knocking down the big door
play

Knocking Down the Big Door Breaking Authentication and Segregation - PowerPoint PPT Presentation

Mar 01, 2023 •115 likes •961 views

Knocking Down the Big Door Breaking Authentication and Segregation of Production and Non-Production Environments Nahuel Grisola Cinta Infinita, Founder / CEO @cintainfinita Buenos Aires, 27 de Abril 2018 nahuel@cintainfinita.com.ar

  1. Knocking Down the Big Door Breaking Authentication and Segregation of Production and Non-Production Environments Nahuel Grisolía Cinta Infinita, Founder / CEO @cintainfinita 
 Buenos Aires, 27 de Abril 2018 nahuel@cintainfinita.com.ar

  2. § Cinta Infinita Founder and CEO § (Web) Application Security specialist & enthusiast § Many vulnerabilities discovered in Open Source and Commercial software: Vmware, Websense, OSSIM, Cacti, McAfee, OracleVM, etc. § Gadgets and Electronics Lover (RFID!) § http://ar.linkedin.com/in/nahuelgrisolia § http://cintainfinita.com § http://www.exploit-db.com/author/?a=2008 § http://www.proxmark.org/forum/profile.php?id=3000

  3. MOTIVATION “The Purpose of Education” - Enlightenment Sense “The highest goal in life is to inquire and create” “Education is really aimed at helping students get to the point where they can learn on their own” “It’s you the learner who is going to achieve in the course of education and it’s really up to you to determine how you’re going to master and use it.” - Noam Chomsky

  4. MOTIVATION “The Purpose of Education” - Enlightenment Sense “The highest goal in life is to inquire and create” “Education is really aimed at helping students get to the point where they can learn on their own” “It’s you the learner who is going to achieve in the course of education and it’s really up to you to determine how you’re going to master and use it.” - Noam Chomsky

  5. MOTIVATION “The Purpose of Education” - Enlightenment Sense “The highest goal in life is to inquire and create” “Education is really aimed at helping students get to the point where they can learn on their own” “It’s you the learner who is going to achieve in the course of education and it’s really up to you to determine how you’re going to master and use it.” - Noam Chomsky

  8. Introduction (boring but necessary)

  9. Introduction (boring but necessary) Case 1: Be careful while impersonating users . Seriously

  10. Introduction (boring but necessary) Case 1: Be careful while impersonating users . Seriously Case 2: Authentication Bypass vulnerability in the Auth0 platform

  11. Introduction (boring but necessary) Case 1: Be careful while impersonating users . Seriously Case 2: Authentication Bypass vulnerability in the Auth0 platform Case 3: Observations in MS Azure and IIS installations running .NET Web Applications using SAML Authentication Machine Keys ? Is that a new rock band?

  12. Introduction (boring but necessary) Case 1: Be careful while impersonating users . Seriously Case 2: Authentication Bypass vulnerability in the Auth0 platform Case 3: Observations in MS Azure and IIS installations running .NET Web Applications using SAML Authentication Machine Keys ? Is that a new rock band? Final Conclusions & Recommendations

  13. Introduction (boring but necessary) Case 1: Be careful while impersonating users . Seriously Case 2: Authentication Bypass vulnerability in the Auth0 platform Case 3: Observations in MS Azure and IIS installations running .NET Web Applications using SAML Authentication Machine Keys ? Is that a new rock band? Final Conclusions & Recommendations

  15. Authentication (AuthN) Restrictions on Who (or What) can Access a System

  16. Authentication (AuthN) Restrictions on Who (or What) can Access a System Authorization (AuthZ) Restrictions on Actions of Authenticated Users

  17. We usually Pentest in 
 Staging / Development Environments Full Isolation / Complete Segregation between Environments? Shared Secrets? Which secrets exactly? Shared Databases? 


  18. We usually Pentest in 
 Staging / Development Environments Full Isolation / Complete Segregation between Environments? Shared Secrets? Which secrets exactly? Shared Databases? 


  19. Federated Identity pattern “Delegate authentication to an external identity provider” https://docs.microsoft.com/en-us/azure/architecture/patterns/federated-identity

  20. https://jwt.io

  21. Security Assertion Markup Language ( SAML ) “XML-based framework for communicating user authentication, entitlement, and attribute information” Signed Audience And more…

  25. Case Number One (1/3) User Impersonation

  26. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators

  27. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators

  28. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is

  29. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is required to “act” as the target user

  30. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is required to “act” as the target user

  31. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is required to “act” as the target user Very sensitive functionality (Broken Authorization?)

  32. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is required to “act” as the target user Very sensitive functionality (Broken Authorization?)

  33. Case Number One (1/3) User Impersonation Usually only for Super Users or Full Site Administrators No password reset (or password sharing ;-) is required to “act” as the target user Very sensitive functionality (Broken Authorization?) No “common strategy”

  34. Case Number One (2/3) User Impersonation

  35. Case Number One (2/3) User Impersonation Request: POST /api/user/1753/impersonate HTTP1.1 Host: test .crazy.net […] Response: HTTP/1.1 200 OK Server: Microsoft-IIS/8.5 Date: Tue, 16 Jan 2018 15:28:17 GMT Connection: close Content-Length: 245 {“username":"1753_user","passkey":"OMRDSPWTM 2X6KNM3KYHINET6MHL3XHNLYORN3VOK7EFJBFWXHX54H FLQRF7XSVEGOJGZ6G4YHTMPNEBTKKIEGLSC4WUCTVDV[ redacted]"}

  36. Case Number One (2/3) User Impersonation Request II: Request: POST /api/authentication/token HTTP/1.1 POST /api/user/1753/impersonate HTTP1.1 Host: test .crazy.net Host: test .crazy.net […] […]grant_type=password&username= admin &passw ord=OMRDSPWTM2X6KNM3KYHINET6MHL3XHNLYORN3VO Response: K7EFJBFWXHX54HFLQRF7XSVEGOJGZ6G4YHTMPNEBTKK HTTP/1.1 200 OK IEGLSC4WUCTVDV[redacted] Server: Microsoft-IIS/8.5 Date: Tue, 16 Jan 2018 15:28:17 GMT Response II: Connection: close HTTP/1.1 200 OK Content-Length: 245 Server: Microsoft-IIS/8.5 Date: Tue, 16 Jan 2018 15:31:12 GMT {“username":"1753_user","passkey":"OMRDSPWTM Connection: close 2X6KNM3KYHINET6MHL3XHNLYORN3VOK7EFJBFWXHX54H Content-Length: 1169 FLQRF7XSVEGOJGZ6G4YHTMPNEBTKKIEGLSC4WUCTVDV[ redacted]"} {"access_token":"dxjPlvTBeSg9ztuzMq8Ja_FKcg NaSV-SVHCt49OXxL2FOkALjeD- Aq3dOEH4fnOgADjfiHgmmOsChuAkXY2OQbrlUnZfotf KePcLhcY8BJxcJukPlHuJCwtUo6kj_7IR81- MQ4cbOARDG9N81FUaP45VHcYxexLGS8JMzEscPJBe[r edacted] ","token_type":"bearer","expires_in": 1209599,"userName":"admin",".issued":"Tue, 16 Jan 2018 15:31:12 GMT",".expires":"Tue, 30 Jan 2018 15:31:12 GMT"}

  37. Case Number One (2/3) User Impersonation Request II: Request: POST /api/authentication/token HTTP/1.1 POST /api/user/1753/impersonate HTTP1.1 Host: test .crazy.net Host: test .crazy.net […] […]grant_type=password&username= admin &passw ord=OMRDSPWTM2X6KNM3KYHINET6MHL3XHNLYORN3VO Response: K7EFJBFWXHX54HFLQRF7XSVEGOJGZ6G4YHTMPNEBTKK HTTP/1.1 200 OK IEGLSC4WUCTVDV[redacted] OK, this is bad, but… Server: Microsoft-IIS/8.5 Date: Tue, 16 Jan 2018 15:28:17 GMT Response II: Connection: close HTTP/1.1 200 OK Content-Length: 245 Server: Microsoft-IIS/8.5 Date: Tue, 16 Jan 2018 15:31:12 GMT {“username":"1753_user","passkey":"OMRDSPWTM Connection: close 2X6KNM3KYHINET6MHL3XHNLYORN3VOK7EFJBFWXHX54H Content-Length: 1169 FLQRF7XSVEGOJGZ6G4YHTMPNEBTKKIEGLSC4WUCTVDV[ redacted]"} {"access_token":"dxjPlvTBeSg9ztuzMq8Ja_FKcg NaSV-SVHCt49OXxL2FOkALjeD- Aq3dOEH4fnOgADjfiHgmmOsChuAkXY2OQbrlUnZfotf KePcLhcY8BJxcJukPlHuJCwtUo6kj_7IR81- MQ4cbOARDG9N81FUaP45VHcYxexLGS8JMzEscPJBe[r edacted] ","token_type":"bearer","expires_in": 1209599,"userName":"admin",".issued":"Tue, 16 Jan 2018 15:31:12 GMT",".expires":"Tue, 30 Jan 2018 15:31:12 GMT"}

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

High School Graduate Trends WICHEs Knocking at the College Door Projections of High School

High School Graduate Trends WICHEs Knocking at the College Door Projections of High School

High School Graduate Trends WICHEs Knocking at the College Door Projections of High School Graduates, 9 th Ed. Peace Bransberger / knocking.wiche.edu #NACAC17 Fewer Grads in Total; More non-White Grads #NACAC17 Projected number compared to

1.14k views • 86 slides
Knocking The Rust Off Or Why Its Such A Great Time To Come Back To Flying! New Shiny Plastic

Knocking The Rust Off Or Why Its Such A Great Time To Come Back To Flying! New Shiny Plastic

What we will cover today What it takes to be PIC again What has changed since you last flew Prepare you for returning to the sky Airspace review Part 91 refresher Flight planning Staying active Knocking The

650 views • 19 slides
IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door

IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door

IMS Single Door Enclosures IMS Two Door Enclosures IMS Single Door with Slave Door Disconnect IMS Two Door with Slave Door Disconnect Plinth Bases with Black Textured Finish Galvanized Sub-Panels Galvanized Filler Plates

302 views • 29 slides
The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an

The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an

The Invisible Door Keeper Q-Door is an innovative door sensor. In Armed Mode setting, it sends an alarm whenever a door or a window is opened. Additionally, it detects change in humidity , temperature and light and visualizes them on the online

479 views • 11 slides
When the EEOC Comes Knocking Anticipating and Responding to Discrimination and Retaliation

When the EEOC Comes Knocking Anticipating and Responding to Discrimination and Retaliation

Presenting a live 90 minute webinar with interactive Q&A When the EEOC Comes Knocking Anticipating and Responding to Discrimination and Retaliation Investigations THURS DAY, JULY 21, 2011 1pm Eastern | 12pm Central | 11am

877 views • 60 slides
Effective G Get out t the Vot ote S Str trategie ies Direct voter contact is key to

Effective G Get out t the Vot ote S Str trategie ies Direct voter contact is key to

Effective G Get out t the Vot ote S Str trategie ies Direct voter contact is key to voter turnout especially young people and first-timer voters Get Out The Typical methods: door knocking, mailing, phone banking , texting,

331 views • 15 slides
Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door

Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door

Motivation Illustrative Example: ATT with One-Sided Noncompliance Application: JTPA Fr ont-door Versus Back-door Adjustment with Unmeasured Confounding: Bias Formulas for Front-door and Hybrid Adjustments 1 Adam Glynn and Konstantin Kashin

928 views • 53 slides
DEBRA Members Weekend 2017 EB therapy research in Dundee: an update Knocking out the faulty

DEBRA Members Weekend 2017 EB therapy research in Dundee: an update Knocking out the faulty

DEBRA Members Weekend 2017 EB therapy research in Dundee: an update Knocking out the faulty gene & Skipping the faulty exon Peter van den Akker Premium sponsors: EB therapy research in Dundee: an update Knocking out the faulty gene

794 views • 43 slides
Collabora(ve Media Package October, 2013 Opportunity Knocking

Collabora(ve Media Package October, 2013 Opportunity Knocking

Collabora(ve Media Package October, 2013 Opportunity Knocking What if the Educa(onal Publisher could build a ecosystem around each of their EPUB

298 views • 11 slides
My front door.. 1 2 My front door .. is the vehicle for communication and engagement with

My front door.. 1 2 My front door .. is the vehicle for communication and engagement with

My front door.. 1 2 My front door .. is the vehicle for communication and engagement with all our key stakeholders. o builds on the Learning Disability Strategy and Adult Social Care Vision ensuring the information is o accessible and

432 views • 8 slides
Overview of 2019 AECOM Door County Housing Study Presentation to the Door County Board of

Overview of 2019 AECOM Door County Housing Study Presentation to the Door County Board of

Overview of 2019 AECOM Door County Housing Study Presentation to the Door County Board of Supervisors February 26, 2019 Mariah Goode Background: Housing Efforts in Door County PAST AND ON-GOING WORK Door County Economic Development

416 views • 18 slides
Victory Fire Door Inspections Vickie Evans, FDAI Over 30 years in door and hardware

Victory Fire Door Inspections Vickie Evans, FDAI Over 30 years in door and hardware

Victory Fire Door Inspections Vickie Evans, FDAI Over 30 years in door and hardware industry DHI instructor and Education Advocate Certified Fire Door Inspector Victory Fire Door Inspections To compartmentalize a building

936 views • 75 slides
Response Prompting See school door. Open door and walk through. See boss or fellow employee

Response Prompting See school door. Open door and walk through. See boss or fellow employee

2/24/2017 Stimulus and Response Remember that every behavior is preceded by a stimulus and followed by a consequence. Stimulus Response Bus stops, driver opens door, people Get out of the bus. get up. Response Prompting See school door.

365 views • 4 slides
Knocking out the Supply and Sorting in Decentralized Job Markets Guillaume Haeringer

Knocking out the Supply and Sorting in Decentralized Job Markets Guillaume Haeringer

Knocking out the Supply and Sorting in Decentralized Job Markets Guillaume Haeringer Universitat Aut` onoma de Barcelona Vincent Iehl e Universit e Paris Dauphine N uria Rodriguez-Planas Universitat Aut` onoma de Barcelona

523 views • 33 slides
Discovery in Western Victoria ( and Queensland, and Tasmania) Read Corporate Resources Rising

Discovery in Western Victoria ( and Queensland, and Tasmania) Read Corporate Resources Rising

For personal use only Knocking on the Door to Discovery in Western Victoria ( and Queensland, and Tasmania) Read Corporate Resources Rising Stars Summer Series 2019 STAVELY MINERALS For personal use only Disclaimer This presentation contains

573 views • 41 slides
Securi-Door ESE 205 Clayton Keating and Savannah Rush Have you ever forgotten if youve

Securi-Door ESE 205 Clayton Keating and Savannah Rush Have you ever forgotten if youve

Securi-Door ESE 205 Clayton Keating and Savannah Rush Have you ever forgotten if youve locked your door? Securi-Door users will: Be able to log on to our website Remotely capture an image and see who is at their door On the

211 views • 7 slides
Authentication, Authorisation and Accounting(AAA) Framework (RFC 2904) Vedavyas Duggirala

Authentication, Authorisation and Accounting(AAA) Framework (RFC 2904) Vedavyas Duggirala

Authentication, Authorisation and Accounting(AAA) Framework (RFC 2904) Vedavyas Duggirala (vyas@vt.edu) CS 6204, Spring 2005 1 Background Not a standard. Establishes requirements for Authentication, Authorization & Accounting(AAA)

617 views • 19 slides
International Student Employment & Degree Level Changes Topics to Cover > Background on

International Student Employment & Degree Level Changes Topics to Cover > Background on

International Student Employment & Degree Level Changes Topics to Cover > Background on International Student Services (ISS) > Newcomers Intro to International Student Employment Background on CPT & OPT Recent OPT Changes

870 views • 54 slides
Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a

Authorization, Security, and Privacy 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Authorization, Security, and Privacy

537 views • 40 slides
Creating Objects in Flexible Authorization Framework Nicola Zannone, Sushil Jajodia,

Creating Objects in Flexible Authorization Framework Nicola Zannone, Sushil Jajodia,

Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework Nicola Zannone, Sushil Jajodia, Duminda Wijesekera Dep. of Information and Communication Technology, University of Trento

675 views • 19 slides
Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the

Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the

Grid Authentication and Authorisation Issues kos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management: VOMS

384 views • 21 slides
Little Brother is watching - we know all your secrets! Siegfried Rasthofer | Fraunhofer SIT,

Little Brother is watching - we know all your secrets! Siegfried Rasthofer | Fraunhofer SIT,

Little Brother is watching - we know all your secrets! Siegfried Rasthofer | Fraunhofer SIT, Germany Steven Arzt | Fraunhofer SIT, Germany Stephan Huber | Fraunhofer SIT, Germany With the help of: Alexander Traud, Benedikt Hiemenz, Daniel

1.23k views • 95 slides
Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents Work Authorization Document Control Account Information Control

Work Authorization Documents https://cametoolbox.fnal.gov/Project/WADReports?ProjectName=HL-L... Work Authorization Documents Work Authorization Document Control Account Information Control Account Manager: 10629N Nobrega, Fred Control

56 views • 5 slides
Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity

5/24/2017 Security and Privacy Why Security is Difficult 12A. Operating Systems and Security complexity of our software and systems 12B. Authentication millions of lines of code, thousands of developers rich and powerful protocols

533 views • 14 slides

More recommend