How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you?...
Transcript of How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you?...
![Page 1: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/1.jpg)
1
How To Break Software Security
James A. Whittaker, Ph.D.
Professor of Computer Science
Florida Tech
![Page 2: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/2.jpg)
Hacking Software
♦Your adversary is prepared…are you?– Thousands of freeware hacking tools– Tens of thousands of hacker sites with tips,
hints and tutorials♦The cold, hard truth: Hackers have the
advantage:– They know assembly and C– They have more time than we do
![Page 3: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/3.jpg)
The Art of the Hack
♦The hacking “process”– Target selection
• what are we going to attack?
– Entry point identification • how are we going to get in?
– Vulnerability detection• What bug will get us in?
– Exploitation• What damage will we cause?
![Page 4: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/4.jpg)
Target Selection
♦What makes your application a valuable target?– It can be used (and therefore exploited)
remotely– It protects something of perceived value– It is ubiquitous – It is being used by a customer who is a target
• The Pentagon, FBI, …
![Page 5: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/5.jpg)
Entry Point Identification♦What are the entry points that hackers use to
exploit your applications?– Its UI
• Logon screens, web front-end, … – Exposed remote functionality
• DCOM, RPC, Web Services, … – Its communication paths
• Communication protocols– The files it reads
• Script files, corrupt data files, …
![Page 6: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/6.jpg)
Vulnerability DetectionIntended Behavior
Actual Behavior
Most Security Bugs
Traditional Bugs
![Page 7: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/7.jpg)
It’s a TESTING ProblemTechniques:
– Exploit external dependencies– Find unanticipated user input– Expose insecure design– Determine insecure implementation practices
Tools– The software Holodeck
![Page 8: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/8.jpg)
8
External Dependencies
![Page 9: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/9.jpg)
Dependency attacks1. Block access to libraries2. Manipulate registry values3. Force the application to use corrupt files
(includes write protected, inaccessible, physically corrupt etc.) and file names
4. Replace files that the application reads from, writes to, creates and executes
5. Force the application to operate in low memory/disk space/ network availability conditions
![Page 10: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/10.jpg)
Dependency attacks1. Block access to libraries2. Manipulate registry values3. Force the application to use corrupt files
(includes write protected, inaccessible, physically corrupt etc.) and file names
4. Replace files that the application reads from, writes to, creates and executes
5. Force the application to operate in low memory/disk space/ network availability conditions
![Page 11: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/11.jpg)
Dependency attacks1. Block access to libraries
DEMO: Browser content controls
![Page 12: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/12.jpg)
12
Unanticipated User Input
![Page 13: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/13.jpg)
User input attacks
6. Overflow input buffers
7. Examine all common switches, options
etc.
8. Explore escape characters, character sets
and commands
![Page 14: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/14.jpg)
User input attacks
6. Overflow input buffers
7. Examine all common switches, options
etc.
8. Explore escape characters, character sets
and commands
![Page 15: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/15.jpg)
User input attacks
6. Overflow input buffers
DEMO: Flash, PPT Viewer, Media Player
![Page 16: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/16.jpg)
16
Design Attacks
![Page 17: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/17.jpg)
Design attacks9. Try common default and test account names and
passwords
10. Use Holodeck to expose unprotected test APIs
11. Connect to all ports
12. Fake the source of data13. Create loop conditions in any application that
interprets script, code etc.14. Use alternate routes to accomplish the same task15. Force the system to reset values
![Page 18: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/18.jpg)
Design attacks9. Try common default and test account names and
passwords
10. Use Holodeck to expose unprotected test APIs
11. Connect to all ports
12. Fake the source of data13. Create loop conditions in any application that
interprets script, code etc.14. Use alternate routes to accomplish the same task15. Force the system to reset values
![Page 19: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/19.jpg)
Design attacks
9. Fake the source of dataDEMO: E-commerce FREE shopping
![Page 20: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/20.jpg)
20
Implementation Attacks
![Page 21: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/21.jpg)
Implementation attacks16. Get between time of check and time of use17. Create files with the same name as files
protected with a higher classification18. Force all error messages19. Use Holodeck to look for temporary files and
screen their contents for sensitive information
![Page 22: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/22.jpg)
Implementation attacks16. Get between time of check and time of use17. Create files with the same name as files
protected with a higher classification18. Force all error messages19. Use Holodeck to look for temporary files and
screen their contents for sensitive information
![Page 23: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/23.jpg)
Implementation attacks16. Get between time of check and time of use
DEMO: Breaking thru Digital Rights Management
![Page 24: How To Break Software Security...Florida Tech Hacking Software Your adversary is prepared…are you? – Thousands of freeware hacking tools – Tens of thousands of hacker sites with](https://reader036.fdocuments.net/reader036/viewer/2022081615/5fd337080ec5d466ad355827/html5/thumbnails/24.jpg)
Questions?
James WhittakerSnail MailFlorida Tech
150 West University BlvdMelbourne, Florida 32901
E-mail & Web [email protected]
www.howtobreaksoftware.com
Telephone321 674-7638
Fax321 674-7046