Frontal Attacks - From basic compromise to Advanced Persistent Threat

download Frontal Attacks - From basic compromise to Advanced Persistent Threat

of 99

  • date post

    07-May-2015
  • Category

    Technology

  • view

    28.958
  • download

    1

Embed Size (px)

description

This document addresses the major threats which face today's companies, from database exfiltration in DMZ to the Advanced Persistent Threats recently undergone inmany international organizations. Read more: https://www.htbridge.ch/publications/frontal_attacks_from_basic_compromise_to_advanced_persistent_threat.html

Transcript of Frontal Attacks - From basic compromise to Advanced Persistent Threat

  • 1.Your texte here .Frontal attacks:from basic compromise toAdvanced Persistent Threat15 september 2011Frdric BOURLAHead of SWISS ETHICAL HACKINGORIGINAL Ethical Hacking Department2011 High-Tech Bridge SA www.htbridge.ch

2. # whoamiFrdric BOURLA Your texte here .Head of Ethical Hacking DepartmentHigh-Tech Bridge SA~12 years experience in Information SecurityLPT, CISSP, CCSE, CCSA, ECSA, CEH, eCPPTCHFI, GCFA & GREM in progressRHCE, RHCT, MCPfrederic.bourla@htbridge.ch ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 3. # readelf prezYour texte in English Slides here . Presentation in French Focused on External Attacks Common threats explained Estimated duration: 1 round of 60 As it is quite short for this kind of presentations some demos will be skipped But everything will soon be published on https://www.htbridge.ch/publications/ You can dig further within 3 great tools: Damn Vulnerable Web Application McAfee Hacme Bank OWASP WebGoat Project ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 4. # readelf prezYour texte here .Why such a frontal exposure focus? Well,simply because server-side attacks are notdead We can even consider a renewedinterest for hackers. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 5. # readelf prezSo this talk . Your texte here will definitely not deal withSocialEngineering &Phishing, SniffingAttacks & ARP Poisoning, HTTP ResponseSplitting & Cross-User Defacement, XSS &XSRF, Man-in-the-browser attacks, UnvalidatedRedirects and Forwards, UI Redressing,ActiveX Exploits & Heap spray, Trojans &Rootkits, etc.The latter was deeply explained in the Client-side threats: Anatomy of Reverse Trojanattacks conference from 2010. Slides andvideos are available here:http://www.htbridge.ch/publications/ ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 6. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 7. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 8. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 9. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 10. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 11. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 12. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 13. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 14. # readelf prezWe will try to stay on the External side of the Your texte here .Hacking world Despite the border is notalways so visible. ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 15. Table of contents0x00 texte here . Your - About me0x01 - About this conference0x02 - Server-side attacks introduction0x03 - Security foundations0x04 - Common server-side attacks0x05 - Advanced Persistent Threats0x06 - Conclusion ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 16. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 17. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 18. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 19. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 20. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 21. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 22. Anatomy of server-side attacksYour texte here .Plugins?Cisco PIX PerlZyXEL Zywall USG 300C/C++Watchguard Firefox x750 JSPNetGear WPN824 Apache MySQLNetopia Caiman 3346IISMS SQL SunOne Pervasive SQLOracle SQLConnectors?ADOODBC ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 23. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 24. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 25. Anatomy of server-side attacksYour texte here . ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 26. Anatomy of server-side attacks Dictation OK?Your texte Double meaning? here . Spelling OK? Added words? Address fine? Send a fax copy? Real letter inside? Real P.O. ? Subst letter? Wrong compartment? Read before? Alter content? Truck reliable? Image from ORIGINAL SWISS ETHICAL HACKINGWikimedia Commons 2011 High-Tech Bridge SA www.htbridge.ch 27. Table of contents0x00 texte here . Your - About me0x01 - About this conference0x02 - Server-side attacks introduction0x03 - Security foundations0x04 - Common server-side attacks0x05 - Advanced Persistent Threats0x06 - Conclusion ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 28. 3 Security componentsFor simplicity,.Your texte here we can consider 3 main andindependent security components, so yoursecurity basically depends on: Architecture This is the formal specification (as defined in RFC) or the algorithm itself (e.g. in cryptography). This component may be impacted by misconception problems (e.g. the default password for the Zebra dynamic routing daemon in Netgear DG834G devices, which offered the ability to remotely modify network routes and redirect traffic). ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 29. 3 Security componentsYour texte here .Implementation This refers to how the architecture or algorithm has been implemented. This component may be impacted by misconfiguration problems and unsecure coding, e.g.:o CVS/FTP which allows anonymousconnection or SMTP Open Relayo missing patches or third-party libraryupdateso admin console reachable from outsideo Directory listing enabledo Application server configuration allowsstack traces to be returned to users ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 30. 3 Security componentsYour texte here .Operation thereof This refers to the operational layer. This component may be impacted by operator issues, such as : o Choosing a brute-forcable password on a publicly reachable routers interface o Using a common word as a password for network resources o Accidental disclosure of a shared key o Configurations sent to untrusted third parties ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 31. 3 Security componentsthese texte here . Your key components even apply to physicalsecurity: Your door lock may have design weaknesses. E.g. Is it made with the good material? The lock can suffer from manufacturingmistakes. E.g. Is it properly fixed to the door? And of course the lock can also suffer fromoperational mistakes. Have you left the key under the doormat? ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 32. Table of contents0x00 texte here . Your - About me0x01 - About this conference0x02 - Server-side attacks introduction0x03 - Security foundations0x04 - Common server-side attacks0x05 - Advanced Persistent Threats0x06 - Conclusion ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 33. Common server-side attacksAccording here . Your texte to Juniper Honeypot statistics: ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 34. Common server-side attacksCommon publicly exposed services are: Your texte here . SMTP DNS SSH & VPN FTP HTTP(S) ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 35. SMTP Common SMTP attacks:Your texte here . Spam & fake mails relaying Usernames guessing Brute Forcing & dictionary attack DoSORIGINAL SWISS ETHICAL HACKING 2011 High-Tech Bridge SA www.htbridge.ch 36. DNS Common DNS attacks:Your texte here . DoS & DDoS Zone Transfer Subdomains enumeration DNS Cache PoisoningORIGINAL SWISS ETHICAL HACKING 2011 High-Tech Bridge SA www.htbridge.ch 37. SSH & VPN Common SSH &.Your texte here VPN attacks: Brute Forcing dictionary attack DoSORIGINAL SWISS ETHICAL HACKING 2011 High-Tech Bridge SA www.htbridge.ch 38. FTPCommon FTP attacks: Your texte here . Anonymous access Chroot failure & Path traversal Bounce attack Brute Forcing dictionary attack ORIGINAL SWISS ETHICAL HACKING2011 High-Tech Bridge SA www.htbridge.ch 39. FTPThe FTP banner seems to indicate that we are Your texte here .facing an up-to-date program As the latestversion of vsFTPd acually is v.2.3.4.Unfortunately, this does not necessary meansthat it is absolutely safe: Maybe the software is affected by a 0-dayvulnerability? Maybe you have not i