irl live hacking demos
play

IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security - PowerPoint PPT Presentation

Jan 15, 2023 •485 likes •924 views

#RSAC SESSION ID: SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst Independent Security Evaluators (ISE) Independent Security Evaluators (ISE) @rramgatie @omerfar23 #RSAC

  1. #RSAC SESSION ID: SESSION ID: SBX2-R3 IRL: Live Hacking Demos! Rick Ramgattie Omer Farooq Security Analyst Senior Security Analyst Independent Security Evaluators (ISE) Independent Security Evaluators (ISE) @rramgatie @omerfar23

  2. #RSAC About ISE Perspective • White box Analysts • Hackers; Cryptographers; RE Exploits • iPhone; Android; Ford; Exxon; Diebold Research • Routers; NAS; Healthcare Customers • Companies with high value assets ISE Proprietary

  3. #RSAC What is the Internet of Things (IoT)? • Non-conventional, network- connected devices – Refrigerators – Washing Machines – Surveillance Cameras – Thermostats – Lightbulbs – Door Locks 3

  4. #RSAC IoT and the Enterprise Environment • Potential to improve efficiency and productivity – Utilities – Industrial – Health care – Transportation – Agriculture 4

  5. #RSAC IoT and the Enterprise Environment Potentia ial l to inc increase attack su surf rface of f corp rporate netw tworks 67% of executives will adopt IoT despite potential risks 1 67 25 25% of remote workers have at least one IoT device connected to a corporate network 1 “[B]y the end of 2017, over 20 20 per ce cent of organizations will have digital security services devoted to protecting business initiatives using devices and services in IoT” 2 1 https://www.gartner.com/newsroom/id/2905717 2 https://www.tripwire.com/register/enterprise-of-things-report/ 5

  6. #RSAC What are the Dangers? Corporate bring-your-own-device (BYOD) policies  undetected breaches Similarly, IoT introduces unaudited devices with poor security to the network Often exempt from compliance with security policies Hard to install updates/patches Lack built-in security (encryption, authentication, hardening, etc.) Default credentials (major infection vector for botnets) 6

  7. #RSAC What are the Dangers? (cont.) “ 70% of IoT devices were vulnerable to some sort of attack; 60% 60% of IoT devices with a user interface were vulnerable to issues like cross-site scripting and weak credentials; and 70% of IoT devices used encrypted network services” 1 Potential for mass exploitation 2 Examples: Mirai (1 1 Tb Tbps DDoS oS, took down Internet DNS), BASHLITE (1 1 milli illion IoT bots), Linux.Darlloz, Remaiten 1 http://fortifyprotect.com/HP_IoT_Research_Study.pdf 2 https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown- exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf 7

  8. #RSAC Types of Vulnerabilities Bypassing Authentication and Authorization Checks Remote Command Injection Stack-Based Buffer Overflows Remote File Inclusion Cross-Site Request Forgery Information Leaks 8

  9. #RSAC Demo Devices Belkin Router Motorola Focus73 Camera Netgear ReadyNAS RN10400 Network Attached Storage (NAS) ASUS RT-N56U Router 9

  10. #RSAC Belkin N+ Wireless Router

  11. #RSAC Belkin N+ Wireless Router Web Interface which connects back to Belkin Running Linux Has Busybox installed Open ports – tcp/53, tcp/80 11

  12. #RSAC Belkin N+ 1 Vulnerability Client-side authentication 12

  13. #RSAC Belkin N+ 13

  14. #RSAC Belkin N+ 14

  15. #RSAC Belkin N+ 15

  16. #RSAC Belkin N+ 16

  17. #RSAC Belkin N+ 17

  18. #RSAC Belkin N+: Countermeasures Perform server-side authentication and authorization checks. Don’t rely on security through obscurity. 18

  19. #RSAC Belkin N+: Recap Client-side authentication Leads to admin access Countermeasures 19

  20. #RSAC Motorola Focus73

  21. #RSAC Motorola Focus73 IP Camera Connects to your network either via Ethernet or WiFi Intended to be controlled via Motorola’s mobile applications (iOS and Android) Running Linux Has nc installed Open Ports - tcp/80, tcp/8080 21

  22. #RSAC Motorola Focus73 3 vulnerabilities Lack of Authentication and Authorization Mechanisms in Nuvoton Web Server Command Injection Remote File Inclusion 22

  23. #RSAC Motorola Focus73 23

  24. #RSAC Motorola Focus73 Uploaded file does not need to be a real firmware file /fwupgrade.html calls a CGI script This script is vulnerable to both command injection and remote file upload 24

  25. #RSAC Motorola Focus73 25

  26. #RSAC Motorola Focus73 26

  27. #RSAC Motorola Focus73: Countermeasures Missing Function Level Access Controls: Perform server-side authentication and authorization checks. Remote File Inclusion: Try not to use user input in file system calls Perform path canonicalization (symlinks, . & .. are resolved) Properly configure services Command Injection Avoid calling shell commands when possible If an API does not exist, sanitize user input before passing it to a function that executes system commands. 27

  28. #RSAC Motorola Focus73: Recap IP Camera vulnerable to lack of auth checks and command injection Missing Function Level Access Control and Directory Traversal Countermeasures Command Injection Countermeasures Quick look at the fix for command injection 28

  29. #RSAC Netgear ReadyNAS RN10400

  30. #RSAC Netgear ReadyNAS RN10400 Network Attached Storage Web Interface which connects back to Netgear Running Linux Has Busybox installed Open ports – tcp/22, tcp/80 30

  31. #RSAC Netgear ReadyNAS RN10400 2 Vulnerabilities Lack of CSRF Protection Arbitrary Command Injection 31

  32. #RSAC Netgear ReadyNAS RN10400 32

  33. #RSAC Netgear ReadyNAS RN10400: Countermeasures Cross Site Request Forgery: Implement Anti-CSRF tokens AND HTTP referrer checking Feeling ambitious? Require the user to authenticate before performing a state change Command Injection: Avoid calling shell commands when possible If an API does not exist, sanitize user input before passing it to a function that executes system commands. 33

  34. #RSAC Netgear ReadyNAS RN10400: Recap NAS device Vulnerable to both CSRF and Command Injection Leads to full device control (shell access) CSRF Countermeasures Command Injection Countermeasures 34

  35. #RSAC ASUS RT-N56U

  36. #RSAC ASUS RT-N56U Wireless Router Running Linux Has Busybox installed Open ports – tcp/53, tcp/80, tcp/515, tcp/18017 36

  37. #RSAC ASUS RT-N56U 2 vulnerabilities Client-side credential disclosure Web server stack-based buffer overflow 37

  38. #RSAC ASUS RT-N56U 38

  39. #RSAC ASUS RT-N56U: Countermeasures Don’t use unsafe functions Perform bounds checking Compile/Link with overflow prevention techniques Canary/Stack Cookie — gcc – fstack-protector ASLR — gcc – fPIE || ld – pie DEP/NX — gcc marks the stack non-executable by default 39

  40. #RSAC ASUS RT-N56U: Recap SOHO Router vulnerable to stack-based buffer overflow Review of MIPS Shellcode Execution of exploit Buffer Overflow Countermeasures 40

  41. #RSAC What Can Be Done? Revamped IT infrastructure Scaling up ability to monitor and analyze greater volume of data – increased bandwidth and storage requirements Distributed network architecture 1 Netflow analysis, watch for anomalous traffic patterns from similar classes of devices Updated security and IT policies Mandated patching of IoT/embedded devices Credential management and commissioning process Inventory process IPv6 – Start planning and be aware of security implications Supply chain of trust: vetting your device vendors 1 http://internetofthingsagenda.techtarget.com/feature/Plan-an- Internet-of-Things-architecture-in-the-data-center 41

  42. #RSAC Questions

  43. #RSAC What are the Dangers? (cont.) 43

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

485 views • 27 slides
Plan Demos ! Project: Due ! Next next Wednesday Demos Demos following week (Wednesday during

Plan Demos ! Project: Due ! Next next Wednesday Demos Demos following week (Wednesday during

Plan Demos ! Project: Due ! Next next Wednesday Demos Demos following week (Wednesday during class time) ! Preparation (show & tell) ! Next Week 3 precompiled kernels (original, lottery, stride, dynamic) New phase of presentations

379 views • 9 slides
ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen

RFID Hacking Live Free or RFID Hard 01 Aug 2013 Black Hat USA 2013 Las Vegas, NV Presen sented ed b by: Francis Brown Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew RFID badge

883 views • 50 slides
RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen

RFID Hacking Live Free or RFID Hard 24 Mar 2015 InfoSec World 2015 Orlando, FL Presen sented ed b by: Francis Brown & Rob Ragan Bishop Fox www.bishopfox.com Agenda O V E R V I E W Qu Quic ick k Over erview ew

853 views • 57 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
All your tax updates on demand. Simple. What you need to know Workbook Live Chat Have a Tax

All your tax updates on demand. Simple. What you need to know Workbook Live Chat Have a Tax

All your tax updates on demand. Simple. What you need to know Workbook Live Chat Have a Tax Party! CPD Hours Product demos Inland Revenue (IR) shutdown Thursday 12 Tuesday 17 April 2018 What services are unavailable? ir-File

1.07k views • 86 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research

HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research

HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research done and presented is of my own and does not reflect my employer. Do not try this on a live environment. This can harm someone. #whoAmI Graduate

1.23k views • 46 slides
Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1

Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1

Enhanced Tally Scheme for the DEMOS End-2- End Verifiable E-voting Thomas Souliotis 1 Table of Contents Background Public Key Cryptography Zero Knowledge Proofs Homomorphic Encryption DEMOS Introduction

492 views • 34 slides
Student Debt and the Racial Wealth Gap Mark Huelsman Associate Director of Policy & Research

Student Debt and the Racial Wealth Gap Mark Huelsman Associate Director of Policy & Research

Demos 1 Demos.org Student Debt and the Racial Wealth Gap Mark Huelsman Associate Director of Policy & Research @markhuelsman Demos 2 Demos.org A $1.6 TRILLION DEBT PROBLEM DIDNT JUST COME OUT OF NOWHERE Were telling

289 views • 18 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
The regional picture: planning for outer London DEMOS/LSE Event 30 June 2011 Why is Outer

The regional picture: planning for outer London DEMOS/LSE Event 30 June 2011 Why is Outer

The regional picture: planning for outer London DEMOS/LSE Event 30 June 2011 Why is Outer London important? Its where 60% of Londoners live Its where 40% of Londons jobs are Its where a substantial chunk of Londons

489 views • 24 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach & Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4:

P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4:

P rocesses Recall: A pr ocess includes Address space (Code, Dat a, Heap, St ack) 4: Threads Regist er values (including t he P C) Resources allocat ed t o t he process Memor y, open f iles, net wor k connect ions Last Modif

411 views • 5 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University

CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University

' $ CPL and CGI transport in SIP REGISTER messages 1 CPL and CGI Transport in SIP REGISTER Payloads Jonathan Lennox Columbia University lennox@cs.columbia.edu IETF IPTel Working Group Tuesday, March 16, 1999 & % Jonathan Lennox ' $

338 views • 6 slides
W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest,

W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest,

W EB P LATFORM : T HE S ECURE P ARTS Mike West @mikewest, mkw.st/+ Slides: https://mkw.st/r/goto13 W EB P LATFORM : T HE N OT C OMPLETELY AND O BVIOUSLY I NSECURE P ARTS Mike West @mikewest, mkw.st/+ Slides: https://mkw.st/r/goto13 Insert

705 views • 41 slides
Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit

Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit

Development of Web Applications Principles and Practice Vincent Simonet, 2013-2014 Universit Pierre et Marie Curie, Master Informatique, Spcialit STL 3 Server Technologies Vincent Simonet, 2013-2014 Universit Pierre et Marie Curie,

1.17k views • 68 slides
W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization

W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization

W eb Services and the Grid W eb Services and the Grid Supercomputing, Visualization & e-Science Manchester Com puting W SRF and W SRF::Lite W SRF::Lite W SRF and Mark Mc Keown WSRF: : Lite developer Formerly UK Grid Support

658 views • 32 slides
Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101

Tools and Techniques to automate the discovery of Zero Day Vulnerabilities A.K.A Fuzzing 101 Agenda GEEKZONE Overview of fuzzing techniques Tutorials on specific open-source fuzzers Demonstrations DIY fuzzing! Who

825 views • 50 slides
What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

10/22/08 What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control Perl Slashdot, bioinformatics, financial data processing, cgi Python System administration at Google BitTorrent file

570 views • 7 slides

More recommend