Enviar pesquisa
Carregar
Apts and other stuff
•
0 gostou
•
995 visualizações
Positive Hack Days
Seguir
Tecnologia
Negócios
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 58
Baixar agora
Baixar para ler offline
Recomendados
Modzify Investor Presentation
Modzify Investor Presentation
Modzify
Ipbc china 2012 Presentation
Ipbc china 2012 Presentation
Asia Pacific Cloud Apps Alliance
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
Positive Hack Days
PostScript: Danger Ahead?!
PostScript: Danger Ahead?!
Positive Hack Days
Manish Chasta - Android forensics
Manish Chasta - Android forensics
Positive Hack Days
Практические аспекты мобильной безопасности
Практические аспекты мобильной безопасности
Positive Hack Days
Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...
Positive Hack Days
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
Positive Hack Days
Recomendados
Modzify Investor Presentation
Modzify Investor Presentation
Modzify
Ipbc china 2012 Presentation
Ipbc china 2012 Presentation
Asia Pacific Cloud Apps Alliance
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
The System of Automatic Searching for Vulnerabilities or how to use Taint Ana...
Positive Hack Days
PostScript: Danger Ahead?!
PostScript: Danger Ahead?!
Positive Hack Days
Manish Chasta - Android forensics
Manish Chasta - Android forensics
Positive Hack Days
Практические аспекты мобильной безопасности
Практические аспекты мобильной безопасности
Positive Hack Days
Как выборы Президента России влияют на рынок информационной безопасности и...
Как выборы Президента России влияют на рынок информационной безопасности и...
Positive Hack Days
Attacks against Microsoft network web clients
Attacks against Microsoft network web clients
Positive Hack Days
Where the money is – Security of CBS.
Where the money is – Security of CBS.
Positive Hack Days
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Authentic Vision
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012
Prolifics
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
VAPT Services | Securium Solutions
VAPT Services | Securium Solutions
Securium solutions
Beyond identity soft choice tech you oughta know 03042022
Beyond identity soft choice tech you oughta know 03042022
Philip Moroni
Design talk
Design talk
Kate Hanson
Attend ppt template_for_sales_20120601
Attend ppt template_for_sales_20120601
Chris Yang Chen
Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10
Prabir Saha
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Denim Group
Slides 20120124
Slides 20120124
Adrian Warman
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions
Securim Solutions Pvt Ltd
Securim Solutions Pvt Ltd
Securium Solutions
SECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security Company
keshavsecurium
Best Vapt Security Company Securium Solu
Best Vapt Security Company Securium Solu
keshavsecurium
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
Positive Hack Days
Alexander Antukh
Alexander Antukh
Positive Hack Days
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Brent Spencer
Softwide Security Company Introduction 2024
Softwide Security Company Introduction 2024
Softwide Security
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Positive Hack Days
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
Positive Hack Days
Mais conteúdo relacionado
Semelhante a Apts and other stuff
Where the money is – Security of CBS.
Where the money is – Security of CBS.
Positive Hack Days
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Authentic Vision
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012
Prolifics
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
TISA
VAPT Services | Securium Solutions
VAPT Services | Securium Solutions
Securium solutions
Beyond identity soft choice tech you oughta know 03042022
Beyond identity soft choice tech you oughta know 03042022
Philip Moroni
Design talk
Design talk
Kate Hanson
Attend ppt template_for_sales_20120601
Attend ppt template_for_sales_20120601
Chris Yang Chen
Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10
Prabir Saha
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Denim Group
Slides 20120124
Slides 20120124
Adrian Warman
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions
Securim Solutions Pvt Ltd
Securim Solutions Pvt Ltd
Securium Solutions
SECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security Company
keshavsecurium
Best Vapt Security Company Securium Solu
Best Vapt Security Company Securium Solu
keshavsecurium
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
Positive Hack Days
Alexander Antukh
Alexander Antukh
Positive Hack Days
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Brent Spencer
Softwide Security Company Introduction 2024
Softwide Security Company Introduction 2024
Softwide Security
Semelhante a Apts and other stuff
(20)
Where the money is – Security of CBS.
Where the money is – Security of CBS.
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Risk & Reward: Protecting IP and Growing Revenue with Product Authentication ...
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Prolifics at IBM Lotusphere 2012
Prolifics at IBM Lotusphere 2012
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
VAPT Services | Securium Solutions
VAPT Services | Securium Solutions
Beyond identity soft choice tech you oughta know 03042022
Beyond identity soft choice tech you oughta know 03042022
Design talk
Design talk
Attend ppt template_for_sales_20120601
Attend ppt template_for_sales_20120601
Transformationplus Cyber Security Offering v10
Transformationplus Cyber Security Offering v10
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
The Savvy Security Leader: Using Guerrilla Tactics to ID Security Program Res...
Slides 20120124
Slides 20120124
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securium Solutions: Empowering Online Certification Training in Cyber Securit...
Securim Solutions Pvt Ltd
Securim Solutions Pvt Ltd
SECURIUM-SOLUTIONS Best VAPT Security Company
SECURIUM-SOLUTIONS Best VAPT Security Company
Best Vapt Security Company Securium Solu
Best Vapt Security Company Securium Solu
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of Appliances
Alexander Antukh
Alexander Antukh
Bring Your Own Device - Key Steps for an effective program
Bring Your Own Device - Key Steps for an effective program
Softwide Security Company Introduction 2024
Softwide Security Company Introduction 2024
Mais de Positive Hack Days
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Positive Hack Days
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
Positive Hack Days
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
Positive Hack Days
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
Positive Hack Days
Использование анализатора кода SonarQube
Использование анализатора кода SonarQube
Positive Hack Days
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
Positive Hack Days
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Positive Hack Days
Автоматизация построения правил для Approof
Автоматизация построения правил для Approof
Positive Hack Days
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
Positive Hack Days
Формальные методы защиты приложений
Формальные методы защиты приложений
Positive Hack Days
Эвристические методы защиты приложений
Эвристические методы защиты приложений
Positive Hack Days
Теоретические основы Application Security
Теоретические основы Application Security
Positive Hack Days
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Positive Hack Days
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Positive Hack Days
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
Positive Hack Days
Формальная верификация кода на языке Си
Формальная верификация кода на языке Си
Positive Hack Days
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
Positive Hack Days
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
Positive Hack Days
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
Positive Hack Days
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
Positive Hack Days
Mais de Positive Hack Days
(20)
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
Использование анализатора кода SonarQube
Использование анализатора кода SonarQube
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Автоматизация построения правил для Approof
Автоматизация построения правил для Approof
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
Формальные методы защиты приложений
Формальные методы защиты приложений
Эвристические методы защиты приложений
Эвристические методы защиты приложений
Теоретические основы Application Security
Теоретические основы Application Security
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
Формальная верификация кода на языке Си
Формальная верификация кода на языке Си
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
Último
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
null - The Open Security Community
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Último
(20)
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Apts and other stuff
1.
APT s and
other Stuff PH days 2012 Version: 1.0 Author: Martin Eiszner Responsible: Martin Eiszner Date: 15.05.2012 Confidentiality: Public
2.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • APT s on the rise • Trusted Software vendors and the “Erosion of trust” • How to find those little naughty 0 days for you personal APT • Demonstrations • Outlook • QA 2 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
3.
SEC Consult– Who
we are ... • Specialized consultancy for application security • Headquarter near Vienna, Austria Lithuania • Offices in Austria, Germany, Canada Germany Lithuania, Singapore and Canada Austria Central and Easter Europe • Delivery Centers in Austria, India Lithuania and Singapore • Strong customer base in Central- Singapore and Eastern Europe • Increasing customer base of clients with global business • Partner of Top 30 Software vendors SEC Consult Headquarter SEC Consult Office Other SEC Consult Clients © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
4.
Martin Eiszner -
Whoami • Security consultant • Chief technology officer • quite some other interests … SW Developer Reverser The Web Mobile devices ? tries to find the perfect approach for identifying security vulnerabilities © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
5.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • APT s on the rise • Trusted Software vendors and the “Erosion of trust” • How to find those little naughty 0 days for you personal APT • Demonstrations • Outook • QA 5 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
6.
Toxic Software and
the APT • What is Software ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
7.
Toxic Software and
the APT • Are there any problems with Software ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
8.
Toxic Software and
the APT • Toxic software is all about security vulnerabilities ! Who creates “vulnerabilities” and who bears its costs ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
9.
Toxic Software and
the APT • The “One way paradox” When it comes to software there is only © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
10.
Toxic Software and
the APT • So what is Toxic software really ? • and is there a cure ? Toxic software contains severe security vulnerabilities with a high probability to harm confidentiality, availability and integrity of its owners assets. © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
11.
Toxic Software and
the APT • Advanced persistence threats ? • What does an APT consist of APT s are planned and orchestrated mostly illegal professional projects © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
12.
Toxic Software and
the APT • Attacker - • Target - • Methodology so far …. • Phishing • Spreading heavily tailored malware © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
13.
Toxic Software and
the APT • Spear phishing – the method of the trade ? • There is always a better one .. © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
14.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • APT s on the rise • Trusted Software vendors and the “Erosion of trust” • How to find those little naughty 0 days for you personal APT • Demonstrations • Outook • QA 14 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
15.
APT s on
the rise • Any examples ? Stuxnet SCADA attack on nuclear powerplants Mother of all APT s ? … a security vendor ? … wanna buy some stocks BBC … the Iranian connection The and and and …. © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
16.
APT s on
the rise • Buzzword or the real thing ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
17.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • APT s on the rise r • Trusted Software vendors and the “Erosion of trust” • How to find those little naughty 0 days for you personal APT • Demonstrations • Outook • QA 17 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
18.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market Ok, there might be some I bought a security issues with our software product product but.. from a good …the customer is not trusted vendor The vendor did not demanding additional mention that the security product might be insecure Ok. This product is secure. Next topic… Customer The customer is satisfied with our Software Vendor level of security 18 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
19.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market Are there any security We have not seen vulnerabilities in this any major customer software? complaints yet, so we are in the clear… Let’s invest (some) money and check with a trusted security expert if everything is o.k. Software Customer Produkt Customer Customer Customer Customer Software Vendor 19 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
20.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market It was not a cheap Is the security expert lying product, how can this We did the security crash or the vendor? happen? test and it is a disaster! Gosh, I spent money I wish I never bought on Quality Assurance that product/asked the We will discover many the vendor should have security expert to more security done... check it. problems if we continue our How should I now What shall I do, now I It is not enough to fix analysis… explain my (past) have a problem that the now identified commitment for this should be resolved by problems. vendor to my boss? the vendor... Software Customer Produkt 20 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
21.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market We will fix the reported issues and we have a satisfied client again… The second audit (re-check) shows further sever Of course we will solve vulnerabilities… the problem… They have not a clue what problem they cause for me personally... Customer Software Produkt Software Vendor 21 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
22.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market This vendor product is of interest for us! Customer Customer International Security Experts We should find a 0-day Customer Custome Custome r Custome r Custome vulnerability, make a r Custome r r public security advisory Make an audit and give me your and an conference Customer Customer opinion... Customer presentation Custome Custome Customer r Custome r Bad news is good Custome r Custome r r news: Vendor is not Customer Customer Customer Customer able to solve security issues. Customer Make an audit and give me your I will tell anybody my opinion... opinion on that vendor Press If I am asked.. Customer Software Produkt 22 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
23.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market Will somebody blame me for choosing this insecure vendor? Damn! We have to do a They don’t know or they product selection before don’t care. They just we buy from this vendor. ignore the problem. Customer We’ll keep using this product if we have to - but This vendor is on the hold on, is there really no blacklist. Our alternative? headquarters will not Software accept insecure products. Produkt 23 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
24.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market • We are investing in secure development processes • We are investing in awareness of all employees and partners • We will invest in trusted external security experts • We will invest in our product security as a key feature The are definite • We are honest and alert our customers about improvements in security issues product security, but… • We know that this will continue Will somebody blame me for choosing this insecure vendor? Damn! We have to do a product selection before we They don’t know or they buy from this vendor. don’t care. Either way, they ignore the problem. Software Produkt Customer We’ll keep using this product if we have to - but hold on, is there really no This vendor is on the alternative? blacklist. Our headquarter Software Vendor will not accept insecure products. 24 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
25.
The “Erosion of
trust” lifecycle for SW - Vendors 11st st Erosion of Erosion of Trust suspicious suspicious Rebuild Trusted Trust - Trust - Trust Vendor Bubble Customer Customer Customer Market • We are investing in secure development processes • We are investing in awareness of all employees and partners • We will invest in trusted external security experts • We will invest in our product security as a key feature The are proactive in • We are honest and alert our customers about security issues They are not completely informing me about • We know that this will continue secure but will they solve the risks and involve these problems for me. leading security experts. At least they manage this risks and work hard to make their products as secure as possible. Customer Software Software Vendor Produkt 25 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
26.
0 days for
your very personal APT • Am I talking bull…. ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
27.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • APT s on the rise • Trusted Software vendors and the “Erosion of trust” • How to find those little naughty 0 days for you personal APT • Demonstrations • Outook • QA 27 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
28.
0 days for
your very personal APT • Methods for identifying … usable bugs in “Software products” • Applicaton testing and Fuzzing • Reverse engineering • Sourcecode analyses • Or just simple bye them on black markets … • A short note on so called “security scanning” tools • Just use your © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
29.
0 days for
your very personal APT • Applicaton testing and Fuzzing • Dynamic and manual testing based on • Fault injection … © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
30.
0 days for
your very personal APT • Applicaton testing and Fuzzing © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
31.
0 days for
your very personal APT • Reverse engineering • Closed source • Decompiling • Disassembling … © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
32.
0 days for
your very personal APT • Source code analyses • Closed source • SSA tools • Brainwork © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
33.
0 days for
your very personal APT • Any other methods for getting hands on 0 day s © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
34.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • Trusted Software vendors and the “Erosion of trust” • APT s on the rise • How to find those little naughty 0 days for you personal APT • Demonstrations • Outook • QA 34 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
35.
Demos • What would
be the best target for a high profile APT ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
36.
Demos • Reverse engineering
• Checkpoint – Client side remote command execution Multiple Checkpoint appliances CVE-2011-1827 • Fuzzing • F5 Firepass – Remote command execution F5 FirePass SSL VPN – Remote command execution CVE-2012-1777 • Application testing • Microsoft ASP.Net – Authentication bypass Microsoft Security Bulletin MS11-100 - Critical Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) CVE-2011-3416 Security sofware products will be the target of the trade ... soon ! © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
37.
Demo I • Reverse
engineering • SSL VPN appliances (Connectra / Security Gateway) • SNX, SecureWorkSpace and Endpoint Security On-Demand • Patented light weight “security solution” • Comes in 2 flavors • ActiveX • Signed JavaApplets © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
38.
Demo I • Reverse
engineering • Problem • Programs are flawed with several critical security vulnerabilities • Java classes are not obfuscated • Any known problems with ActiveX or Signed applets ??? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
39.
Demo I Cshell.jar CreatePackageURL RunPackageAction
© 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
40.
Demo I Cshell.jar Method RunCommand
in Cpls.class © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
41.
Demo I
© 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
42.
Demo II • Applicaton
testing and Fuzzing • F5 Firepass – SSL VPN © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
43.
Demo II • Applicaton
testing and Fuzzing • F5 Firepass – SSL VPN • Problems – this time server side • Any problems related to SQL queries and user input ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
44.
Demo II • SQL
Injection is pretty old .. • Concatenated SQL queries and user input ? • File access rights for SQL schemas ? • SUDO permissions for SQL users ? © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
45.
Demo II
© 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
46.
Demo III • Application
testing • ASP.Net – Membership framework • Part of the “Security Content Map” • built-in - validate and store user credentials • Microsoft way © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
47.
Demo III • Application
testing and fuzzing • Some ASP.Net applicaton test Database column truncation – vulnerabiliy tries to create duplicate users and elevate privilges … © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
48.
Demo III • Application
testing and fuzzing • Problems • Passing data between different layers ( “managed” vs “unmanaged”) © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
49.
Demo III • Membership
framework - a closer look FormsAuthentication MakeTicketIntoBinaryBlob() webengine4.dll CookieAuthConstructTicket() CopyStringToUnAlingnedBuffer() copies a unicode string to some array lstrlenW() determines the length of the unicode string using © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
50.
Demo III • Membership
framework - not to forget The membership framwork creates an /Register.aspx context „out of the Box“ … even if you dont want to. © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
51.
Demo III • Membership
framework © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
52.
Agenda •
Introduction • Toxic Software and the Advanced persistence threat • Trusted Software vendors and the “Erosion of trust” • APT s on the rise • How to find those little naughty 0 days for you personal APT • Demonstrations • Outlook • QA 52 © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
53.
In one sentence
… Toxic Security Softwareproducts created by Software vendors are real and they are actively being used as a perfect and stealth Point of departure for the bad guys to carry out most successful targeted Attacks ! © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
54.
Oulook - future
of targeted attacks We will see random attacks .. but a good deal more targeted attacks against high profile organizations and companies soon! © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
55.
Oulook - future
of targeted attacks • … only two things Neither nor ing your most hated foreign countries will help You ! © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
56.
Oulook - future
of targeted attacks • … and The war is not over yet … © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
57.
Oulook - counter
measures ? • KISS • Awareness • Enforce warranty in terms of Information security from software vendors ○ If the vendor refuses .. change vendor • Implement quality gates for new Software product © 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
58.
QA
© 2012 SEC Consult Unternehmensberatung GmbH – All rights reserved
Baixar agora