runtime security lab
play

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz - PowerPoint PPT Presentation

Apr 07, 2024 •469 likes •1.19k views

Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018 https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs

  1. Runtime Security Lab Michael Schwarz Friday 31 st August, 2018 Graz Security Week 2018

  2. https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html

  3. www.tugraz.at Large IoT Incidents September 21, 2016 > 600 Gbps on Brian Krebs (security researcher) website (Mirai botnet) September 30, 2016 Mirai source code published October 21, 2016 ˜ 1 Tbps on DNS provider Dyn November 26, 2016 > 900 000 routers of Deutsche Telekom attacked and offline February, 2018 > 1.35 Tbps attack on GitHub 2 Michael Schwarz — Graz Security Week 2018

  5. www.tugraz.at Top 10 IoT Bugs 3 Michael Schwarz — Graz Security Week 2018

  6. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface Default usernames and passwords 4 Michael Schwarz — Graz Security Week 2018

  7. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication Weak passwords 4 Michael Schwarz — Graz Security Week 2018

  8. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services Unnecessary ports open 4 Michael Schwarz — Graz Security Week 2018

  9. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption SSL/TLS not available 4 Michael Schwarz — Graz Security Week 2018

  10. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns Collected information not properly protected 4 Michael Schwarz — Graz Security Week 2018

  11. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface Interfaces with security vulnerabilities 4 Michael Schwarz — Graz Security Week 2018

  12. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface No account lockout mechanisms 4 Michael Schwarz — Graz Security Week 2018

  13. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Encryption is not available 8. Insufficient Security Configurability 4 Michael Schwarz — Graz Security Week 2018

  14. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Updates are not signed 8. Insufficient Security Configurability 9. Insecure Software/Firmware 4 Michael Schwarz — Graz Security Week 2018

  15. www.tugraz.at Top 10 IoT Bugs 1. Insecure Web Interface 2. Insufficient Authentication 3. Insecure Network Services 4. Lack of Transport Encryption 5. Privacy Concerns 6. Insecure Cloud Interface 7. Insecure Mobile Interface Unnecessary external ports like USB 8. Insufficient Security Configurability 9. Insecure Software/Firmware 10. Poor Physical Security 4 Michael Schwarz — Graz Security Week 2018

  16. www.tugraz.at Summary The 90s called... 5 Michael Schwarz — Graz Security Week 2018

  17. www.tugraz.at Summary The 90s called... ...they want their bugs back! 5 Michael Schwarz — Graz Security Week 2018

  19. www.tugraz.at Infrastructure • There are 15 challenges 6 Michael Schwarz — Graz Security Week 2018

  20. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) 6 Michael Schwarz — Graz Security Week 2018

  21. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) • 4 different categories 6 Michael Schwarz — Graz Security Week 2018

  22. www.tugraz.at Infrastructure • There are 15 challenges • Different difficulties (the more points, the harder) • 4 different categories • Play on your own or as team 6 Michael Schwarz — Graz Security Week 2018

  23. https://ctf.attacking.systems

  24. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style 7 Michael Schwarz — Graz Security Week 2018

  25. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag 7 Michael Schwarz — Graz Security Week 2018

  26. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device 7 Michael Schwarz — Graz Security Week 2018

  27. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device • A flag looks like {A_S4MPL3_FL4G!} 7 Michael Schwarz — Graz Security Week 2018

  28. www.tugraz.at Infrastructure • Capture-the-flag (CTF) style • Every challenge has a hidden flag • Flags are usually in a text file flag.txt on the device • A flag looks like {A_S4MPL3_FL4G!} • Goal is to get the flag and submit it to the CTF system 7 Michael Schwarz — Graz Security Week 2018

  29. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm 8 Michael Schwarz — Graz Security Week 2018

  30. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm • Last-minute questions from 2:00pm to 3:00pm 8 Michael Schwarz — Graz Security Week 2018

  31. www.tugraz.at Timeline • CTF runs until Friday, 3:00pm • Last-minute questions from 2:00pm to 3:00pm • Best player/team gets a price 8 Michael Schwarz — Graz Security Week 2018

  32. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) 9 Michael Schwarz — Graz Security Week 2018

  33. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems 9 Michael Schwarz — Graz Security Week 2018

  34. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems • Choose a hacklet, read the description, and download it 9 Michael Schwarz — Graz Security Week 2018

  35. www.tugraz.at How to Start • Use your own computer or our provided Linux VM (on USB or from https://ctf.attacking.systems/res ) • Create or join a team in the CTF system: https://ctf.attacking.systems • Choose a hacklet, read the description, and download it • Solve the hacklet by connecting to the hacklet 9 Michael Schwarz — Graz Security Week 2018

  36. www.tugraz.at How to Connect • Hacklets are accessible over the network 10 Michael Schwarz — Graz Security Week 2018

  37. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port 10 Michael Schwarz — Graz Security Week 2018

  38. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port • You can connect using any telnet-like program: PuTTY Terminal, netcat , telnet netcat , telnet 10 Michael Schwarz — Graz Security Week 2018

  39. www.tugraz.at How to Connect • Hacklets are accessible over the network • Every hacklet has a text interface on a specific port • You can connect using any telnet-like program: PuTTY Terminal, netcat , telnet netcat , telnet • For example on Linux/Mac in the shell: netcat hacklets2.attacking.systems 8000 10 Michael Schwarz — Graz Security Week 2018

  40. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) 11 Michael Schwarz — Graz Security Week 2018

  41. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit 11 Michael Schwarz — Graz Security Week 2018

  42. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff 11 Michael Schwarz — Graz Security Week 2018

  43. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff (Bad) Cryptography you have to break 11 Michael Schwarz — Graz Security Week 2018

  44. www.tugraz.at The Categories There are 4 categories: pwn ( ), forensics ( ), crypto ( ), misc ( ) Vulnerable binaries which you have to exploit Basically finding/reconstructing hidden/deleted stuff (Bad) Cryptography you have to break Random and fun hacklets which do not fit into any category (often no programming required) 11 Michael Schwarz — Graz Security Week 2018

  46. www.tugraz.at How to Start • Download the hacklet 12 Michael Schwarz — Graz Security Week 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI

INJECTING SECURITY INTO WEB APPS AT RUNTIME AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix and NodeJSScan Teach Security: opsecx.com

906 views • 55 slides
Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and

Managing Dependencies and Runtime Security ActiveState Deminar Managing Dependencies and Runtime Security About ActiveState Track-record: 97% of Fortune 1000, 20+ years open source Polyglot: 5 languages - Python, Perl, Tcl, Go, Ruby

727 views • 47 slides
Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating

Why secure the OS? Works directly on the hardware but can be adapted during runtime Operating System Security Data and process are directly visible Application security can be circumvented from lower layers = > good scope

103 views • 8 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides
Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and

Runtime verification meets Android security Gil Vegliach Joint work with Andreas Bauer and Jan-Christoph K uster Background, what Android is Developed by Android Inc. (acquired by Google in 2005) Open Handset Alliance (founded in 2007)

161 views • 15 slides
Runtime Considerations Were moving towards actually producing target code. This means we need

Runtime Considerations Were moving towards actually producing target code. This means we need

10/29/2012 Runtime Considerations Were moving towards actually producing target code. This means we need to consider the runtime actions of the program. CS 1622: Runtime support: Functions and local variable storage Activation

160 views • 4 slides
Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to Programmation Fonctionnelle Avance implement them. http://www-lipn.univ-paris13.fr/~saiu/teaching/PFA-2010 Complex library support at run time

220 views • 8 slides
Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU Expensive in power, area No protection from design errors Does not survive permanent faults Last time we saw an approach that leveraged

246 views • 7 slides
Architecture in Practice: Chrome Reid Holmes Chrome Online content is insecure and can

Architecture in Practice: Chrome Reid Holmes Chrome Online content is insecure and can

Material and some slide content from: Taylor et. al. http://queue.acm.org/detail.cfm?id=1556050 http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf OS-Level Sandbox OS/Runtime OS/Runtime Exploit Barriers Exploit

415 views • 3 slides
Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in Multi-threaded Network Simulation Georg Kunz, Mirko Stoffers, James Gross, Klaus Wehrle Geo g u , o Sto e s, Ja es G oss, aus e e

937 views • 58 slides
Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory

Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory

Runtime Analysis November 28, 2011 Page 1 Systems and Internet Infrastructure Security Laboratory (SIIS) Analysis So Far Prove whether a property always holds May analysis Prove whether a property can hold Must analysis Key step:

441 views • 20 slides
Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework Stochastic Stress Framework Atilla Gunal Technical Computing Group Microsoft Agenda Agenda The Product Concurrency Runtime The

362 views • 21 slides
The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th

The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th

The good, the bad and the ugly: Experiences with developing a PGAS runtime on top of MPI-3 6th Workshop on Runtime and Operating Systems for the Many-core Era (ROME 2018) www.dash-project.org Karl Frlinger Ludwig-Maximilians-Universitt

450 views • 25 slides
Runtime systems Programmation Fonctionnelle Avance

Runtime systems Programmation Fonctionnelle Avance

Introduction and hardware architecture reminders Object representation and runtime typing Automatic memory management Runtime systems Programmation Fonctionnelle Avance http://www-lipn.univ-paris13.fr/~saiu/teaching/PFA-2010 Luca Saiu

1.26k views • 82 slides
MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz,

MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz,

Runtime Monitoring Quantified Event Automata Efficient monitoring Using MarQ MarQ : Monitoring At Runtime with QEA Giles Reger in collaboration with Helena Cuenca Cruz, David Rydeheard at University of Manchester, UK April 17th, 2015 Runtime

1.01k views • 97 slides
Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly,

Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly,

University of Washington Instruction Set Architectures ! ISAs ! Brief history of processors and architectures ! C, assembly, machine code ! Assembly basics: registers, operands, move instructions 1 University of Washington What should the HW/SW

925 views • 27 slides
Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Program Code Analyzers Agenda The Problem Dynamic and Static Tools Examples of

Generic Programming and Library Development The Problems Presentation on Program Code Analyzers Dynamic and Static Tools May 18 th 2007 Examples of Tools Program Code Analyzers Agenda The Problem Dynamic and Static Tools

388 views • 13 slides
Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan,

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin Department of Computer Science, The University of Texas at Dallas Presented by David Gloe Outline Introduction

576 views • 23 slides
Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016

Medusa A disassembler and something more... Angelin Njakasoa BOOZ LSE Summer Week 2016 Quarkslab Angelin Njakasoa BOOZ (LSE Summer Week 2016) Medusa LSE Week 2016 1 / 20 Presentation Whoami? Where do I work? What do I do? Angelin

453 views • 20 slides
Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

9/3/19 DCS/CSCI 2350: Social & Economic Networks Graphs Reading: Ch 2 (Easley-Kleinberg) Mohammad T . Irfan Email: mirfan@bowdoin.edu Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a tree."

518 views • 8 slides
Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal

Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal

Conjunctive Queries on Probabilistic Graphs: Combined Complexity Antoine Amarilli 1 , Mikal Monet 1 , 2 , Pierre Senellart 2 , 3 May 16th, 2017 1 LTCI, Tlcom ParisTech, Universit Paris-Saclay; Paris, France 2 Inria Paris; Paris, France 3

1.3k views • 86 slides
Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of

Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of

Graph Theory Mongi BLEL King Saud University August 30, 2019 Mongi BLEL Graph Theory Table of contents Mongi BLEL Graph Theory Definition A graph G = ( V , E ) is a structure consisting of a set V of

1.17k views • 81 slides
CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive

CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive

CS 401: Computer Algorithm I Complexity / Graphs Xiaorui Sun 1 Complexity Given two positive functions f and g f(N) is O(g(N)) iff there is a constant c > 0 s.t., f(N) is eventually always c g(N) f(N) is W (g(N)) iff there is a

515 views • 24 slides

More recommend