top 10 vulnerabilities
play

Top 10 Vulnerabilities in past 5 years. #10 - DROWN Vulnerability - PowerPoint PPT Presentation

Apr 02, 2024 •203 likes •419 views

Top 10 Vulnerabilities in past 5 years. #10 - DROWN Vulnerability in downgrading to SSLv2 Can break encryption of TLS in ~8 hours Requires MITM March 2016 #9 - POODLE Vulnerability in downgrading to SSLv3 Decipher cipher

  1. Top 10 Vulnerabilities in past 5 years.

  2. #10 - DROWN ๏ Vulnerability in downgrading to SSLv2 ๏ Can break encryption of TLS in ~8 hours ๏ Requires MITM ๏ March 2016

  3. #9 - POODLE ๏ Vulnerability in downgrading to SSLv3 ๏ Decipher cipher text ๏ Requires MITM ๏ October 2014

  4. Bonus - TLS/SSL Vulnerabilities ๏ CRIME - Compression Ratio Info (Made Easy) ๏ BEAST - Browser Exploit Against SSL/TLS ๏ BREACH - Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext ๏ FREAK - Factoring RSA Keys ๏ NOMORE - Numerous Occurrence Monitoring & Recovery Exploit

  5. #8 - ImageTragick ๏ Improper filtering lead to RCE ๏ Dangerous due to SVG/MVG ๏ May 2016

  6. #8 - ImageTragick

  7. #7 - Mirai ๏ IOT Device scanning ๏ default user/pass ๏ Exploit w/ malware ๏ DDOS ๏ August 2016

  8. #7 - Mirai (Aggressive) ๏ Kill SSH, Telnet, HTTP ๏ Kill other bots from memory (QBOT) ๏ Remove other malware ๏ Growth of aggressive malware development

  9. #6 - KRACK ๏ WPA2 nonce reuse ๏ Trick victim into connecting to rogue network ๏ all-zero key during rekeying on some systems ๏ October 2017

  10. #6 - KRACK

  11. Bonus - Conficker ๏ Spread via MS 0days ๏ Family of malware (A-E versions) ๏ Upgraded themselves to E ๏ Goal: Install spyware ๏ November 2008

  12. #5 - WannaCry ๏ NSA (ExternalBlue) exploits ๏ Ransomware ๏ Kill switch found ๏ Windows XP ๏ May 2017

  13. #4 - Stagefright ๏ Overflow, into system user space ๏ No action required ๏ Android affected ๏ Pivot attack after ASLR ๏ July 2015

  14. #3 - Dirty COW ๏ Change on Write ๏ Race Condition ๏ Write access to read-only areas ๏ Difficult to detect ๏ November 2016

  15. #2 - Heartbleed ๏ Buffer overflow ๏ “heartbeat” from openSSL ๏ Could extract private keys ๏ Website, logo, etc ๏ April 2014

  16. #2 - Heartbleed (XKCD)

  17. Bonus - Stuxnet ๏ Very smart malware ๏ Specific host goal ๏ Multiple 0days together ๏ Rootkit to control rotational speed ๏ June 2010

  18. #1 - Shellshock ๏ Parser error in bash ๏ Led to ACE ๏ Bug since 1989 ๏ Discovered September 2014

  19. #1 - Shellshock ๏ Hide in headers (apache) ๏ ping/wget to identify infected ๏ Denial of Service ๏ DDOS ๏ Spam mail

  20. Connor Tumbleson 
 @iBotPeaches connortumbleson.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides
Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction

TRENDS IN WEB VULNERABILITIES MICHEL CHAMBERLAND Introduction Agenda Introduction Session Goals Presenter and Trustwave SpiderLabs background Analysis Overview Data Source Most frequently found SEVERE vulnerabilities

907 views • 62 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities Yuan Xiao, Yinqian Zhang, Radu Teodorescu The Ohio State University SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities Leverage

512 views • 24 slides
The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus

The Beauty and the Beast Vulnerabilities in Red Hats Packages Stephan Neuhaus <Stephan.Neuhaus@disi.unitn.it> Thomas Zimmermann <tzimmer@microsoft.com> Vulnerabilities are important because fixing them costs a lot of money (2005

1.9k views • 73 slides
Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design

Outstanding Communications Solutions Root Canal A new class of SS7 vulnerabilities Agenda SS7 Vulnerable by design Acknowledged signalling vulnerabilities The root problem Mitigation The signaling band-aid A new class

787 views • 54 slides
Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow

Last time We finished up By looking at Buffer Overflow overflows Defenses and other memory safety vulnerabilities Buffer overflow defenses (and workarounds) Format string vulnerabilities Integer overflow vulnerabilities This time

1.29k views • 80 slides
Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department

Vulnerabilities in C/C++ programs Part I TDDC90 Software Security Ulf Kargn Department of Computer and Information Science (IDA) Division for Database and Information Techniques (ADIT) Vulnerabilities in C-based languages

633 views • 59 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1

Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1

Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Dependence in IV-related bytes of RC4 key enhances vulnerabilities in WPA Sourav Sen Gupta 1 Subhamoy Maitra 1 Willi Meier 2 Goutam Paul 1 Santanu Sarkar 3 Indian

749 views • 30 slides
Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to

Outline Vulnerabilities in OS interaction Low-level view of memory CSci 5271 Introduction to Computer Security Intermission: gdb demo Day 3: Low-level vulnerabilities Basic memory-safety problems Stephen McCamant Where overflows come from

401 views • 8 slides
TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication

TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication

TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication Confidentiality by applying block & stream ciphers - Integrity with MACs - Authenticity with certificates - Predecessor: SSL (secure

557 views • 13 slides
Cipher Techniques Chapter 12 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Cipher Techniques Chapter 12 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Cipher Techniques Chapter 12 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 12-1 Overview Problems What can go wrong if you naively use ciphers Cipher types Stream or block ciphers? Networks Link vs

1.79k views • 129 slides
Instance Variables The JOptionPane Class The JOptionPane Class displays a dialog for user

Instance Variables The JOptionPane Class The JOptionPane Class displays a dialog for user

Instance Variables The JOptionPane Class The JOptionPane Class displays a dialog for user information and interaction... ... it is part of the javax.swing package and must be imported before you can use it. import

1.12k views • 76 slides
Shared Portable Moodle Taking online learning offline to support disadvantaged students Stephen

Shared Portable Moodle Taking online learning offline to support disadvantaged students Stephen

Shared Portable Moodle Taking online learning offline to support disadvantaged students Stephen Grono, School of Education sgrono2@une.edu.au University of New England, Armidale @calvinbal Shared Portable Moodle Taking online learning

343 views • 22 slides
Representing Knowledge Using Rules Procedural Versus Declarative Knowledge Logic

Representing Knowledge Using Rules Procedural Versus Declarative Knowledge Logic

Representing Knowledge Using Rules Procedural Versus Declarative Knowledge Logic Programming Forward versus Backward Reasoning Matching Control Knowledge Chapter 6

518 views • 10 slides
What is REASONABLE? Discussing the Accommodation Process within the College Environment By:

What is REASONABLE? Discussing the Accommodation Process within the College Environment By:

9/2/2017 What is REASONABLE? Discussing the Accommodation Process within the College Environment By: Tessa DiPerri & Crystal Tenan 1 About Us Tessa DiPerri Tessa DiPerri, is a higher educational professional with experience in

223 views • 11 slides
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 Juraj j Somorovsky vsky.

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 Juraj j Somorovsky vsky.

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 Juraj j Somorovsky vsky. . Syste temat atic Fuzzing and Testing g of TLS Libraries es 1 Transport Layer Security The most important crypto protocol HTTP, SMTP,

467 views • 43 slides
MacSeisApp: An Early Earthquake Warning System Shayan Mehrazarin October 28, 2015 California

MacSeisApp: An Early Earthquake Warning System Shayan Mehrazarin October 28, 2015 California

MacSeisApp: An Early Earthquake Warning System Shayan Mehrazarin October 28, 2015 California State University, Dominguez Hills Outline Introduction Background on Apples Sudden Motion Sensor (SMS) Background on Apples

436 views • 22 slides

More recommend