Engineering Secure Software

Slides:

Advertisements

Similar presentations

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Advertisements

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

System Security Scanning and Discovery Chapter 14.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Computer Security and Penetration Testing

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

The Business of Penetration Testing

Penetration Testing.

Introduction to Application Penetration Testing

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

MIS Week 2 Site:

How to Hack Primarily, hacking was used in the "good old days" for learning information about systems and IT in general. In recent years, thanks to a few.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Cracking Techniques Onno W. Purbo

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Advanced Persistent Threats (APT) Sasha Browning.

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.

SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.

Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.

14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.

Information Security - 2

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers.

PostExploitation CIS 5930/4930 Offensive Computer Security Spring 2014.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

An Anatomy of a Targeted Cyberattack

Defining your requirements for a successful security (and compliance

Proactive Incident Response

Intercept X Early Access Program Sophos Tester

Hacking Windows.

CITA 352 Chapter 6 Enumeration.

1D0-570 CIW CIW v5 Security Professional

Topic 5 Penetration Testing 滲透測試

Adversary playbook.

A Comprehensive Security Assessment of the Westminster College Unix Lab Jacob Shodd.

Secure Software Confidentiality Integrity Data Security Authentication

Network Exploitation Tool

Onno W. Purbo Cracking Techniques Onno W. Purbo

Conquering all phases of the attack lifecycle

Darren Mar-Elia Head of Product

Common Operating System Exploits

Everything You Need To Know About Penetration Testing.

Determined Human Adversaries: Mitigations

Combining the best of Audit and Penetration Testing

Intercept X for Server Early Access Program Sophos Tester

CSCD 434 Network Security Spring 2012 Lecture 1 Course Overview.

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Penetration Testing Computer Science and Software Engineering

Validating Your Information Security Program (ISP 3 of 3)

OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)

Distrustful Decomposition

Lecture 2 - SQL Injection

Cyber Operation and Penetration Testing Online Password Cracking Cliff Zou University of Central Florida.

Hardware Security – Highlevel Survey Review for Exam 4

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Motivation and Problem Statement

CSCD 434 Network Security Spring 2019 Lecture 1 Course Overview.

Determined Human Adversaries: Mitigations

Preventing Privilege Escalation

Hush Smart Baby Monitor Exploit

PT0-001 Exam Questions 2019

Ethical Hacker Pro IT Fundamentals Pro

Presentation transcript:

Engineering Secure Software Penetration Testing

Testing that Digs Deeper Penetration testing is about attempting to exploit as much as possible (ethically) Purposes Demonstrate the person-hours required to break in Create a real scenario Compared to typical SE testing Typical: “found a stacktrace! Report bug” Pentesting: “how can we use this stacktrace? Map out a long set of chains of attacks

Preconditions Requires a working system Outsider Not necessarily finished, but working As networked as possible – for pivoting Highly skilled testers Outsider Not pre-knowing company secrets Most companies hire out pentesters, but in-house pentesters are highly marketable Can be a good “side-hustle” for you in existing dev organizations

MITRE’s ATT&CK & CAPEC ATT&CK CAPEC A taxonomy of tactics and techniques for general-purpose pentesting knowledge Tactics: broad categories Techniques: tool-agnostic approaches Somewhat technology-dependent CAPEC “Common Attack Pattern Enumeration and Classification” A dictionary of attack patterns Organized by mechanisms and domains Not covered in this lecture, but referenced in a few VotD

Let’s talk about ATT&CK (Enterprise version)

ATT&CK Tactics Pre-ATT&CK. The adversary is building capabilities and doing initial research Initial Access. The adversary is trying to get into your network. Discovery. The adversary is trying to figure out your environment. Privilege Escalation. The adversary is trying to gain higher-level permissions. Defense Evasion. The adversary is trying to avoid being detected. Credential Access. The adversary is trying to steal account names and passwords. Collection. The adversary is trying to gather data of interest to their goal. Quoting from https://attack.mitre.org/tactics/enterprise/

ATT&CK Tactics cont. Execution. The adversary is trying to run malicious code. Persistence. The adversary is trying to maintain their foothold. Lateral Movement. The adversary is trying to move through your environment. Command and Control. The adversary is trying to communicate with compromised systems to control them. Exfiltration. The adversary is trying to steal data. Impact. The adversary is trying to manipulate, interrupt, or destroy your systems and data. Quoting from https://attack.mitre.org/tactics/enterprise/

ATT&CK Techniques There’s a lot of techniques. For this class, including exams, we’ll focus on just a few key ones..

Key Techniques: Initial Access Drive-by compromise Users visit malicious sites e.g. executing Javascript with a browser exploit in it that takes control of a machine Hardware additions Introducing new hardware to the system e.g. hardware keystroke loggers, keystroke injection, network sniffers, portable cell-phone towers Spearphishing Confidence scamming exploiting the specific company We see these at RIT all the time

Discovery Network and Service Scanning Account Discovery Run tools to enumerate hosts and ports Figure out what services are running e.g. nmap, unicornscan Account Discovery Find a listing of the existing accounts e.g. /etc/passwd

Credential Access Brute Force Credential Dumping Valid Accounts e.g. dump a database table with credentials e.g. copy the /etc/shadow file Valid Accounts e.g. using default accounts e.g. using discovered credentials from other access

Execution & Persistence Command-line interface e.g. ssh terminal, powershell Service execution e.g. adding a new “service” to be executed Persistence Bootkit Place malware in the Master Boot Record of the HDD Executed even after reformatting OS partition Scheduled task (also an Execution technique) e.g. crontab or Windows Task Scheduler Create account Component firmware

Privilege Escalation Process Injection Executing arbitrary code in an existing, legit process space e.g. Changing the path of a DLL at runtime, stack smashing, LD_LIBRARY_PATH setuid and setgid (we’ll cover this later)

Defense Evasion

Lateral Movement Pass the Hash Remote File Copy

CPTC, Kali, and OSCP Collegiate PenTesting Competition Kali Linux RIT helps and competes in an annual national competition (Oct-Nov) Like a varsity sport Kali Linux A distro designed for penetration testing TONS of tools, steep learning curve on many of them Offensive Security Certified Professional One of the best certs out there for pentesting About the effort of a college course 24-hour final exam where you have to break into every machine