who am i
play

who am I? Lead researcher at Possible Security, Latvia Hacking and - PowerPoint PPT Presentation

Feb 19, 2024 •288 likes •1.09k views

who am I? Lead researcher at Possible Security, Latvia Hacking and breaking things Network flow analysis Reverse engineering Social engineering Legal dimension https://kirils.org/ twitter / @KirilsSolovjovs who

  2. who am I? ● Lead researcher at Possible Security, Latvia ● Hacking and breaking things – Network flow analysis – Reverse engineering – Social engineering – Legal dimension ● https://kirils.org/ ● twitter / @KirilsSolovjovs

  3. who manages the zoo?

  5. IPv4 exhaustion

  6. RIPE db objects → attributes → other objects

  7. object name objects object type poem: POEM-RIPE55-7 form: FORM-LIMERICK descr: Critical Infrastructure text: The DNS, the power, whois? text: Wikipedia or Google it is? text: No; when I'm in a rush other objects text: And the loo doesn't flush text: Where do I go for a piss? author: LIM1-RIPE admin-c: LIM1-RIPE mnt-by: LIM-MNT created: 2007-10-26T21:18:21Z last-modified: 2007-10-26T21:18:21Z attribute name attribute value

  8. Latvian internet?

  10. AS-NIC-LV as-set: AS-NIC-LV descr: AS-s of Latvia admin-c: NICo3-RIPE tech-c: NICo3-RIPE mnt-by: lumii-mnt created: 2010-06-09T07:56:49Z last-modified: 2019-09-17T10:23:08Z role: Network Information Centre of LV

  11. AS-s of Latvia as-set: AS-NIC-LV as-set: AS-LATVIA descr: AS-s of Latvia descr: AS-s of Latvia admin-c: NICo3-RIPE admin-c: LN645-RIPE tech-c: NICo3-RIPE tech-c: LN645-RIPE mnt-by: lumii-mnt mnt-by: AS2588-MNT mnt-lower: LTK created: 2010-06-09T07:56:49Z created: 2002-09-17T12:15:54Z last-modified: 2019-09-17T10:23:08Z last-modified: 2019-02-27T09:38:16Z role: Network Information Centre of LV role: Latnet HostMaster

  12. AS-NIC-LV AS-LATVIA

  13. geolocation, maybe? inetnum: 212.22.75.0 - 212.22.75.255 netname: LV-location geoloc: 56.9519 24.1221 country: LV admin-c: DM16411-RIPE tech-c: DM16411-RIPE status: ASSIGNED PA mnt-routes: CTH-DCMSK mnt-domains: CTH-DCMSK mnt-by: QUADRONET-MNT

  17. country attribute? inetnum: 185.58.140.109 - 185.58.140.109 netname: SE-MISSGROUP descr: MissDomain Group AB country: LV admin-c: MGN45-RIPE tech-c: MGN45-RIPE status: ASSIGNED PA mnt-by: MISSGROUP-NCC created: 2015-09-10T10:42:58Z last-modified: 2018-08-21T11:49:38Z

  18. RIPE db is a mess... inetnum: 159.148.0.0 - 159.148.255.255 netname: LV-LATNET-19990315 descr: RIGA 1/4096 inetnum: 159.148.6.128 - 159.148.6.143 netname: ROBERTSONBLUMS descr: Robertson & Blums SIA ½ inetnum: 159.148.6.136 - 159.148.6.143 netname: Latnet-infrastructure descr: LATNET ISP

  20. nic.lv/local.net #####DESCR. PART###### ######ACCT. PART###### ##Latvijas Nacionala Biblioteka:www.lnb.lv:AS201547 159.148.0.0/16 #5.45.44.0/22 193.41.195.0/24 ##SIA Latnet Serviss:www.ls.lv:AS2588 193.41.33.0/24 #159.148.0.0/16 193.41.45.0/24 #85.254.0.0/17 193.68.64.0/19 #85.254.128.0/18 193.108.29.0/24 #79.135.128.0/19 193.108.144.0/22 #176.67.32.0/20 193.108.185.0/24 #185.62.196.0/22 193.109.211.0/24 ##IZZI:www.izzi.lv:AS6851 193.110.8.0/23 #194.8.42.0/24 193.110.164.0/23 #84.38.128.0/20 193.111.244.0/22 ##Hansabanka:www.hansabank.lv:AS9091 195.69.88.0/22 #194.8.10.0/23 193.178.150.0/23

  21. nic.lv/local.net ##Hansabanka:www.hansabank.lv:AS9091 #194.8.10.0/23 91.220.0.0/24 91.221.98.0/23 ##Eunet (Versija):www.eunet.lv:AS8285 #194.8.5.0/24 194.8.4.0/22 #194.8.6.0/23 .

  22. not in local.net inetnum: 185.61.150.0 - route: 185.61.150.0/24 185.61.150.255 descr: Makonix netname: Makonix origin: AS52173 descr: Makonix SIA mnt-by: Makonix country: LV created: 2015-02-12T16:11:46Z admin-c: MTC62-RIPE last-modified: 2015-02-12T16:11:46Z tech-c: MTC62-RIPE source: RIPE status: ASSIGNED PA mnt-by: Makonix $ whois AS-NIC-LV|grep AS52173 created: 2015-09-14T14:35:02Z members: AS52173 last-modified: 2015-09-14T14:35:02Z members: AS52173

  23. what is in local.net ??

  24. 194.8.12.0/23 is in local.net ! inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr: The whole IPv4 address space country: EU # Country field is actually all countries in the world and not just EU countries org: ORG-IANA1-RIPE admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED remarks: This object represents all IPv4 addresses. remarks: If you see this object as a result of a single IP query, it remarks: means that the IP address you are querying is currently not remarks: assigned to any organisation. mnt-by: RIPE-NCC-HM-MNT mnt-lower: RIPE-NCC-HM-MNT

  25. how large is the zoo? ● RIPE ● nic.lv/local.net – country:lv 2002727 – DESCR. 2211904 ● 133875 of them not – ACCT. 2212416 in nic.lv ● 260649 of them don’t – country:lv+ 23040 have country:lv – total 2025411 – total 2212928

  26. ok, so what to use? ● for historic reasons: local.net ACCT. part ● BGP to be further researched as an option

  27. methodology 1) choose what to scan 2) choose ports and protocols 3) choose date and time 4) grab banners and web 5) analyse everything*

  28. tools ● whois ● progress 🖥 ● masscan ● bash ● zmap ● GNU coreutils ● nmap ● chart 🖥 ● parallel http://eja.lv/3c0

  29. allocation type (status attribute)

  31. dns PTR $ host 194.19.240.152 152.240.19.194.in-addr.arpa domain name pointer beidziet.piesavinaaties.adresi. telia.lv.240.19.194.in-addr.arpa. → “stop appropriating the address”

  32. dns PTR

  33. invalid PTR records (2 nd lvl @gov.lv)

  34. overall host response

  35. icmp probe responses

  36. icmp probe responses

  37. icmp probe responses

  38. mobile users (icmp)

  39. icmp reachability dynamic per isp [ANIMATION]

  40. tcp port responses: all

  41. tcp port responses: low ports

  42. oh!

  43. oooooooh...

  44. select tcp ports in top isps

  45. top isp per port

  46. top isp per port (udp)

  47. select actual ports per service (tcp)

  48. ^ Apache ^ IIS nginx

  49. OpenSSH Exim

  50. ftp servers

  51. mysql versions

  52. Interesting banners ● Ftp firmware update utility – 21/tcp on 28 broadband routers

  53. Certifjcates 107093 certs gathered from 50840 ip/ports 56274 non-CA certs from 42600 ip/ports

  54. Certifjcates ● 125 use EC – 256 bit – 110 – 384 bit – 15 ● 56149 use RSA

  55. Certifjcates ● 38.8% unique ● 61.5% unique excluding same IP ● 80.2% unique excluding same /24

  56. Top duplicate certifjcate #1 ● 2056 Samsung smart TVs ● Not Before: Jan 1 00:00:00 1970 GMT ● Not After : Jan 1 00:00:00 2030 GMT ● Subject: ST = Surrey, C = GB, emailAddress = contact@samsung.com, O = Samsung SERI, OU = DTV, CN = server1

  57. Top duplicate certifjcate #2 ● 1408 Samsung smart TVs ● Not Before: Jan 1 00:00:00 1970 GMT ● Not After : Jan 1 00:00:00 2030 GMT ● Subject: ST = Surrey, C = GB, emailAddress = contact@samsung.com, O = Samsung SERI, OU = DTV, CN = 106.1.9.39

  58. Top duplicate certifjcate #3 ● 1273 dahua security cameras ● Not Before: Jun 18 09:16:23 2013 GMT ● Not After : Jun 19 09:16:23 2016 GMT ● Subject: CN = 192.168.1.108, C = CN, ST = ZHEJIANG, L = HANGZHOU, O = DAHUA, OU = DAHUATECH

  60. http

  61. Cert issuers

  62. Authorities

  73. 2899

  74. 1266

  75. 1028

  76. 760

  77. 500

  78. Watch my presentations: https://kirils.org/ Follow me @KirilsSolovjovs

  79. Obviously, All the screenshots and logos in the presentation are used on a fair-use basis. Furthermore, obviously, No affiliation is claimed with any companies mentioned in the presentation.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to make package managers cry (or) How to piss off package managers (pick one) Kenneth Hoste

How to make package managers cry (or) How to piss off package managers (pick one) Kenneth Hoste

How to make package managers cry (or) How to piss off package managers (pick one) Kenneth Hoste kenneth.hoste@ugent.be GitHub: @boegel Twitter: @kehoste FOSDEM 2018 Package Management devroom Feb 3rd 2018, Brussels

796 views • 31 slides
Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu

Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu

Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu alina.sirbu@unipi.it Health and computer science Mathematics Health Systems informatics biology Medicine Computer Physics Science Bioinformatics

112 views • 8 slides
The second wave: the success stories DARPA (American Defense Advanced Research Projects Agency)

The second wave: the success stories DARPA (American Defense Advanced Research Projects Agency)

The BioRobotics Institute Scuola Superiore SantAnna, Pisa Embodied Intelligence in Natural and Artificial Agents Robotics is coming of age Fabio Bonsignorio 1,2,3,4,5,6 RoboCom++ Embodied Intelligence in Natural and Artificial Agents WG Leader

491 views • 18 slides
TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems

TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems

Types of Numbers What is a number? Complex Russian Dolls Model Real Rational TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems Representation in Computers https://www.ida.liu.se/~TDDE25/index.en.shtml

370 views • 12 slides
H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O)

H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O)

H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O) An overview of practical steps and phases in effectively growing an organisation's technical competency. Peter Brownell @greenman

417 views • 18 slides
The road to Hell is paved with best practices Image: Caution, a Creative Commons

The road to Hell is paved with best practices Image: Caution, a Creative Commons

The road to Hell is paved with best practices Image: Caution, a Creative Commons Attribution Non- Commercial Share-Alike (2.0) image from zippy'sphotostream Warning <RANT> Why Not all best practices seem to make us more

1.19k views • 71 slides
Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System Administration 3. GUI Tricks 4. Command line tricks 5. Docs & Resources Architecture - 1 - Directory Layout / /Applications and

648 views • 38 slides
Session 1: Concepts P . S. Langeslag 18 October 2018 Power User Someone who uses advanced

Session 1: Concepts P . S. Langeslag 18 October 2018 Power User Someone who uses advanced

Session 1: Concepts P . S. Langeslag 18 October 2018 Power User Someone who uses advanced functionality Example: regular expressions Does a Power User Need Linux? No; but it helps to have a terminal and a range of POSIX-compliant tools.

565 views • 35 slides
Informatics 1 Computation and Logic Lecture 1: Communication Michael Fourman @mp4man 1

Informatics 1 Computation and Logic Lecture 1: Communication Michael Fourman @mp4man 1

Informatics 1 Computation and Logic Lecture 1: Communication Michael Fourman @mp4man 1 Informatics The science of systems that sense, store, process, communicate, or act on information 2 software, hardware, people, & things 3 4

551 views • 30 slides
CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 17: Web Security Slide credits:

CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 17: Web Security Slide credits:

CS419 Spring 2010 Computer Security Vinod Ganapathy Lecture 17: Web Security Slide credits: Prof. Vitaly Shmatikov, UT-Austin. Browser and Network request website Browser reply Network OS Hardware February 12, 2002 Microsoft Issues

834 views • 62 slides
@BenBalter (http://twitter.com/benbalter) government@github.com (mailto:government@github.com)

@BenBalter (http://twitter.com/benbalter) government@github.com (mailto:government@github.com)

@BenBalter (http://twitter.com/benbalter) government@github.com (mailto:government@github.com) ben.balter.com/collaborative-policymaking (http://ben.balter.com/collaborative- policymaking) Creation distinct from publication High barrier

791 views • 39 slides
Deep Learning Robot Demo - ROS and Robotic Software Makespace, Cambridge UK 22nd February 2016

Deep Learning Robot Demo - ROS and Robotic Software Makespace, Cambridge UK 22nd February 2016

Deep Learning Robot Demo - ROS and Robotic Software Makespace, Cambridge UK 22nd February 2016 About Me Games VR Webisodes / Entertainment Software development Startups simon@robotlux.com @eurodemanding Sold Sold

700 views • 43 slides
EXEC Timeout What is EXEC timeout To allow access to your Cisco devices you can configure a

EXEC Timeout What is EXEC timeout To allow access to your Cisco devices you can configure a

EXEC Timeout What is EXEC timeout To allow access to your Cisco devices you can configure a number of lines. Examples of these lines are the console port (line con 0), virtual ports for remote access (vty line), and the auxiliary

133 views • 11 slides
Travel Security Ryan Lackey <ryan@venona.com> B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0

Travel Security Ryan Lackey <ryan@venona.com> B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0

Travel Security Ryan Lackey <ryan@venona.com> B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F @octal BalCCon 2k17 - Novi Sad, Serbia - 17 September 2017 Overview System to think about relative risk of travel Tactics,

573 views • 43 slides
Great British IXP Failures UKNOF 32 Meeting, Sheffield 16 th September 2015 Keith Mitchell

Great British IXP Failures UKNOF 32 Meeting, Sheffield 16 th September 2015 Keith Mitchell

Great British IXP Failures UKNOF 32 Meeting, Sheffield 16 th September 2015 Keith Mitchell SMOTI Enterprises Inc. Speakers Background Internet operations and development since 1986, co-founder of: UKs first commercial ISP, PIPEX

455 views • 26 slides
Einfhrung in die Pragmatik und Diskurs: Computational Discourse Processing A. Palmer/A. Horbach

Einfhrung in die Pragmatik und Diskurs: Computational Discourse Processing A. Palmer/A. Horbach

Einfhrung in die Pragmatik und Diskurs: Computational Discourse Processing A. Palmer/A. Horbach Universitt des Saarlandes 16 June 2014 apalmer@coli.uni-sb.de ( Universitt des Saarlandes ) Alexis Palmer Pragmatik & Diskurs:

588 views • 33 slides
R EVOLUTION & P OLITICAL V IOLENCE TODAYS AGENDA 1 What is order? And where does it come

R EVOLUTION & P OLITICAL V IOLENCE TODAYS AGENDA 1 What is order? And where does it come

Poli-416: R EVOLUTION & P OLITICAL V IOLENCE TODAYS AGENDA 1 What is order? And where does it come from? 2 Order in prisons 3 Rebel economic and symbolic order What are some other examples from the semester? Local justice

1.09k views • 70 slides
IN5550: Neural Methods in Natural Language Processing IN5550 Neural Methods in Natural

IN5550: Neural Methods in Natural Language Processing IN5550 Neural Methods in Natural

IN5550: Neural Methods in Natural Language Processing IN5550 Neural Methods in Natural Language Processing Final Exam: Task overview Stephan Oepen, Lilja vrelid, Vinit Ravishankar & Erik Velldal University of Oslo April 25, 2019

383 views • 37 slides
Metaprogramming Ruby - What the hell's a DSL? murphee (Werner Schuster) Blog @

Metaprogramming Ruby - What the hell's a DSL? murphee (Werner Schuster) Blog @

Metaprogramming Ruby - What the hell's a DSL? murphee (Werner Schuster) Blog @ http://jroller.com/page/murphee Meta? Programs that write Programs Compiler DSLs Regexes, anyone? Always good to start with quotes by... Alan Kay The

752 views • 58 slides
ECONOMICS HSC EC HEAD START LECTURE 2019 Presented by: Isaac Dela Torre Todays Agenda

ECONOMICS HSC EC HEAD START LECTURE 2019 Presented by: Isaac Dela Torre Todays Agenda

ECONOMICS HSC EC HEAD START LECTURE 2019 Presented by: Isaac Dela Torre Todays Agenda Economic Skills Globalisation HOW TO SMASH HSC ECONOMICS!! Protection Development Case Study Introduction Housekeeping Rules Ask Questions

1.02k views • 83 slides
Dunk Island Work Experience work! We joined the rest of the staff in June 1 - 7, 2008 the

Dunk Island Work Experience work! We joined the rest of the staff in June 1 - 7, 2008 the

Issue 08, June 20, 2008 quickly gaining THOUGHT FOR THE DAY confidence with the There is no limit to what can be accomplished if it doesn't routines and the matter who gets the credit - Ralph Waldo Emerson guests. What a beautiful

995 views • 4 slides
J-PARC High Intensity Neutrino Beam T. Sekiguchi (KEK) on behalf of T2K Beam Group Contents

J-PARC High Intensity Neutrino Beam T. Sekiguchi (KEK) on behalf of T2K Beam Group Contents

J-PARC High Intensity Neutrino Beam T. Sekiguchi (KEK) on behalf of T2K Beam Group Contents Introduction to J-PARC Neutrino Beamline Current Status Prospect for Beamline Upgrade 2 J-PARC Hadron Experimental Facility

570 views • 32 slides
Machine Reading and Reasoning with Neural Program Interpreters Sebastian Riedel @riedelcastro

Machine Reading and Reasoning with Neural Program Interpreters Sebastian Riedel @riedelcastro

Machine Reading and Reasoning with Neural Program Interpreters Sebastian Riedel @riedelcastro Machine Reading Collaborators Pontus Stenetorp Marzieh Saeidi Max Bartolo Johannes Welbl (Bloomsbury AI) (UCL) (UCL) (Bloomsbury AI)

1.61k views • 157 slides
HOME Homebuyer Programs & Policies January 14, 2020 Presented by: Monte Franke

HOME Homebuyer Programs & Policies January 14, 2020 Presented by: Monte Franke

HOME Homebuyer Programs & Policies January 14, 2020 Presented by: Monte Franke MLFranke@aol.com PJ Homebuyer Policies & P rocedures HUD requirements 92.254(f): PJs must have homebuyer program policies/procedures:

439 views • 24 slides

More recommend