¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University),...
Transcript of ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University),...
![Page 1: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/1.jpg)
![Page 2: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/2.jpg)
¿YO?
• Simón Roses Femerling
• Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School)
• Fundador & CEO, VULNEX www.vulnex.com • Blog: www.simonroses.com
• @simonroses | @vulnexsl • Ex: Microsoft, PwC, @Stake
• Beca del DARPA Cyber Fast Track (CFT) para investigar sobre seguridad en el ciclo de desarrollo de software
http://www.simonroses.com/es/2014/06/mi-visita-al-pentagono/ • Ponente: Black Hat, DEFCON, RSA, HITB, OWASP, AppSec USA, SOURCE, DeepSec,
TECHNET, Mundo Hacker Day
• CEH, CISSP & CSSLP
![Page 3: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/3.jpg)
OBJETIVOS DE LA CHARLA
• La importancia del “recon”
• Técnicas modernas, prácticas y quizás menos conocidas
• Foco: Internet -> objetivo
![Page 4: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/4.jpg)
1. INTRODUCCIÓN AL RECON
![Page 5: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/5.jpg)
1. METODOLOGÍA PTES
1 • Pre-Engagement
2 • Intelligence Gathering
3 • Threat Modelling
4 • Vulnerability Analysis
5 • Exploitation
6 • Post-Exploitation
7 • Reporting
![Page 6: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/6.jpg)
1. CICLO RED TEAM
![Page 7: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/7.jpg)
1. PROBLEMAS CON EL RECON
• Insuficiente tiempo, ruidoso • Mínimo recon, lanzar ataques: “el
camino mas corto”
• Dependemos demasiados de los exploits: – ¿Cuándo has necesitado realmente un
0day? – “Metasploit love”
• Recon: Directo vs Indirecto
![Page 8: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/8.jpg)
1. SUPERFICIE DE ATAQUE EN LAS ORGANIZACIONES
![Page 9: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/9.jpg)
1. RECON EN LA NSA
• USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers https://www.youtube.com/watch?v=bDJb8WOJYdA
![Page 10: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/10.jpg)
1. ECONOMÍA DE PAQUETES
• “Cada paquete tiene la oportunidad de ser detectado y un coste” – Internet -> coste: barato, detección: bajo – Red Corporativa -> coste: moderado,
detección: moderado – Producción -> coste: alto, detección: alto
• http://www.irongeek.com/i.php?page=videos/derbycon7/t113-full-contact-recon-int0x80-of-dual-core-savant
![Page 11: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/11.jpg)
1. ¿QUÉ BUSCAMOS?
• Máxima inteligencia del objetivo sin ser descubiertos: “Blue Teams are Hunting”
• Acceso a sistemas, usuarios, credenciales, etc. sin ni siquiera haber entrado
![Page 12: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/12.jpg)
2. HERRAMIENTAS RECON
![Page 13: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/13.jpg)
2. PTR ARCHIVE I
• www.ptrarchive.com
• Almacenando registros de DNS Inverso desde 2008
• Buscando IP/Dominios
![Page 14: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/14.jpg)
2. PTR ARCHIVE II
![Page 15: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/15.jpg)
2. SUBLIST3R I
• https://github.com/aboul3la/Sublist3r
• Enumeración rápida de sistemas: – Buscadores: Google, Bing, Yahoo, Baidu
y Ask
– Otros: Netcraft, Virustotal, ThreatCrowd, DNSDumpster y ReverseDNS
![Page 16: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/16.jpg)
2. SUBLIST3R II
![Page 17: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/17.jpg)
2. DNSDUMPSTER I
• https://dnsdumpster.com/
• Crawler DNS
• Pensado para pentesting
![Page 18: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/18.jpg)
2. DNSDUMPSTER II
![Page 19: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/19.jpg)
2. BUSCADORES AVANZADOS
• https://www.shodan.io/
• https://censys.io/
• https://www.zoomeye.org/
![Page 20: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/20.jpg)
2. ALL MY TWEETS I
• https://www.allmytweets.net/connect/
• Portal para buscar y ver tweets
![Page 21: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/21.jpg)
2. ALL MY TWEETS II
![Page 22: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/22.jpg)
2. ANÁLISIS DE SENTIMIENTOS I
• https://es.wikipedia.org/wiki/An%C3%A1lisis_de_sentimiento
• Minería de datos / opinión: qué dice, qué siente el usuario
![Page 23: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/23.jpg)
2. ANÁLISIS DE SENTIMIENTOS II
![Page 24: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/24.jpg)
2. ANÁLISIS DE SENTIMIENTOS III
SP P
NEU SNEG NEG WS
10 73 4 0 17 24
18 70 1 0 12 25
13 40 8 0 42 18
5 47 9 0 37 22
6 41 9 0 27 25
5 47 9 0 23 38
![Page 25: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/25.jpg)
2. GITHUB
• Una mina de datos:
– Código fuente
– Direcciones de correo
– IP y dominios
– Credenciales
– Tokens
![Page 26: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/26.jpg)
2. GITROB I
• https://github.com/michenriksen/gitrob
• Herramienta recon para Github
• Busca información sensible: – Credenciales
– Tokens
![Page 27: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/27.jpg)
2. GITROB II
![Page 28: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/28.jpg)
2. PUBLICWWW I
• https://publicwww.com/
• Buscador de código fuente en páginas web
![Page 29: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/29.jpg)
2. PUBLICWWW II
![Page 30: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/30.jpg)
2. INTERNET ARCHIVE I
• https://archive.org/
• Librería digital: – Libros
– Vídeos
– Software
– Música
– Web
![Page 31: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/31.jpg)
2. INTERNET ARCHIVE II
![Page 32: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/32.jpg)
2. INTERNET ARCHIVE III
![Page 33: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/33.jpg)
2. APROVECHANDO LOS “BREACHES”
• Perfecto para pentesting
• ¡Usar con cabeza!
• https://en.wikipedia.org/wiki/List_of_data_breaches – Linkedin, AOL, Apple, Deloitte, eBay,
Equifax, Facebook, etc.
![Page 34: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/34.jpg)
2. NAVIDAD 2017
• BBDD con 1.4 mil millones de credenciales en texto claro
• Emails/pwd
![Page 35: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/35.jpg)
2. DIRECCIONES CORREOS EN LOS BREACH
![Page 36: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/36.jpg)
2. CREDENCIALES EN LOS BREACH
![Page 37: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/37.jpg)
2. CHECKUSERNAMES.COM
![Page 38: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/38.jpg)
2. LO HEMOS CONSEGUIDO!!!
![Page 39: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/39.jpg)
3. CONCLUSIONES
![Page 40: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/40.jpg)
3. CONCLUSIONES
• Un buen recon es vital para el éxito
• Multitud de técnicas y herramientas, ¡empléalas!
• Próximos pasos: automatizar
![Page 41: ¿YO? - VULNEX¿YO? • Simón Roses Femerling • Licenciado en Informática (Suffolk University), Postgrado E-Commerce (Harvard University) y Executive MBA (IE Business School) •](https://reader033.fdocuments.net/reader033/viewer/2022050421/5f907cc4b65f781bba74f005/html5/thumbnails/41.jpg)
Q&A
• ¡Gracias!
• ¡Cervezas y copas son bienvenidas!
• @simonroses • @vulnexsl
• www.vulnex.com • www.simonroses.com