why
play

WHY Capital One Date : March 22 and 23, 2019 Number of - PowerPoint PPT Presentation

Aug 30, 2023 •201 likes •1.05k views

WHY Capital One Date : March 22 and 23, 2019 Number of records breached : 106 million Information exposed : Names, addresses, ZIP codes, phone numbers, email addresses, birthdates and self-reported income. Customer credit

  2. • • •

  4. WHY

  5. Capital One Date : March 22 and 23, 2019 Number of records breached : 106 million Information exposed : Names, addresses, ZIP codes, phone numbers, email addresses, birthdates and self-reported income. Customer credit scores, credit limits, balances, payment history, and contact information. Evite Date : February 22, 2019 Number of records breached : 100 million Information exposed : Names, email addresses, passwords, and IP addresses of Evite customers. American Medical Collection Agency Date : August 1, 2018, to March 30, 2019 Number of records breached : More than 20 million Information exposed : Social Security numbers, dates of birth, payment card data, and credit card information. src: https://us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html

  6. confidential

  7. HOW

  8. src: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

  9. Src: https://owasp.org/www-staff/operating-plan/2020.html

  12. 14 Confidential

  15. src: https://www.hackerone.com/top-10-vulnerabilities

  16. src: https://www.hackerone.com/top-10-vulnerabilities

  22. WHAT

  25. CNA NAME Base ased (C (Company Le Level) yourcompanydomain.biz yourcompanyblog.biz

  26. CNA NAME Base ased (C (Company Le Level) yourcompanydomain.biz blog.yourcompanydomain.biz yourcompanyblog.biz blog.yourcompanydomain.biz. 3600 IN CNAME yourcompanyblog.biz.

  27. CNA NAME Base ased (C (Company Le Level) yourcompanydomain.biz blog.yourcompanydomain.biz yourcompanyblog.biz blog.yourcompanydomain.biz. 3600 IN CNAME yourcompanyblog.biz.

  29. CNA NAME Base ased (C (Company Le Level) yourcompanyblog.biz yourcompanydomain.biz blog.yourcompanydomain.biz yourcompanyblog.biz blog.yourcompanydomain.biz. 3600 IN CNAME yourcompanyblog.biz.

  30. CNA NAME Base ased (C (Company Le Level) yourcompanydomain.biz blog.yourcompanydomain.biz blog.yourcompanydomain.biz yourcompanyblog.biz blog.yourcompanydomain.biz. 3600 IN CNAME yourcompanyblog.biz.

  31. CNA NAME Base ased (D (Dev Le Level) l) yourcompanydomain.biz opensource.yourcompanydomain.biz opensource.github.io opensource.yourcompanydomain.biz. 3600 IN CNAME opensource.github.io.

  32. CNA NAME Base ased (D (Dev Le Level) l) yourcompanydomain.biz opensource.yourcompanydomain.biz opensource.github.io opensource.yourcompanydomain.biz. 3600 IN CNAME opensource.github.io.

  34. CNA NAME Base ased (D (Dev Le Level) l) opensource.github.io yourcompanydomain.biz opensource.yourcompanydomain.biz opensource.github.io opensource.yourcompanydomain.biz. 3600 IN CNAME opensource.github.io.

  35. CNA NAME Base ased (D (Dev Le Level) l) yourcompanydomain.biz opensource.yourcompanydomain.biz opensource.yourcompanydomain.biz opensource.github.io opensource.yourcompanydomain.biz. 3600 IN CNAME opensource.github.io.

  36. Si Simila ilar Behaviour Wit ith • Amazon S3 • Her Heroku • Sho Shopify fy • Mic icrosoft Azur ure • St Statuspage • Tumblr lr • Wor ordpress ss • And mor ore … Src: https://github.com/EdOverflow/can-i-take-over-xyz

  37. Be aware that this als lso works wit ith NS and MX DNS entries

  39. Paid Service

  41. Self lf-Serv rvice

  45. AWS GCP PORT 80,443 ALLOWED AZURE

  46. AWS GCP PORT 80,443 ALLOWED AZURE

  47. AWS GCP SSRF PORT 80,443 ALLOWED AZURE

  48. Examples: Ex Examples: : Digital Ocean http://169.254.169.254/metadata/v1.json AWS http://169.254.169.254/metadata/v1/ http://169.254.169.254/metadata/v1/id http://169.254.169.254/latest/user-data http://169.254.169.254/metadata/v1/user-data http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] http://169.254.169.254/metadata/v1/hostname http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] http://169.254.169.254/metadata/v1/region http://169.254.169.254/latest/meta-data/ami-id http://169.254.169.254/latest/meta-data/reservation-id http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/address http://169.254.169.254/latest/meta-data/hostname http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key http://169.254.169.254/latest/meta-data/public-keys/[ID]/openssh-key Oracle Cloud GCP http://192.0.0.192/latest/ http://192.0.0.192/latest/user-data/ Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata- http://192.0.0.192/latest/meta-data/ Request: True" http://192.0.0.192/latest/attributes/ http://169.254.169.254/computeMetadata/v1/ http://metadata.google.internal/computeMetadata/v1/ http://metadata/computeMetadata/v1/ http://metadata.google.internal/computeMetadata/v1/instance/hostname http://metadata.google.internal/computeMetadata/v1/instance/id http://metadata.google.internal/computeMetadata/v1/project/project-id Src: https://gist.github.com/jhaddix/78cece26c91c6263653f31ba453e273b

  49. Demo

  52. Whiteli list IP IP Ra Ranges s / / DN DNS Na Names e.g. 192.168.0.1/24 range AWS GCP SSRF PORT 80,443 ALLOWED AZURE

  53. Use se Authentic ication Als lso for In Internal l Se Services AWS GCP SSRF PORT 80,443 ALLOWED AZURE

  54. Di Disable le Unnecessary URL Sc Schemes AWS file: file:// dict dict:// ftp:/ ftp :// GCP go gophe pher:// SSRF PORT 80,443 ALLOWED AZURE

  55. Mon onitor Response Se Sent Bac ack to o th the Use ser AWS GCP SSRF PORT 80,443 ALLOWED AZURE

  57. Backend Server 1 User 1 HTTP 1 1 1 1 2 2 2 Requests Proxy / LB Backend Server 2 User 2 Backend Server 3

  58. User 1 POST /sec4devBenign HTTP/1.1 Host: sec4dev.io HTTP Content-Length: 19 Requests testparam=testvalue User 2

  59. User 1 POST /sec4devBenign HTTP/1.1 Host: sec4dev.io HTTP Transfer-Encoding: chunked Requests 13 testparam=testvalue 0 User 2

  60. User 1 POST /sec4devDesync HTTP/1.1 Host: sec4dev.io HTTP Content-Length: 17 Requests Transfer-Encoding: chunked 0 SEC4DEVROCKS User 2

  61. 1 1 1 x Backend Server 1 User 1 Coming 1 1 1 from x1 user 1 HTTP 1 1 1 x 2 2 2 Requests Coming x2 from Proxy / LB 2 2 Backend Server 2 user 2 2 2 2 User 2 Backend Server 3

  62. Demo

  65. Use se Se Separate Ne Network Con onnections For Eac ach Request Backend Server 1 User 1 HTTP 1 Requests 2 Proxy / LB Backend Server 2 User 2 Backend Server 3

  66. Use se HTTP/2 For or Bac ackend Con onnections User 1 POST /sec4devBenign HT HTTP/2 Host: sec4dev.io HTTP Content-Length: 19 Requests testparam=testvalue User 2

  67. Use se Exact Sa Same So Software for Fr Frontend / / Bac ackend Backend Server 1 User 1 HTTP 1 1 1 1 2 2 2 Requests Proxy / LB Backend Server 2 User 2 Backend Server 3

  69. confidential

  71. Build Awareness Enable Employees

  72. Use Secrets Vault / Manager

  75. pre-commit hooks

  77. Git ithub Token Scanning Service

  79. • • • • •

  80. • • • • •

  81. • •

  82. • • • •

  83. • •

  84. • • •

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Kubernetes Introduction WOJCIECH BARCZYSKI (hiring) Senior Software Engineer Lead of Warsaw

Kubernetes Introduction WOJCIECH BARCZYSKI (hiring) Senior Software Engineer Lead of Warsaw

Kubernetes Introduction WOJCIECH BARCZYSKI (hiring) Senior Software Engineer Lead of Warsaw Team - SMACC System Engineer background Interests: working software Hobby: teaching software engineering BACKGROUND A top AI FinTech

781 views • 65 slides
KVM without QEMU Gabriel Laskar <gabriel@lse.epita.fr> Agenda What is kvm ? What we

KVM without QEMU Gabriel Laskar <gabriel@lse.epita.fr> Agenda What is kvm ? What we

KVM without QEMU Gabriel Laskar <gabriel@lse.epita.fr> Agenda What is kvm ? What we want to achieve ? kvm api overview how to start in 32-bit virtio device machine description state of the tool What is KVM ?

528 views • 21 slides
Fault Tolerance of the I nput/ Output Ports in Massively Def ective Multicore Processor Chips

Fault Tolerance of the I nput/ Output Ports in Massively Def ective Multicore Processor Chips

The 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Second Workshop on D Dependable and Secure Nanocomputing Friday June 27, 2008 Anchorage, AK, USA Fault Tolerance of the I nput/ Output Ports in Massively

561 views • 8 slides
Virtio 1 - why do it? And - are we there yet? 2015 Michael S. Tsirkin Red Hat Uses material

Virtio 1 - why do it? And - are we there yet? 2015 Michael S. Tsirkin Red Hat Uses material

Virtio 1 - why do it? And - are we there yet? 2015 Michael S. Tsirkin Red Hat Uses material from https://lwn.net/Kernel/LDD3/ Gcompris, tuxpaint 1 Distributed under the Creative commons license. Lots of work ... main-title 300 250

1.02k views • 63 slides
Embedded Systems Programming Linux Kernel Modules (Module 4) Yann-Hang Lee Arizona State

Embedded Systems Programming Linux Kernel Modules (Module 4) Yann-Hang Lee Arizona State

Embedded Systems Programming Linux Kernel Modules (Module 4) Yann-Hang Lee Arizona State University yhlee@asu.edu (480) 727-7507 Summer 2014 Real-time Systems Lab, Computer Science and Engineering, ASU What is kernel The basic

349 views • 12 slides
IO 1 Today IO TA Evaluations 2 Key Points CPU interface and interaction with IO

IO 1 Today IO TA Evaluations 2 Key Points CPU interface and interaction with IO

IO 1 Today IO TA Evaluations 2 Key Points CPU interface and interaction with IO devices The basic structure of the IO system (north bridge, south bridge, etc.) The key advantages of high speed serial lines. The benefits

268 views • 15 slides
1 CPU Scheduler Preemptive Scheduling Also referred to as Short Term Preemptive

1 CPU Scheduler Preemptive Scheduling Also referred to as Short Term Preemptive

Contents CMSC 421 Spring 2004 Section 0202 Basic Concepts Scheduling Criteria Scheduling Algorithms Multiple-Processor Scheduling Real-Time Scheduling Algorithm Evaluation Part II: Process Management Chapter 6 CPU

399 views • 10 slides
Register Allocaon and Instrucon Scheduling in Unison Roberto Castaeda Lozano SICS, KTH

Register Allocaon and Instrucon Scheduling in Unison Roberto Castaeda Lozano SICS, KTH

Register Allocaon and Instrucon Scheduling in Unison Roberto Castaeda Lozano SICS, KTH joint work with: G. Hjort Blindell KTH, SICS M. Carlsson SICS F. Drejhammar SICS C. Schulte KTH, SICS This research has been

891 views • 54 slides
RESTful Microservices from the Ground Up Mike Amundsen API Academy @mamund Agenda 9:00 -

RESTful Microservices from the Ground Up Mike Amundsen API Academy @mamund Agenda 9:00 -

RESTful Microservices from the Ground Up Mike Amundsen API Academy @mamund Agenda 9:00 - 9:45 : What are RESTful Microservices? 9:45 - 10:30 : Models, Messages, and Vocabularies 10:30 - 10:45 : BREAK 10:45 - 11:30 :

687 views • 65 slides
Anne Bracy CS 3410 Computer Science Cornell University [K. Bala, A. Bracy, S. McKee, E. Sirer,

Anne Bracy CS 3410 Computer Science Cornell University [K. Bala, A. Bracy, S. McKee, E. Sirer,

Anne Bracy CS 3410 Computer Science Cornell University [K. Bala, A. Bracy, S. McKee, E. Sirer, and H. Weatherspoon] How does a processor interact with its environment? Computer System = Memory + Datapath + Control + Input + Output

460 views • 12 slides
Preparatory Course in Computer programming experience Science Computer Science 1 : Theoretical

Preparatory Course in Computer programming experience Science Computer Science 1 : Theoretical

Context of this Lecture Computer Science 0 (Preparatory Course): Gain first Preparatory Course in Computer programming experience Science Computer Science 1 : Theoretical and practical foundations of computer science (D-ITET) Computer Science 2

641 views • 20 slides
GPU Direct IO with HDF5 John Ravi Quincey Koziol Suren Byna Motivation With

GPU Direct IO with HDF5 John Ravi Quincey Koziol Suren Byna Motivation With

GPU Direct IO with HDF5 John Ravi Quincey Koziol Suren Byna Motivation With large-scale computing systems are moving towards using GPUs as workhorses of computing file I/O to move data between GPUs and storage devices becomes

714 views • 34 slides
Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros

Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros

Bringing DevOps to Devices Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros Angelatos CTO & Founder of resin.io @petrosagg Agenda The need for updates Update techniques Our

352 views • 33 slides
SWARM SWARM INTELLIGENCE INTELLIGENCE Milad Abolhassani Supervisor: Hamid Mir Vaziri 3 WHY?

SWARM SWARM INTELLIGENCE INTELLIGENCE Milad Abolhassani Supervisor: Hamid Mir Vaziri 3 WHY?

SWARM SWARM INTELLIGENCE INTELLIGENCE Milad Abolhassani Supervisor: Hamid Mir Vaziri 3 WHY? WHY? 4 WHAT KIND OF PROBLEMS? WHAT KIND OF PROBLEMS? 5 WHAT KIND OF PROBLEMS? WHAT KIND OF PROBLEMS? Optimization 5 WHAT KIND OF PROBLEMS?

1.55k views • 120 slides
Reference Monitors Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Reference Monitors Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security

Reference Monitors Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security Defense Mechanisms for Software Security Static enforcement of security properties Analyze the code before it is run (e.g., during compile

661 views • 34 slides
Jameson Rollins August 26, 2013 LIGO-G1300872-v1 Outline 1 Introduction 2 System description and

Jameson Rollins August 26, 2013 LIGO-G1300872-v1 Outline 1 Introduction 2 System description and

Advanced LIGO Guardian Review Jameson Rollins August 26, 2013 LIGO-G1300872-v1 Outline 1 Introduction 2 System description and behavior 3 Case study: IMC 4 Technical Issues and open questions 5 Status and Plans 6 Appendices Guardian scripts

1.48k views • 74 slides
Revealed 1 Zoom Webinar Etiquette Participants are muted, to speak unmute and introduce

Revealed 1 Zoom Webinar Etiquette Participants are muted, to speak unmute and introduce

Revealed 1 Zoom Webinar Etiquette Participants are muted, to speak unmute and introduce yourself Also utilize the raise hand feature or chat window for questions or comments We will use Zoom polls for questions and breakout rooms for

996 views • 56 slides
Evolution of Music It was the best of music; it was the worst of music; then its children

Evolution of Music It was the best of music; it was the worst of music; then its children

Evolution of Music It was the best of music; it was the worst of music; then its children surpassed it; and then it died Introduction - Stephen Andersen Overhead, Supervisor Algorithm (SA) - Aaron Schuman Artificial General

475 views • 23 slides
$TITLE:M10-5.GMS CALIBRATION EXERCISE, FROM SHEET IO-2, M10-IOTABLE.XLS *CALIBRATES MODEL TO

$TITLE:M10-5.GMS CALIBRATION EXERCISE, FROM SHEET IO-2, M10-IOTABLE.XLS *CALIBRATES MODEL TO

C:\jim\COURSES\8858\code-bk 2012\M10-5.gms Friday, March 30, 2012 2:07:35 AM Page 1 $TITLE:M10-5.GMS CALIBRATION EXERCISE, FROM SHEET IO-2, M10-IOTABLE.XLS *CALIBRATES MODEL TO SHEET IO-2 IN M10-IOTABLE.XLS *assumes 10% of factors are sector

189 views • 7 slides
CSCI2952-F Microservices.. Day 2: Background Continued Outline Containers Versus VMs

CSCI2952-F Microservices.. Day 2: Background Continued Outline Containers Versus VMs

CSCI2952-F Microservices.. Day 2: Background Continued Outline Containers Versus VMs Service Mesh Design Patterns API Gateway Motivation Architecture eBPF YAML

483 views • 23 slides
The Shiny New I2C Slave Framework Wolfram Sang Consultant/Renesas Kernel Team 6.10.2015, ELCE15

The Shiny New I2C Slave Framework Wolfram Sang Consultant/Renesas Kernel Team 6.10.2015, ELCE15

The Shiny New I2C Slave Framework Wolfram Sang Consultant/Renesas Kernel Team 6.10.2015, ELCE15 Wolfram Sang (wsa@the-dreams.de) The Shiny New I2C Slave Framework 6.10.2015, ELCE15 1 / 26 A typical I2C bus 1 6.10.2015, ELCE15 The Shiny

975 views • 26 slides
RD50-MPW3: Slow Control Jos e Mazorra de Cos, Ricardo Marco Hern andez Instituto de F

RD50-MPW3: Slow Control Jos e Mazorra de Cos, Ricardo Marco Hern andez Instituto de F

RD50-MPW3: Slow Control Jos e Mazorra de Cos, Ricardo Marco Hern andez Instituto de F sica Corpuscular (CSIC-UV) RD50 CMOS design Meeting - 3 rd September 2020 Slow Control I 2 C slave and register bank communicated using Wishbone

341 views • 7 slides
Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61

Update on Kerberos Extensibility draft-yu-krb-wg-kerberos-extensions-02.txt Tom Yu IETF 61 Kerberos Extensibility Document Status Notational Conventions Future Plans 1 Document Status Updates from -00 Update I-D boilerplate

407 views • 7 slides
The Higgs Mass in High-Scale (Remote) SUSY / String Theory Arthur Hebecker (Heidelberg) cf.

The Higgs Mass in High-Scale (Remote) SUSY / String Theory Arthur Hebecker (Heidelberg) cf.

The Higgs Mass in High-Scale (Remote) SUSY / String Theory Arthur Hebecker (Heidelberg) cf. 1204.2551 and 1304.2767 with A. Knochel and T. Weigand Outline We could be stuck with just the standard model at low energies The Higgs mass value

644 views • 39 slides

More recommend