SlideShare uma empresa Scribd logo

Mirai botnet Intro to discussion OWASP Kraków 2016.11.15 @slawekja

Transferir como PPTX, PDF
OWASP
OWASP

Mirai botnet - live demo & discussion

Internet
1 de 65
Mirai botnet Intro to discussion Slawomir.Jasek@securing.pl @slawekja OWASP Kraków, 15.11.2016
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja We have all heard about it...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Most often pointed manufacturer
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja No, it’s not us, it’s the users! http://www.xiongmaitech.com/index.php/news/info/12/76 (only Chinese, I used Google translator)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja My story... • The best-priced IP camera with PoE and ONVIF • Management standard (was supposed to) assure painless integration of the video in my installation.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Malware embedded... http://artfulhacker.com/post/142519805054/beware-even-things-on-amazon-come https://ipcamtalk.com/threads/brenz-pl-malware-in-ip-cameras-what-now.12851/ http://forums.whirlpool.net.au/forum-replies.cfm?t=2362073&p=11&#r211
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Path traversal
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Auth bypass...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja „CLOUD SERVICE”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The „cloud” service # tcpdump host camera.local 18:48:41.290938 IP camera.local.49030 > ec2- 54-72-86-70.eu-west- 1.compute.amazonaws.com.8000: UDP, length 25
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Device login – no pass, static captcha, id=MAC ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja FAQ
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja TELNET
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Nmap root@kali:~# nmap 10.5.5.20 Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2016-11-06 10:59 EST Nmap scan report for 10.5.5.20 Host is up (0.019s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 554/tcp open rtsp 8899/tcp open ospf-lite
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai credentials for brute-force https://github.com/securing/mirai_credentials
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Now go and brute the telnet • root@kali:~# hydra -C mirai_creds.txt telnet://10.5.5.20
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja few seconds later...
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The telnet password • I did not have the credentials few years ago... • But the password was already known then. No need to hack, search „password” and the name of device in Russian
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wait... • But we have changed the default password, didn’t we?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://www.us-cert.gov/ncas/alerts/TA16-288A
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, where is the password? # cat /etc/passwd root:$1$RYIwEiRA$d5iRRVQ5ZeRTrJwGjRy. B0:0:0:root:/:/bin/sh # mount /dev/root on / type cramfs (ro,relatime)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Can we change it? # passwd -sh: passwd: not found # echo "better etc passwd" > /etc/passwd -sh: can't create /etc/passwd: Read-only file system # mount -o remount,rw / # mount /dev/root on / type cramfs (ro,relatime)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, it looks like we have to reflash... • The DVR (10.5.5.30) has telnet disabled. • Firmware versions starting mid-2015. • But for many models the upgrade is not available ;) • ... and the DVR still has telnet on 9527 ;) not to mention other vulns
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja HOW TO UPGRADE FIRMWARE?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Let’s imagine you are a regular camera user... • You have bought a camera in the nearest shop with cameras. • You know your camera is vulnerable and should be upgraded. • Try to find out how to do it, and where to find the firmware.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How do you think will regular user do?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DEVICE SUPPLY CHAIN
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Various vendors – same device
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Features, Price! Features, Price! Features, Price! Features, Price!
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Security? ? ? ?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja MIRAI
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Back in 2012 Internet Census Project http://internetcensus2012.bitbucket.org/paper.html
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja 2012 vs 2016 https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.htmlhttp://internetcensus2012.bitbucket.org/paper.html
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai source https://github.com/jgamblin/Mirai-Source-Code/ Warning: • The zip file for the is repo is being identified by some AV programs as malware.
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Worth reading • The original post with source code : • Mirai-Source-Code-master/ForumPost.txt
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How does it spread? • mirai/bot/scanner.c
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scans for random IPs with several exclusions ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Next, tries to hit the telnet • And once per ten also on 2323
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Password list
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Resolve C&C IP with DNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CATCHING MIRAI
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://twitter.com/MiraiAttacks/ • Live feed of commands sent to 500 „infected” machines
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How about dynamic analysis? We will expose the camera’s telnet service directly to the Internet. ... and see what happens. https://asciinema.org/a/1tynlhzfs0lmw6t3bn5k40cu7
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Our setup Devices: 2 cameras + 1 DVR Router VPNs to public IP, exposes devices telnet Dump all traffic to/from devices for analysis
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wireshark analysis http://10.5.5.5/ mirai.pcap • Right click -> • Follow-> • TCP Stream
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Telnet session „Hello, my name is ...”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Check processor version
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Download payload into „upnp”
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC connection establishement – dns query
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja C&C DNS Thanks: Josh Pyorre, OpenDNSThanks: Josh Pyorre, OpenDNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DNS – domain taken by FBI Thanks: Josh Pyorre, OpenDNS
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Registrant ID: C4853993-CLUB Registrant Name: Zee Gate Registrant Street: 666 antichrist lane Registrant City: San Diego Registrant State/Province: CA Registrant Postal Code: 92050 Registrant Country: US Registrant Phone: +1.7603014069 Registrant Fax: +1.7603014069 Registrant Email: abuse@fbi.gov Admin ID: C4853996-CLUB Admin Name: Zee Gate Admin Street: 666 antichrist lane whois hightechcrime.club
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scanning for new targets
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Other variants – DONGS ?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja WHAT CAN WE DO?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Set your DNS to 127.0.0.1?
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Not everyone can afford that ;)
Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Features at low cost compromising on security is just obscene ;) Let’s do it better!

Recomendados

[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101OWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 

Recomendados

[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101[Wroclaw #4] WebRTC & security: 101
[Wroclaw #4] WebRTC & security: 101OWASP
 
[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security Architectures[OWASP Poland Day] Web App Security Architectures
[OWASP Poland Day] Web App Security ArchitecturesOWASP
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilitiesOWASP
 
[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron securityOWASP
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera SoftwareOWASP
 
Web Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchWeb Socket ASM support lior rotkovitch
Web Socket ASM support lior rotkovitchLior Rotkovitch
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...Denim Group
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020OWASP
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN SecurityPriyanka Aash
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018MarketingArrowECS_CZ
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0Cyber Security Alliance
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomationLinkesh Kanna Velu
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 

Mais conteúdo relacionado

Mais procurados

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itCyber Security Alliance
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...Denim Group
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020OWASP
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAFBrian A. McHenry
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101OWASP
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...OWASP
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN SecurityPriyanka Aash
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCanSecWest
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programAPNIC
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior Rotkovitch
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkWallarm
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 

Mais procurados (20)

iOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce itiOS malware: what's the risk and how to reduce it
iOS malware: what's the risk and how to reduce it
 
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
The ABCs of Source-Assisted Web Application Penetration Testing With OWASP ZA...
 
[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020[OPD 2019] Top 10 Security Facts of 2020
[OPD 2019] Top 10 Security Facts of 2020
 
Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
 
[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101[Wroclaw #2] iOS Security - 101
[Wroclaw #2] iOS Security - 101
 
[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...[OPD 2019] AST Platform and the importance of multi-layered application secu...
[OPD 2019] AST Platform and the importance of multi-layered application secu...
 
(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security(SACON 2020) Adventures In SDN Security
(SACON 2020) Adventures In SDN Security
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwearCsw2016 chaykin having_funwithsecuremessengers_and_androidwear
Csw2016 chaykin having_funwithsecuremessengers_and_androidwear
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting programBhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
Bhutan Cybersecurity Week 2021: APNIC vulnerability reporting program
 
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
An easy way into your sap systems v3.0
An easy way into your sap systems v3.0An easy way into your sap systems v3.0
An easy way into your sap systems v3.0
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
NGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talk
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 

Destaque

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Jason Trost
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Classroom Items Vocab - Japanese
Classroom Items Vocab - JapaneseClassroom Items Vocab - Japanese
Classroom Items Vocab - JapaneseAndrew Jeppesen
 
Fraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsbergFraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsbergZiv Ginsberg
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。Satoshi Mimura
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...APNIC
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)Jason Trost
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersRyanISI
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году Qrator Labs
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applicationsjasonhaddix
 

Destaque (20)

MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
Lessons Learned from Building and Running MHN, the World's Largest Crowdsourc...
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
Wakatta Unit 4 Kanji
Wakatta Unit 4 KanjiWakatta Unit 4 Kanji
Wakatta Unit 4 Kanji
 
Classroom Items Vocab - Japanese
Classroom Items Vocab - JapaneseClassroom Items Vocab - Japanese
Classroom Items Vocab - Japanese
 
Fraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsbergFraud in digital advertising botnet baseline summery ziv ginsberg
Fraud in digital advertising botnet baseline summery ziv ginsberg
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
APASEC 2013 - ROP/JIT を使わずに DEP/ASLR を回避する手法を見てみた。
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Modern Honey Network (MHN)
Modern Honey Network (MHN)Modern Honey Network (MHN)
Modern Honey Network (MHN)
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году Состояние сетевой безопасности в 2016 году
Состояние сетевой безопасности в 2016 году
 
Botnets
BotnetsBotnets
Botnets
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Pentesting iOS Applications
Pentesting iOS ApplicationsPentesting iOS Applications
Pentesting iOS Applications
 

Semelhante a Mirai botnet Intro to discussion OWASP Kraków 2016.11.15 @slawekja

GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth SmartOWASP
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 20152600Hz
 
Lightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdfLightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdfRenato675806
 
Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applicationsAndrii Soldatenko
 
Scala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVMScala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVMRUDDER
 
Not Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabsNot Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabsKonrad Malawski
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia PotapenkoFwdays
 
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...Automation TIPS and Tricks using Wireshark and tshark in Windows environments...
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...Megumi Takeshita
 
Hadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an exampleHadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an examplehadooparchbook
 
Securing Rails
Securing RailsSecuring Rails
Securing RailsAlex Payne
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.All Things Open
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadJeremy Schulman
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Tanya Denisyuk
 
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure DevopsGestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure DevopsGian Maria Ricci
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerCiNPA Security SIG
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingAPNIC
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesPriyanka Aash
 

Semelhante a Mirai botnet Intro to discussion OWASP Kraków 2016.11.15 @slawekja (20)

GATTacking Bluetooth Smart
GATTacking Bluetooth SmartGATTacking Bluetooth Smart
GATTacking Bluetooth Smart
 
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015SIPLABS - Hard Rocking Kazoo - KazooCon 2015
SIPLABS - Hard Rocking Kazoo - KazooCon 2015
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
 
Lightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdfLightning Talk: From Sinatra to Grape.pdf
Lightning Talk: From Sinatra to Grape.pdf
 
Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applications
 
Scala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVMScala and ZeroMQ: Events beyond the JVM
Scala and ZeroMQ: Events beyond the JVM
 
Not Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabsNot Only Streams for Akademia JLabs
Not Only Streams for Akademia JLabs
 
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust TheoremOWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
OWASP Poland Day 2018 - Andrzej Dyjak - Zero Trust Theorem
 
"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko"Crypto wallets security. For developers", Julia Potapenko
"Crypto wallets security. For developers", Julia Potapenko
 
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...Automation TIPS and Tricks using Wireshark and tshark in Windows environments...
Automation TIPS and Tricks using Wireshark and tshark in Windows environments...
 
Hadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an exampleHadoop application architectures - using Customer 360 as an example
Hadoop application architectures - using Customer 360 as an example
 
Securing Rails
Securing RailsSecuring Rails
Securing Rails
 
The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.The Datacenter Network You Wish You Had: It's yours for the taking.
The Datacenter Network You Wish You Had: It's yours for the taking.
 
The Datacenter Network You Wish You Had
The Datacenter Network You Wish You HadThe Datacenter Network You Wish You Had
The Datacenter Network You Wish You Had
 
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
Артем Гавриченков "The Dark Side of Things: Distributed Denial of Service Att...
 
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure DevopsGestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
Gestire la qualità del codice con Visual Studio, SonarQube ed Azure Devops
 
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec PrimerOISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
 
IAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet RoutingIAA Life in Lockdown series: Securing Internet Routing
IAA Life in Lockdown series: Securing Internet Routing
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 
Project “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodronesProject “The Interceptor”: Owning anti-drone systems with nanodrones
Project “The Interceptor”: Owning anti-drone systems with nanodrones
 

Mais de OWASP

[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dAppsOWASP
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 
[OPD 2019] Life after pentest
[OPD 2019] Life after pentest[OPD 2019] Life after pentest
[OPD 2019] Life after pentestOWASP
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core SecurityOWASP
 
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architectureOWASP
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS InfrastructureOWASP
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilitiesOWASP
 
[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computingOWASP
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOCOWASP
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokensOWASP
 
[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzingOWASP
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSSOWASP
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security WorldOWASP
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP
 
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contractsOWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contractsOWASP
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
 
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hackingOWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hackingOWASP
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP
 

Mais de OWASP (20)

[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps[OPD 2019] Web Apps vs Blockchain dApps
[OPD 2019] Web Apps vs Blockchain dApps
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
 
[OPD 2019] Life after pentest
[OPD 2019] Life after pentest[OPD 2019] Life after pentest
[OPD 2019] Life after pentest
 
[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security[OPD 2019] .NET Core Security
[OPD 2019] .NET Core Security
 
[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture[OPD 2019] Governance as a missing part of IT security architecture
[OPD 2019] Governance as a missing part of IT security architecture
 
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
[OPD 2019] Storm Busters: Auditing & Securing AWS Infrastructure
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing[OPD 2019] Automated Defense with Serverless computing
[OPD 2019] Automated Defense with Serverless computing
 
[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC[OPD 2019] Advanced Data Analysis in RegSOC
[OPD 2019] Advanced Data Analysis in RegSOC
 
[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens[OPD 2019] Attacking JWT tokens
[OPD 2019] Attacking JWT tokens
 
[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing[OPD 2019] Rumpkernels meet fuzzing
[OPD 2019] Rumpkernels meet fuzzing
 
[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS[OPD 2019] Trusted types and the end of DOM XSS
[OPD 2019] Trusted types and the end of DOM XSS
 
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
[Wroclaw #9] To be or Not To Be - Threat Modeling in Security World
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
 
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-miningOWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining
 
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contractsOWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
OWASP Poland Day 2018 - Damian Rusinek - Outsmarting smart contracts
 
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologies
 
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hackingOWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
OWASP Poland Day 2018 - Dani Ramirez - IPMI hacking
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 

Último

Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...sonatiwari757
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistKHM Anwar
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goasexy call girls service in goa
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 

Último (20)

Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
Call Girls in Mayur Vihar ✔️ 9711199171 ✔️ Delhi ✔️ Enjoy Call Girls With Our...
 
SEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization SpecialistSEO Growth Program-Digital optimization Specialist
SEO Growth Program-Digital optimization Specialist
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goahorny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
horny (9316020077 ) Goa Call Girls Service by VIP Call Girls in Goa
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 

Mirai botnet Intro to discussion OWASP Kraków 2016.11.15 @slawekja

  • 1. Mirai botnet Intro to discussion Slawomir.Jasek@securing.pl @slawekja OWASP Kraków, 15.11.2016
  • 2. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja We have all heard about it...
  • 3. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Most often pointed manufacturer
  • 4. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja No, it’s not us, it’s the users! http://www.xiongmaitech.com/index.php/news/info/12/76 (only Chinese, I used Google translator)
  • 5. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 6. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja My story... • The best-priced IP camera with PoE and ONVIF • Management standard (was supposed to) assure painless integration of the video in my installation.
  • 7. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 8. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 9. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 10. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Malware embedded... http://artfulhacker.com/post/142519805054/beware-even-things-on-amazon-come https://ipcamtalk.com/threads/brenz-pl-malware-in-ip-cameras-what-now.12851/ http://forums.whirlpool.net.au/forum-replies.cfm?t=2362073&p=11&#r211
  • 11. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Path traversal
  • 12. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Auth bypass...
  • 13. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja „CLOUD SERVICE”
  • 14. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The „cloud” service # tcpdump host camera.local 18:48:41.290938 IP camera.local.49030 > ec2- 54-72-86-70.eu-west- 1.compute.amazonaws.com.8000: UDP, length 25
  • 15. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja
  • 16. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Device login – no pass, static captcha, id=MAC ;)
  • 17. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja FAQ
  • 18. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja TELNET
  • 19. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Nmap root@kali:~# nmap 10.5.5.20 Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2016-11-06 10:59 EST Nmap scan report for 10.5.5.20 Host is up (0.019s latency). Not shown: 996 closed ports PORT STATE SERVICE 23/tcp open telnet 80/tcp open http 554/tcp open rtsp 8899/tcp open ospf-lite
  • 20. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai credentials for brute-force https://github.com/securing/mirai_credentials
  • 21. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Now go and brute the telnet • root@kali:~# hydra -C mirai_creds.txt telnet://10.5.5.20
  • 22. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja few seconds later...
  • 23. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja The telnet password • I did not have the credentials few years ago... • But the password was already known then. No need to hack, search „password” and the name of device in Russian
  • 24. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wait... • But we have changed the default password, didn’t we?
  • 25. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://www.us-cert.gov/ncas/alerts/TA16-288A
  • 26. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, where is the password? # cat /etc/passwd root:$1$RYIwEiRA$d5iRRVQ5ZeRTrJwGjRy. B0:0:0:root:/:/bin/sh # mount /dev/root on / type cramfs (ro,relatime)
  • 27. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Can we change it? # passwd -sh: passwd: not found # echo "better etc passwd" > /etc/passwd -sh: can't create /etc/passwd: Read-only file system # mount -o remount,rw / # mount /dev/root on / type cramfs (ro,relatime)
  • 28. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja So, it looks like we have to reflash... • The DVR (10.5.5.30) has telnet disabled. • Firmware versions starting mid-2015. • But for many models the upgrade is not available ;) • ... and the DVR still has telnet on 9527 ;) not to mention other vulns
  • 29. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja HOW TO UPGRADE FIRMWARE?
  • 30. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Let’s imagine you are a regular camera user... • You have bought a camera in the nearest shop with cameras. • You know your camera is vulnerable and should be upgraded. • Try to find out how to do it, and where to find the firmware.
  • 31. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How do you think will regular user do?
  • 32. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DEVICE SUPPLY CHAIN
  • 33. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Various vendors – same device
  • 34. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing
  • 35. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Features, Price! Features, Price! Features, Price! Features, Price!
  • 36. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Supply chain Board Support Package - drivers, bootloader, kernel-level SDK Broadcom, Texas Instruments, HiSilicon, WindRiver... Original Device Manufacturer – web interface, SDK, cloud... usually unknown from China, Taiwan etc. Original Equipment Manufacturer – composing, branding ODMs + support, license, warranty... Value Added Reseller / Distributor End user Fabless manufacturing Security? ? ? ?
  • 37. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja MIRAI
  • 38. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Back in 2012 Internet Census Project http://internetcensus2012.bitbucket.org/paper.html
  • 39. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja 2012 vs 2016 https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.htmlhttp://internetcensus2012.bitbucket.org/paper.html
  • 40. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Mirai source https://github.com/jgamblin/Mirai-Source-Code/ Warning: • The zip file for the is repo is being identified by some AV programs as malware.
  • 41. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Worth reading • The original post with source code : • Mirai-Source-Code-master/ForumPost.txt
  • 42. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How does it spread? • mirai/bot/scanner.c
  • 43. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scans for random IPs with several exclusions ;)
  • 44. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Next, tries to hit the telnet • And once per ten also on 2323
  • 45. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Password list
  • 46. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Resolve C&C IP with DNS
  • 47. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CATCHING MIRAI
  • 48. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja https://twitter.com/MiraiAttacks/ • Live feed of commands sent to 500 „infected” machines
  • 49. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja How about dynamic analysis? We will expose the camera’s telnet service directly to the Internet. ... and see what happens. https://asciinema.org/a/1tynlhzfs0lmw6t3bn5k40cu7
  • 50. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Our setup Devices: 2 cameras + 1 DVR Router VPNs to public IP, exposes devices telnet Dump all traffic to/from devices for analysis
  • 51. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Wireshark analysis http://10.5.5.5/ mirai.pcap • Right click -> • Follow-> • TCP Stream
  • 52. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Telnet session „Hello, my name is ...”
  • 53. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Check processor version
  • 54. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Download payload into „upnp”
  • 55. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC connection establishement – dns query
  • 56. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja C&C DNS Thanks: Josh Pyorre, OpenDNSThanks: Josh Pyorre, OpenDNS
  • 57. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja DNS – domain taken by FBI Thanks: Josh Pyorre, OpenDNS
  • 58. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Registrant ID: C4853993-CLUB Registrant Name: Zee Gate Registrant Street: 666 antichrist lane Registrant City: San Diego Registrant State/Province: CA Registrant Postal Code: 92050 Registrant Country: US Registrant Phone: +1.7603014069 Registrant Fax: +1.7603014069 Registrant Email: abuse@fbi.gov Admin ID: C4853996-CLUB Admin Name: Zee Gate Admin Street: 666 antichrist lane whois hightechcrime.club
  • 59. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja CNC
  • 60. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Scanning for new targets
  • 61. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Other variants – DONGS ?
  • 62. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja WHAT CAN WE DO?
  • 63. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Set your DNS to 127.0.0.1?
  • 64. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Not everyone can afford that ;)
  • 65. Mirai intro to discussion, OWASP Kraków 2016.11.15 @slawekja Features at low cost compromising on security is just obscene ;) Let’s do it better!