SlideShare a Scribd company logo

Message Queue Security Talk at NoSuchCon 2014

N
NoSuchCon

NSC #2 - D1 02 - Georgi Geshev - Your Q is my Q

Technology
1 of 59
Download to read offline
Labs.mwrinfosecurity.com | © MWR Labs 1 Labs.mwrinfosecurity.com | © MWR Labs Your Q is my Q NoSuchCon 2014 Paris, France Message Queue Security G. Geshev
Labs.mwrinfosecurity.com | © MWR Labs 2 Introduction Georgi Geshev • Security Researcher at MWR Labs • Research Interests • Vulnerability Development • IPv6 Network Reconnaissance • Message Queues
Labs.mwrinfosecurity.com | © MWR Labs 3 Agenda • MQ Concepts • Attack Surface • Case Studies • Attack Scenarios • Common Issues • MQ Hardening
Labs.mwrinfosecurity.com | © MWR Labs 4 Disclaimer • This is not a talk on new classes of bugs, i.e. none of the vulnerabilities are MQ specific. • This is a talk on problems found to be common across some popular MQ implementations.
Labs.mwrinfosecurity.com | © MWR Labs 5 MQ Concepts • Message-oriented Middleware (MOM) • Asynchronous Message Exchange • Decoupling – Space, Time and Synchronization Decoupling • Publish & Subscribe – Publishers Create Messages – Subscribers Consume Messages – Topic, Content and Type Based Subscriptions
Labs.mwrinfosecurity.com | © MWR Labs 6 MQ Concepts Producer Consumer Broker
Labs.mwrinfosecurity.com | © MWR Labs 7 MQ Concepts Producer Consumer Broker
Labs.mwrinfosecurity.com | © MWR Labs 8 MQ Concepts Producer Consumer Broker
Labs.mwrinfosecurity.com | © MWR Labs 9 MQ Concepts Producer Consumer Broker
Labs.mwrinfosecurity.com | © MWR Labs 10 MQ Protocols
Labs.mwrinfosecurity.com | © MWR Labs 11 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP
Labs.mwrinfosecurity.com | © MWR Labs 12 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols
Labs.mwrinfosecurity.com | © MWR Labs 13 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols • Binary Protocols: – AMQP (Advanced Message Queuing Protocol) – MQTT (MQ Telemetry Transport) – OpenWire
Labs.mwrinfosecurity.com | © MWR Labs 14 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols • Binary Protocols: – AMQP (Advanced Message Queuing Protocol) – MQTT (MQ Telemetry Transport) – OpenWire • ASCII Protocols: – STOMP (Streaming Text Oriented Messaging Protocol) – XMPP
Labs.mwrinfosecurity.com | © MWR Labs 15 MQ Security • Transport over SSL/TLS • Authentication and Authorisation Mechanisms: • Certificates, Kerberos, LDAP, etc. • Persistent Storage • SQL Databases • File Based Databases • Redundant Brokers • Clustering • Broker Networks
Labs.mwrinfosecurity.com | © MWR Labs 16 Misconfigurations • Default Administrative Credentials • Management Interfaces Exposed • Java Management Extension (JMX) • Java Remote Method Invocation (RMI) • Java Debug Wire Protocol (JDWP) • Default Queues • Anonymous Access – Publish – Subscribe
Labs.mwrinfosecurity.com | © MWR Labs 17 Demo • ActiveMQ 5.6.0 • Debian 7.5.0 • Ubuntu 14.04.1 • Default Configuration • Java Management Extension (JMX) • Custom script to identify RMI service endpoint via JMX. • RMI Registry endpoint is only locally exposed.* • Port forwarding to access the RMI service. • Deploying and executing a JAR payload.
Labs.mwrinfosecurity.com | © MWR Labs 18 Case Studies • Sending Serialised Objects • Sending System Commands • Rendering Untrusted Messages in Administrative or Monitoring Consoles • Cross-Site Scripting • Inserting Unsanitised Messages in Databases • SQL Injection
Labs.mwrinfosecurity.com | © MWR Labs 19 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS
Labs.mwrinfosecurity.com | © MWR Labs 20 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client
Labs.mwrinfosecurity.com | © MWR Labs 21 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client
Labs.mwrinfosecurity.com | © MWR Labs 22 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client
Labs.mwrinfosecurity.com | © MWR Labs 23 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker
Labs.mwrinfosecurity.com | © MWR Labs 24 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker
Labs.mwrinfosecurity.com | © MWR Labs 25 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker Broker vs. Client
Labs.mwrinfosecurity.com | © MWR Labs 26 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker Broker vs. Client Broker vs. Broker
Labs.mwrinfosecurity.com | © MWR Labs 27 Bug Hunting
Labs.mwrinfosecurity.com | © MWR Labs 28 Bug Hunting • Source Code Audit • Pattern Based
Labs.mwrinfosecurity.com | © MWR Labs 29 Bug Hunting • Source Code Audit • Pattern Based • Fuzzing • Stateless – Radamsa • Stateful – MITM Fuzzing • Patching • Traffic Generation • Unit Tests • Performance Harness Tools • Code Samples
Labs.mwrinfosecurity.com | © MWR Labs 30 Bug Hunting • Source Code Audit • Pattern Based • Fuzzing • Stateless – Radamsa • Stateful – MITM Fuzzing • Patching • Outdated Libraries • e.g. Vulnerable XStream in ActiveMQ < 5.10.0 • Traffic Generation • Unit Tests • Performance Harness Tools • Code Samples
Labs.mwrinfosecurity.com | © MWR Labs 31 AMQP State Machine
Labs.mwrinfosecurity.com | © MWR Labs 32 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 33 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) Username: * Password: foobar Message Content Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 34 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) B: Does ‘*’ user exist? Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 35 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) A: Yes, user ‘tommy’ exists. Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 36 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) B: Authenticate with ‘tommy:foobar’? Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 37 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) A: Authenticated. Credentials tommy foobar ronly ronly client secret
Labs.mwrinfosecurity.com | © MWR Labs 38 XML External Entities Processing Attacker Broker
Labs.mwrinfosecurity.com | © MWR Labs 39 XML External Entities Processing Attacker Broker Malicious XML Message 1. Adversary enqueues an XML message which contains XML external entities.
Labs.mwrinfosecurity.com | © MWR Labs 40 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities.
Labs.mwrinfosecurity.com | © MWR Labs 41 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector. XPath / XQuery Selector
Labs.mwrinfosecurity.com | © MWR Labs 42 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector.
Labs.mwrinfosecurity.com | © MWR Labs 43 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector. 3. The broker will evaluate the XPath expression and attempt to match it against the messages in the queue. This will cause the broker to resolve any external entity references.
Labs.mwrinfosecurity.com | © MWR Labs 44 Demo (1) • Anonymous vs. Client / Broker • Authentication Bypass*
Labs.mwrinfosecurity.com | © MWR Labs 45 Demo (2) • Client vs. Broker • XML External Entity Processing
Labs.mwrinfosecurity.com | © MWR Labs 46 Common Vulnerabilities • XML External Entities Processing • Brokers: 6 – Java, Python and C++ • Clients: 2* • LDAP Wildcard Interpretation Bug • Brokers: 3 – Java • Unserialisation of Untrusted Data • Brokers: 2* – Java and Python
Labs.mwrinfosecurity.com | © MWR Labs 47 Hardening MQ Applications
Labs.mwrinfosecurity.com | © MWR Labs 48 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. Applications
Labs.mwrinfosecurity.com | © MWR Labs 49 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. Applications
Labs.mwrinfosecurity.com | © MWR Labs 50 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* Applications
Labs.mwrinfosecurity.com | © MWR Labs 51 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. Applications
Labs.mwrinfosecurity.com | © MWR Labs 52 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. Applications
Labs.mwrinfosecurity.com | © MWR Labs 53 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications
Labs.mwrinfosecurity.com | © MWR Labs 54 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources.
Labs.mwrinfosecurity.com | © MWR Labs 55 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources. • Enable integrity checking. Ideally, authenticated encryption.
Labs.mwrinfosecurity.com | © MWR Labs 56 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources. • Enable integrity checking. Ideally, authenticated encryption. • Whitelist objects if unserialising from messages.
Labs.mwrinfosecurity.com | © MWR Labs 57 Acknowledgments • MWR Labs • Red Hat and Apache’s Security Teams • NoSuchCon Organisers
Labs.mwrinfosecurity.com | © MWR Labs 58 References • XML Out-of-Band Data Retrieval (BlackHat Europe 2013) • Timur Yunusov (@a66at) • Alexey Osipov (@Gi_sUngiven) • XML External Entities Out-of-Band Exploitation • Ivan Novikov (@d0znpp) • Exploiting JMX RMI • Braden Thomas
Labs.mwrinfosecurity.com | © MWR Labs 59 Questions • Feedback • @munmap • georgi.geshev @ mwrinfosecurity . com

Recommended

Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
TLS Optimization
TLS OptimizationTLS Optimization
TLS OptimizationNate Lawson
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Ravencoin
RavencoinRavencoin
RavencoinHamidreza Sahraei
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat Security Conference
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementationsedukull
 

Recommended

Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
TLS Optimization
TLS OptimizationTLS Optimization
TLS OptimizationNate Lawson
 
TLS/SSL Protocol Design
TLS/SSL Protocol DesignTLS/SSL Protocol Design
TLS/SSL Protocol DesignNate Lawson
 
Ravencoin
RavencoinRavencoin
RavencoinHamidreza Sahraei
 
Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Zerotrusting serverless applications protecting microservices using secure d...
Zerotrusting serverless applications protecting microservices using secure d...Trupti Shiralkar, CISSP
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...
BlueHat v18 || Record now, decrypt later - future quantum computers are a pre...BlueHat Security Conference
 
Open Source KMIP Implementation
Open Source KMIP ImplementationOpen Source KMIP Implementation
Open Source KMIP Implementationsedukull
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
Bletchley
BletchleyBletchley
BletchleyDiogo Mónica
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- Wireshark網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- WiresharkJulia Yu-Chin Cheng
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications nishchal29
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)NGINX, Inc.
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityJyothishmathi Institute of Technology and Science Karimnagar
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and securityBen Bromhead
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 
Observability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesObservability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesLuke Marsden
 
Picking a message queue
Picking a message queuePicking a message queue
Picking a message queueVladislav Kirshtein
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfAdvanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfInfosec train
 
Advanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_contentAdvanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_contentpriyanshamadhwal2
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutronmarkmcclain
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 

More Related Content

What's hot

Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber WeaponryJoshua L. Davis
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- Wireshark網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- WiresharkJulia Yu-Chin Cheng
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications nishchal29
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)NGINX, Inc.
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and securityBen Bromhead
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices WorldDiogo Mónica
 

What's hot (13)

Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
Open Source Cyber Weaponry
Open Source Cyber WeaponryOpen Source Cyber Weaponry
Open Source Cyber Weaponry
 
Bletchley
BletchleyBletchley
Bletchley
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- Wireshark網路攻擊與封包分析- Wireshark
網路攻擊與封包分析- Wireshark
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
 
SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Cassandra and security
Cassandra and securityCassandra and security
Cassandra and security
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
MTLS in a Microservices World
MTLS in a Microservices WorldMTLS in a Microservices World
MTLS in a Microservices World
 

Similar to Message Queue Security Talk at NoSuchCon 2014

Observability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesObservability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesLuke Marsden
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetricconfluent
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfAdvanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfInfosec train
 
Advanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_contentAdvanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_contentpriyanshamadhwal2
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutronmarkmcclain
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
 
Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at ScaleMofizur Rahman
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleMofizur Rahman
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
 
Microservice & Service Mesh Workshop
Microservice & Service Mesh WorkshopMicroservice & Service Mesh Workshop
Microservice & Service Mesh WorkshopClaudio Acquaviva
 
Architecting for Microservices Part 2
Architecting for Microservices Part 2Architecting for Microservices Part 2
Architecting for Microservices Part 2Elana Krasner
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020AVIO Consulting
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 

Similar to Message Queue Security Talk at NoSuchCon 2014 (20)

Observability beyond logging for Java Microservices
Observability beyond logging for Java MicroservicesObservability beyond logging for Java Microservices
Observability beyond logging for Java Microservices
 
Picking a message queue
Picking a message queuePicking a message queue
Picking a message queue
 
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and VormetricProtecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
 
WSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product OverviewWSO2 Microservices Framework for Java - Product Overview
WSO2 Microservices Framework for Java - Product Overview
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdfAdvanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
 
Advanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_contentAdvanced-Penetration-Testing_course_content
Advanced-Penetration-Testing_course_content
 
Inside Architecture of Neutron
Inside Architecture of NeutronInside Architecture of Neutron
Inside Architecture of Neutron
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Manging Container Deployments at Scale
Manging Container Deployments at ScaleManging Container Deployments at Scale
Manging Container Deployments at Scale
 
Istio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at ScaleIstio Mesh – Managing Container Deployments at Scale
Istio Mesh – Managing Container Deployments at Scale
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavOWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay Bhargav
 
Microservice & Service Mesh Workshop
Microservice & Service Mesh WorkshopMicroservice & Service Mesh Workshop
Microservice & Service Mesh Workshop
 
Architecting for Microservices Part 2
Architecting for Microservices Part 2Architecting for Microservices Part 2
Architecting for Microservices Part 2
 
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
Hashicorp Vault Connector - Dallas MuleSoft Meetup - May 6, 2020
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 

More from NoSuchCon

NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNoSuchCon
 
NSC #2 - Challenge Introduction
NSC #2 - Challenge IntroductionNSC #2 - Challenge Introduction
NSC #2 - Challenge IntroductionNoSuchCon
 
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNoSuchCon
 
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNoSuchCon
 
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic BackdooringNSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic BackdooringNoSuchCon
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNoSuchCon
 
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based deviceNSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based deviceNoSuchCon
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNoSuchCon
 
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 05 - Andrea Barisani - Forging the USB ArmoryNSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 05 - Andrea Barisani - Forging the USB ArmoryNoSuchCon
 
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database AttacksNSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database AttacksNoSuchCon
 
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNoSuchCon
 
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNoSuchCon
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNoSuchCon
 
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practiceNSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practiceNoSuchCon
 
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLCNSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLCNoSuchCon
 
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineeringNSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineeringNoSuchCon
 

More from NoSuchCon (16)

NSC #2 - Challenge Solution
NSC #2 - Challenge SolutionNSC #2 - Challenge Solution
NSC #2 - Challenge Solution
 
NSC #2 - Challenge Introduction
NSC #2 - Challenge IntroductionNSC #2 - Challenge Introduction
NSC #2 - Challenge Introduction
 
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected ProcessesNSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
NSC #2 - D3 05 - Alex Ionescu- Breaking Protected Processes
 
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacksNSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
NSC #2 - D3 04 - Guillaume Valadon & Nicolas Vivet - Detecting BGP hijacks
 
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic BackdooringNSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
NSC #2 - D3 03 - Jean-Philippe Aumasson - Cryptographic Backdooring
 
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the CoreNSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
NSC #2 - D3 02 - Peter Hlavaty - Attack on the Core
 
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based deviceNSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
NSC #2 - D3 01 - Thomas Braden - Exploitation of hardened MSP430-based device
 
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly AdviceNSC #2 - D2 06 - Richard Johnson - SAGEly Advice
NSC #2 - D2 06 - Richard Johnson - SAGEly Advice
 
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 05 - Andrea Barisani - Forging the USB ArmoryNSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
NSC #2 - D2 05 - Andrea Barisani - Forging the USB Armory
 
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database AttacksNSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database Attacks
 
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine SecurityNSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
NSC #2 - D2 03 - Nicolas Collignon - Google Apps Engine Security
 
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - MimikatzNSC #2 - D2 02 - Benjamin Delpy - Mimikatz
NSC #2 - D2 02 - Benjamin Delpy - Mimikatz
 
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch ProtectionsNSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
 
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practiceNSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
NSC #2 - D1 05 - Renaud Lifchitz - Quantum computing in practice
 
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLCNSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
NSC #2 - D1 03 - Sébastien Dudek - HomePlugAV PLC
 
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineeringNSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
NSC #2 - D1 01 - Rolf Rolles - Program synthesis in reverse engineering
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Message Queue Security Talk at NoSuchCon 2014

  • 1. Labs.mwrinfosecurity.com | © MWR Labs 1 Labs.mwrinfosecurity.com | © MWR Labs Your Q is my Q NoSuchCon 2014 Paris, France Message Queue Security G. Geshev
  • 2. Labs.mwrinfosecurity.com | © MWR Labs 2 Introduction Georgi Geshev • Security Researcher at MWR Labs • Research Interests • Vulnerability Development • IPv6 Network Reconnaissance • Message Queues
  • 3. Labs.mwrinfosecurity.com | © MWR Labs 3 Agenda • MQ Concepts • Attack Surface • Case Studies • Attack Scenarios • Common Issues • MQ Hardening
  • 4. Labs.mwrinfosecurity.com | © MWR Labs 4 Disclaimer • This is not a talk on new classes of bugs, i.e. none of the vulnerabilities are MQ specific. • This is a talk on problems found to be common across some popular MQ implementations.
  • 5. Labs.mwrinfosecurity.com | © MWR Labs 5 MQ Concepts • Message-oriented Middleware (MOM) • Asynchronous Message Exchange • Decoupling – Space, Time and Synchronization Decoupling • Publish & Subscribe – Publishers Create Messages – Subscribers Consume Messages – Topic, Content and Type Based Subscriptions
  • 6. Labs.mwrinfosecurity.com | © MWR Labs 6 MQ Concepts Producer Consumer Broker
  • 7. Labs.mwrinfosecurity.com | © MWR Labs 7 MQ Concepts Producer Consumer Broker
  • 8. Labs.mwrinfosecurity.com | © MWR Labs 8 MQ Concepts Producer Consumer Broker
  • 9. Labs.mwrinfosecurity.com | © MWR Labs 9 MQ Concepts Producer Consumer Broker
  • 10. Labs.mwrinfosecurity.com | © MWR Labs 10 MQ Protocols
  • 11. Labs.mwrinfosecurity.com | © MWR Labs 11 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP
  • 12. Labs.mwrinfosecurity.com | © MWR Labs 12 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols
  • 13. Labs.mwrinfosecurity.com | © MWR Labs 13 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols • Binary Protocols: – AMQP (Advanced Message Queuing Protocol) – MQTT (MQ Telemetry Transport) – OpenWire
  • 14. Labs.mwrinfosecurity.com | © MWR Labs 14 MQ Protocols • MQ Transport Protocols • TCP, UDP, HTTP • MQ Application Protocols • Binary Protocols: – AMQP (Advanced Message Queuing Protocol) – MQTT (MQ Telemetry Transport) – OpenWire • ASCII Protocols: – STOMP (Streaming Text Oriented Messaging Protocol) – XMPP
  • 15. Labs.mwrinfosecurity.com | © MWR Labs 15 MQ Security • Transport over SSL/TLS • Authentication and Authorisation Mechanisms: • Certificates, Kerberos, LDAP, etc. • Persistent Storage • SQL Databases • File Based Databases • Redundant Brokers • Clustering • Broker Networks
  • 16. Labs.mwrinfosecurity.com | © MWR Labs 16 Misconfigurations • Default Administrative Credentials • Management Interfaces Exposed • Java Management Extension (JMX) • Java Remote Method Invocation (RMI) • Java Debug Wire Protocol (JDWP) • Default Queues • Anonymous Access – Publish – Subscribe
  • 17. Labs.mwrinfosecurity.com | © MWR Labs 17 Demo • ActiveMQ 5.6.0 • Debian 7.5.0 • Ubuntu 14.04.1 • Default Configuration • Java Management Extension (JMX) • Custom script to identify RMI service endpoint via JMX. • RMI Registry endpoint is only locally exposed.* • Port forwarding to access the RMI service. • Deploying and executing a JAR payload.
  • 18. Labs.mwrinfosecurity.com | © MWR Labs 18 Case Studies • Sending Serialised Objects • Sending System Commands • Rendering Untrusted Messages in Administrative or Monitoring Consoles • Cross-Site Scripting • Inserting Unsanitised Messages in Databases • SQL Injection
  • 19. Labs.mwrinfosecurity.com | © MWR Labs 19 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS
  • 20. Labs.mwrinfosecurity.com | © MWR Labs 20 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client
  • 21. Labs.mwrinfosecurity.com | © MWR Labs 21 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client
  • 22. Labs.mwrinfosecurity.com | © MWR Labs 22 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client
  • 23. Labs.mwrinfosecurity.com | © MWR Labs 23 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker
  • 24. Labs.mwrinfosecurity.com | © MWR Labs 24 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker
  • 25. Labs.mwrinfosecurity.com | © MWR Labs 25 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker Broker vs. Client
  • 26. Labs.mwrinfosecurity.com | © MWR Labs 26 Attack Scenarios • Attacker’s Perspective • Anonymous • Client • Broker • Attacks • Man-in-the-Middle • Authentication Bypasses • Implementation Specific • DoS Anonymous vs. Client Client vs. Client Client vs. Broker Broker vs. Client Broker vs. Broker
  • 27. Labs.mwrinfosecurity.com | © MWR Labs 27 Bug Hunting
  • 28. Labs.mwrinfosecurity.com | © MWR Labs 28 Bug Hunting • Source Code Audit • Pattern Based
  • 29. Labs.mwrinfosecurity.com | © MWR Labs 29 Bug Hunting • Source Code Audit • Pattern Based • Fuzzing • Stateless – Radamsa • Stateful – MITM Fuzzing • Patching • Traffic Generation • Unit Tests • Performance Harness Tools • Code Samples
  • 30. Labs.mwrinfosecurity.com | © MWR Labs 30 Bug Hunting • Source Code Audit • Pattern Based • Fuzzing • Stateless – Radamsa • Stateful – MITM Fuzzing • Patching • Outdated Libraries • e.g. Vulnerable XStream in ActiveMQ < 5.10.0 • Traffic Generation • Unit Tests • Performance Harness Tools • Code Samples
  • 31. Labs.mwrinfosecurity.com | © MWR Labs 31 AMQP State Machine
  • 32. Labs.mwrinfosecurity.com | © MWR Labs 32 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) Credentials tommy foobar ronly ronly client secret
  • 33. Labs.mwrinfosecurity.com | © MWR Labs 33 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) Username: * Password: foobar Message Content Credentials tommy foobar ronly ronly client secret
  • 34. Labs.mwrinfosecurity.com | © MWR Labs 34 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) B: Does ‘*’ user exist? Credentials tommy foobar ronly ronly client secret
  • 35. Labs.mwrinfosecurity.com | © MWR Labs 35 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) A: Yes, user ‘tommy’ exists. Credentials tommy foobar ronly ronly client secret
  • 36. Labs.mwrinfosecurity.com | © MWR Labs 36 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) B: Authenticate with ‘tommy:foobar’? Credentials tommy foobar ronly ronly client secret
  • 37. Labs.mwrinfosecurity.com | © MWR Labs 37 LDAP Wildcard Interpretation Attacker Broker LDAP Server (Authenticator) A: Authenticated. Credentials tommy foobar ronly ronly client secret
  • 38. Labs.mwrinfosecurity.com | © MWR Labs 38 XML External Entities Processing Attacker Broker
  • 39. Labs.mwrinfosecurity.com | © MWR Labs 39 XML External Entities Processing Attacker Broker Malicious XML Message 1. Adversary enqueues an XML message which contains XML external entities.
  • 40. Labs.mwrinfosecurity.com | © MWR Labs 40 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities.
  • 41. Labs.mwrinfosecurity.com | © MWR Labs 41 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector. XPath / XQuery Selector
  • 42. Labs.mwrinfosecurity.com | © MWR Labs 42 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector.
  • 43. Labs.mwrinfosecurity.com | © MWR Labs 43 XML External Entities Processing Attacker Broker 1. Adversary enqueues an XML message which contains XML external entities. 2. Then requests dequeuing an XML message which matches a criteria expressed with XPath/XQuery based selector. 3. The broker will evaluate the XPath expression and attempt to match it against the messages in the queue. This will cause the broker to resolve any external entity references.
  • 44. Labs.mwrinfosecurity.com | © MWR Labs 44 Demo (1) • Anonymous vs. Client / Broker • Authentication Bypass*
  • 45. Labs.mwrinfosecurity.com | © MWR Labs 45 Demo (2) • Client vs. Broker • XML External Entity Processing
  • 46. Labs.mwrinfosecurity.com | © MWR Labs 46 Common Vulnerabilities • XML External Entities Processing • Brokers: 6 – Java, Python and C++ • Clients: 2* • LDAP Wildcard Interpretation Bug • Brokers: 3 – Java • Unserialisation of Untrusted Data • Brokers: 2* – Java and Python
  • 47. Labs.mwrinfosecurity.com | © MWR Labs 47 Hardening MQ Applications
  • 48. Labs.mwrinfosecurity.com | © MWR Labs 48 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. Applications
  • 49. Labs.mwrinfosecurity.com | © MWR Labs 49 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. Applications
  • 50. Labs.mwrinfosecurity.com | © MWR Labs 50 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* Applications
  • 51. Labs.mwrinfosecurity.com | © MWR Labs 51 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. Applications
  • 52. Labs.mwrinfosecurity.com | © MWR Labs 52 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. Applications
  • 53. Labs.mwrinfosecurity.com | © MWR Labs 53 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications
  • 54. Labs.mwrinfosecurity.com | © MWR Labs 54 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources.
  • 55. Labs.mwrinfosecurity.com | © MWR Labs 55 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources. • Enable integrity checking. Ideally, authenticated encryption.
  • 56. Labs.mwrinfosecurity.com | © MWR Labs 56 Hardening MQ • Limit the number of transport and application protocols. • One application protocol over one (SSL) transport. • Remove default accounts. • Disable JMX/RMI/JDWP/etc.* • Separate administration VLAN. • Disable anonymous client access. • Whitelist explicit P&S client IP addresses. Applications • Perform validation on received messages. Do not assume trusted sources. • Enable integrity checking. Ideally, authenticated encryption. • Whitelist objects if unserialising from messages.
  • 57. Labs.mwrinfosecurity.com | © MWR Labs 57 Acknowledgments • MWR Labs • Red Hat and Apache’s Security Teams • NoSuchCon Organisers
  • 58. Labs.mwrinfosecurity.com | © MWR Labs 58 References • XML Out-of-Band Data Retrieval (BlackHat Europe 2013) • Timur Yunusov (@a66at) • Alexey Osipov (@Gi_sUngiven) • XML External Entities Out-of-Band Exploitation • Ivan Novikov (@d0znpp) • Exploiting JMX RMI • Braden Thomas
  • 59. Labs.mwrinfosecurity.com | © MWR Labs 59 Questions • Feedback • @munmap • georgi.geshev @ mwrinfosecurity . com