4. Purpose
Motivation of an APT is obtaining highly valuable
information from one target. In contrast, motivation of
a mass attack is obtaining valuable information from
multiple targets.
9. The Plan
• Deciding targets
• Finding a vulnerability
• Writing (weaponising) the exploit
10. The Plan
• Deciding targets
• Finding a vulnerability
• Writing (weaponising) the exploit
• Writing mass exploitation scripts
11. The Plan
• Deciding targets
• Finding a vulnerability
• Writing (weaponising) the exploit
• Writing mass exploitation scripts
• Running the attack
12. The Plan
• Deciding targets
• Finding a vulnerability
• Writing (weaponising) the exploit
• Writing mass exploitation scripts
• Running the attack
• Analysing results
14. Attractive Target: Routers
• Directly accessible from the internet.
• Once you own a SOHO router, you can control the
whole traffic.
15. Attractive Target: Routers
• Directly accessible from the internet.
• Once you own a SOHO router, you can control the
whole traffic.
• No log, stealth. (it’s really hard for an investigator
to find out what is going on.)
16. Attractive Target: Routers
• Directly accessible from the internet.
• Once you own a SOHO router, you can control the
whole traffic.
• No log, it’s really hard to find out what is going on
(very hard)
• Have a long (long long) update interval.
18. Easy Target
• Does It have known vulnerabilities?
• Does the Vendor have published any security
advisory?
19. Easy Target
• Does It have known vulnerabilities?
• Does the Vendor have published any security
advisory?
• Are there any third party product/device to
mitigate exploitation.
29. Writing the Exploit
• MIPS assembly
• CPU has different data and code caches; so, can’t
jump to stack directly.
• Can’t jump into middle of instructions, this reduces
the number of alternative gadgets while creating a
ROP chain.
• MiniUPNPd process restarts if it crashes or hangs.