practical exploitation on system vulnerability of
play

Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li - PDF document

Sep 14, 2023 •46 likes •96 views

3/31/2011 Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong University of Alabama Goal: perform ProtoGENI experiments to find vulnerabilities; to suggest prevention approach vulnerabilities; to

  1. 3/31/2011 Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong University of Alabama • Goal: perform ProtoGENI experiments to find vulnerabilities; to suggest prevention approach vulnerabilities; to suggest prevention approach • Identify 3 kinds of Attacks by malicious user – Data Plane to Data Plane attack • Compromise the correctness and confidentiality of other running experiments – Data Plane to Control Plane attack • Compromise the availability of ProtoGENI resources to other users – Data plane to Internet attack • Work in progress 1

  2. 3/31/2011 Attack Experiment • Attacking Approach: ARP Poisoning – send fake, or "spoofed", ARP messages to an Ethernet LAN d f k " f d" ARP t Eth t LAN or WLAN – Purpose: DoS • Attacking Tool: Netwox – An open source network tool set – Integrate 222 tools Integrate 222 tools – Sniff, spoof, scan etc. – Used by network administrators or hackers Data Plane to Data Plane Attack • Packets in wireless channel can be easily captured due to its nature due to its nature 2

  3. 3/31/2011 Data Plane to Data Plane Attack • Use netwox tool “33” to perform ARP attack • Check the ARP cache in the victim node • The two wireless nodes cannot communicate with each other due to the faked IP/MAC address mapping Data Plane to Control Plane Attack • To “terminate” the connection of the “control ‐ router” and an experiment node through ARP poisoning • The experiment node will not be available by other users who include this particular node in their Rspec • Attack can be performed in two directions 3

  4. 3/31/2011 Data Plane to Control Plane Attack • Poison the ARP cache of the control router, Data Plane to Control Plane Attack • Poison the ARP cache of the desired node: 4

  5. 3/31/2011 How about GRE tunnel link? • No ARP cache entry for the VLAN end host • Impossible to launch ARP poisoning attack • Prevention Approach – ArpON (Arp handler inspectiON) A ON (A h dl i tiON) – static IP ‐ MAC mappings for control network • Working On – Malicious user behavior to attack the Internet 5

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides
Automated vulnerability scanning and exploitation Dennis Pellikaan Thijs Houtenbos University of

Automated vulnerability scanning and exploitation Dennis Pellikaan Thijs Houtenbos University of

Automated vulnerability scanning and exploitation Dennis Pellikaan Thijs Houtenbos University of Amsterdam System and Network Engineering July 4, 2013 Dennis Pellikaan, Thijs Houtenbos Automated vulnerability scanning and exploitation 1 / 20

213 views • 20 slides
Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides
Preventing Elder Investment Fraud: Assessing for Vulnerability to Financial Exploitation Dulce

Preventing Elder Investment Fraud: Assessing for Vulnerability to Financial Exploitation Dulce

Preventing Elder Investment Fraud: Assessing for Vulnerability to Financial Exploitation Dulce M. Cruz, MD, CMD Associate Professor Division of Geriatrics Saint Louis University Robert E. Roush, EdD, MPH Director, Texas Consortium GEC Baylor

954 views • 38 slides
Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki 2013-06-06 Agenda Motivation ARM Primer Exploitation 101 Science, Bitches! Vulnerability classes Exploitation Defenses & Mitigation Techniques

899 views • 51 slides
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Introduction Deral Heiland, CISSP, GWAPT: Senior Security Engineer at CDW, responsible for security assessments, penetration tests and consulting for

596 views • 58 slides
Software Vulnerability Handling and practical incident recognition Idea: ( ) Sven Gabriel

Software Vulnerability Handling and practical incident recognition Idea: ( ) Sven Gabriel

EGI Community Forum 2014 Software Vulnerability Handling and practical incident recognition Idea: ( ) Sven Gabriel NIKHEF All the hard work: Heiko Reese KIT-CERT ( ) Sven Gabriel? 20042007: FZK Karlsruhe, T-1 GridKa Site Admin

1.19k views • 38 slides
good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response

good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response

Lessons Learned: Can alerting the public about exploitation do more harm than good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response IPS signature delivery MAPP (Microsoft Active Protections

855 views • 43 slides
THE ETHICAL, LEGAL, AND PRACTICAL CONSIDERATIONS INVOLVING THE FINANCIAL EXPLOITATION OF SENIORS

THE ETHICAL, LEGAL, AND PRACTICAL CONSIDERATIONS INVOLVING THE FINANCIAL EXPLOITATION OF SENIORS

THE ETHICAL, LEGAL, AND PRACTICAL CONSIDERATIONS INVOLVING THE FINANCIAL EXPLOITATION OF SENIORS Francis J. Rondoni Chestnut Cambronne PA Minneapolis, Minnesota Stuart C. Bear Chestnut Cambronne PA Minneapolis, Minnesota Elizabeth C. Henry

737 views • 49 slides
! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented Exploitation ! Techniques ! Demo ! Mac OS X x86_64 ! Conclusion ! Morris Worm (November 1988) ! Exploited a stack buffer overflow in BSD in.fingerd on VAX

1.02k views • 80 slides
them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

One font vulnerability to rule them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz j00ru Jurczyk REcon 2015, Montreal PS> whoami Project Zero @ Google Low-level security researcher

2.33k views • 187 slides
Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security Researcher at Norman Malware Detection Team (MDT) Interests Vulnerability research Operating systems internals Exploit mitigations

2.17k views • 100 slides
Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides
Evalua&ng Opera&ng System Vulnerability to Memory Errors

Evalua&ng Opera&ng System Vulnerability to Memory Errors

Evalua&ng Opera&ng System Vulnerability to Memory Errors Kurt B. Ferreira, Kevin Pedre1, Patrick Bridges , Ron Brightwell, David Fiala, and Frank

689 views • 23 slides
Contents What is vulnerability? Why conduct vulnerability assessments? Defining

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides
Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides
Game Concept Build the game Battleship on embedded hardware Build the game Battleship

Game Concept Build the game Battleship on embedded hardware Build the game Battleship

Battleship Marc Howard, Dan Aprahamian Apoorva Gade, Shihab Hamati Game Concept Build the game Battleship on embedded hardware Build the game Battleship on a computer Get the two versions of the game to communicate via Ethernet

437 views • 14 slides
SCAS Enga SCAS Engagement Upda gement Update te 9 Agenda Item 26. Agenda ARP update

SCAS Enga SCAS Engagement Upda gement Update te 9 Agenda Item 26. Agenda ARP update

SCAS Enga SCAS Engagement Upda gement Update te 9 Agenda Item 26. Agenda ARP update Performance Lord Carter Review CQC 10 Urgent Care Pathways ARP PRINCIPLES What does ATs What does the need to consider patient need?

908 views • 36 slides
Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch

Tired of iptables based security groups? Here's how to gain tremendous speed with Open vSwitch instead! Who we are? Jakub Libosvar Software Engineer at Red Hat libosvar@redhat.com Rodolfo Alonso Software Engineer

397 views • 29 slides
Transparent migration of virtual Transparent migration of virtual infrastructures in large

Transparent migration of virtual Transparent migration of virtual infrastructures in large

Transparent migration of virtual Transparent migration of virtual infrastructures in large datacenters for infrastructures in large datacenters for Cloud Computing Cloud Computing Workshop on Management of Cloud Systems ( Workshop on

489 views • 23 slides
PRIMARILY RESIDENTIAL DEVELOPMENT Approved office development New offices in the mixed- use

PRIMARILY RESIDENTIAL DEVELOPMENT Approved office development New offices in the mixed- use

TOWER 4 TOWER 2 RESIDENTIAL RESIDENTIAL 120,000 sq. ft. 275,000 sq. ft. TOWER 1 TOWER 5 RESIDENTIAL RESIDENTIAL 165,000 sq. ft. 130,000 sq. ft. HOTEL 150,000 sq.ft PROJECT VISION The proposed redevelopment of Eau Claire Market is a

258 views • 10 slides
Crop I nsurance Decisions and the new Farm Bill Bruce Sherrick sherrick@illinois.edu Gary

Crop I nsurance Decisions and the new Farm Bill Bruce Sherrick sherrick@illinois.edu Gary

Crop I nsurance Decisions and the new Farm Bill Bruce Sherrick sherrick@illinois.edu Gary Schnitkey schnitke@illinois.edu University of I llinois 2 0 1 4 I llinois Farm Econom ics Sum m it The Profitability of I llinois Agriculture:

522 views • 23 slides
HEALTH SCIENCES CENTER

HEALTH SCIENCES CENTER

HEALTH SCIENCES CENTER _____________________________________________________________________________________________ FACULTY CONTRACTS OFFICE FACULTY BENEFITS & GENERAL INFORMATION NEW HIRE PAPERWORK I-9 and Employment Eligibility

644 views • 40 slides
Cedars A.R.C at Yew Tree Primary Additional provision for children with Social, Emotional

Cedars A.R.C at Yew Tree Primary Additional provision for children with Social, Emotional

Cedars A.R.C at Yew Tree Primary Additional provision for children with Social, Emotional and Mental Health Difficulties Social, Emotional and Mental Health difficulties in Children. Half of all diagnosable mental health disorders are

406 views • 15 slides

More recommend