SlideShare uma empresa Scribd logo

Wm4

Umang Patel
Umang Patel
Tecnologia
1 de 47
Baixar para ler offline
Ethical Hacking: The Value of Controlled Penetration Tests Dr. Bruce V. Hartley, CISSP Privisec, Inc. August 6 , 2003 bhartley@privisec.com 719.651.6651
Session Overview ♦ Session Introduction ♦ Ethical Hacking – Taking a Look at the Environment – The Process, Tools, and Techniques • Internal Penetration Tests • External Penetration Tests – Some Real-Life Case Studies ♦ Conclusions 2
Before We Get Started ♦ My Background: – In The IT Field for 22 Years – Security for About 16 – Currently President & CEO of Privisec, Inc. – Previously President and CEO of PoliVec, Inc. – Before That, SVP and CTO of Trident Data Systems – Academic Credentials: • Doctorate in Computer Science From Colorado Technical University, Masters and Bachelors Degrees in Computers as Well…So I’m a Geek…And, Remember: Geek is Sheik! • CISSP Since Forever as Well – Other Information: • Technical Editor for Business Security Advisor Magazine, Formally Internet Security Advisor Magazine • Numerous Publications, Conferences, etc. 3
Ethical Hacking: An Assessment Mechanism
Why Penetration Testing? ♦ Taking a Look at the Environment ♦ Penetration Testing – Benefits ♦ Taking a Look at the Process ♦ Real-Life Case Studies – Proof!
Look At The Environment ♦ We Now Have Open Discussions on The Internet Concerning: – Vulnerabilities – Exploits and Attacks – Bugs and Faults ♦ Newer and More Sophisticated Attacks ♦ Newer and More Sophisticated Hacker Tools ♦ Attack Scripts and Penetration Tools Available to Anyone on the Internet
Look At The Environment ♦ Recent Google Search Results: – Hacker 12,500,000 Hits – Hacker Tools 757,000 Hits – Hacker Exploits 103,000 Hits – NT Exploits 99,000 Hits – Unix Exploits 139,000 Hits – Computer Vulnerabilities 403,000 Hits – Hacking NT 292,000 Hits – Hacking Windows 2000 271,000 Hits – Hacking Unix 390,000 Hits – Hacking Linux 1,290,000 Hits
Ethical Hacking - Benefits ♦ Penetration Tests are Designed to Identify Vulnerabilities Before They are Exploited ♦ Provides a Solid Understanding of What is Visible and Possibly Vulnerable ♦ Preventative Measure – Can be Very Effective ♦ Should Include a Remediation Phase – Correct Identified Vulnerabilities and Exposures
Ethical Hacking - Rationale ♦ Vulnerabilities and Exploits are Always Changing – Unless This is Your Business, Its Hard to Keep Up – Need to Perform on a Recurring Basis ♦ Hacking Tools and Methods Can Cause Damage IF Used Incorrectly – Some Exploits are Passive, Some are Not! – Some Exploits are Destructive, Some are Not! ♦ A Well Defined Process, Attack Methodology, and a Set of Tools are Required
Penetration Testing - General ♦ Can Consider Both Internal and External Assessments ♦ Internal: Goal is to Gain “Unauthorized Access to Data/Information” – Ultimate Goal is to Gain Administrator, System, or Root Access From the Inside (Depending on Platform) – Usually Begin With Just a Network Connection – May Require a Standard, Non-privileged Account (User)
Penetration Testing - Internal ♦ Start by Sniffing Network – Try to Obtain Userid and Password Combos – Common Tools • Snort (Unix/Linux and Windows) • WinSniff (Windows) ♦ Scan Internal Network (Port Scan) – Discover Active IPs and Devices – Gain Info About System Types and OSs – Common Tools • Nmap (Unix/Linux and Windows) • SuperScan (Windows)
Penetration Testing - Internal ♦ Check for Systems Running snmp With Exploitable Community Strings – Looking for ‘Public’, ‘Private’ or Other Common Words – Common Tools • SolarWinds (Windows) • SNScan (Windows) ♦ Launch Vulnerability Scanners to Identify Vulnerabilities to Exploit – Nessus, Nikto, Whisker, Brute Forcer Tools, Etc.
Penetration Testing - Internal ♦ Once Any Level of Access is Gained, Try and Obtain Privileged Access – Grab Password Files and Crack Passwords • Pwdump3 and pwdump3e • SAM Grab • L0phtCrack • John-the-Ripper ♦ Run More Sophisticated Exploits Against Vulnerable Services, Applications, Etc.
Penetration Testing – External ♦ External – Both Dial-Up and Internet ♦ Goal – Get Privileged Access ♦ Starts With Enumeration of the Target Network and/or Systems ♦ External Scan of Assets/Devices, Possibly More Enumeration ♦ Once Devices are Identified, Determine Type of Platform, Services, Versions, Etc. ♦ Hypothesize Potential Vulnerabilities and Prioritize Based on Likelihood of Success ♦ Attack in Prioritized Order
Penetration Testing – Tools ♦ Relies on Numerous Tools: – Port Scanners – Demon Dialers – Vulnerability Scanners – Password Grabbers and Crackers – Vulnerability and Exploit Databases – Default Password Databases – Other Resources • Experience and the Good Old Internet!
Penetration Testing – The Process ♦ The Vulnerability Assessment Process: – Gather Information – Scan IP Addresses – Determine Service Versions – Assemble Target List – Gather and Test Exploits (Yes, Test Them First!) – Run Exploits Against Live Targets – Assess Results – Interactive Access on Host(s) – Root/Admin Access on Host(s) – Repeat Until No More Targets Available or Desired Results are Achieved
Preparatory Work ♦ Things You Need Before Starting the Test – Authority to Perform Test • This must be in writing! – A Specific Set of Ground Rules That Should Answer at Least the Following Questions • Is this test covert or overt? • Are there any “off-limits” systems or networks? • Who is our trusted POC? • Is there a specific target (system, type of information, etc) of this test?
Gathering Information ♦ The First Thing You Want to Know is What IP Address Range(s) are Owned and/or Used by the Target Organization ♦ Start With a whois Lookup – American Registry for Internet Numbers (ARIN) whois http://whois.arin.net/whois/index.html – Network Solutions whois http://www.networksolutions.com/cgi-bin/whois/whois/ – European information is at the RIPE NCC http://www.ripe.net/perl/whois – Asian information is at the Asia Pacific Network Information Center http://www.apnic.net/
Gathering Information ♦ Other Sources of Information: – IP address of Webserver(s), Mail Server(s), DNS Server(s) – Go Back to whois and Verify Who Owns Those IP Addresses and the Network Space That Contains Those IP Addresses – IP Addresses of Other Organizations That May Have Been Purchased by the Primary Organization – SamSpade.Org! ♦ Verify All IP Addresses and Ranges With Trusted POC Before Proceeding!
Scanning IP Addresses ♦ Intent: To Discover What Network Ports (Services) are Open ♦ Tool of Choice: nmap, by Fyodor Available at: http://www.insecure.org/nmap/ – Written for Unix/Linux Systems – Freely available – Ported to Windows NT/2000 by eEye Digital Security http://www.eeye.com/html/Research/Tools/nmapnt.html – Provides Many Features • Multiple different scanning methods • Operating System detection • Ping sweeps • Changeable scan speed • Multiple logging formats
Scanning IP Addresses ♦ If You Are Scanning From a Windows NT/2000 System, Your Options are: – Use nmapNT from eEye • Requires installation of a libpcap network driver • More difficult to use, specifically wrt selecting network interfaces – Use SuperScan from Foundstone • GUI interface • Lots of options – Use fscan from Foundstone • Command-line tool (very useful in some instances) • Lots of options
Scanning IP Addresses ♦ Both Unix/Linux and Windows Versions of nmap have a Graphical Front-End Available (nmapfe) ♦ Same Options Available Via the GUI – Easy to Use
Scanning IP Addresses ♦ SNMP Scanning – Usually can be Performed Quickly – A Default SNMP Server can Yield Reams of Useful Information • Default community strings (passwords) are ‘public’ and ‘private’ – Tools • SNScan From Foundstone • Solarwinds Network Management and Discovery Tools (for Windows) – SNMP sweep • ucd-snmp/net-snmp for Unix – snmpstatus – snmpwalk
Scanning IP Addresses ♦ Web Server Scanning – Whisker by Rain Forest Puppy http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=1 • Perl script that probes web servers for – Version information – Executable subdirectories – Potentially vulnerable executable scripts or programs • Basic use: perl whisker.pl -v -h hostname | tee filename – Many advanced features available – Nikto • HTTPS-only web servers can be scanned with stunnel (http://www.stunnel.org/) + Whisker or Nikto – stunnel -c -d localhost:80 -r hostname:443 – perl whisker.pl -v -h localhost | tee filename
Determining Service Versions ♦ Each Open TCP Port Likely Provides a Network Service ♦ Well-Known Port Numbers are Normally Used to Provide Well-Known Services – e.g. TCP port 23 is expected to be a telnet daemon – Reference http://www.iana.org/assignments/port- numbers ♦ Many Well-Known Services Will Provide Version Numbers With Very Little Prodding
Vulnerability Assessment Tools ♦ Once Target List is Identified, Can Run Vulnerability Scanner to Attempt to Identify and Possibly Exploit Known Vulnerabilities – CERT and CIAC Advisories – Vendor Advisories and Warnings – Other Public Sources (Bugtraq)
Vulnerability Assessment Tools ♦ Once Target List is Identified, Can Run Vulnerability Scanner to Attempt to Identify Vulnerabilities ♦ Some Common Tools: – Nessus (Unix/Linux) – SNScan (Windows) – Nikto (Unix/Linux) – Whisker (Unix/Linux) – SMB Brute Forcer (Windows)
Assembling The Target List ♦ Assemble a Comprehensive List of Open Ports and Known Service Versions ♦ Examine List for Likely Vulnerable Versions of Software, e.g. – wu-ftpd versions older than 2.6.1 – bind (DNS) servers older than 8.2.3 – Any IIS web server ♦ For Web Servers, Examine the Results of Whisker or Nikto Scans for Potentially Vulnerable Scripts or Programs ♦ Pick the Top Five Most Likely Exploitable Hosts/Services
Gathering and Testing Exploits ♦ Exploit Code Should Never be Run Against a Live Target Without Prior Testing Against a Test System ♦ Exploits Can be Very Dangerous! ♦ If You Haven’t Tested it Don’t Run It!!! ♦ Behavior May Not be as Expected or Desired
Gathering and Testing Exploits ♦ Minimal Criteria for Exploit to be Worth Testing – Exploit Must Match Both • Target operating system • Target service version number ♦ Need to Assemble or Have Access to Test System(s) That Matches Configuration of Target ♦ Exploits Have Many Potential Results – Read any File on the Target System – Modify any File on the Target System – Allow Non-interactive Execution of Commands – Allow Interactive Access to Remote System as an Unprivileged User (Unprivileged Shell or Command-level Access) – Allow Interactive Access to Remote System as a Root, Admin, or Other Privileged User (Privileged Shell or Command-level Access)
Gathering and Testing Exploits ♦ Sources for Exploits – SecurityFocus vulnerability database http://www.securityfocus.com/vdb/ – http://www.hack.co.za/ – Fyodor’s exploit world http://www.insecure.org/sploits.html – Packetstorm security http://packetstorm.securify.com/ – Shaedow’s exploit library http://www.reject.org/shaedow/exploits/index.html – Technotronic http://www.technotronic.com/ – Securiteam’s exploit archive http://www.securiteam.com/exploits/archive.html – Johnny’s exploit index http://www.martnet.com/~johnny/exploits/
Gathering and Testing Exploits ♦ Once a Candidate Exploit is Located – Compile the Code on an Appropriate Platform – Test it Against Test System – Assess Results • Exploit Failed – Move on to the next candidate • Exploit Succeeded – What did it give us? – What can we do with that elevated access?
Running Exploits Against Live Targets ♦ Set All the Pieces Up – Attacking System – Any Required Network Listeners, etc ♦ Type the Commands to be Executed Into a Text Editor ♦ Triple Check the Commands, Especially IP Addresses! – Recommend Two-person Teams, Each Double-checking the Other’s Work ♦ Recommend Simultaneous use of a Sniffer to Monitor all Relevant Network Traffic ♦ When Prepared to Execute, Copy and Paste the Commands into the Execution Window ♦ Hope it Works!
Assessing Results ♦ If Exploit Fails, Attempt to Determine Why – Exploit was Supposed to Open a Command Shell on a High-numbered Port, but Port was Unavailable for Connection Attempt • Potentially blocked by a firewall – Examine Sniffer Logs for Clues ♦ Unfortunately, it is Often Very Difficult to Determine the Cause of a Failed Exploit Attempt ♦ Move on to the Next Candidate Exploit
Assessing Results ♦ If Exploit Succeeded – Assess Level of Access Currently Obtained – Reprioritize Target List for Next Exploit Attempt ♦ First-Level Goal Should be any Sort of Interactive Access to the Remote System ♦ Second-Level Goal Should be root or Admin-Level Interactive Access on Remote System
Interactive Access on Host(s) ♦ Once Interactive Access is Obtained, Local Exploits Can Be Run – These are Much More Prevalent Than Remote Exploits – Much Easier to Obtain Root or Admin-level Privileges ♦ Even With Unprivileged Interactive Access, Many Useful Steps Can be Taken – Determine Available Network Interfaces and Settings • Is this system behind a network address translator? • Is this system on a DMZ or an internal network? – Perform Port Scans From This System Against Others on its Local Network (nmap, SuperScan, or fscan) – Be Very Careful to Avoid all GUI or Windowing Commands, Especially on Windows Systems
Interactive Access on Host(s) ♦ Privileged Command Access Leads to Many Further Options – Start up a network sniffer on each interface • Winsniff for Windows NT/2000 http://winsniff.hypermart.net/ • Dsniff or Snort for unix systems http://www.monkey.org/~dugsong/dsniff/ – Look for trust relationships between this host and others – Obtain encrypted passwords or password hashes and begin cracking passwords • On unix: /etc/passwd, /etc/shadow, or other appropriate location • On windows: pwdump or pwdump2 – If the objective is a specific piece or type of information, check the system for that information
Interactive Access on Host(s) ♦ As Each New Piece of Information is Obtained, Re-prioritize the Target List and Take Action Appropriately ♦ Continue Until All Objectives are Accomplished, or No Further Access Can be Obtained
Some Real-life Case Studies: Recent Penetrations
Example Penetrations u Five Examples From the Multiple Industries u All Penetrations 100% Successful ; Gained “Unauthorized” Privileged Access ; Access Undetected by Systems Personnel u All Penetrations Were Preventable – Known Vulnerabilities or Poorly Configured Systems
Example Penetrations Industry Type of Attack Penetration Method Level of Access Vulnerability Firewall Installed Airline Netware and Dial-up Dial-in – Used remote Complete system Dial-in Yes. Commercial firewall Connections control program to access to entire installed on a Windows connect to a Novell client Network: File NT Server. machine without any Servers, Mail authentication. Client had an active session on a Servers, Applications network server. Using a Servers, Database Novell default account Servers, and Personal gained full system Workstations. privileges. UNIX and Dial-up Dial-in – Exploited a Vulnerability Multimedia known vulnerability on a Complete system Yes. Commercial firewall Connections on a UNIX Entertainment UNIX host via modem access to entire installed on a UNIX host via network. modem Server. connection – gained root access. connection Newspaper Yes. Commercial firewall Intranet Vulnerability Internet – Exploited a Vulnerability Complete system installed on a UNIX known vulnerability in in NFS access to WWW Server. NFS and gained root servers, DNS access on WWW (UNIX) Servers, Mail server. Gained access to Servers, File/Print internal network due to Servers, and poor host security (trust publishing systems. relationships) on WWW server. 43
More Penetrations Industry Type of Attack Penetration Method Level of Access Vulnerability Firewall Installed Financial Dial-in – Exploited a Complete system Yes. Commercial firewall NFS Vulnerability NFS known vulnerability in access to Intranet and installed on a UNIX sendmail to gain access internal (trusted) Server. to an Intranet server network. (UNIX). Gained access from Intranet server to internal network due to trust relationships. Exploited a known vulnerability in NFS on a VMS host to gain additional full system access. Publishing NIS Vulnerability Internet and Dial-in - Complete system Vulnerability on Yes. Commercial firewall Exploited a known access to internal an exposed installed on a UNIX vulnerability on an networks. UNIX server to Server. exposed UNIX server to gain access via gain access via Internet. internet. Penetrated a client PC running Windows 95 via modem access using remote control software, and a UNIX host via a terminal program and a default account. Gained root access by exploiting a known vulnerability. 44
Penetration Tests: Lessons ♦ In Each Case, the Penetration Could Have Been Prevented IF: – A Comprehensive Security Policy had Been Implemented Across the Enterprise – Good Systems Administration Practices Were Utilized – A More Proactive Security Process was in Place • Security Audits and/or Assessments • Investment in Security Assessment Technology • Better User Security Education and Awareness • Minimal Incident Response Capability
Conclusions ♦ Penetration Testing Can Be Used to Significantly Improve Your Security Posture ♦ A Reasonably Secure Infrastructure is Achievable – Must View Security as a Process, Not a Project – Embrace Technology and Use it! – Be Consistent Throughout the Enterprise – Consider the Entire Business Process, Not Just the Transaction Component ♦ Think About Security From an Enabling Standpoint vs. an Inhibitor ♦ Be Proactive…Don’t Wait for a Security Problem 46
My Contact Information Dr. Bruce V. Hartley, CISSP President & CEO Privisec, Inc. 719.651.6651 (Phone) 719.495.8532 (Fax) bhartley@privisec.com www.privisec.com

Recomendados

Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunterAndrew McNicol
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
 
Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013BSidesQuebec2013
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 

Recomendados

Tcpdump hunter
Tcpdump hunterTcpdump hunter
Tcpdump hunterAndrew McNicol
 
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
 
Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013Making pentesting sexy ossams - BSidesQuebec2013
Making pentesting sexy ossams - BSidesQuebec2013BSidesQuebec2013
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016grecsl
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesSam Bowne
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - PatDan Winson
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Malewareanalysis
Malewareanalysis Malewareanalysis
Malewareanalysis ahmad abdelhafeez
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014chrissanders88
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
Security tools
Security toolsSecurity tools
Security toolsGreater Noida Institute Of Technology
 
CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologySam Bowne
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingA Raheem Ansari
 
Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01alfredo lassalle
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 

Mais conteúdo relacionado

Mais procurados

501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacksgocybersec
 
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016grecsl
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesSam Bowne
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made SimplePaul Melson
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsJoseph Bugeja
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Lane Huff
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - PatDan Winson
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration TestingAndrew McNicol
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless networkHadi Fadlallah
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014chrissanders88
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesSam Bowne
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologySam Bowne
 

Mais procurados (19)

501 ch 7 advanced attacks
501 ch 7 advanced attacks501 ch 7 advanced attacks
501 ch 7 advanced attacks
 
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
Monitoring & Analysis 101 - N00b to Ninja in 60 Minutes at ISSW on April 9, 2016
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static TechniquesCNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
 
Malware Analysis Made Simple
Malware Analysis Made SimpleMalware Analysis Made Simple
Malware Analysis Made Simple
 
Network Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting ToolsNetwork Scanning Phases and Supporting Tools
Network Scanning Phases and Supporting Tools
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
 
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
Introduction to Dynamic Malware Analysis ...Or am I "Cuckoo for Malware?"
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - Pat
 
Introduction to Penetration Testing
Introduction to Penetration TestingIntroduction to Penetration Testing
Introduction to Penetration Testing
 
Penetration testing in wireless network
Penetration testing in wireless networkPenetration testing in wireless network
Penetration testing in wireless network
 
Malewareanalysis
Malewareanalysis Malewareanalysis
Malewareanalysis
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014Applied Detection and Analysis with Flow Data - SO Con 2014
Applied Detection and Analysis with Flow Data - SO Con 2014
 
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network SignaturesPractical Malware Analysis Ch 14: Malware-Focused Network Signatures
Practical Malware Analysis Ch 14: Malware-Focused Network Signatures
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
Security tools
Security toolsSecurity tools
Security tools
 
CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis Methodology
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 

Destaque

Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01alfredo lassalle
 
Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Umang Patel
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomwaremarketingunitrends
 

Destaque (7)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01Plandeautoproteccinmodificado 111119144226-phpapp01
Plandeautoproteccinmodificado 111119144226-phpapp01
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Wm4
Wm4Wm4
Wm4
 
Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006Ethical hacking presentation_october_2006
Ethical hacking presentation_october_2006
 
How to Take the Ransom Out of Ransomware
How to Take the Ransom Out of RansomwareHow to Take the Ransom Out of Ransomware
How to Take the Ransom Out of Ransomware
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 

Semelhante a Wm4

Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxBoston Institute of Analytics
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
BSides Vancouver 2018 - Live IR on a Budget
BSides Vancouver 2018 - Live IR on a BudgetBSides Vancouver 2018 - Live IR on a Budget
BSides Vancouver 2018 - Live IR on a Budgetdsplice
 
Ccsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationCcsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationNasir Bhutta
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPROIDEA
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptxLlobarro2
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration toolsJenishChauhan4
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
501 ch 8 risk management tools
501 ch 8 risk management tools501 ch 8 risk management tools
501 ch 8 risk management toolsgocybersec
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersAndrew McNicol
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 

Semelhante a Wm4 (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptxCyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
Cyber Security Project : Comprehensive Vulnerability Analysis Report.pptx
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
BSides Vancouver 2018 - Live IR on a Budget
BSides Vancouver 2018 - Live IR on a BudgetBSides Vancouver 2018 - Live IR on a Budget
BSides Vancouver 2018 - Live IR on a Budget
 
Ccsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentationCcsit cyberlympics 2017 workshop 3 - presentation
Ccsit cyberlympics 2017 workshop 3 - presentation
 
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure InfrastructuresPLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
 
lecture5.pptx
lecture5.pptxlecture5.pptx
lecture5.pptx
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration tools
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
501 ch 8 risk management tools
501 ch 8 risk management tools501 ch 8 risk management tools
501 ch 8 risk management tools
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 

Último

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 

Último (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 

Wm4

  • 1. Ethical Hacking: The Value of Controlled Penetration Tests Dr. Bruce V. Hartley, CISSP Privisec, Inc. August 6 , 2003 bhartley@privisec.com 719.651.6651
  • 2. Session Overview ♦ Session Introduction ♦ Ethical Hacking – Taking a Look at the Environment – The Process, Tools, and Techniques • Internal Penetration Tests • External Penetration Tests – Some Real-Life Case Studies ♦ Conclusions 2
  • 3. Before We Get Started ♦ My Background: – In The IT Field for 22 Years – Security for About 16 – Currently President & CEO of Privisec, Inc. – Previously President and CEO of PoliVec, Inc. – Before That, SVP and CTO of Trident Data Systems – Academic Credentials: • Doctorate in Computer Science From Colorado Technical University, Masters and Bachelors Degrees in Computers as Well…So I’m a Geek…And, Remember: Geek is Sheik! • CISSP Since Forever as Well – Other Information: • Technical Editor for Business Security Advisor Magazine, Formally Internet Security Advisor Magazine • Numerous Publications, Conferences, etc. 3
  • 5. Why Penetration Testing? ♦ Taking a Look at the Environment ♦ Penetration Testing – Benefits ♦ Taking a Look at the Process ♦ Real-Life Case Studies – Proof!
  • 6.
  • 7.
  • 8. Look At The Environment ♦ We Now Have Open Discussions on The Internet Concerning: – Vulnerabilities – Exploits and Attacks – Bugs and Faults ♦ Newer and More Sophisticated Attacks ♦ Newer and More Sophisticated Hacker Tools ♦ Attack Scripts and Penetration Tools Available to Anyone on the Internet
  • 9. Look At The Environment ♦ Recent Google Search Results: – Hacker 12,500,000 Hits – Hacker Tools 757,000 Hits – Hacker Exploits 103,000 Hits – NT Exploits 99,000 Hits – Unix Exploits 139,000 Hits – Computer Vulnerabilities 403,000 Hits – Hacking NT 292,000 Hits – Hacking Windows 2000 271,000 Hits – Hacking Unix 390,000 Hits – Hacking Linux 1,290,000 Hits
  • 10. Ethical Hacking - Benefits ♦ Penetration Tests are Designed to Identify Vulnerabilities Before They are Exploited ♦ Provides a Solid Understanding of What is Visible and Possibly Vulnerable ♦ Preventative Measure – Can be Very Effective ♦ Should Include a Remediation Phase – Correct Identified Vulnerabilities and Exposures
  • 11. Ethical Hacking - Rationale ♦ Vulnerabilities and Exploits are Always Changing – Unless This is Your Business, Its Hard to Keep Up – Need to Perform on a Recurring Basis ♦ Hacking Tools and Methods Can Cause Damage IF Used Incorrectly – Some Exploits are Passive, Some are Not! – Some Exploits are Destructive, Some are Not! ♦ A Well Defined Process, Attack Methodology, and a Set of Tools are Required
  • 12. Penetration Testing - General ♦ Can Consider Both Internal and External Assessments ♦ Internal: Goal is to Gain “Unauthorized Access to Data/Information” – Ultimate Goal is to Gain Administrator, System, or Root Access From the Inside (Depending on Platform) – Usually Begin With Just a Network Connection – May Require a Standard, Non-privileged Account (User)
  • 13. Penetration Testing - Internal ♦ Start by Sniffing Network – Try to Obtain Userid and Password Combos – Common Tools • Snort (Unix/Linux and Windows) • WinSniff (Windows) ♦ Scan Internal Network (Port Scan) – Discover Active IPs and Devices – Gain Info About System Types and OSs – Common Tools • Nmap (Unix/Linux and Windows) • SuperScan (Windows)
  • 14. Penetration Testing - Internal ♦ Check for Systems Running snmp With Exploitable Community Strings – Looking for ‘Public’, ‘Private’ or Other Common Words – Common Tools • SolarWinds (Windows) • SNScan (Windows) ♦ Launch Vulnerability Scanners to Identify Vulnerabilities to Exploit – Nessus, Nikto, Whisker, Brute Forcer Tools, Etc.
  • 15. Penetration Testing - Internal ♦ Once Any Level of Access is Gained, Try and Obtain Privileged Access – Grab Password Files and Crack Passwords • Pwdump3 and pwdump3e • SAM Grab • L0phtCrack • John-the-Ripper ♦ Run More Sophisticated Exploits Against Vulnerable Services, Applications, Etc.
  • 16. Penetration Testing – External ♦ External – Both Dial-Up and Internet ♦ Goal – Get Privileged Access ♦ Starts With Enumeration of the Target Network and/or Systems ♦ External Scan of Assets/Devices, Possibly More Enumeration ♦ Once Devices are Identified, Determine Type of Platform, Services, Versions, Etc. ♦ Hypothesize Potential Vulnerabilities and Prioritize Based on Likelihood of Success ♦ Attack in Prioritized Order
  • 17. Penetration Testing – Tools ♦ Relies on Numerous Tools: – Port Scanners – Demon Dialers – Vulnerability Scanners – Password Grabbers and Crackers – Vulnerability and Exploit Databases – Default Password Databases – Other Resources • Experience and the Good Old Internet!
  • 18. Penetration Testing – The Process ♦ The Vulnerability Assessment Process: – Gather Information – Scan IP Addresses – Determine Service Versions – Assemble Target List – Gather and Test Exploits (Yes, Test Them First!) – Run Exploits Against Live Targets – Assess Results – Interactive Access on Host(s) – Root/Admin Access on Host(s) – Repeat Until No More Targets Available or Desired Results are Achieved
  • 19. Preparatory Work ♦ Things You Need Before Starting the Test – Authority to Perform Test • This must be in writing! – A Specific Set of Ground Rules That Should Answer at Least the Following Questions • Is this test covert or overt? • Are there any “off-limits” systems or networks? • Who is our trusted POC? • Is there a specific target (system, type of information, etc) of this test?
  • 20. Gathering Information ♦ The First Thing You Want to Know is What IP Address Range(s) are Owned and/or Used by the Target Organization ♦ Start With a whois Lookup – American Registry for Internet Numbers (ARIN) whois http://whois.arin.net/whois/index.html – Network Solutions whois http://www.networksolutions.com/cgi-bin/whois/whois/ – European information is at the RIPE NCC http://www.ripe.net/perl/whois – Asian information is at the Asia Pacific Network Information Center http://www.apnic.net/
  • 21. Gathering Information ♦ Other Sources of Information: – IP address of Webserver(s), Mail Server(s), DNS Server(s) – Go Back to whois and Verify Who Owns Those IP Addresses and the Network Space That Contains Those IP Addresses – IP Addresses of Other Organizations That May Have Been Purchased by the Primary Organization – SamSpade.Org! ♦ Verify All IP Addresses and Ranges With Trusted POC Before Proceeding!
  • 22. Scanning IP Addresses ♦ Intent: To Discover What Network Ports (Services) are Open ♦ Tool of Choice: nmap, by Fyodor Available at: http://www.insecure.org/nmap/ – Written for Unix/Linux Systems – Freely available – Ported to Windows NT/2000 by eEye Digital Security http://www.eeye.com/html/Research/Tools/nmapnt.html – Provides Many Features • Multiple different scanning methods • Operating System detection • Ping sweeps • Changeable scan speed • Multiple logging formats
  • 23. Scanning IP Addresses ♦ If You Are Scanning From a Windows NT/2000 System, Your Options are: – Use nmapNT from eEye • Requires installation of a libpcap network driver • More difficult to use, specifically wrt selecting network interfaces – Use SuperScan from Foundstone • GUI interface • Lots of options – Use fscan from Foundstone • Command-line tool (very useful in some instances) • Lots of options
  • 24. Scanning IP Addresses ♦ Both Unix/Linux and Windows Versions of nmap have a Graphical Front-End Available (nmapfe) ♦ Same Options Available Via the GUI – Easy to Use
  • 25. Scanning IP Addresses ♦ SNMP Scanning – Usually can be Performed Quickly – A Default SNMP Server can Yield Reams of Useful Information • Default community strings (passwords) are ‘public’ and ‘private’ – Tools • SNScan From Foundstone • Solarwinds Network Management and Discovery Tools (for Windows) – SNMP sweep • ucd-snmp/net-snmp for Unix – snmpstatus – snmpwalk
  • 26. Scanning IP Addresses ♦ Web Server Scanning – Whisker by Rain Forest Puppy http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=1 • Perl script that probes web servers for – Version information – Executable subdirectories – Potentially vulnerable executable scripts or programs • Basic use: perl whisker.pl -v -h hostname | tee filename – Many advanced features available – Nikto • HTTPS-only web servers can be scanned with stunnel (http://www.stunnel.org/) + Whisker or Nikto – stunnel -c -d localhost:80 -r hostname:443 – perl whisker.pl -v -h localhost | tee filename
  • 27. Determining Service Versions ♦ Each Open TCP Port Likely Provides a Network Service ♦ Well-Known Port Numbers are Normally Used to Provide Well-Known Services – e.g. TCP port 23 is expected to be a telnet daemon – Reference http://www.iana.org/assignments/port- numbers ♦ Many Well-Known Services Will Provide Version Numbers With Very Little Prodding
  • 28. Vulnerability Assessment Tools ♦ Once Target List is Identified, Can Run Vulnerability Scanner to Attempt to Identify and Possibly Exploit Known Vulnerabilities – CERT and CIAC Advisories – Vendor Advisories and Warnings – Other Public Sources (Bugtraq)
  • 29. Vulnerability Assessment Tools ♦ Once Target List is Identified, Can Run Vulnerability Scanner to Attempt to Identify Vulnerabilities ♦ Some Common Tools: – Nessus (Unix/Linux) – SNScan (Windows) – Nikto (Unix/Linux) – Whisker (Unix/Linux) – SMB Brute Forcer (Windows)
  • 30. Assembling The Target List ♦ Assemble a Comprehensive List of Open Ports and Known Service Versions ♦ Examine List for Likely Vulnerable Versions of Software, e.g. – wu-ftpd versions older than 2.6.1 – bind (DNS) servers older than 8.2.3 – Any IIS web server ♦ For Web Servers, Examine the Results of Whisker or Nikto Scans for Potentially Vulnerable Scripts or Programs ♦ Pick the Top Five Most Likely Exploitable Hosts/Services
  • 31. Gathering and Testing Exploits ♦ Exploit Code Should Never be Run Against a Live Target Without Prior Testing Against a Test System ♦ Exploits Can be Very Dangerous! ♦ If You Haven’t Tested it Don’t Run It!!! ♦ Behavior May Not be as Expected or Desired
  • 32. Gathering and Testing Exploits ♦ Minimal Criteria for Exploit to be Worth Testing – Exploit Must Match Both • Target operating system • Target service version number ♦ Need to Assemble or Have Access to Test System(s) That Matches Configuration of Target ♦ Exploits Have Many Potential Results – Read any File on the Target System – Modify any File on the Target System – Allow Non-interactive Execution of Commands – Allow Interactive Access to Remote System as an Unprivileged User (Unprivileged Shell or Command-level Access) – Allow Interactive Access to Remote System as a Root, Admin, or Other Privileged User (Privileged Shell or Command-level Access)
  • 33. Gathering and Testing Exploits ♦ Sources for Exploits – SecurityFocus vulnerability database http://www.securityfocus.com/vdb/ – http://www.hack.co.za/ – Fyodor’s exploit world http://www.insecure.org/sploits.html – Packetstorm security http://packetstorm.securify.com/ – Shaedow’s exploit library http://www.reject.org/shaedow/exploits/index.html – Technotronic http://www.technotronic.com/ – Securiteam’s exploit archive http://www.securiteam.com/exploits/archive.html – Johnny’s exploit index http://www.martnet.com/~johnny/exploits/
  • 34. Gathering and Testing Exploits ♦ Once a Candidate Exploit is Located – Compile the Code on an Appropriate Platform – Test it Against Test System – Assess Results • Exploit Failed – Move on to the next candidate • Exploit Succeeded – What did it give us? – What can we do with that elevated access?
  • 35. Running Exploits Against Live Targets ♦ Set All the Pieces Up – Attacking System – Any Required Network Listeners, etc ♦ Type the Commands to be Executed Into a Text Editor ♦ Triple Check the Commands, Especially IP Addresses! – Recommend Two-person Teams, Each Double-checking the Other’s Work ♦ Recommend Simultaneous use of a Sniffer to Monitor all Relevant Network Traffic ♦ When Prepared to Execute, Copy and Paste the Commands into the Execution Window ♦ Hope it Works!
  • 36. Assessing Results ♦ If Exploit Fails, Attempt to Determine Why – Exploit was Supposed to Open a Command Shell on a High-numbered Port, but Port was Unavailable for Connection Attempt • Potentially blocked by a firewall – Examine Sniffer Logs for Clues ♦ Unfortunately, it is Often Very Difficult to Determine the Cause of a Failed Exploit Attempt ♦ Move on to the Next Candidate Exploit
  • 37. Assessing Results ♦ If Exploit Succeeded – Assess Level of Access Currently Obtained – Reprioritize Target List for Next Exploit Attempt ♦ First-Level Goal Should be any Sort of Interactive Access to the Remote System ♦ Second-Level Goal Should be root or Admin-Level Interactive Access on Remote System
  • 38. Interactive Access on Host(s) ♦ Once Interactive Access is Obtained, Local Exploits Can Be Run – These are Much More Prevalent Than Remote Exploits – Much Easier to Obtain Root or Admin-level Privileges ♦ Even With Unprivileged Interactive Access, Many Useful Steps Can be Taken – Determine Available Network Interfaces and Settings • Is this system behind a network address translator? • Is this system on a DMZ or an internal network? – Perform Port Scans From This System Against Others on its Local Network (nmap, SuperScan, or fscan) – Be Very Careful to Avoid all GUI or Windowing Commands, Especially on Windows Systems
  • 39. Interactive Access on Host(s) ♦ Privileged Command Access Leads to Many Further Options – Start up a network sniffer on each interface • Winsniff for Windows NT/2000 http://winsniff.hypermart.net/ • Dsniff or Snort for unix systems http://www.monkey.org/~dugsong/dsniff/ – Look for trust relationships between this host and others – Obtain encrypted passwords or password hashes and begin cracking passwords • On unix: /etc/passwd, /etc/shadow, or other appropriate location • On windows: pwdump or pwdump2 – If the objective is a specific piece or type of information, check the system for that information
  • 40. Interactive Access on Host(s) ♦ As Each New Piece of Information is Obtained, Re-prioritize the Target List and Take Action Appropriately ♦ Continue Until All Objectives are Accomplished, or No Further Access Can be Obtained
  • 42. Example Penetrations u Five Examples From the Multiple Industries u All Penetrations 100% Successful ; Gained “Unauthorized” Privileged Access ; Access Undetected by Systems Personnel u All Penetrations Were Preventable – Known Vulnerabilities or Poorly Configured Systems
  • 43. Example Penetrations Industry Type of Attack Penetration Method Level of Access Vulnerability Firewall Installed Airline Netware and Dial-up Dial-in – Used remote Complete system Dial-in Yes. Commercial firewall Connections control program to access to entire installed on a Windows connect to a Novell client Network: File NT Server. machine without any Servers, Mail authentication. Client had an active session on a Servers, Applications network server. Using a Servers, Database Novell default account Servers, and Personal gained full system Workstations. privileges. UNIX and Dial-up Dial-in – Exploited a Vulnerability Multimedia known vulnerability on a Complete system Yes. Commercial firewall Connections on a UNIX Entertainment UNIX host via modem access to entire installed on a UNIX host via network. modem Server. connection – gained root access. connection Newspaper Yes. Commercial firewall Intranet Vulnerability Internet – Exploited a Vulnerability Complete system installed on a UNIX known vulnerability in in NFS access to WWW Server. NFS and gained root servers, DNS access on WWW (UNIX) Servers, Mail server. Gained access to Servers, File/Print internal network due to Servers, and poor host security (trust publishing systems. relationships) on WWW server. 43
  • 44. More Penetrations Industry Type of Attack Penetration Method Level of Access Vulnerability Firewall Installed Financial Dial-in – Exploited a Complete system Yes. Commercial firewall NFS Vulnerability NFS known vulnerability in access to Intranet and installed on a UNIX sendmail to gain access internal (trusted) Server. to an Intranet server network. (UNIX). Gained access from Intranet server to internal network due to trust relationships. Exploited a known vulnerability in NFS on a VMS host to gain additional full system access. Publishing NIS Vulnerability Internet and Dial-in - Complete system Vulnerability on Yes. Commercial firewall Exploited a known access to internal an exposed installed on a UNIX vulnerability on an networks. UNIX server to Server. exposed UNIX server to gain access via gain access via Internet. internet. Penetrated a client PC running Windows 95 via modem access using remote control software, and a UNIX host via a terminal program and a default account. Gained root access by exploiting a known vulnerability. 44
  • 45. Penetration Tests: Lessons ♦ In Each Case, the Penetration Could Have Been Prevented IF: – A Comprehensive Security Policy had Been Implemented Across the Enterprise – Good Systems Administration Practices Were Utilized – A More Proactive Security Process was in Place • Security Audits and/or Assessments • Investment in Security Assessment Technology • Better User Security Education and Awareness • Minimal Incident Response Capability
  • 46. Conclusions ♦ Penetration Testing Can Be Used to Significantly Improve Your Security Posture ♦ A Reasonably Secure Infrastructure is Achievable – Must View Security as a Process, Not a Project – Embrace Technology and Use it! – Be Consistent Throughout the Enterprise – Consider the Entire Business Process, Not Just the Transaction Component ♦ Think About Security From an Enabling Standpoint vs. an Inhibitor ♦ Be Proactive…Don’t Wait for a Security Problem 46
  • 47. My Contact Information Dr. Bruce V. Hartley, CISSP President & CEO Privisec, Inc. 719.651.6651 (Phone) 719.495.8532 (Fax) bhartley@privisec.com www.privisec.com