security vulnerabilities exploits and attack patterns 15
play

Security vulnerabilities, exploits and attack patterns: 15 years of - PowerPoint PPT Presentation

Aug 11, 2023 •344 likes •767 views

15th USENIX Security Symposium | July 31st August 4th 2006 | Vancouver, B.C. - Canada Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun & profit Ivn Arce Core Security Technologies Humboldt

  1. 15th USENIX Security Symposium | July 31st – August 4th 2006 | Vancouver, B.C. - Canada Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun & profit Iván Arce Core Security Technologies Humboldt 1967 2do Piso Buenos Aires, Argentina (+54-11) 5556-2673 www.coresecurity.com 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  2. .prolog .prolog . 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  3. Who is this guy?! � CTO and co-founder of Core Security Technologies (http://www.coresecurity.com) Founded 1996 in Buenos Aires, Argentina – Involved in security research and vulnerability discovery ever since � Early adopters and pioneers of the public diclosure process for software bugs – 50+ security advisories, papers and technical articles published – Several hundredths of bugs reported – Coordinated bug report with Microsoft, Cisco, Sun, SGI, IBM, Digital, HP, all Linux vendors, BSD, etc. – � Develops and sells the first commercial software package for automated network penetration testing that includes real exploit code CORE IMPACT ($) – Provides security consulting services: Network/Application penetration testing, source � code security audits & training Does research, development and maintainance (...barely...) of a handful of � defensive/offensive security OSS projects Core Force, Core Wisdom, Secure Syslog, Modular Syslog, Pcapy, Impacket, Uhooker, crypto systems, – attack simulation & modeling, software rights protection, webapp privacy & security.... 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  4. But also... Editor for IEEE Security & Privacy magazine � New Vulnerabilities and Attack Trends department – Mental note: *check out IEEE S&P magazine* – http://www.computer.org/portal/site/security Un-graduated Electronic Engineering student at UBA � At 4 out of 7 years to degree – A more respectable way of saying “college dropout” – Former head of R+D at Computer Telephony Integration startup in Argentina � Dealt with early day CTI HW & SW – Had to work with PBXs, CO swtiches, PSTN, signalling systems, SS7, MFCR2, CCITT 5 – Force to understand non-IP data networks and protocols: X.25, SNA, IPX, propietary – Forced to deal with “obscure” systems: MVS/TSO/CICS, Tandem NonStop, VMS, Prime – OS, HP RTE Forced to write, break and fix mission critical/security sensitive apps. – Basically, a monkey with a keyboad (and a low budget) � 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  5. Why is any of this relevant ?? Speaking @ the 15th USENIX Security Symposium 10. I felt honored by the invitation. I accepted 20. I realized I had nothing really deep, new or interesting to talk about 30. Somebody made a terrible mistake. What were they thinking?! 40. So now I need to talk my way out of here (hopefully alive) 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  6. What is this talk about then? Speaking @ the 15th USENIX Security Symposium The only thing I am somewhat authoritative about � But how to do that without being: � Arrogant Boring Content-free Blame it on others! � 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  7. 1991-2006: 15 years in the infosec industry The generation that came to the infosec world in the 1990s Hackers, crackers, phreakers, virus writers, game developers, hardware � manglers Self-perceived and often called Computer artists � Greedy new business men � Pseudo-scientists � Half-baked engineers (hey, don’t look at me!) � Dangerous criminals � Treacherous cyber-terrorists � Technological anarchists � Progressive thinking libertarians what will save the world, the whales and our � precious bodily fluids 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  8. What does it mean to the information security discipline? The information security avant garde I looked it up on Wikipedia http://en.wikipedia.org/wiki/Avant-garde Avant-garde in French means front guard, advance guard, or vanguard. People often use the term in French and English to refer to people or works that are experimental or novel, particularly with respect to art, culture and politics. According to its champions, the avant-garde pushes the boundaries of what is accepted as the norm within definitions of art/culture/reality. …proponents of the avant-garde argue it is relevant to art because without these movements art itself would stagnate and become dormant and merely craft, repeating the same style over and over… So… did it meant any improvement? 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  9. My first computer ~1982 The birth of a computer user My first computing experience � Commodore VIC-20 – ~4KB RAM, MOS 6502 1Mhz CPU – 22 column x 23 row color display (RF out to TV) – ROM BASIC – ~ $300USD – http://oldcomputers.net/vic20.html Seen as a toy to experiment and play with � Installed the notion of computers (and eventually – computer security) as a game rather than a tool for formal education or work Hence the difference: Adversary vs. Enemy – Experimental, self-centered, bound by its physical – limitations And hinted at many undocumented and hidden – features 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  10. My 2nd computer. Commodore C-64 ~1982 The birth of a computer user Apple II, TRS-80, TI-99/4A, Sinclair ZX80, Timex/Sinclair 1000, Atari 400/800 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  11. How the toys went wrong Programing with home computers VIC-20 Programmer’s reference guide (http://www.geocities.com/rmelick/prg.txt) “VIC-20: An all-purpose reference guide for the first-time computerists as well as experienced programmers!” “ The great thing about a computer is that you can tailor the machine to do what you � want it to - you can make it calculate your home budget, play arcade - style action games - you can even make it talk! And the best thing is, if your VIC 20 does only ONE of the things listed below, it's well worth the price you paid for it.“ � “ In the future, being able to "speak" a computer language will give you a tremendous advantage over those who can't...not because you can write a computer program, but because you'll have a better understanding of what a computer is and does, and you'll be able to make better use of computing at school, on the job and at home…” 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  12. The misterious “Machine Language” Programming with home computers VIC-20 Machine Language programming guide: WHAT IS MACHINE LANGUAGE? At the heart of every microcomputer, there is a � central microprocessor, a very special microchip which is the "brain" of the computer. The VIC 20's microprocessor is the 6502 chip. Every microprocessor understands its own language of instructions, and these instructions are called the machine language instructions of that chip. To put it more precisely, machine language is the ONLY programming language that your VIC 20 really understands. It is the native language of the machine. WHAT DOES MACHINE CODE LOOK LIKE? You should be familiar with the � PEEK, and POKE commands in the CBM BASIC language for changing memory locations. You will probably have used them for graphics on the screen, and for sound effects. The memory locations will have been 36874, 36875, 36876, 36877, 36878 for sound effects. This memory location number is known as the "address" of a memory location. If you can imagine the memory in the VIC 20 as a street of houses, the number on the door is, of course, the address. Now we will look at which parts of the street are used for which purpose… BYTE magazine and my first “security incident” 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  13. …10 YEARS LATER 10 YEARS LATER … Home computer users become professionals 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

  14. INFORMATION SECURITY 1990 Post RTM worm � No public discussion and research about security � UNIX security list: ~450 subscribers (1989) – Zardoz security list (1989-1991) – Core security list (1990-1991) – No TCP/IP stack on Windows � No Linux � No “web” � No Google (only “archie”) � Security information flowed from technical journals, BBSes and � underground publications (Phrack et al.) 15 th Usenix Security Symposium | July 31 st – August 4 th 2006 | Vancouver B.C. - Canada

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
LINUX VULNERABILITIES, WINDOWS EXPLOITS Escalating Privileges with WSL Saar Amar Recon brx 2018

LINUX VULNERABILITIES, WINDOWS EXPLOITS Escalating Privileges with WSL Saar Amar Recon brx 2018

LINUX VULNERABILITIES, WINDOWS EXPLOITS Escalating Privileges with WSL Saar Amar Recon brx 2018 WHO AM I? Saar Amar Security Researcher Pasten CTF team member @AmarSaar saaramar OUTLINE World rld s quic ickest t in intr tro to

743 views • 43 slides
Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter

Buffer Overflow Vulnerabilities Exploits and Defensive Techniques Adam Butcher and Peter Buchlovsky 8. March 2004 University of Birmingham 1 Contents 1. Call-stacks, shellcode, gets 2. Exploits stack-based, heap-based 3. Defensive

1.56k views • 123 slides
Windows Metafiles An Analysis of the EMF Attack Surface & Recent Vulnerabilities Mateusz

Windows Metafiles An Analysis of the EMF Attack Surface & Recent Vulnerabilities Mateusz

Windows Metafiles An Analysis of the EMF Attack Surface & Recent Vulnerabilities Mateusz j00ru Jurczyk PacSec, Tokyo 2016 PS> whoami Project Zero @ Google Low-level security researcher with interest in all sorts of

1.62k views • 150 slides
Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack

Software Defjned Networking Security Outline Introduction What is SDN? SDN attack surface Recent vulnerabilities Security response Defensive technologies Next steps Introduction Security nerd, recovering

790 views • 39 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Pr Preve venting exploits against memo memory-co corruption vulnerabilities Chengyu Song

Pr Preve venting exploits against memo memory-co corruption vulnerabilities Chengyu Song

Pr Preve venting exploits against memo memory-co corruption vulnerabilities Chengyu Song Georgia Tech Agenda Memory corruption vulnerability Thesis Statement Approaches SDCG Kenali HDFI Conclusion Memory

737 views • 72 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications Avinash Sudhodanan

Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications Avinash Sudhodanan

Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications Avinash Sudhodanan (sudhodanan@fbk.eu) Alessandro Armando (armando@fbk.eu) Roberto Carbone (carbone@fbk.eu) Luca Compagna (luca.compagna@sap.com) NDSS, San Diego,

508 views • 27 slides
Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe

Software Vulnerabilities in Programming Languages and Applications A presentation to Ada Europe 2010 Stephen Michell, Maurya Software, Ottawa, Canada Security There are people out there trying to attack every computer that we own. Most

503 views • 48 slides
A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford

A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford

A Network Black Box with Splunk for Forensic Analysis of Attack Patterns Clive Blackwell Oxford Brookes University Oxford, United Kingdom CBlackwell@brookes.ac.uk Roadmap Three layer architectural security model Influenced by OSI

782 views • 37 slides
Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A

Security & Compliance Thursday, September 4 2014 What is a security breach/attack? A security breach/attack is defined as an event in which a corporations network is compromised or an individuals name plus Social Security Name (SSN),

890 views • 12 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
LINUX AND C++ UNDER ATTACK! CS4414 Lecture 24 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR TODAY

LINUX AND C++ UNDER ATTACK! CS4414 Lecture 24 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR TODAY

Professor Ken Birman LINUX AND C++ UNDER ATTACK! CS4414 Lecture 24 CORNELL CS4414 - FALL 2020. 1 IDEA MAP FOR TODAY SYN ACK attacks Stack Overflow Exploits Kernel Level Exploits Key Theft. Covert Channels CORNELL CS4414 - FALL 2020. 2

919 views • 50 slides
Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1

Protection Disclaimer: some slides are adopted from book authors slides with permission 1 Recap Distributed computing Sharing, performance, reliability Terminology Network Packet Protocol DNS A distributed

554 views • 24 slides
Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley,

Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley,

Security Through Examples Exploring Cyber Security in Critical Infrastructure Tim Yardley, University of Illinois Urbana-Champaign yardley@illinios.edu Introduction Material September 30, 2016 cred-c.org Se Settin ing T The St Stage 1

495 views • 20 slides
Probabilistic Reasoning; Network-based reasoning COMPSCI 276, Spring 2017 Set 1: Introduction

Probabilistic Reasoning; Network-based reasoning COMPSCI 276, Spring 2017 Set 1: Introduction

Probabilistic Reasoning; Network-based reasoning COMPSCI 276, Spring 2017 Set 1: Introduction and Background Rina Dechter (Reading: Pearl chapter 1-2, Darwiche chapters 1,3) 1 Example of Common Sense Reasoning Zebra on Pajama : (7:30 pm): I

626 views • 47 slides
In collabora*on with IDPF and BISG Session 4: DRM Moderator: Oliver

In collabora*on with IDPF and BISG Session 4: DRM Moderator: Oliver

In collabora*on with IDPF and BISG Session 4: DRM Moderator: Oliver Brooks Gerardo Capiel Minhyung Ko Jim Dovey Valobox Benetech Samsung Kobo Ill talk about general

642 views • 28 slides
Using Math Talk to Support Learning Melissa Hedges DPI Math Consultant Wisconsin Mathematics

Using Math Talk to Support Learning Melissa Hedges DPI Math Consultant Wisconsin Mathematics

Using Math Talk to Support Learning Melissa Hedges DPI Math Consultant Wisconsin Mathematics Council Annual Meeting May 3, 2017 Agenda Using Math Talk to Support Learning Developing Math Talk Through Number Talks Number Talks for

392 views • 25 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Snack Tectonics YOU WILL NEED: FRUIT ROLL UP GRAHAM CRACKERS WAX PAPER POPSICLE STICK

Snack Tectonics YOU WILL NEED: FRUIT ROLL UP GRAHAM CRACKERS WAX PAPER POPSICLE STICK

Snack Tectonics YOU WILL NEED: FRUIT ROLL UP GRAHAM CRACKERS WAX PAPER POPSICLE STICK FROSTING CUP WITH WATER

327 views • 6 slides
Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 L18 CSU

Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 L18 CSU

Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 L18 CSU Cybersecurity Center Computer Science Dept 1 1 Detectability Profile 1.2 To test a potential fault, it needs to be 1 triggered and error needs

336 views • 33 slides

More recommend