FA you have access to internal documents you have access to servers you have access to the code pipeline

  79. Backdooring Code Is backdooring your production code really that hard?

  80. Zero Bugs

  81. This isn’t everything

  82. The End

  83. Questions / Complaints?

  84. Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak ,

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak ,

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak , Venkatesh Raman, and Stefan Szeider SAT 2013 Backdoor Sets Introduced by Crama et al. 1997 and independently by Williams et al. 2003 in an

768 views • 12 slides
Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of

Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of

Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of computer-security research: Protection of the average home computer; critical-infrastructure computers; and everything in between. Public goal of

728 views • 36 slides
Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov,

Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov,

Breakthrough silicon scanning discovers backdoor in military chip CHES2012 Workshop, Leuven, Belgium, 9-12 September 2012 Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov, Christopher Woods

353 views • 20 slides
The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where

The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where

The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where We are from? When we start with this? Ekoparty / 2016 Why? A quick review 5) Signal 4) Chassis ground 6) CAN High ground 2) J1850 Bus +

681 views • 47 slides
A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W.

A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W.

Welcome! A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W. Abel Committee: Travis Doom, Ph.D. (chair) Jack Jean, Ph.D. Michael Raymer, Ph.D. Krishnaprasad Thirunarayan, Ph.D. (T.K. Prasad) Vincent

1.94k views • 28 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor

Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor

Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor editing page for the CSCRS Data Repository. It is not published, therefore not visible on the UNC Dataverse. Note that the Publish and Edit buttons will

138 views • 3 slides
Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris

Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris

Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris Dimitriadis, Executive Director Compliance, ERM & Insurance OTE Group 07.05.2020 Covid-19 outbreak: an opportunity for fraudsters Stay vigilant

372 views • 9 slides
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath , Haitao Zheng, Ben Y. Zhao University of Chicago, *UC Santa Barbara, Virginia Tech

770 views • 17 slides
Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio

Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio

Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio D. Garcia & Tom Chothia) School of Computer Science University of Birmingham Birmingham United Kingdom B15 2TT s.l.thomas@cs.bham.ac.uk

814 views • 37 slides
80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David Mazires, Dan Boneh, Dominic Rizzo Stanford and Google IEEE Security & Privacy 2019 U2F: Effective hardware 2FA 2 U2F: Effective hardware 2FA

781 views • 65 slides
Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
Bu Business siness Fi Fire re In Inspection spection City of Guadalupe In Inten ent

Bu Business siness Fi Fire re In Inspection spection City of Guadalupe In Inten ent

Bu Business siness Fi Fire re In Inspection spection City of Guadalupe In Inten ent Provide general information on the California Fire Code (CFC) and City of Guadalupe Municipal Code (GMC) requirements. Provide information and

439 views • 33 slides
Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028

Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028

Larry Clinton Operations Officer Internet Security Alliance lclinton@eia.org 703-907-7028 202-236-0001 Presentation Outline The Growing Problem of Cyber Security Traditional Solutions and Why They Wont Work A New Paradigm (tools

466 views • 35 slides
The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education

The Certified Actuarial Analyst (CAA) Credential KEN GUTHRIE Managing Director, Education Society of Actuaries What it is A credential for those in actuarial support roles Exams because that is what we do Code of Conduct

304 views • 5 slides
Bus Operators Continuous Improvement Team (BOCIT) Team Members Bus Operators Team Support

Bus Operators Continuous Improvement Team (BOCIT) Team Members Bus Operators Team Support

Bus Operators Continuous Improvement Team (BOCIT) Team Members Bus Operators Team Support Center Garage 4 Employee Communications 1 Merlo Garage 2 Transportation Training 1 Powell Garage 2 Manager Maintenance 1 Asst Mgr

312 views • 13 slides
WASHOE COUNTY, CITY OF RENO & CITY OF SPARKS HOMELESS SERVICES OPERATIONAL REVIEW David

WASHOE COUNTY, CITY OF RENO & CITY OF SPARKS HOMELESS SERVICES OPERATIONAL REVIEW David

WASHOE COUNTY, CITY OF RENO & CITY OF SPARKS HOMELESS SERVICES OPERATIONAL REVIEW David Tweedie, OrgCode Consulting, Inc. Operational Review Elements In-person program site-visits and meetings with agency staff Interviews with people

565 views • 25 slides
WELCOME Duluth-Superior Metro Pedestrian Plan Advisory Committee Meeting #3 Friday June 19, 2020

WELCOME Duluth-Superior Metro Pedestrian Plan Advisory Committee Meeting #3 Friday June 19, 2020

WELCOME Duluth-Superior Metro Pedestrian Plan Advisory Committee Meeting #3 Friday June 19, 2020 10:30am-11:30am dsmic.org/pedplan2020/ 1. Aspiration Walkability Vision Survey discussion a. Features that make an enjoyable walking

307 views • 12 slides
Oracle and Tangosol Acquisition Announcement March 23, 2007 The following is intended to outline

Oracle and Tangosol Acquisition Announcement March 23, 2007 The following is intended to outline

<Insert Picture Here> Oracle and Tangosol Acquisition Announcement March 23, 2007 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any

380 views • 27 slides
Effec%ve Test Data Management in End-To-End and API

Effec%ve Test Data Management in End-To-End and API

Effec%ve Test Data Management in End-To-End and API Tes%ng in Agile environment. Excel isnt a long-term solu1on Mark Lambert (VP Products

652 views • 28 slides

More recommend