Hacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) Twitter: Dave_ReL1K
|
|
- Gervais Norman
- 8 years ago
- Views:
Transcription
1 Hacking your perimeter. Social-Engineering Not everyone needs to use zero days David Kennedy (ReL1K) Twitter: Dave_ReL1K
2 About the speaker Wrote the Social-Engineer Toolkit (SET), Member of the Social-Engineer.org podcast, contributor to Back Track, Metasploit, etc. Director of Information Security for a Fortune 1000 Penetration testing and exploit focus Worked for the US Marines, VP/Partner of a information security consulting firm.
3 Agenda q Overview of perimeter security q Main attack vectors utilized to compromise the perimeter q Walkthrough of each attack vector q Recommendations and conclusions 3
4 Overview q Security is getting better. Harder to find traditional vanilla attack vectors q Hackers adapt and overcome controls and technology put in place q We ll talk about social-engineering and the zero-day angle but there s still a ton of companies out there that do horrible when = to security. 4
5 Hacking your Perimeter q Traditional attack methods don t work q You ve undergone several dozen penetration tests and vulnerability scans q You have a security team and a functioning security program q You have anti-virus, HIPS, IPS, IDS, heuristics, and behavioral detection and prevention capabilities. 5
6 Perimeter Hacking Options q Social-Engineering and Physical attack vectors Probably our most preferred q Zero-Day Angle Crafting an exploit from your target 6
7 Social-Engineering and Security Why fight your: SIEM Anti-Virus HIPS/NIPS/IPS/IDS Web Application Firewall Secure Coding Practices Patch Management Why fight everything you ve built your entire security program on?
8 It s increasingly harder to break in on the external perimeter, adaptation occurs towards our weakest link, the human element.
9 The easiest way in It usually takes me a week of steady fuzzing and reversing to find a zero-day and craft a reliable exploit. It takes me a day to get access to the internal network from social-engineering.
10 It s not just us doing this The security community revolves around real world attacks. We are protecting against attacks out in the wild, hackers use social-engineering on a regular basis. State-sponsored attacks are the largest threat out there today. A country that has 10,000 people dedicated to hacking can t be good..
11 State-Sponsored Attacks q Big increase in targeted attacks against organizations in an effort to steal intellectual property and financial motivations. q Focused attacks that utilize specialized attacks are difficult to protect against. 11
12 Which country is the worst? Well Working with government agencies I really cant say
13 Completely unrelated slide
14 Why should they care? No repercussions (except from Google), almost untraceable, and cheap. Why build a new industry when you can take it?
15 Couple SE favorites Pretexting is your hack. What your going to do during your social-engineer attack. Nuero Linguistic Programming (NLP) How we think as humans
16 Steps of Anchoring Establish an Anchoring - This is triggering the stimuli that will be your ultimate Anchor. For example talking frantic, and in need of help. Firing your Anchor (also known as Activating) You ve triggered a feeling in the victim, you need help. Now you ask for that help.
17 So why use SE? We re lazy, we go for the easiest route.
18
19 Basics of SET Open-Source purely Python driven. SET utilizes Metasploit for both the exploit repository for client-side attacks and payloads. Multiple attack vectors specifically designed for Social- Engineering. Has become the standard for Social-Engineering in penetration tests across the world.
20 SET Attack Vectors Spear-Phishing Spoof or utilize already established addresses to do spear-phishing attacks with fileformat attack vectors. Web Attacks Multiple attack vectors including java applet, client-side exploits, tabnabbing, man left in the middle, and the credential harvester. Malicious USB/DVD/CD Autorun creation, allows you to deploy MSF payloads in a simple autorun.
21 SET Attack Vectors Cont. Arduino / Teensy USB HID Attack Vector Multiple payload selection for the USB keyboard HID attacks.
22 Scenario 1 - USB HID Attack Vector Send an employee a brand new keyboard with all of the great bells and whistles with a company letter head saying we re doing updates to keyboards. Plugs in the device, motion sensors detect if user is on the system or not. Mouse is moved 1 pixel every 3 minutes to ensure screen is not locked.
23 DEMO
24 The keyboard attack Bypasses all autorun capabilities to execute arbitrary code on the system. Can drop malicious binaries, trigger overflows, utilize downloaders, implant keystroke loggers, or backdoor your stuff. Easily hidden in peripheral devices like docking stations, mouse, keyboard, computers, USB thumb drives, and much more
25 Integrating into Existing Hardware Most new keyboards have integrated USB Hubs.
26 Motion Sensor capabilities (thanks Garland)
27 Scenario 2 - Java Applet Attack You perform recon on the company your targeting. You learn their lingo, they structure, harvest addresses, you know your pretext. You register a domain name similar to your victims. You call up the sales department claiming to be a customer that is experiencing issues connecting to your new company site.
28 DEMO
29 Thomas Werth Attack Vector Released at ShmooCon, this attack vector allows you to create a malicious Java Applet. User hits run and the payload is executed on the victims machine. Redirects user back to original site to make attack less conspicuous. Heavy obfuscation of java and payload for A/V bypass and fixed major issues with Linux/OSX payload deployment. Applet source just opened today!
30 DEMO
31 Multi Attack You want to build the best possible pretext and ensure that if one option fails, there are multiple redundancies within the attack to ensure success rates. You call the IT Help Desk claiming to be a high-level employee that is having issues getting to a mission critical website. You spoof your source number to come from the executives phone number.
32 DEMO
33 The Multi-Attack Vector As you can see, this attack vector has multiple attacks built into one website. Ability to have failover in case one attack option is not successful. Utilizes a combination of harvester, java applet, and client-side exploits in order to compromise the victim.
34 Why is it effective? We are humans, we are programmed from birth through our lives to act and behave a certain way. Our brains all work the same way, we are all vulnerable and there really is no patch.
35 The threat is real. So why use SET? This isn t FUD or overhype stuff. As to be incorporated into your normal penetration testing methodologies. It test s your security controls and information security awareness program and how effective you can stop these types of attacks.
36 Zero-Days q Zero days are defined as an attack vector that has not been patched or found before in the past. q Zero days are out there, they aren t public and they can be around for years without being released. q Adobe has lately been getting hit it seems like almost every week with a new zero-day. 36
37 Scenario 1 q Your performing a penetration test for CompanyXYZ, you have exhausted all manual efforts and have found no viable attack method through the perimeter. q Web applications are solid and have no apparent vulnerability. q The zero-day angle is your only option to gain access to the systems. 37
38 An introduction into Fuzzing q Brute force method to bug hunting. q Sends random commands in hopes of a crash. q Buffer length = 50 you send 51 38
39 Precursor q The example you are about to see is a basic overflow and is as easy as it gets. q There are several different types of overflows and different ways of exploiting them. q We ll talk shortly about Windows protection mechanisms, in this scenario they are disabled. 39
40 Buffer Overflow Example q SMTP server is susceptible to a stack based overflow in the EHLO parameter. q By sending 6000 \x41 s or ASCII = A causes a crash. q An attacker knows that a vulnerability is here and with further research can exploit this vulnerability. 40
41 Some Basic Instructions to be aware of q JMP Jump <address> (jump to instruction) q EIP Instruction Pointer (return address) q ESP Starter Pointer (where the beginning of our stack is) q NOP No operand (do nothing) q NOP Slide Multiple NOP s that create a slide affect 41
42 How Windows is setup 42
43 Before 43
44 After 44
45 Windows Protection Mechanisms q Data Execution Prevention In this attack if DEP was enabled the stack would be marked read only and fail q Stack Canaries (GS) Random cookie values are inserted to ensure stack integrity q Address Space Layout Randomization (ASLR) randomizes memory addresses by 2 bytes 45
46 Defeating Data Execution Prevention (DEP) (and ALSR) q Return-to-libc attack utilizing Return Oriented Programming (ROP). This can also defeat ASLR. q Remember when we inserted a JMP ESP command? Instead we can use gadgets to build our attack and prep our stack to call the WriteProcessMemory function. q This will copy our shellcode from our stack to a writable memory address (for example a kernel driver). 46
47 Protecting Against Overflows q Third party closed-source applications are tough. Having a mature third party application security review process is critical. q Internally developed software needs to undergo rigorous testing and source code analysis to ensure overflows are mitigated before reaching production. q Have a team dedicated to the research and protection to zeroday based threats and being able to detect these types of attacks from occurring. 47
48 Minimizing Zero-Day Damage q When utilizing overflows, generally a reverse connection is needed. q Ensure tight egress filtering is in place and that servers can only connect to what is absolutely necessary on the Internet. q Proper controls in place is OK. 48
49 Traditional Pentests are Dead
50 Out of scope.. Businesses don t understand what a true penetration test represents. No solid framework, not all of us get to do fun stuff like this Things are taken out of scope, and there s limited budget..
51 Where we need to go
52 If you aren t doing this If you aren t doing SE as apart of your regular penetration tests you are seriously missing out. If you don t know about this, you should learn Success ratio s for compromise with SET are estimated at around 94%.
53 Learning more about SE - Created by Chris Hadnagy (loganwhd), great reference for Social- Engineering
54 Questions? Twitter: Dave_ReL1K
The Social-Engineer Toolkit (SET)
The Social-Engineer Toolkit (SET) Putting the cool back into SE David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K Social-Engineering in the 21 st Century Social-Engineering attacks are
More informationHow To Use Powerhell For Security Research
PowerShell David Kennedy (ReL1K) Josh Kelley (Winfang) http://www.secmaniac.com Twitter: dave_rel1k winfang98 About Josh Security Analyst with a Fortune 1000 --- Works with Dave Heavy experience in penetration
More informationSECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith
SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING Presented by: Dave Kennedy Eric Smith AGENDA Penetration Testing by the masses Review of current state by most service providers Deficiencies in
More informationPresented by:!!dave Kennedy (RELIK)"!!!!!Ryan Macfarlane "
Presented by:!!dave Kennedy (RELIK)"!!!!!Ryan Macfarlane " Head Tail Hit Driven economy and retail market The limits of inventory The emergence of "everything" Key factors: Declining cost of inventory
More informationSocial Engineering Toolkit
Social Engineering Toolkit Author: 3psil0nLaMbDa a.k.a Karthik R, INDIA http://www.epsilonlambda.wordpress.com The social engineering toolkit is a project named Devolution, and it comes with Backtrack
More informationSocial-Engineering. Adaptive Pentesting. Kevin Mitnick (@kevinmitnick) Dave Kennedy (@Dave_ReL1K) http://mitnicksecurity.com. http://www.secmaniac.
Social-Engineering Adaptive Pentesting Kevin Mitnick (@kevinmitnick) http://mitnicksecurity.com Dave Kennedy (@Dave_ReL1K) http://www.secmaniac.com About Kevin Check out the new book Ghost in the wires
More informationPowerShell. It s time to own. David Kennedy (ReL1K) Josh Kelley (Winfang) http://www.secmaniac.com Twitter: dave_rel1k
PowerShell It s time to own. David Kennedy (ReL1K) Josh Kelley (Winfang) http://www.secmaniac.com Twitter: dave_rel1k About Josh Security Analyst with a Fortune 1000 --- Works with Dave Heavy experience
More informationLearn Ethical Hacking, Become a Pentester
Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,
More informationCustom Penetration Testing
Custom Penetration Testing Compromising a Vulnerability through Discovery and Custom Exploitation Stephen Sims Advanced Penetration Testing - 2009 SANS 1 Objectives Penetration Testing Precompiled Tools
More informationASL IT SECURITY XTREME XPLOIT DEVELOPMENT
ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits
More informationThe Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Changing Social-Engineering an Industry The Penetration Testing Execution Standard (PTES) Dave Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K Before we start Open discussion Shouldn t be
More informationBSIDES Las Vegas Secret Pentesting Techniques Shhh...
BSIDES Las Vegas Secret Pentesting Techniques Shhh... Dave Kennedy Founder, Principal Security Consultant Email: davek@trustedsec.com https://www.trustedsec.com @TrustedSec Introduc)on As penetration testers,
More informationDefcon 20 Owning One To Rule Them All. Dave DeSimone (@d2theave) Manager, Information Security Fortune 1000
Defcon 20 Owning One To Rule Them All Dave DeSimone (@d2theave) Manager, Information Security Fortune 1000 Dave Kennedy (@dave_rel1k) Founder, Principal Security Consultant @TrustedSec About the Speaker
More informationVulnerability Assessment and Penetration Testing
Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationSocial-Engineering. Hacking a mature security program. Strategic Penetration Testing
Social-Engineering Hacking a mature security program Strategic Penetration Testing Dave Kennedy (ReL1K) http://www.secmaniac.com twitter: Dave_ReL1K A Mature Security Program. Companies have invested a
More informationBypassing Memory Protections: The Future of Exploitation
Bypassing Memory Protections: The Future of Exploitation Alexander Sotirov alex@sotirov.net About me Exploit development since 1999 Research into reliable exploitation techniques: Heap Feng Shui in JavaScript
More information13 Ways Through A Firewall What you don t know will hurt you
Scientech 2013 Symposium: Managing Fleet Assets and Performance 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter VP Industrial Security Waterfall Security Solutions andrew. ginter
More information13 Ways Through A Firewall
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
More informationHow To Protect Your Network From Attack From A Hacker (For A Fee)
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall What you don t know will hurt you Andrew Ginter Director of Industrial Security Waterfall Security Solutions
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationAnti-exploit tools: The next wave of enterprise security
Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of
More informationFighting Advanced Threats
Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.
More informationExploiting nginx chunked overflow bug, the undisclosed attack vector
Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le longld@vnsecurity.net About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked
More informationEvading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant
Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running
More informationSociety for Information Management
Society for Information Management The Projected Top 5 Security Issues of 2010 Steve Erdman CSO and Staff Security Consultant of SecureState Network +, MCP Precursor 2009 has been a difficult year in Information
More informationGround System Attacks
Ground System Attacks Jared Ablon (jablon@mitre.org) February 25, 2014 Introduction to Ground System Software Assurance Approved for Public Release; Distribution Unlimited. 14-0091 Published by The Aerospace
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationKautilya: Teensy beyond shells
Kautilya: Teensy beyond shells Kautilya Toolkit for Teensy device Nikhil Mittal 1 P a g e Contents Kautilya Toolkit for Teensy device... 1 Nikhil Mittal... 1 Abstract... 3 Attack Surface and Scenarios...
More informationKali Linux Social Engineering
Kali Linux Social Engineering Rahul Singh Patel Chapter No. 1 "Introduction to Social Engineering Attacks" In this package, you will find: A Biography of the author of the book A preview chapter from the
More informationWordpress Security. A guide on how to not get hacked when using wordpress. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K
Wordpress Security A guide on how to not get hacked when using wordpress. David Kennedy (ReL1K) http://www.secmaniac.com Twitter: Dave_ReL1K So about wordpress. The number one website and blogging software
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com
Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices
More informationTargeted attacks: Tools and techniques
Targeted attacks: Tools and techniques Performing «red-team» penetration tests Lessons learned Presented on 17/03/2014 For JSSI OSSIR 2014 By Renaud Feil Agenda Objective: Present tools techniques that
More informationIS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection
IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities
More informationPenetration Testing Using The Kill Chain Methodology
Penetration Testing Using The Kill Chain Methodology Presented by: Rupert Edwards This course is intended for a technically astute audience.this course is 98% hands on.the attendee should have some basic
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationWHITEPAPER. Nessus Exploit Integration
Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information
More informationDefense in Depth: Protecting Against Zero-Day Attacks
Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth
More informationModern Binary Exploitation Course Syllabus
Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationAttacking Host Intrusion Prevention Systems. Eugene Tsyrklevich eugene@securityarchitects.com
Attacking Host Intrusion Prevention Systems Eugene Tsyrklevich eugene@securityarchitects.com Agenda Introduction to HIPS Buffer Overflow Protection Operating System Protection Conclusions Demonstration
More informationHow We're Getting Creamed
ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for
More informationENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats WWW.COMODO.COM
WHITE PAPER Endpoint Security and Advanced Persistent Threats The Invisible Threat They re out there waiting. Sitting at their computers hoping for you to make a mistake. And you will. Because no one is
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationMALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director
MALWARE THREATS AND TRENDS Chris Blow, Director Dustin Hutchison, Director WHAT IS MALWARE? Malicious Software Viruses Worms Trojans Rootkits Spyware Ransomware 2 MALWARE ORIGINS Users bring it from home
More informationCourse: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems
Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationThe Microsoft JPEG Vulnerability and the Six New Content Security Requirements
The Microsoft JPEG Vulnerability and the Six New Content Security Requirements Table of Contents OVERVIEW...3 1. THE VULNERABILITY DESCRIPTION...3 2. NEEDED: A NEW PARADIGM IN CONTENT SECURITY...4 3. PRACTICAL
More informationBest Practices Top 10: Keep your e-marketing safe from threats
Best Practices Top 10: Keep your e-marketing safe from threats Months of work on a marketing campaign can go down the drain in a matter of minutes thanks to an unforeseen vulnerability on your campaign
More informationAudience. Pre-Requisites
T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More information1. Why is the customer having the penetration test performed against their environment?
General Questions 1. Why is the customer having the penetration test performed against their environment? Assess vulnerabilities in order to improve security and protect client information. 2. Is the penetration
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationThreat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue
Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationEugene Tsyrklevich. Ozone HIPS: Unbreakable Windows
Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationHow users bypass your security!
How users bypass your security! IT Days Security issues 20 th November 2014 Tom Leclerc, Security Consultant SAGS - Security Audits and Governance Services, a Telindus Security department Classification:
More informationNEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015
NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps
More informationAdvancements in Botnet Attacks and Malware Distribution
Advancements in Botnet Attacks and Malware Distribution HOPE Conference, New York, July 2012 Aditya K Sood Rohit Bansal Richard J Enbody SecNiche Security Department of Computer Science and Engineering
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationReverse Engineering and Computer Security
Reverse Engineering and Computer Security Alexander Sotirov alex@sotirov.net Introduction Security researcher at Determina, working on our LiveShield product Responsible for vulnerability analysis and
More informationApplication security testing: Protecting your application and data
E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers
More informationTespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report
Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report About this Report This report was compiled and published by the Tespok icsirt in partnership with the Serianu Cyber Threat Intelligence
More informationVirtually Pwned Pentesting VMware. Claudio Criscione @paradoxengine c.criscione@securenetwork.it
Virtually Pwned Pentesting VMware Claudio Criscione @paradoxengine c.criscione@securenetwork.it /me Claudio Criscione The need for security Breaking virtualization means hacking the underlying layer accessing
More informationWeb Application Security
Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationMetasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of
Metasploit ing the target machine is a fascinating subject to all security professionals. The rich list of exploit codes and other handy modules of Metasploit Framework make the penetrators life quite
More informationCertified Cyber Security Expert V 2.0 + Web Application Development
Summer Training Program Certified Cyber Security Expert V + Web Application Development A] Training Sessions Schedule: Modules Ethical Hacking & Information Security Particulars Duration (hours) Ethical
More informationWhy should I care about PDF application security?
Why should I care about PDF application security? What you need to know to minimize your risk Table of contents 1: Program crashes present an opportunity for attack 2: Look for software that fully uses
More informationSecurity Evaluation CLX.Sentinel
Security Evaluation CLX.Sentinel October 15th, 2009 Walter Sprenger walter.sprenger@csnc.ch Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil Tel.+41 55-214 41 60 Fax+41 55-214 41
More informationCertified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison
CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation
More informationSoftware Vulnerabilities
Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in
More informationDropSmack: How cloud synchronization services render your corporate firewall worthless
DropSmack: How cloud synchronization services render your corporate firewall worthless Jake Williams jwilliams@csr-group.com Please complete the Speaker Feedback Surveys. Feedback Surveys This will help
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationSocial-Engineering. Pentesting over Power lines. Dave Kennedy (@Dave_ReL1K) Rob Simon (@Kickenchicken57) http://www.secmaniac.com
Social-Engineering Pentesting over Power lines Dave Kennedy (@Dave_ReL1K) Rob Simon (@Kickenchicken57) http://www.secmaniac.com Before we start a slight detour Introduction on the Teensy Originally covered
More informationCourse Content: Session 1. Ethics & Hacking
Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for
More informationHands-on Hacking Unlimited
About Zone-H Attacks techniques (%) File Inclusion Shares misconfiguration SQL Injection DNS attack through social engineering Web Server external module intrusion Attack against the administrator/user
More informationVulnerability and Threat Management and Prevention
A1 Vulnerability and Threat Management and Prevention Weston Hecker Security Expert With KLJ Systems Network Analyst/Penetration Tester/President Of Computer Security Association Of North Dakota Slide
More informationZero day attacks anatomy & countermeasures. By Cade Zvavanjanja Cybersecurity Strategist
Zero day attacks anatomy & countermeasures By Cade Zvavanjanja Cybersecurity Strategist Question? How do you secure against something Your security system can t capture, your experts don t know, your vendors
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationInternet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at
Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will
More informationApplication Denial of Service Is it Really That Easy?
Application Denial of Service Is it Really That Easy? Shay Chen Agenda Introduction to Denial of Service Attacks Application Level DoS Techniques Case Study Denial of Service Testing Mitigation Summary
More informationWhat is Really Needed to Secure the Internet of Things?
What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices
More informationCyber Security. Maintaining Your Identity on the Net
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD
More informationEvolution of Penetration Testing
Alexander Polyakov, QSA,PA-QSA CTO Digital Security (dsec.ru) Head of DSecRG (dsecrg.com) ERPSCAN Architect (erpscan.com) Head of OWASP-EAS Pentests? Again? Why? Many companies are doing this Many companies
More informationSecurity of IPv6 and DNSSEC for penetration testers
Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationSoftware security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security
Software security Buffer overflow attacks SQL injections Lecture 11 EIT060 Computer Security Buffer overflow attacks Buffer overrun is another common term Definition A condition at an interface under which
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationHow To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls (DFL-260/860) integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationThe following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015.
The following information was provided by SANS and discusses IT Security Awareness. It was last updated in 2015. By completing this module and the quiz, you will receive credit for CW 170, which is required
More information