Presentation is loading. Please wait.

Presentation is loading. Please wait.

153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |

Published byJustina Edwards Modified over 9 years ago

Similar presentations

Presentation on theme: "153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |"— Presentation transcript:

1 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Thinking Like an Attacker: What does it take to attack a system Eric Thayer Senior Engineer Assured Information Security (AIS) 153 Brooks Road Rome, NY 13441 Eric Thayer Senior Engineer Assured Information Security (AIS) 153 Brooks Road Rome, NY 13441

2 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Who are we?  AIS is a security research company primarily serving the DoD  Our mission is to analyze, understand, characterize and exploit cyber systems using adversarial techniques  Started as a group of hackers and have maintained the mentality since 2001

3 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Am I qualified to talk about this?  Performing “Offensive Cyber” since 2002 ◦First AIS employee hired to perform red team assessments ◦Offensive research could not be acknowledged at the time ◦The term Cyber did not have the same meaning then  System Administrator and Unix Security Admin for the DoD for five years prior to that ◦Developed security monitoring tools ◦Participated in multiple incident response exercises ◦Supported the Air Force Research Laboratory in Rome, NY Network Operations Center Defensive Information Warfare Laboratory

4 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com What is an attacker?

5 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com What drives an attacker?  Curiosity ◦How did they make that work ◦What are they doing with this data ◦Why do I have to do this this way  The desire to make something do what it was not intended to do ◦Circumvention of others protections ◦“Outwitting” the designer or developer  The challenge associated with successfully breaking a system ◦The notoriety, satisfaction, and challenge of compromising a system ◦Who doesn’t like to see things blow up?  Money…

6 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com What is the role of an attacker?  Attackers are responsible for the identification and disclosure of vulnerabilities within a system through various means ◦Funded research ◦Interesting personal project ◦The search for more money  Provide insight into system design and security that is not always evident to designers, developers, and users ◦Security professionals view every target as a challenge ◦The question of how could I break that is always in the back of their mind  Serve as the “dark side” to help maintain the delicate balance between good and evil

7 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com How do you become and attacker?  First you must be able to ask the question “Why?”, or “How?”, or even “What if?” ◦Curiosity is the catalyst of all good findings ◦Following up on those questions is how most of us got our start  More importantly, you need a technical background with in depth understanding of the basics of computing ◦What’s going on inside the box ◦How is software designed and built ◦How does the systems design impact the operation ◦How are things talking to each other ◦What is the software development/maintenance process

8 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com What else do you need?  An understanding of the foundations of security ◦What are the basic types of vulnerabilities ◦How are systems exploited ◦What techniques are usually applied to analysis of a particular class of target ◦What is actually required to get code execution ◦What measures are in place to prevent certain types of exploitation  Respect your elders, you may not be the first one to show interest a particular target ◦Learn from the work of others and use their experience to feed your curiosity ◦Build on their foundation and use the tools and/or techniques they used to help in your assessment

9 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com How does this apply to the IoT?  Embedded platforms are becoming increasingly advanced ◦Full operating systems ◦Support for complex networking and communications protocols ◦Real time feedback/diagnostic interfaces ◦Feature rich user interfaces  Lack of protection mechanisms in “closed” systems and networks makes for a rich target environment ◦Trusted relationships and communications between nodes ◦Open, unauthenticated protocols ◦Decreased security to allow for integration of components  “Why does a _____ need to be secure, nobody would ever want to attack that?”

10 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Great, lets attack something!  Develop an understanding of the target ◦Analyze available documentation ◦Review the design ◦Interact with system and observe normal behavior  Identify goals for the assessment ◦Define what you are attempting to achieve  Perform targeted system analysis ◦Manual and scripted interaction with components, services, or interfaces ◦Hardware/Software analysis Identify hardware functionality Extract software and determine behavior Identify the basic functionalities and features that may allow for exploitation ◦Investigate design, development, and implementation weaknesses  Develop “exploitation” techniques How?

11 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Understand your target  To effectively exploit a target you must understand its behaviors and limitations  Define what the system is capable of ◦How does it operate? ◦How do components communicate with each other? ◦What forms of access exist?  Determine what functional features exist and identify how they can be exercised ◦Use the target system as user would ◦Monitor behavior and interaction of components ◦Identify a behavior of interest and develop more comprehensive tests  Build an understanding based on observation ◦Documentation ◦Interaction ◦Monitoring of behavior

12 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Define your goal  What do we want to impact ◦The system as a whole ◦Physical controllers connected to smart embedded systems ◦Servos and actuators ◦Blinky lights ◦The manufacturer’s reputation  What is our driving force ◦Intelligence ◦Theft ◦Profit ◦Personal harm ◦Just because I can  What may have been done in this area before

13 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Achieving your goal  Determine what it is that you want to do and the impact you want to have ◦Think about how you are going to achieve that goal and what information you may need ◦Interact with and monitor the system to collect the required data  Identify the components of the system that may be useful in helping you achieve our goal ◦What dependencies may exist that could help exploitation ◦Are certain components of the system weaker than others ◦Do remote access/communications vectors exist  Observe the system and refine your approach ◦Trial and error is common practice ◦Observe behavior and adjust accordingly

14 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Before performing the analysis  Although the technique for every assessment is similar, the process is driven by the understanding of the target ◦The more you know about the system under the hood the easier the assessment will be ◦In depth knowledge and clearly defined goals will help focus the assessment and manage scope  Every target system will be different ◦Remote access techniques will vary ◦OS may be Linux based, it may not ◦Exposed services could exist  The purpose and design criteria for the system will set the bar for protections ◦Purposefully designed systems often present a hardened attack surface ◦Integration of legacy systems often introduces security holes ◦Multiple systems from various suppliers integrated into a single solution… Things to remember before getting into the weeds

15 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Targeted system analysis  Identify the basic features that may allow for exploitation ◦Network communications ◦Input processing ◦Exposed services ◦Software updates  Interface with the target through the exposed interfaces and observe the resultant output for anomalies ◦Develop test cases to stress system operation ◦Generate network data or program input to test functionality ◦Manipulate data, timing, and sequencing  Extract software and data and perform more in depth reverse engineering ◦Perform static and dynamic analysis ◦Identify functional system blocks and interfaces ◦Trace data flow

16 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Develop an exploit  Exploitation is an art, not a science, initial attempts at generating an effect don’t always work ◦These are complex systems, there is often logic and preconditions that must be met ◦Understanding of the targets operation in certain scenarios may require further investigation ◦Educated trial, error, and observation are key to successful exploitation  Exploitation is not limited to code execution, unintended use of features can also be an exploit

17 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Now what?  Define your goals based on what you know ◦Learning is an iterative process ◦As your knowledge of the target evolves, you will need to refine your goals  Understand what has been done already ◦Build upon what others have accomplished ◦Learn from their mistakes  Understand the potential issues associated with attacking any system ◦There are some things that just may not work ◦Time, budget, and resources are most commonly your limiting factors  Remember, an exploit does not have to provide a means to execute code, but a severe vulnerability will have a much more meaningful impact

18 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com 153 Brooks Road, Rome, NY | 315.336.3306 | http://ainfosec.comhttp://ainfosec.com Can you hack it trivia

Download ppt "153 Brooks Road, Rome, NY | 315.336.3306 | 153 Brooks Road, Rome, NY | 315.336.3306 |"

Similar presentations

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz

Software Modeling SWE5441 Lecture 3 Eng. Mohammed Timraz
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Mr. Brooks Foundations of Technology.  Students will: ◦ Develop an understanding of the relationships among technologies and connections with other fields.

Mr. Brooks Foundations of Technology.  Students will: ◦ Develop an understanding of the relationships among technologies and connections with other fields.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
VENDORS, CONSULTANTS AND USERS

VENDORS, CONSULTANTS AND USERS
Simple brief By: Ayat Farhat

Simple brief By: Ayat Farhat
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
How to Develop the Right Research Questions for Program Evaluation

How to Develop the Right Research Questions for Program Evaluation

Similar presentations

Ads by Google