$30 off During Our Annual Pro Sale. View Details »

Your Internet Exposure the Makes You Vulnerable

Abhisek Datta
August 17, 2019
Technology
0
140

Your Internet Exposure the Makes You Vulnerable

In this talk we will take you on a simple step by step discovery of how an attacker (or your competition) can uncover your internet exposure. We will explain what the findings mean from the point of view of cyber security and what are the things to worry about and what are somethings that are out of your control and not worth spending effort on.

Abhisek Datta

August 17, 2019
Tweet

More Decks by Abhisek Datta

See All by Abhisek Datta
Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020
abhisek
0
330
Kubernetes 101 for Penetration Testers - null Mumbai
abhisek
5
3.6k
Securing Microservices at API Gateway using Cloud Native Solutions
abhisek
1
370
Kubernetes From an Attacker's Perspective
abhisek
4
7k
Application Security Workflow Automation using Docker and Kubernetes
abhisek
0
420
Application Security Workflow Automation using Docker and Kubernetes
abhisek
0
570
Towards Verifiable Infrastructure Security
abhisek
0
170
Towards Verifiable Infrastructure Security
abhisek
0
48
Mobile Appsec from an attacker's perspective
abhisek
0
430

Other Decks in Technology

See All in Technology
eBPF for the rest of us - Golab 2023
fedepaol
0
280
EventStormingとRDRA2.0で大規模レガシーシステムのフルリニューアルPJに挑む
leveragestech
0
770
Momento 概要&最新情報(2023/11/16時点)
yoshiitaka
0
100
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
1.2k
Java Language Future
chiroito
4
1.1k
機械学習システム構築実践ガイド
shibuiwilliam
0
240
【論文紹介】 A Survey on Hallucination in Large Language Models: Principles, Taxonomy, Challenges, and Open Questions
tomoaki25
4
150
cloudflare-workersを使ってslack上に匿名チャットを作った話
sugawani
0
130
デザインシステム仕切り直し
chloe463
1
1.7k
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
120
GPT APIを使ったテキスト生成コンペ@YANS2023に参加した話
naohachi89
2
330
(JSConf JP 2023) LLM (大規模言語モデル) 全盛時代の開発プラクティス
baseballyama
8
3.6k

Featured

See All Featured
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Fireside Chat
paigeccino
18
2.3k
The Invisible Customer
myddelton
113
12k
Web development in the modern age
philhawksworth
201
9.9k
Automating Front-end Workflow
addyosmani
1354
200k
Making the Leap to Tech Lead
cromwellryan
120
8.2k
Bash Introduction
62gerente
603
210k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
The Web Native Designer (August 2011)
paulrobertlloyd
78
2.7k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
880
Embracing the Ebb and Flow
colly
77
3.8k
Web Components: a chance to create the future
zenorocha
304
41k

Transcript

  1. Your Internet Exposure
    The Makes you Vulnerable
    Abhisek Datta
    Head of Technology, Appsecco

    View Slide

  2. InfoSec for Startups

    View Slide

  3. About Me – Abhisek Datta
    • Head of Technology (appsecco.com)
    • A boutique security consulting company
    • TechWing @ null0x00 (null.co.in)
    • An Open Security Community
    • Security Researcher
    • Discovered vulnerabilities in MS Office, Internet
    Explorer, HP SiteScope etc.
    • Open Source Contributor
    • Wireplay, RbWinDBG etc.
    github.com/abhisek

    View Slide

  4. Attackers Attack What They See

    View Slide

  5. Let's start with how attackers work
    An attacker wants to hack a target and for this, will
    perform a bunch of activities
    1. Online Attack Surfaces
    2. Breached Credentials
    3. Known Vulnerable Software
    4. (Easy to?) exploit security vulnerabilities

    View Slide

  6. Asset Discovery
    From Attacker’s Perspective

    View Slide

  7. Your-Company.com
    What Attacker Sees

    View Slide

  8. • Your-Company.com
    • Who is the registrar
    • Where is it hosted
    • Self-hosted or managed
    e-mail service
    • External help desk
    services
    • 3rd party services
    What Attackers See – Domain Enumeration
    whois
    whois your-company.com
    whois
    dig
    dig your-company.com NS
    dig @NS1 your-company.com MX
    dig @NS1 your-company.com TXT

    View Slide

  9. What Attackers See – Subdomain Enumeration
    • Your-Company.com
    • Host-1
    • Host-2
    • Host-3
    • Etc.
    amass enum –passive –d
    your-company.com
    amass intel –whois –d
    your-company.com

    View Slide

  10. What Attackers See – Email Enumeration
    • Your-Company.com
    [email protected]
    [email protected]
    [email protected]
    [email protected]
    • Etc.
    Hunter.io
    theHarvester
    Many more …

    View Slide

  11. What Attackers See – Breached Credentials

    View Slide

  12. • haveibeenpwned.com
    • hacked-email.com
    • etc.
    What Attackers See – Breached Credentials

    View Slide

  13. What Attackers See – Application Discovery
    • Your-Company.com
    • http://app1.your-company.com
    • http://app2.your-company.com
    • Etc.
    nmap –p 80,443,8080 -sV -A
    –iL hosts.txt

    View Slide

  14. What Attackers See – Technology Discovery
    • Your-Company.com
    • App1 – Java/JavaEE
    • App2 – NodeJS, AngularJS
    • App3 – PHP
    • Etc.
    Wappalyzer
    npm i -g wappalyzer
    wappalyzer
    https://app1.your-
    company.com

    View Slide

  15. Domain
    External
    Services
    Help Desk
    Mailers
    Email
    Breached
    Credentials
    Hosts
    Apps
    Technologies
    What Attackers See – Putting it all Together
    Unpatched
    Services
    App
    Vulnerabilities
    Credential
    Spraying
    Ticket Trick
    Credential
    Spraying

    View Slide

  16. Real-life Breaches
    Leveraging Internet Exposure Discovery Techniques

    View Slide

  17. Invoice Fraud

    View Slide

  18. Publicly Accessible Cloud
    Storage Buckets

    View Slide

  19. Sub-domain Take Over
    Static site hosted on S3 and then forgot about it :)

    View Slide

  20. Framework / Software
    Vulnerabilities

    View Slide

  21. Cloud Account Take Over

    View Slide

  22. Staying Safe
    What can I do?

    View Slide

  23. How to be secure?
    By establishing
    TRUST

    View Slide

  24. Threat What can I do about it?
    Attacker able to identify host names Ensure all hosts exposed online are patched
    Attacker able to discover email address Enforce strong password policy along with use of
    password managers
    Attacker able to discovered breached credentials
    from public password dump
    Enforce 2FA where possible
    Subscribe to breach notification and rotate
    passwords
    Attackers able to discover applications Follow AppSec best practices
    OWASP Testers Guide
    OWASP Secure Coding Practices
    OWASP Proactive Security Controls
    Attacker able to discover my application
    technology and dependencies
    Ensure regular patching of application framework
    and external dependencies
    Attacker able to discover untracked or long
    forgotten online asset
    Asset inventory
    Infrastructure as Code
    Auditing, Logging and Alerting
    Staying Safe

    View Slide

  25. Fill the form below by 4pm
    today and we will share the
    results with you by 21 August
    2019
    https://bit.ly/31Jl7ed
    Interested in Discovering Your Internet Exposure?

    View Slide

  26. Abhisek Datta
    https://github.com/abhisek
    https://twitter.com/abh1sek
    Thank You
    Want us to discover your
    Internet exposure and give
    a report?
    https://bit.ly/31Jl7ed

    View Slide