Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Art of Exploitation

Kim Carter
March 09, 2017
Technology
1
840

The Art of Exploitation

https://blog.binarymist.net/presentations-publications/#nzjs-2017-the-art-of-exploitation

Kim Carter

March 09, 2017
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
binarymist
0
250
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
260
Security Regression Testing on OWASP Zap Node API
binarymist
1
6.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
740
OWASP Quiz Night
binarymist
2
870
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
530
OWASP NZ Day 2016
binarymist
0
97
Infectious Media with Rubber Ducky
binarymist
1
250
0wn1ng The Web at www.wdcnz.com
binarymist
2
1.2k

Other Decks in Technology

See All in Technology
Cloudflare Workersで動くOG画像生成器
aiji42
1
490
CSS Variable をもっと活用する / Kyoto.js 18
spring_raining
2
890
01_ユーザーリサーチ実施の進め方
kouzoukaikaku
0
550
Deep dive in Reserved Instance ~脳死推奨量購入からの脱却~
kzkmaeda
0
540
日本ディープラーニング協会主催 NeurIPS 2022 技術報告会講演資料
tdailab
0
1.1k
PCI DSS に準拠したシステム開発
yutadayo
0
310
オンプレk8sとEKSの並行運用の実際
ch1aki
0
290
AI Builderについて
miyakemito
0
920
Bill One 開発エンジニア 紹介資料
sansantech
PRO
0
120
💰年度末予算消化祭💰 Large Memory Instance で 画像分類してみた
__allllllllez__
0
100
re:Inventで発表があったIoT事例の紹介と考察
kizawa2020
0
190
DNS権威サーバのクラウドサービス向けに行われた攻撃および対策 / DNS Pseudo-Random Subdomain Attack and mitigations
kazeburo
5
1.3k

Featured

See All Featured
Embracing the Ebb and Flow
colly
75
3.6k
Imperfection Machines: The Place of Print at Facebook
scottboms
254
12k
Building Your Own Lightsaber
phodgson
96
4.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
29
7.9k
Robots, Beer and Maslow
schacon
154
7.3k
Scaling GitHub
holman
453
140k
In The Pink: A Labor of Love
frogandcode
132
21k
The World Runs on Bad Software
bkeepers
PRO
59
5.7k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
54k
How to Ace a Technical Interview
jacobian
270
21k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
175
9.1k
Done Done
chrislema
178
14k

Transcript

  1. The Art of Exploitation

  2. @binarymist

  3. Effective Attack Techniques for Common Vulnerabilities

  4. Effective Attack Techniques for Common Vulnerabilities Password Stealing

  5. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

  6. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells

  7. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook

  8. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  9. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  10. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  11. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  12. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  13. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  14. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  15. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  16. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  17. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  18. C/- psmsf, PowerSploit & Nishang

  19. None

  20. PowerSploit Persistence Techniques: • PermanentWMI • ScheduledTask • Registry At

    stages: • AtLogon • AtStartup • OnIdle • Daily • Hourly • Specified Time

  21. Effective Attack Techniques for Common Vulnerabilities Password Stealing Spear Phishing

    Web Shells FaceBook Weaponised Documents

  22. Countermeasures Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents

    XSS

  23. Countermeasures Password Stealing Spear Phishing Web Shells FaceBook Weaponised Documents

    • NIDS • AV • Know Origin

  24. How the process of Exploitation & Mitigation can & Should

    fit within Each & Every Sprint

  25. Red Team

  26. Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting &

    Reporting

  27. Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting &

    Reporting

  28. Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting &

    Reporting

  29. https://github.com/phage-nz/threatcrawler

  30. Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting &

    Reporting

  31. Reconnaissance Vulnerability Scanning & Discovery Vulnerability Searching Exploitation Documenting &

    Reporting

  32. Red Team

  33. Red Team -> Blue Team

  34. Pen testing @ go live -> within each Sprint

  35. The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product

    Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing

  36. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Hand-crafted Penetration Testing Security Regression Testing Cheapest Place to Deal with Defects

  37. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Hand-crafted Penetration Testing Security Regression Testing Cheapest Place to Deal with Defects

  38. 5: Identify Risks? This is madness! How can we do

    that?

  39. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Establish a Security Champion

  40. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Security Regression Testing Hand-crafted Penetration Testing

  41. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Pair Programming
  42. None

  43. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Code Review

  44. Code Review, Static & Dynamic Analysis

  45. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Techniques for Asserting Discipline

  46. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Techniques for Asserting Discipline Static Type Checking DbC https://blog.binarymist.net/2010/10/11/lsp-dbc-and-nets-support/

  47. The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product

    Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline R isk

  48. The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product

    Backlog Sprint Backlog Sprint Increment Definition of Done Cheapest Place to Deal with Defects Establish a Security Champion Hand-crafted Penetration Testing Consuming Free and Open Source Evil Test Conditions Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline C ounterm easure

  49. Consuming Free and Open Source curl -sL https://deb.nodesource.com/setup_4.x | sudo

    -E bash - sudo apt-get install -y nodejs R isk

  50. Consuming Free and Open Source • Npm-outdated • Npm-check •

    David • RetireJS • NSP • Snyk Tooling

  51. The Sprint Sprint Planning Daily Scrum Sprint Review Retrospective Product

    Backlog Sprint Backlog Sprint Increment Definition of Done Establish a Security Champion Hand-crafted Penetration Testing Security Focussed TDD Security Regression Testing Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects

  52. 5: Identify

  53. 5: Identify Risks? Given When Then There are no items

    in the shopping cart Customer clicks “Purchase” button for a book which is in stock 1 x book is added to shopping cart. Book is held - preventing selling it twice. “ Customer clicks “Purchase” button for a book which is not in stock Dialog with “Out of stock” message is displayed and offering customer option of putting book on back order.

  54. 5: Identify Risks? Given When Then There are no items

    in the shopping cart User tries to downgrade TLS and the HSTS header is not sent by the server User should be redirected (response 301 status code) to th HTTPS site from the server “ User tries to downgrade TLS and the HSTS header is sent by the server User should be redirected to the HTTP site from the browser (no HTTP traffic for sslstrip to tamper with

  55. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Evil Test Conditions

  56. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing Security Focussed TDD

  57. Definition of Done The Sprint Sprint Planning Daily Scrum Sprint

    Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Security Regression Testing

  58. Requirements or design defect found via Product Backlog Item (PBI)

    collaboration Length of Feedback Cycle Cost Requirements or design defect found in Test Conditions Workshop Programming or design defect found via Pair Programming Programming defect found via Continuous Integration Programming or design defect found via Test Driven Development (T(B)DD) Requirements or design defect found via Stakeholder Participation Defect found via pair Developer Testing Defect found via Independent Review Requirements defect found via traditional Acceptance Testing Programming or design defect found via Pair Review Design defect found via traditional System Testing Programming defect found via traditional System Testing Security defect found via traditional external Penetration Testing

  59. Requirements or design defect found via Product Backlog Item (PBI)

    collaboration Length of Feedback Cycle Cost Requirements or design defect found in Test Conditions Workshop Programming or design defect found via Pair Programming Programming defect found via Continuous Integration Programming or design defect found via Test Driven Development (T(B)DD) Requirements or design defect found via Stakeholder Participation Defect found via pair Developer Testing Defect found via Independent Review Requirements defect found via traditional Acceptance Testing Programming or design defect found via Pair Review Design defect found via traditional System Testing Programming defect found via traditional System Testing Security defect found via Security Test Driven Development (STDD) or regression testing

  60. 5: Identify Risks? OK I’m starting to get it But

    what now?

  61. Definition of Done The Sprint Security Regression Testing Sprint Planning

    Daily Scrum Sprint Review Retrospective Product Backlog Sprint Backlog Sprint Increment Establish a Security Champion Security Focussed TDD Pair Programming Code Review Techniques for Asserting Discipline Consuming Free and Open Source Evil Test Conditions Cheapest Place to Deal with Defects Hand-crafted Penetration Testing Zap-Api & NodeGoat

  62. https://leanpub.com/holistic-infosec-for-web-developers https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API

  63. 5: Identify Risks? IoT PhysicalPeople Mobile Cloud VPS Network Web

    App Network 2: Identify Risks 3: Countermeasures 4: What risks does solution cause? 5: Costs and Trade-offs 1: Asset Identification

  64. Product Backlog Sprint Backlog Product Backlog items pulled into Sprint

    to form Increment Forecast 3: Countermeasures

  65. @binarymist https://leanpub.com/holistic-infosec-for-web-developers https://github.com/binarymist/NodeGoat/wiki/Security-Regression-Testing-with-Zap-API