Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

•Transferir como PPTX, PDF•

1 gostou•1,442 visualizações

A few years ago all you needed was a 4 port switch and Kali VM to reliably bypass most controls and have domain admin in a few hours. Defenses and networks have improved and so should your red team arsenal. Spoiler alert; you’re going to need a bigger backpack. This talk will provide a practical guide to bypassing NAC controls, taking over workstations from the parking lot, and breaking into locked PC’s. We’ll walk through 5 different hardware devices; how to build them, use them effectively, and how to protect against them.

Tecnologia

YOUR NEW RED TEAM HARDWARE
SURVIVAL PACK
Chris Salerno | DanAstor | Chris Myers
Bsides NOLA: 2017

WHY MORE HARDWARE?
 Networks are getting better
 Visibility + Security
 Detection is getting better
 Rogue devices +Traffic analysis
 Clients listening to recommendations
 Finally…

TOOLS WE’LL BE COVERING
 NetworkTaps
 Raspberry Pi’s
 Ethernet Over Power Line Adapters
 USB Rubber Duckies
 Mouse Jacking

NACS AND ATTACKS
 Network Access Control (NAC)
 Passive Attacks
 NetworkTAPs + Packet CAPs
 Active Attacks
 Pi’s + Power Lines + Air Freshener orTissue Box

NETWORKTAPPIN
 Problem
 No Creds and Can’t DoTraditional
Recon
 Solution
 Power LineAdapter + NetworkTap +
Packet Caps
 Sniff… Sniff…
 Host + Network Info
 Credentials (Network/Smart Printers or
Switch Uplinks  )
 PoE pass-through is a nice feature

PI GOT UR NAC?
 Problem
 Active NAC attempts to auth to any
system plugged in along with host
checking
 Solution – NAC Honeypi
 Raspberry Pi + Power LineAdapter + Air
Freshener orTissue Box
 SSH Honeypot
 Cowrie based
 https://github.com/micheloosterhof/cowrie
 Responder
 https://github.com/lgandx/Responder

I’VE GOTTHE POWER
 Problem
 Need to Hide Physical Location
 Solution
 Ethernet over Power Line
 Simple to use
 Transmits signal here to there
 Allows for stealthier ops
 Hide network taps
 Hide raspberry pi’s
 Hide origin of systems/traffic

USB DROPS & SCREEN UNLOCKS
 Problem
 Need Shellz but Can’t Plug Into the
Network
 Solution – Getting Shellz
 USB Rubber Ducky
 Inherently trusted in most
environments
 Easy to pretend to be a keyboard
 https://hakshop.com/products/usb-rubber-ducky-deluxe
 Labels may help: Beach Pics, Harassment
Evidence, HR, etc..
 Curious Users
 They plug anything in…
 Or take to HR, who then plug it in…

WHEN USB DUCKS ATTACK…
 Ducky Script
 Load a custom payload onto your
Rubber Ducky
 https://ducktoolkit.com/
 PowerShellAttacks, Drop Malware, Etc.
 Attack Scenarios
 USB Drops
 Go Aggro!
 Or slightly less aggro…

PERIPHERAL ATTACKS?
 Problem
 Need Shellz but Don’t Have Physical
Access
 Solution
 Wireless peripherals + keystroke
injection
 Logitech Unifying Receivers
 Assorted Microsoft Keyboards + Mice
 Can exploit to get remote C2’s
 Arduino Mouse Jacker
 https://github.com/phikshun/uC_mousejack
 JackIt
 https://github.com/insecurityofthings/jackit

SOWHAT NOW??
 USB Rubber Duckies
 HID/USB device whitelisting (GPO)
 Epoxy USB ports
 Mouse Jacking
 Provide wired/non-vulnerable
peripherals
 Log external calls for PowerShell
 Patch it yourself

SOWHAT NOW??
 Powerline Adapters + NetworkTap
 Physical security & user awareness
 Limit use of clear text protocols
 Raspberry Pi
 Rogue device detection
 Don’t auth to every system
 Ensure NAC service account passwords
are complex as in RANDO…
 Don’t SSH auth to every system… (or
use certs)

Mais conteúdo relacionado

Mais procurados

$HOME Sweet $HOME SANSFIRE Edition

Xavier Mertens

Streamline CI/CD with Just-in-Time Access

Akeyless

Secure Web Coding

Xavier Mertens

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...

Akeyless

This presentation will dive into research, outcomes, and recommendations regarding information security for the "Internet of Things". Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff. Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms. If you're a researcher who wants to know more about attacking this space, an IoT vendor trying to refine your security processes, or just a consumer who cares about their own safety and privacy, this talk will provide some great insights to all of those ends. MARK STANISLAV DUO SECURITY Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup and corporate environments, primarily focused on Linux architecture, information security, and web application development. He has presented at over 70 events internationally including RSA, ShmooCon, SOURCE Boston, and THOTCON. His security research has been featured on web sites including CSO Online, Security Ledger, and Slashdot. Mark holds a B.S. in Networking & IT Administration and an M.S. in Information Assurance, both from Eastern Michigan University. Mark is currently writing a book titled, "Two-Factor Authentication" (published by IT Governance). ZACH LANIER DUO SECURITY Zach Lanier is a Security Researcher with Duo Security, specializing in various bits of network, mobile, and application security. Prior to joining Duo, Zach most recently served as a Senior Research Scientist with Accuvant LABS. He has spoken at a variety of security conferences, such as Black Hat, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the recently published "Android Hackers' Handbook."

Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...

Duo Security

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...

Zoltan Balazs

Demo of security tool nessus - Network vulnerablity scanner

Ajit Dadresa

nessus

Muhammad Yasin

The presentation focuses on the whole process of security testing and present it by analogies to the web applications which are quite well-known. It covers the whole SDLC and show the similarities and differences in the arsenal of vulnerabilities, security tools and standards between the smart contracts and web applications on each step. Even though there exist a lot of great security projects for smart contracts, we do not have single, widely accepted security standard (such as ASVS in web apps world). That is why we introduce SCSVS (Smart Contract Security Verification Standard), a open-source 13-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

SecuRing

Nessus Software

Megha Sahu

Nessus Basics

amiable_indian

In this talk, Oded Hareven, Co-Founder & CEO of Akeyless.io, discusses the history of the movement toward best practices in password, token, key, and credential management, including HSMs, KMSs, PAMs, and PKI management. He explores how secrets management is now a MUST for DevOps and security teams of all enterprises and why the right tool needs to be cloud-agnostic, cloud-native, integrable with any DevOps pipelines, and infinitely scalable.

The Rise of Secrets Management

Akeyless

Why linux sucks

Nadeen Noaman

As shown by headlines and countless intrusions, even moderately skilled attackers can sail through the defenses of a typical corporate network. Using a playbook of techniques both common and uncommon, intruders can bypass almost all security barriers despite even tough policies on end users and admins. But failure is not inevitable for a defender. There are many practical ways a network can be constructed that will wipe out most of the playbook, and they don’t always require expensive purchases. Security must be built from the start, and this presentation will show you how it’s done; how to intelligently look at threats and plan defenses for a Windows network.

The Infosec Revival

scriptjunkie

IoT security is a nightmare. But what is the real risk?

Zoltan Balazs

Red teaming the CCDC

scriptjunkie

Cisco Webex Board - Maticmind

Maticmind

You successfully managed to treat your infrastructure as code. And your application config is kept in version control as well. Wait! What did you do with your DB passwords and API tokens? Secrets need special treatment to fully automate your deployment pipeline. In this talk, I will show you how. Slide deck from my Jazoon TechDays presentation from 7 Sep 2019, recorded here: https://www.youtube.com/watch?v=Ip8eTPj3Jsk

Secrets as Code

Johann Gyger

Kali Linux - CleveSec 2015

TGodfrey

There is a big bunch of tools offering HTTP/SSL traffic interception. However, when it comes to penetration tests of specialized embedded software or thick clients, we often encounter proprietary protocols with no documentation at all. Binary TCP connections, unlike anything, impossible to be adapted by a well-known local proxy. Without disassembling the protocol, pentesting the server backend is very limited. Though, based on our experience, it very often hides a shameful secret - completely unsecured mechanisms breaking all secure coding practices. To demonstrate, we will show a few case-studies - most interesting examples from real-life industry software, which in our opinion are a quintessence of "security by obscurity". We will challenge the security of proprietary protocols in pull printing solutions, FOREX trading software, remote desktops and home automation technologies.

Shameful secrets of proprietary network protocols

Slawomir Jasek

Mais procurados (20)

$HOME Sweet $HOME SANSFIRE Edition

Streamline CI/CD with Just-in-Time Access

Secure Web Coding

Stopping the Hassle of SSH keys by using SSH certificates - Community Summit ...

Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...

Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...

Demo of security tool nessus - Network vulnerablity scanner

nessus

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

Nessus Software

Nessus Basics

The Rise of Secrets Management

Why linux sucks

The Infosec Revival

IoT security is a nightmare. But what is the real risk?

Red teaming the CCDC

Cisco Webex Board - Maticmind

Secrets as Code

Kali Linux - CleveSec 2015

Shameful secrets of proprietary network protocols

Semelhante a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Holland safenet livehack hid usb pineapple_cain_oph_with_video

robbuddingh

Hacking the future with USB HID

Nikhil Mittal

Securing Network Access with Open Source solutions

Nick Owen

Csi Netsec 2006 Poor Mans Guide Merdinger

shawn_merdinger

Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter

Chris Swan

More fun using Kautilya

Nikhil Mittal

Mere Paas Teensy Hai (Nikhil Mittal)

ClubHack

Applied VoIP Security

Asterisk Community

Teensy Programming for Everyone

Nikhil Mittal

Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network. And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier. Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.

Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...

Sergey Gordeychik

Cybercon 2015 brandon kravitz

Brandon Kravitz

Drupal 8 can power experiences beyond the traditional web. As more data rich APIs become available, Drupal can be used to accumulate data, identify a variety of devices in an Internet of Things network and then route data to the appropriate places. Given Drupal’s own rich content management capabilities, the CMS can still be utilized to enhance this datastream - making it that much more relevant based on location, language or any other metadata stored in it. In this presentation we will demonstrate how to use Drupal 8 to power a real-time signage system and discuss the techniques to build your own! What’s Covered: Responsive Techniques to support different display sizes. ADA rules around public signage. We’re not just talking WCAG/508 anymore! How to rebroadcast data from other sources. Data Delivery Methods: Push and Pull models. Sizing and Scaling your network of Signs. Fault tolerance on your Kiosk. Why even use Drupal to power a sign?

Beyond websites using drupal for digital signs

Acquia

DevOps toolchains are transforming modern IT, but hackers can undermine their benefits through poorly implemented or vulnerable DevOps tools. Chris Gates and Ken Johnson will share their collaborative attack research into the technology driving DevOps. They will share an attacker's perspective on exploiting DevOps organizations and the countermeasures these organizations should employ. RSAC 2017 Ken Johnson & Chris Gates

DevOOPS: Attacks and Defenses for DevOps Toolchains

Chris Gates

Chapter 4 access control fundamental ii

Syaiful Ahdan

Talk given at DerbyCon 2016 and RuxCon 2016 Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.

Writing malware while the blue team is staring at you

Rob Fuller

IoT (Internet of Things) and OT (Operational Technology) are the current buzzwords for networked devices on which our modern society is based on. In this area, the used operating systems are summarized with the term firmware. The devices themselves, also called embedded devices, are essential in the private and industrial environments as well as in the so-called critical infrastructure. Penetration testing of these systems is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify and optimize the complex task of firmware security analysis. EMBA supports the penetration tester with the automated detection of 1-day vulnerabilities on binary level. This goes far beyond the plain CVE detection: With EMBA you always know which public exploits are available for the target firmware. Besides the detection of already known vulnerabilities, EMBA also supports the tester on the next 0-day. For this, EMBA identifies critical binary functions, protection mechanisms and services with network behavior on a binary level. There are many other features built into EMBA, such as fully automated firmware extraction, finding file system vulnerabilities, hard-coded credentials, and more. EMBA is the open-source firmware scanner, created by penetration testers for penetration testers. Project page: https://github.com/e-m-b-a/emba Conference page: https://www.blackhat.com/us-22/arsenal/schedule/index.html#emba--open-source-firmware-security-testing-26596

EMBA - Firmware analysis - Black Hat Arsenal USA 2022

MichaelM85042

The prevalence of computers in form of so called "smart" devices embedded in our everyday environment is inevitable. From pentester's perspective, the adjective "smart" at first glance can hardly be used to describe their inventors and ambassadors. Based on a few examples (i.a. BTLE beacons, smart meters, security cameras...) I will show how easily "smart" devices can be outsmarted. Sometimes you don't even need any 'hacking' skills, or the default configuration is wide-open. But are we doomed? What are the conditions for real threat? Can the vulnerabilities be exploited anonymously and as easily as in web application? Where is the physical border the intruder would be likely to cross? The risks involved are usually different, but does it mean we don't have to worry? Are we sure how to use securely the emerging technology?

IoThings you don't even need to hack

Slawomir Jasek

Backtrack

One97 Communications Limited

Kali Linux - Falconer - ISS 2014

TGodfrey

Kautilya: Teensy beyond shell

Nikhil Mittal

Semelhante a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack (20)

Holland safenet livehack hid usb pineapple_cain_oph_with_video

Hacking the future with USB HID

Securing Network Access with Open Source solutions

Csi Netsec 2006 Poor Mans Guide Merdinger

Flutter SV Meetup Oct 2022 - End to end encrypted IoT with Dart and Flutter

More fun using Kautilya

Mere Paas Teensy Hai (Nikhil Mittal)

Applied VoIP Security

Teensy Programming for Everyone

Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...

Cybercon 2015 brandon kravitz

Beyond websites using drupal for digital signs

DevOOPS: Attacks and Defenses for DevOps Toolchains

Chapter 4 access control fundamental ii

Writing malware while the blue team is staring at you

EMBA - Firmware analysis - Black Hat Arsenal USA 2022

IoThings you don't even need to hack

Backtrack

Kali Linux - Falconer - ISS 2014

Kautilya: Teensy beyond shell

Último

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Scaling API-first – The story of a global engineering organization

Radu Cotescu

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

1. YOUR NEW RED TEAM HARDWARE SURVIVAL PACK Chris Salerno | DanAstor | Chris Myers Bsides NOLA: 2017

2. WHY MORE HARDWARE?  Networks are getting better  Visibility + Security  Detection is getting better  Rogue devices +Traffic analysis  Clients listening to recommendations  Finally…

3. TOOLS WE’LL BE COVERING  NetworkTaps  Raspberry Pi’s  Ethernet Over Power Line Adapters  USB Rubber Duckies  Mouse Jacking

4. NACS AND ATTACKS  Network Access Control (NAC)  Passive Attacks  NetworkTAPs + Packet CAPs  Active Attacks  Pi’s + Power Lines + Air Freshener orTissue Box

5. NETWORKTAPPIN  Problem  No Creds and Can’t DoTraditional Recon  Solution  Power LineAdapter + NetworkTap + Packet Caps  Sniff… Sniff…  Host + Network Info  Credentials (Network/Smart Printers or Switch Uplinks  )  PoE pass-through is a nice feature

6. NETWORKTAPPIN

7. PI GOT UR NAC?  Problem  Active NAC attempts to auth to any system plugged in along with host checking  Solution – NAC Honeypi  Raspberry Pi + Power LineAdapter + Air Freshener orTissue Box  SSH Honeypot  Cowrie based  https://github.com/micheloosterhof/cowrie  Responder  https://github.com/lgandx/Responder

8. HONEYPI DEMO

9. I’VE GOTTHE POWER  Problem  Need to Hide Physical Location  Solution  Ethernet over Power Line  Simple to use  Transmits signal here to there  Allows for stealthier ops  Hide network taps  Hide raspberry pi’s  Hide origin of systems/traffic

10. ETHERNET OVER POWER LINE ADAPTERS

11. USB DROPS & SCREEN UNLOCKS  Problem  Need Shellz but Can’t Plug Into the Network  Solution – Getting Shellz  USB Rubber Ducky  Inherently trusted in most environments  Easy to pretend to be a keyboard  https://hakshop.com/products/usb-rubber-ducky-deluxe  Labels may help: Beach Pics, Harassment Evidence, HR, etc..  Curious Users  They plug anything in…  Or take to HR, who then plug it in…

12. WHEN USB DUCKS ATTACK…  Ducky Script  Load a custom payload onto your Rubber Ducky  https://ducktoolkit.com/  PowerShellAttacks, Drop Malware, Etc.  Attack Scenarios  USB Drops  Go Aggro!  Or slightly less aggro…

13. PERIPHERAL ATTACKS?  Problem  Need Shellz but Don’t Have Physical Access  Solution  Wireless peripherals + keystroke injection  Logitech Unifying Receivers  Assorted Microsoft Keyboards + Mice  Can exploit to get remote C2’s  Arduino Mouse Jacker  https://github.com/phikshun/uC_mousejack  JackIt  https://github.com/insecurityofthings/jackit

14. RUBBER DUCKY & JACKIT DEMOS

15. SOWHAT NOW??  USB Rubber Duckies  HID/USB device whitelisting (GPO)  Epoxy USB ports  Mouse Jacking  Provide wired/non-vulnerable peripherals  Log external calls for PowerShell  Patch it yourself

16. SOWHAT NOW??  Powerline Adapters + NetworkTap  Physical security & user awareness  Limit use of clear text protocols  Raspberry Pi  Rogue device detection  Don’t auth to every system  Ensure NAC service account passwords are complex as in RANDO…  Don’t SSH auth to every system… (or use certs)

17. QUESTIONS?

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack

Semelhante a Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack (20)

Último

Último (20)

Security Risk Advisors - BSides NOLA 2017 - Your New Red Team Hardware Survival Pack