SlideShare uma empresa Scribd logo

Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

Source Conference
Source Conference
Tecnologia
1 de 33
Baixar para ler offline
Presented by: Jeremy Allen Rajendra Umadas April 21, 2011 Network Stream Hacking with Mallory
Agenda • Who are we? • What annoys us? – Rajendra Umadas – Proxy setup – Jeremy Allen – Throwaway Tools – Wasted or Redundant effort • What do we do? – Mobile Application Assessments, • What did we do Thick Clients, about it? COTS (lots of other – Mallory! assessments)
Who Are We
Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break things before the bad guys do
Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobile Application Security = fun;
What we do
What we do: Assessment Types Application Assessments  Mobile Applications  Acronym and Name Overload: QUALCOMM/BREW, RIM, Windows Mobile, Windows Phone, iPhone, Android …  Web Applications  XSS, SQL Injection – Pays the bills, still how many get owned  Other Apps  Thick clients, binary protocols, “harder” targets
What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentified network streams in tested application
What we do: Tools Other Tools  What tools exist that are good for MiTM and app testing for application assessments?  dsniff, cain, tcpdump ,wireshark (about that…), others
Solution
Solution: Mallory “The enemy knows the system” – Claude Shannon
Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
Solution Easy Way
Solution Demo  Intro to Mallory GUI
Soltuion: Mallory Architecture
Solution What have others done with Mallory?  WSJ Application Privacy Research
Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matter, Mallory can see the traffic
Demos + Deep Dive
Demos and Deep Dive
Solution GUI Configuration  Common tasks are fast, easy (configuring mallory, editing TCP streams)  Uncommon tasks are possible, fairly easy (rules, known protocols)  Rare tasks are harder, require some trickery (python plugins, python code)
Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
Solution Demo – Something More Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in advanced view
Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
Solution How does Mallory Fuzz?  DEMO
Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic fuzzing
Solution Common App Testing Problem  SSL
Solution Mallory Knows SSL  DEMO - SSL
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Conclusion
Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTPS, SSL, DNS, SSH  Mallory make common app testing tasks easy

Recomendados

Englishtown lifestyle
Englishtown lifestyleEnglishtown lifestyle
Englishtown lifestyleTony Shao
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011Source Conference
 
Dan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsDan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsSource Conference
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 
Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 

Recomendados

Englishtown lifestyle
Englishtown lifestyleEnglishtown lifestyle
Englishtown lifestyleTony Shao
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011Source Conference
 
Dan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsDan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsSource Conference
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 
Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 
The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management Rundeck
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...meritnorthwest
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsPro777
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber securityNascenia IT
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Websec México, S.C.
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Codemotion
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!Sophia Russell
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in processElad Maimon
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...Enterprise Management Associates
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?Israel Blancas
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesSoftware Guru
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downCompuware ASEAN
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementPerficient, Inc.
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser BotnetSource Conference
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 

Mais conteúdo relacionado

Semelhante a Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management Rundeck
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...meritnorthwest
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsPro777
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber securityNascenia IT
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Websec México, S.C.
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Codemotion
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!Sophia Russell
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in processElad Maimon
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...Enterprise Management Associates
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?Israel Blancas
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesSoftware Guru
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downCompuware ASEAN
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementPerficient, Inc.
 

Semelhante a Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory (20)

The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise Applications
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber security
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in process
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de Aplicaciones
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is down
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee Engagement
 

Mais de Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 

Mais de Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

  • 1. Presented by: Jeremy Allen Rajendra Umadas April 21, 2011 Network Stream Hacking with Mallory
  • 2. Agenda • Who are we? • What annoys us? – Rajendra Umadas – Proxy setup – Jeremy Allen – Throwaway Tools – Wasted or Redundant effort • What do we do? – Mobile Application Assessments, • What did we do Thick Clients, about it? COTS (lots of other – Mallory! assessments)
  • 4. Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break things before the bad guys do
  • 5. Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobile Application Security = fun;
  • 7. What we do: Assessment Types Application Assessments  Mobile Applications  Acronym and Name Overload: QUALCOMM/BREW, RIM, Windows Mobile, Windows Phone, iPhone, Android …  Web Applications  XSS, SQL Injection – Pays the bills, still how many get owned  Other Apps  Thick clients, binary protocols, “harder” targets
  • 8. What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentified network streams in tested application
  • 9. What we do: Tools Other Tools  What tools exist that are good for MiTM and app testing for application assessments?  dsniff, cain, tcpdump ,wireshark (about that…), others
  • 11. Solution: Mallory “The enemy knows the system” – Claude Shannon
  • 12. Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
  • 14. Solution Demo  Intro to Mallory GUI
  • 16. Solution What have others done with Mallory?  WSJ Application Privacy Research
  • 17. Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matter, Mallory can see the traffic
  • 18. Demos + Deep Dive
  • 20. Solution GUI Configuration  Common tasks are fast, easy (configuring mallory, editing TCP streams)  Uncommon tasks are possible, fairly easy (rules, known protocols)  Rare tasks are harder, require some trickery (python plugins, python code)
  • 21. Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
  • 22. Solution Demo – Something More Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in advanced view
  • 23. Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
  • 24. Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
  • 25. Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
  • 26. Solution How does Mallory Fuzz?  DEMO
  • 27. Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic fuzzing
  • 28. Solution Common App Testing Problem  SSL
  • 29. Solution Mallory Knows SSL  DEMO - SSL
  • 30. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  • 31. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  • 33. Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTPS, SSL, DNS, SSH  Mallory make common app testing tasks easy