O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Five Lessons Learned From Breaking Into A Casino        Confessions of a Pentester & Other Stories                        ...
Agenda• My Background• Pentest Stories   – The Energy Company   – The Casino• Top 5 Ways We Break In   – What can you lear...
About Your Presenter• Tom Eston• Manager, SecureState Profiling & Penetration Team• CISSP, GWAPT• Physical/Network Penetra...
Disclaimer: Don’t Try This At Home• Hacking (breaking in) is illegal without permission!                                  ...
Pentest Stories                  5
The Energy Company• High Security Facility  – Barbed wire fence  – Roving patrols  – Guard station with camera coverage• O...
The Energy Company• Team A found an area not protected by security fence• Team B gained access to the control facility thr...
8
9
10
The Casino• No “Ocean’s Eleven”  required• Casino’s have Hotels right?• SecureState was able to  hack the Casino Wireless ...
What could we do?• While on the Gaming Network we had the ability to see all  slot machines, including:   – Payout informa...
13
Top 5 Ways We Break In  “Lessons Learned”                         14
#5       Poor Network Segmentation• Many networks are still “flat”• Poor ACLs• Compromised systems can be used to “pivot” ...
#4         Weak Wireless Encryption• Some companies are still using WEP (sad but true)• Some companies are using weak pass...
#3               Social Engineering• The “human layer” is always the weakest link  in a security program• Used to convince...
#2  Unpatched/Misconfigured Systems• Very common to still find systems without MS08-067  (2008) critical Microsoft patch!•...
Happy Birthday MS08-067!                           19
#1                Weak Passwords• Password1  This meets Windows complexity requirements!• Many use easy to guess dictionar...
Questions?• Visit http://www.securestate.com for more  information on our services• My Blog: http://SpyLogic.net• Email: t...
Próximos SlideShares
Carregando em…5
×

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

8.885 visualizações

Publicada em

Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.

In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.

Publicada em: Tecnologia
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download Full EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download Full doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download PDF EBOOK here { https://soo.gd/qURD } ......................................................................................................................... Download EPUB Ebook here { https://soo.gd/qURD } ......................................................................................................................... Download doc Ebook here { https://soo.gd/qURD } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book THIS can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer THIS is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story THIS Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money THIS the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths THIS Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • ACCESS that WEBSITE Over for All Ebooks (Unlimited) ......................................................................................................................... DOWNLOAD FULL PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... DOWNLOAD FULL EPUB Ebook here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m6jJ5M } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m6jJ5M }
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (Unlimited) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download Full EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ACCESS WEBSITE for All Ebooks ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... Download doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • Seja a primeira pessoa a gostar disto

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

  1. 1. Five Lessons Learned From Breaking Into A Casino Confessions of a Pentester & Other Stories Tom Eston
  2. 2. Agenda• My Background• Pentest Stories – The Energy Company – The Casino• Top 5 Ways We Break In – What can you learn? 2
  3. 3. About Your Presenter• Tom Eston• Manager, SecureState Profiling & Penetration Team• CISSP, GWAPT• Physical/Network Penetration Testing, Web/Mobile Application Assessments, Social Engineering• Penetration Testing Team Lead for a Fortune 500 Regional Bank• Speaker at Black Hat USA, DEFCON, ShmooCon, SANS, OWASP AppSec• Blogger (SpyLogic.net) and Podcaster (Security Justice, Social Media Security) 3
  4. 4. Disclaimer: Don’t Try This At Home• Hacking (breaking in) is illegal without permission! 4
  5. 5. Pentest Stories 5
  6. 6. The Energy Company• High Security Facility – Barbed wire fence – Roving patrols – Guard station with camera coverage• Objective: Breach the facility, gain access to the control station• SecureState deployed two teams… 6
  7. 7. The Energy Company• Team A found an area not protected by security fence• Team B gained access to the control facility through social engineering the gate guards• Rendezvous with Team A at the control station (Administration Building)• Gained access to shut down the entire facility (big red button), password written on wall• Installed a Wireless Access Point that allowed remote connection into the network 7
  8. 8. 8
  9. 9. 9
  10. 10. 10
  11. 11. The Casino• No “Ocean’s Eleven” required• Casino’s have Hotels right?• SecureState was able to hack the Casino Wireless Network…from the hotel!• Weak Wireless Encryption + Poor Network “Ocean’s Eleven” ©2001 Warner Bros. Pictures. All Rights Reserved. Segmentation = $$$ 11
  12. 12. What could we do?• While on the Gaming Network we had the ability to see all slot machines, including: – Payout information for each machine – Ability to manipulate odds, generate bogus/free plays and modify systems which generate revenue for the Casino• Access to the internal security camera system – Ability to shut down and move cameras• We were met by security when attempting to visit the Casino floor  12
  13. 13. 13
  14. 14. Top 5 Ways We Break In “Lessons Learned” 14
  15. 15. #5 Poor Network Segmentation• Many networks are still “flat”• Poor ACLs• Compromised systems can be used to “pivot” to segmented networks• Example, host on a DMZ compromised. Pivot to internal network containing financial systems 15
  16. 16. #4 Weak Wireless Encryption• Some companies are still using WEP (sad but true)• Some companies are using weak passphrases with WPA/WPA2 configurations• Wireless clients can be misconfigured with WPA2 Enterprise configurations• Once the wireless network is accessed, we find poor network segmentation  16
  17. 17. #3 Social Engineering• The “human layer” is always the weakest link in a security program• Used to convince someone to do something they normally wouldn’t do• Everyone wants to be helpful!• Who would attack/scam us attitude “We would never fall for that…” 17
  18. 18. #2 Unpatched/Misconfigured Systems• Very common to still find systems without MS08-067 (2008) critical Microsoft patch!• Systems with ports and services that should be closed (RDP)• Default Credentials – Apache Tomcat/JBoss• Lack of minimum security baselines for systems – Still challenging for many companies 18
  19. 19. Happy Birthday MS08-067! 19
  20. 20. #1 Weak Passwords• Password1 This meets Windows complexity requirements!• Many use easy to guess dictionary words – Seasons of the year are quite popular “Summer12” – Anything based off of common names…• Lack of user security awareness• Easy targets: Citrix, RDP Servers, SSL VPN, Webmail 20
  21. 21. Questions?• Visit http://www.securestate.com for more information on our services• My Blog: http://SpyLogic.net• Email: teston@securestate.com• Twitter: @agent0x0 21

×