Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011.

Published byKeyon Compston Modified over 9 years ago

Similar presentations

Presentation on theme: "Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011."— Presentation transcript:

1 Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011

2 Bio

3 To Get These Materials samsclass.info All PowerPoints, projects, etc. available for anyone to use

4 Join Twitter

5 Ethical Hacking

6 Security Training at CCSF Security+ CEH (Certified Ethical Hacker) CISSP (Certified Information Systems Security Professional) Computer Forensics Firewalls

7 The Security Circus

8 Denial of Service Part 1

9 Summary The DoS Circus Layer 4 DDoS: Thousands of attackers bring down one site Layer 7 DoS: One attacker brings down one site Link-Local DoS: IPv6 RA Attack: One attacker brings down a whole network

10 The Security Circus Characters

11 Wikileaks Published <1000 US Gov't diplomatic cables from a leak of 250,000 Distributed an encrypted "Insurance" file by BitTorrent Widely assumed to contain the complete, uncensored leaked data Encrypted with AES-256--no one is ever getting in there without the key Key to be released if Assange is jailed or killed, but he is in UK now resisting extradition to Sweden and the key has not been released

12 Anonymous

13 Operation Payback 4chan's Anonymous group Attacked Scientology websites in 2008 Attacked the RIAA and other copyright defenders Using the Low Orbit Ion Cannon with HiveMind (DDoS) "Opt-in Botnet"

14 HB Gary Federal Aaron Barr Developed a questionable way to track people down online By correlating Twitter, Facebook, and other postings Announced in Financial Times that he had located the “leaders” of Anonymous and would reveal them in a few days

15

16 Social Engineering & SQLi http://tinyurl.com/4gesrcj

17 Leaked HB Gary Emails For Bank of America Discredit Wikileaks Intimidate Journalist Glenn Greenwald For the Chamber of Commerce Discredit the watchdog group US Chamber Watch Using fake social media accounts For the US Air Force Spread propaganda with fake accounts http://tinyurl.com/4anofw8

18 Drupal Exploit

19 Th3j35t3r "Hacktivist for Good" Claims to be ex-military Originally performed DoS attacks on Jihadist sites Bringing them down for brief periods, such as 30 minutes Announces his attacks on Twitter, discusses them on a blog and live on irc.2600.net

20 Jester's Tweets from Dec 2010

21 Th3j35t3r v. Wikileaks He brought down Wikileaks single-handed for more than a day –I was chatting with him in IRC while he did it, and he proved it was him by briefly pausing the attack

22 Wikileaks Outage One attacker, no botnet

23 Th3j35t3r After his Wikileaks attack He battled Anonymous He claims to have trojaned a tool the Anons downloaded He claims to pwn Anon insiders now

24 Jester's Tweets

25 Westboro Baptist Outage 4 sites held down for 8 weeks From a single 3G cell phone –http://tinyurl.com/4vggluu

26 LulzSec The skilled group of Anons who hacked H B Gary Federal Hacked – US Senate – Pron.com – Sony – FBI – PBS – Fox News

27

28

29 LulzSec Attacks on Government Sites FBI, CIA, US Senate, NATO UK's National Health Service SOCA, the UK's Serious Organised Crime Agency taken down 6-20-2011

30

31 Booz Allen Hamilton 150,000 US Military emails & hashed passwords Half the passwords cracked within 24 hours

32

33 T-Flow of LulzSec Arrested

34 Topiary of LulzSec Arrested

35 Layer 4 DDoS Many Attackers – One Target

36 Companies that Refused Service to Wikileaks Amazon Paypal Mastercard Visa Many others

37 Low Orbit Ion Cannon Primitive DDoS Attack, controlled via IRC Sends thousands of packets per second from the attacker directly to the target Like throwing a brick through a window Takes thousands of participants to bring down a large site They tried but failed to bring down Amazon

38 Low Orbit Ion Cannon

39 Operation Payback v. Mastercard Brought down Visa, Mastercard, and many other sites –Easily tracked, and easily blocked –High bandwidth, cannot be run through anonymizer –Dutch police have already arrested two participants

40 Mastercard Outage 3,000 to 30,000 attackers working together

41

42 Layer 7 DoS One Attacker – One Target Exhausts Server Resources

43 Layer 7 DoS Subtle, concealable attack Can be routed through proxies Low bandwidth Can be very difficult to distinguish from normal traffic

44 HTTP GET

45 SlowLoris Send incomplete GET requests Freezes Apache with one packet per second

46 R-U-Dead-Yet Incomplete HTTP POSTs Stops IIS, but requires thousands of packets per second

47 Keep-Alive DoS HTTP Keep-Alive allows 100 requests in a single connection HEAD method saves resources on the attacker Target a page that is expensive for the server to create, like a search –http://www.esrun.co.uk/blog/keep-alive-dos-script/ A php script –pkp keep-dead.php

48 keep-dead

49 XerXes Th3j35t3r's DoS Tool Routed through proxies like Tor to hide the attacker's origin No one knows exactly what it does Layer 7 DoS?

50 XerXes

51 Link-Local DoS IPv6 Router Advertisements

52 IPv4: DHCP PULL process Client requests an IP Router provides one Host Router I need an IP Use this IP

53 IPv6: Router Advertisements PUSH process Router announces its presence Every client on the LAN creates an address and joins the network Host Router JOIN MY NETWORK Yes, SIR

54 Router Advertisement Packet

55 RA Flood

56 Windows Vulnerability It takes a LOT of CPU for Windows to process those Router Advertisements 5 packets per second drives the CPU to 100% And they are sent to every machine in the LAN (ff02::1 is Link-Local All Nodes Multicast) One attacker kills all the Windows machines on a LAN

57 Responsible Disclosure Microsoft was alerted by Marc Heuse on July 10, 2010 Microsoft does not plan to patch this Juniper and Cisco devices are also vulnerable Cisco has released a patch, Juniper has not

58 Defenses from RA Floods Disable IPv6 Turn off Router Discovery Block rogue RAs with a firewall Get a switch with RA Guard

59 RA Guard Evasion Add "Fragmentation Headers" to the RA Packets – http://samsclass.info/ipv6/proj/RA-evasion.html

60 Fragmentation Headers

61 Defending Websites

62 Attack > Defense Right now, your website is only up because –Not even one person hates you, or –All the people that hate you are ignorant about network security

63 Defense Mod Security--free open-source defense tool Latest version has some protections against Layer 7 DoS Akamai has good defense solutions Caching DNS Redirection Javascript second-request trick

64 Load Balancer

65 Counterattacks Reflecting attacks back to the command & control server Effective against dumb attackers like Anonymous' LOIC –Will lose effect if they ever learn about Layer 7 DoS, which is happening now

66 CloudFlare

Download ppt "Ethical Hacking: New Web 2.0 Attacks and Defenses HI-TEC 2011."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.

Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.

IT security Are you protected against hackers?. Why are we in danger?  The Internet is worldwide, publicly accessible  More and more companies and institutes.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
© 2013 Imperva, Inc. All rights reserved. DDos Attacks and Web Threats: How to Protect Your Site & Information Tina Shaw Account Executive 650-832-6087.

© 2013 Imperva, Inc. All rights reserved. DDos Attacks and Web Threats: How to Protect Your Site & Information Tina Shaw Account Executive
Ethical Hacking by Shivam.

Ethical Hacking by Shivam.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Barracuda Web Application Firewall

Barracuda Web Application Firewall
19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:

19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
Unit 28- Website Development Assignment 1- THEORY P3

Unit 28- Website Development Assignment 1- THEORY P3
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Similar presentations

Ads by Google