SlideShare uma empresa Scribd logo

Strange security mitigations

Antonio Costa aka Cooler_
Antonio Costa aka Cooler_

Tips and tricks to understand some typical vulnerabilities and how to mitigate them following an untypical intelligent approach.

Software
1 de 22
Baixar para ler offline
Strange security mitigations Tips and tricks from an attacker’s mind Author: CoolerVoid Tips and tricks to understand some typical vulnerabilities and how to mitigate them following an untypical intelligent approach. abr. 17, 2022 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Summary 1 Whoamy 2 Depths of vulnerabilities (not all) 3 Always watch your home Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Whoamy Whoamy Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Whoamy Whoamy Antonio Costa - CoolerVoid Appsec tech leader Cybersecurity engineer Open-source programmer Reverse engineer github.com/CoolerVoid Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Depths of vulnerabilities (not all) Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Heap overflow In late 2001, ”Vudo Malloc Tricks” by Michel ”MaXX” and ”Once Upon A free()” defined the exploitation of overflowed dynamic memory chunks on Linux. late 2004, a series of patches to GNU libc malloc implemented over a dozen mandatory integrity assertions, effectively rendering the existing techniques to exploit obsolete. Malloc Maleficarum by Phantasmal Phantasmagoria dl.packetstormsecurity.net/papers/attack/MallocMaleficarum.txt cwe.mitre.org/data/definitions/122.html github.com/shellphish/how2heap Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Heap overflow - Malloc resources ptmalloc2 – glibc jemalloc – FreeBSD and Firefox tcmalloc – Google libumem – Solaris Hoard - CISCO, SAP and CreditSuisse Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) First rant, libraries alternatives In late 2010 DieHard Allocator - DieHard: An error-resistant memory allocator for Windows, Linux, and Mac OS X microsoft.com/en-us/research/video/dieharder-securing-the-heap/ github.com/emeryberger/DieHard In late 2017 FreeGuard: A Faster Secure Heap Allocator https://arxiv.org/abs/1709.02746 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Heart bleed in OpenSSL OpenSSL library CVE-2014-0160 A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. https://www.openssl.org/news/secadv/20140407.txt Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Second rant, libraries alternatives OpenBSD’s LibreSSL Memory sanitization is a central feature in LibreSSL that is lacking in OpenSSL. Prior to the deallocation of objects, LibreSSL explicitly zeros out memory using OpenBSD’s explicit_bzero(3) function. This proactively reduces the impact of memory exposure in the event of a future vulnerability or an unprivileged process that gains control of a tainted memory segment. Google’s BoringSSL Currently BoringSSL is the SSL library in Chrome/Chromium and Android. BearSSL, MatrixSSL, mbedtls, PolarSSL, lib sodium and so on Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Big check list Stack buffer overflow, Heap Overflow, integer overflow, buffer underflow, off-byone, memory leak, use after free, double free, race conditions(TOCTOU), lack of ASLR, lack of DEP, lack of stack cookie, lack of relro, lack of certificate pinning, lack of signature check, RCE, IDOR, RFI, LFI, SSO, CSRF, SSRF , SSTI, XEE, ReDOS, NoSQLi, SQLi, blind SQLi, XSS, blind XSS, DomXSS, Open Redirect, Path traversal, Insecure deserealization, LDAP injection, HQL injection, http parameter pollution, improper permissions, uncontrolled upload, uncontrolled resource consumption, CSV injection, graph injection, Denial of service, weak cryptography, lack of salt, lack of secret key, lack of anti-tampering, lack of root detect, lack of secomp/pledge, lack of rate limiting, lack of resource anti-robot, lack of http header hardening, lack of anti-hooking, misconfiguration, Uncontrolled Search Path Element, information leak,hardcoded credentials, tempest attack... Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Depths of vulnerabilities (not all) Dark depths in vulnerabilities - fuzzing! AFL! Figure: Magic the gathering card, dark depths by Mathias Kollros Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Always watch your home Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Allow list of syscalls Enumerate syscalls of each resource Linux’s seccomp() function OpenBSD’s Pledge() function Restrict a Container’s Syscalls with seccomp github.com/antitree/syscall2seccomp Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Hide your treasures Prevent hardcoded credentials using the proper vault Uses a safe library example LibreSSL and lib sodium Use safe algorithm for cryptography following OWASP, CERT and NIST. Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home LKM to hide and protect file system resources Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Not even the root has permission to see the files or make actions like edit and remove. The files only can be caught, edited, and deleted if the user sends a proper key to the custom device. github.com/CoolerVoid/casper-fs Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Master librarian to audit operational system libraries Figure: from the game castlevania 1997 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Master librarian to audit operational system libraries A tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities Uses pkg-config resource to list all operational system libraries github.com/CoolerVoid/master_librarian Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Vision to audit all services banners Vision2 analyses the Nmap XML scanning results, parses each CPE context, and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services Uses nmap result to search security issues following NVD github.com/CoolerVoid/Vision2 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home LKM for Hidden firewall Tool to generate a Linux kernel module for hidden and custom rules with Netfilter hooking. (block ports, Hidden mode, firewall functions) The motivation: in a bad situation, an attacker can put your iptables/ufw to fall. But if you have HiddenWall, the attacker will not find the hidden kernel module that blocks external access because it has a hook to netfilter on kernel land(think like a second layer for Firewall). github.com/CoolerVoid/HiddenWall Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Always watch your home Shared Library Application Firewall ”SLAF” Spock SLAF is a Shared Library Application Firewall ”SLAF”. It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL injection. github.com/CoolerVoid/spock_slaf Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
Thank you Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022

Recomendados

Understand study
Understand studyUnderstand study
Understand studyAntonio Costa aka Cooler_
 
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)Alexandre Borges
 
.NET MALWARE THREATS -- BHACK CONFERENCE 2019
.NET MALWARE THREATS -- BHACK CONFERENCE 2019.NET MALWARE THREATS -- BHACK CONFERENCE 2019
.NET MALWARE THREATS -- BHACK CONFERENCE 2019Alexandre Borges
 
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)Alexandre Borges
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019Alexandre Borges
 
Lab Handson: Power your Creations with Intel Edison!
Lab Handson: Power your Creations with Intel Edison!Lab Handson: Power your Creations with Intel Edison!
Lab Handson: Power your Creations with Intel Edison!Codemotion
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 

Recomendados

Understand study
Understand studyUnderstand study
Understand studyAntonio Costa aka Cooler_
 
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)
MODERN MALWARE THREAT: HANDLING OBFUSCATED CODE -- CONFIDENCE CONFERENCE (2019)Alexandre Borges
 
.NET MALWARE THREATS -- BHACK CONFERENCE 2019
.NET MALWARE THREATS -- BHACK CONFERENCE 2019.NET MALWARE THREATS -- BHACK CONFERENCE 2019
.NET MALWARE THREATS -- BHACK CONFERENCE 2019Alexandre Borges
 
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)
ADVANCED MALWARE THREATS -- NO HAT 2019 (BERGAMO / ITALY)Alexandre Borges
 
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)
MODERN MALWARE: OBFUSCATION AND EMULATION DEF CON CHINA 1.0 (2019)Alexandre Borges
 
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019
.NET MALWARE THREAT: INTERNALS AND REVERSING DEF CON USA 2019Alexandre Borges
 
Lab Handson: Power your Creations with Intel Edison!
Lab Handson: Power your Creations with Intel Edison!Lab Handson: Power your Creations with Intel Edison!
Lab Handson: Power your Creations with Intel Edison!Codemotion
 
Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]Joxean Koret - Database Security Paradise [Rooted CON 2011]
Joxean Koret - Database Security Paradise [Rooted CON 2011]RootedCON
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSBA Research
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Maksim Shudrak
 
Fwd Cloudsec 2022
Fwd Cloudsec 2022Fwd Cloudsec 2022
Fwd Cloudsec 2022Christopher Doman
 
Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debuggingKonrad Ferdinand Heimel
 
LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017Dieter Reuter
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist LibbySchulze
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
DEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threatsDEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threatsFelipe Prado
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 
DockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with DockerDockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with DockerDocker, Inc.
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.comMathieu Buffenoir
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applicationsNéstor Salceda
 
WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resourcesAntonio Costa aka Cooler_
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginnersAntonio Costa aka Cooler_
 

Mais conteúdo relacionado

Semelhante a Strange security mitigations

Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2ShapeBlue
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleParis Container Day
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSBA Research
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesÖmer Coşkun
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...PROIDEA
 
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Maksim Shudrak
 
LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017Dieter Reuter
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless worldYan Cui
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist LibbySchulze
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
DEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threatsDEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threatsFelipe Prado
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniShellmates
 
DockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with DockerDockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with DockerDocker, Inc.
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.comMathieu Buffenoir
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applicationsNéstor Salceda
 

Semelhante a Strange security mitigations (20)

Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
Security in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie FrazelleSecurity in a containerized world - Jessie Frazelle
Security in a containerized world - Jessie Frazelle
 
Secure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas FalkSecure development on Kubernetes by Andreas Falk
Secure development on Kubernetes by Andreas Falk
 
iOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic TechniquesiOS Hacking: Advanced Pentest & Forensic Techniques
iOS Hacking: Advanced Pentest & Forensic Techniques
 
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
CONFidence 2015: iOS Hacking: Advanced Pentest & Forensic Techniques - Omer S...
 
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
Tricky sample? Hack it easy! Applying dynamic binary inastrumentation to ligh...
 
Fwd Cloudsec 2022
Fwd Cloudsec 2022Fwd Cloudsec 2022
Fwd Cloudsec 2022
 
Tools for kubernetes network debugging
Tools for kubernetes network debuggingTools for kubernetes network debugging
Tools for kubernetes network debugging
 
LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017LinuxKit and Moby, News from DockerCon 2017
LinuxKit and Moby, News from DockerCon 2017
 
Security in serverless world
Security in serverless worldSecurity in serverless world
Security in serverless world
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
 
DEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threatsDEFCON 27 - ALEXANDRE BORGES - dot net malware threats
DEFCON 27 - ALEXANDRE BORGES - dot net malware threats
 
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal HarouniBSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
BSides Algiers - Linux Kernel and Recent Security Protections - Djallal Harouni
 
DockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with DockerDockerCon EU 2015: Trading Bitcoin with Docker
DockerCon EU 2015: Trading Bitcoin with Docker
 
2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com2015 DockerCon Using Docker in production at bity.com
2015 DockerCon Using Docker in production at bity.com
 
Securing your Kubernetes applications
Securing your Kubernetes applicationsSecuring your Kubernetes applications
Securing your Kubernetes applications
 

Mais de Antonio Costa aka Cooler_

Mais de Antonio Costa aka Cooler_ (13)

WAF protections and bypass resources
WAF protections and bypass resourcesWAF protections and bypass resources
WAF protections and bypass resources
 
Static analysis for beginners
Static analysis for beginnersStatic analysis for beginners
Static analysis for beginners
 
Improving spam detection with automaton
Improving spam detection with automatonImproving spam detection with automaton
Improving spam detection with automaton
 
Raptor web application firewall
Raptor web application firewallRaptor web application firewall
Raptor web application firewall
 
0d1n
0d1n0d1n
0d1n
 
Burlando Waf 2.0
Burlando Waf 2.0Burlando Waf 2.0
Burlando Waf 2.0
 
burlando um WAF
burlando um WAFburlando um WAF
burlando um WAF
 
Development pitfalls
Development pitfallsDevelopment pitfalls
Development pitfalls
 
0d1n bsides2
0d1n bsides20d1n bsides2
0d1n bsides2
 
Vivendo de hacking
Vivendo de hackingVivendo de hacking
Vivendo de hacking
 
Bsides odin
Bsides odinBsides odin
Bsides odin
 
Bsides4cooler
Bsides4coolerBsides4cooler
Bsides4cooler
 
detector de ladrão com laser
detector de ladrão com laserdetector de ladrão com laser
detector de ladrão com laser
 

Último

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park masabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 

Último (20)

Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 

Strange security mitigations

  • 1. Strange security mitigations Tips and tricks from an attacker’s mind Author: CoolerVoid Tips and tricks to understand some typical vulnerabilities and how to mitigate them following an untypical intelligent approach. abr. 17, 2022 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 2. Summary 1 Whoamy 2 Depths of vulnerabilities (not all) 3 Always watch your home Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 3. Whoamy Whoamy Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 4. Whoamy Whoamy Antonio Costa - CoolerVoid Appsec tech leader Cybersecurity engineer Open-source programmer Reverse engineer github.com/CoolerVoid Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 5. Depths of vulnerabilities (not all) Depths of vulnerabilities (not all) Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 6. Depths of vulnerabilities (not all) Heap overflow In late 2001, ”Vudo Malloc Tricks” by Michel ”MaXX” and ”Once Upon A free()” defined the exploitation of overflowed dynamic memory chunks on Linux. late 2004, a series of patches to GNU libc malloc implemented over a dozen mandatory integrity assertions, effectively rendering the existing techniques to exploit obsolete. Malloc Maleficarum by Phantasmal Phantasmagoria dl.packetstormsecurity.net/papers/attack/MallocMaleficarum.txt cwe.mitre.org/data/definitions/122.html github.com/shellphish/how2heap Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 7. Depths of vulnerabilities (not all) Heap overflow - Malloc resources ptmalloc2 – glibc jemalloc – FreeBSD and Firefox tcmalloc – Google libumem – Solaris Hoard - CISCO, SAP and CreditSuisse Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 8. Depths of vulnerabilities (not all) First rant, libraries alternatives In late 2010 DieHard Allocator - DieHard: An error-resistant memory allocator for Windows, Linux, and Mac OS X microsoft.com/en-us/research/video/dieharder-securing-the-heap/ github.com/emeryberger/DieHard In late 2017 FreeGuard: A Faster Secure Heap Allocator https://arxiv.org/abs/1709.02746 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 9. Depths of vulnerabilities (not all) Heart bleed in OpenSSL OpenSSL library CVE-2014-0160 A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. https://www.openssl.org/news/secadv/20140407.txt Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 10. Depths of vulnerabilities (not all) Second rant, libraries alternatives OpenBSD’s LibreSSL Memory sanitization is a central feature in LibreSSL that is lacking in OpenSSL. Prior to the deallocation of objects, LibreSSL explicitly zeros out memory using OpenBSD’s explicit_bzero(3) function. This proactively reduces the impact of memory exposure in the event of a future vulnerability or an unprivileged process that gains control of a tainted memory segment. Google’s BoringSSL Currently BoringSSL is the SSL library in Chrome/Chromium and Android. BearSSL, MatrixSSL, mbedtls, PolarSSL, lib sodium and so on Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 11. Depths of vulnerabilities (not all) Big check list Stack buffer overflow, Heap Overflow, integer overflow, buffer underflow, off-byone, memory leak, use after free, double free, race conditions(TOCTOU), lack of ASLR, lack of DEP, lack of stack cookie, lack of relro, lack of certificate pinning, lack of signature check, RCE, IDOR, RFI, LFI, SSO, CSRF, SSRF , SSTI, XEE, ReDOS, NoSQLi, SQLi, blind SQLi, XSS, blind XSS, DomXSS, Open Redirect, Path traversal, Insecure deserealization, LDAP injection, HQL injection, http parameter pollution, improper permissions, uncontrolled upload, uncontrolled resource consumption, CSV injection, graph injection, Denial of service, weak cryptography, lack of salt, lack of secret key, lack of anti-tampering, lack of root detect, lack of secomp/pledge, lack of rate limiting, lack of resource anti-robot, lack of http header hardening, lack of anti-hooking, misconfiguration, Uncontrolled Search Path Element, information leak,hardcoded credentials, tempest attack... Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 12. Depths of vulnerabilities (not all) Dark depths in vulnerabilities - fuzzing! AFL! Figure: Magic the gathering card, dark depths by Mathias Kollros Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 13. Always watch your home Always watch your home Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 14. Always watch your home Allow list of syscalls Enumerate syscalls of each resource Linux’s seccomp() function OpenBSD’s Pledge() function Restrict a Container’s Syscalls with seccomp github.com/antitree/syscall2seccomp Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 15. Always watch your home Hide your treasures Prevent hardcoded credentials using the proper vault Uses a safe library example LibreSSL and lib sodium Use safe algorithm for cryptography following OWASP, CERT and NIST. Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 16. Always watch your home LKM to hide and protect file system resources Casper-fs is a custom Linux Kernel Module generator to work with resources to protect or hide a custom list of files. Each LKM has resources to protect or hide files following a custom list in the YAML rule file. Not even the root has permission to see the files or make actions like edit and remove. The files only can be caught, edited, and deleted if the user sends a proper key to the custom device. github.com/CoolerVoid/casper-fs Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 17. Always watch your home Master librarian to audit operational system libraries Figure: from the game castlevania 1997 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 18. Always watch your home Master librarian to audit operational system libraries A tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities Uses pkg-config resource to list all operational system libraries github.com/CoolerVoid/master_librarian Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 19. Always watch your home Vision to audit all services banners Vision2 analyses the Nmap XML scanning results, parses each CPE context, and correlates to search CVE on NIST. You can use that to find public vulnerabilities in services Uses nmap result to search security issues following NVD github.com/CoolerVoid/Vision2 Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 20. Always watch your home LKM for Hidden firewall Tool to generate a Linux kernel module for hidden and custom rules with Netfilter hooking. (block ports, Hidden mode, firewall functions) The motivation: in a bad situation, an attacker can put your iptables/ufw to fall. But if you have HiddenWall, the attacker will not find the hidden kernel module that blocks external access because it has a hook to netfilter on kernel land(think like a second layer for Firewall). github.com/CoolerVoid/HiddenWall Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 21. Always watch your home Shared Library Application Firewall ”SLAF” Spock SLAF is a Shared Library Application Firewall ”SLAF”. It has the purpose to protect any service that uses the OpenSSL library. The SLAF inserts hooking to intercept all communication to detect security anomalies and block and log attacks like buffer overflow, path traversal, XXE and SQL injection. github.com/CoolerVoid/spock_slaf Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022
  • 22. Thank you Antonio Costa (github.com/CoolerVoid) Strange security mitigations abr. 17, 2022