Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intrusions and the Modern Web
Search
Benjamin Scott
November 23, 2015
Technology
1
130
Intrusions and the Modern Web
how and why bad guys break into servers
Benjamin Scott
November 23, 2015
Tweet
Share
More Decks by Benjamin Scott
See All by Benjamin Scott
Practical Cross-Side Request Forgery
benjaminxscott
0
45
Starting your Infosec Career
benjaminxscott
0
360
Lie To Me: Mitigating Intrusions using Deception
benjaminxscott
0
68
Internet Security for Everyone
benjaminxscott
1
53
Beneath the Radar: covert traffic on the web
benjaminxscott
0
78
Securing your company's networks
benjaminxscott
0
69
Internet Forensics 101
benjaminxscott
0
63
Intro to Binary Analysis
benjaminxscott
0
37
Analyzing Evil PDF Files with peepdf
benjaminxscott
0
120
Other Decks in Technology
See All in Technology
類似ロジック実装をiOS/Android間で合わせる道標No.1
fumiyasac0921
0
110
【NW X Security JAWS#3】L3-4:AWS環境のIPv6移行に向けて知っておきたいこと
shotashiratori
1
710
How to do well in consulting–Balkan Ruby 2024
irinanazarova
0
170
障害対応をちょっとずつよくしていくための 演習の作りかた
heleeen
1
1.8k
VSCodeの拡張機能を作っている話
ebarakazuhiro
1
840
M5と自作基板をくっつけてみた〜M5 Japan Tour 2024 Spring 福冈 (Fukuoka|福岡)〜
keropiyo
0
230
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
モーダル間の変換後の一致性とジャンル表を用いた解釈可能性の考察 ~Text-to-MusicとText-To-ImageかつImage-to-Musicを例に~
otanet
0
320
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
6
1.3k
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.4k
生成AIの変革の時代に、直近1年で直面した課題とその解決策
ktc_wada
1
750
「知的単純作業」を自動化する、地に足の着いた大規模言語モデル (LLM) の活用
nrryuya
3
1.5k
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Building Flexible Design Systems
yeseniaperezcruz
320
37k
Intergalactic Javascript Robots from Outer Space
tanoku
266
26k
Writing Fast Ruby
sferik
622
60k
Testing 201, or: Great Expectations
jmmastey
30
6.4k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Making Projects Easy
brettharned
109
5.5k
Clear Off the Table
cherdarchuk
85
310k
What the flash - Photography Introduction
edds
64
11k
The Illustrated Children's Guide to Kubernetes
chrisshort
32
47k
Raft: Consensus for Rubyists
vanstee
133
6.3k
GraphQLとの向き合い方2022年版
quramy
33
12k
Transcript
Intrusions and the Modern Web Benjamin Scott
[email protected]
The Modern Web Threat model high - organized e-crime /
espionage groups Risk profile high - web developers want features / uptime Defense budget low - until breach hits the news
Goal of Intrusions Liquid assets credit cards / incoming traffic
/ hosting Enterprise access non-segmented network / shared admin Great visibility build profile of visitors who trust the site
Intrusion Lifecycle Break In find and exploit websec / appsec
issue Dig In install persistent backdoor Spread Out rinse and repeat
Break In Choose target highly trafficked / VIPs of interest
Try bruteforce default admin / SQLi / file inclusion Use exploit vulnerable service / CMS
(really) Break In Steal creds phish admins / keylog home
machines Buy access hire mercenaries / logins from underground SIGINT Use active MITM to inject binaries
Dig In Install webshell e-crime - PHP shells CN: Shell
Crew - ASP shells RU: Crouching Yeti - JavaScript patchwork RU: APT28 - custom kit with analytics Keep access local privilege escalation / new accounts
Spread Out Identify victims profile visitors / validate VIPs Deliver
exploits serve up tailored exploit Relay traffic implant commands sent via covert channel
Mitigations Monitoring new referers / odd scripts / insecure configs
Agile response share tools between operations / security / IT Clean deploys test appsec for CI / hardened images / CSP Hygiene checks scan / honeyclient / red team your site
Thanks for listening Benjamin Scott
[email protected]
github.com/benjaminxscott about.me/benjaminxscott