Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Post Exploitation in Developer Environments

Avatar for Ian Lee Ian Lee
November 13, 2018
Technology
0
750

Post Exploitation in Developer Environments

This talk will zoom in to the cache of goodies which developers leave lying around that an attacker could leverage access valuable information and/or to pivot through a target environment. It will also highlight some of the tools available to developers and InfoSec professionals to find and prevent these sorts of information leakages.

Every day, developers interact with a variety of source-code repositories and environments, often both inside their corporate firewalls and outside on public hosting platforms such as GitHub.com and Amazon AWS. These source-code repositories can provide a wealth of information about a target environment, in addition to being a potential value all on its own. Best of all, a large amount of information about an environment can be gleamed quietly without having to actively scan the network.

If you are a penetration tester, are you able to find this information in your customer’s environment? Do you know how to help their developers prevent these leakages in the first place? Remember “prevention is ideal, but detection is a must!”
Avatar for Ian Lee

Ian Lee

November 13, 2018
Tweet

More Decks by Ian Lee

See All by Ian Lee
HPC STX Overview
Avatar for Ian Lee ianlee1521
0
20
DevOps in HPC
Avatar for Ian Lee ianlee1521
0
110
Monitoring HPC Security at LLNL
Avatar for Ian Lee ianlee1521
0
170
Pass On What You Have Learned: Deploying to Production
Avatar for Ian Lee ianlee1521
0
540
Building DevOps into HPC System Administration
Avatar for Ian Lee ianlee1521
0
120
Keeping It All Safe: LLNL HPC Security Architecture
Avatar for Ian Lee ianlee1521
0
200
Development of the TOSS 4 STIG
Avatar for Ian Lee ianlee1521
0
250
You Must Unlearn What You Have Learned
Avatar for Ian Lee ianlee1521
0
110
SC21: Addressing Cybersecurity Standards / Policies in HPC Environments
Avatar for Ian Lee ianlee1521
0
130

Other Decks in Technology

See All in Technology
MCPを理解する
Avatar for Yudai Hayashi yudai00
12
8.3k
AIにおけるソフトウェアテスト_ver1.00
Avatar for fumisuke fumisuke
1
320
Web Intelligence and Visual Media Analytics
Avatar for webLyzard technology weblyzard
PRO
1
5.9k
AIエージェント開発手法と業務導入のプラクティス
Avatar for Yoshinori Kosaka ykosaka
9
2.6k
OpenLane-V2ベンチマークと代表的な手法
Avatar for Kazuyuki Miyazawa kzykmyzw
0
140
白金鉱業Meetup_Vol.18_生成AIはデータサイエンティストを代替するのか?
Avatar for BrainPad brainpadpr
4
210
コスト最適重視でAurora PostgreSQLのログ分析基盤を作ってみた #jawsug_tokyo
Avatar for のんピ non97
1
840
「経験の点」の位置を意識したキャリア形成 / Career development with an awareness of the “point of experience” position
Avatar for Pauli pauli
4
130
Perl歴約10年のエンジニアがフルスタックTypeScriptに出会ってみた
Avatar for papix papix
1
250
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
Avatar for モブエンジニア masakiokuda
0
230
クラウド開発環境Cloud Workstationsの紹介
Avatar for Yunosuke Yamada yunosukey
0
220
Gateway H2 モジュールで
スマートホーム入門
Avatar for MinoruInachi minoruinachi
0
120

Featured

See All Featured
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
52
7.5k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
Avatar for Marc Duiker marcduiker
30
2k
The Success of Rails: Ensuring Growth for the Next 100 Years
Avatar for Eileen M. Uchitelle eileencodes
45
7.2k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.2k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
35
2.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
47
5.3k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
KATA
Avatar for Megan Lloyd mclloyd
29
14k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.4k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
94
13k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
230
18k

Transcript

  1. LLNL-PRES-761319 This work was performed under the auspices of the

    U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE-AC52-07NA27344. Lawrence Livermore National Security, LLC Post Exploitation in Developer Environments SANS Pen Test HackFest Summit 2018 Ian Lee @IanLee1521 2018-11-13

  2. LLNL-PRES-761319 2 § Computer Engineer in Livermore Computing @ LLNL

    § High Performance Computing — Red Team — ISSO § Gov. Open Source Evangelist — software.llnl.gov — github.com/llnl § Many other hats... whoami

  3. LLNL-PRES-761319 3

  4. LLNL-PRES-761319 4

  5. LLNL-PRES-761319 5 https://3.bp.blogspot.com/-w2URcR6u9uQ/VENiIYIDDsI/AAAAAAAAH_c/GC_4nywJh2M/w800-h800/female-hacker.jpg

  6. LLNL-PRES-761319 6 Got a shell!

  7. LLNL-PRES-761319 7

  8. LLNL-PRES-761319 8

  9. LLNL-PRES-761319 9 VICTORY !! https://pixabay.com/en/children-win-success-video-game-593313/

  10. LLNL-PRES-761319 10 IN THE CLOUD https://commons.wikimedia.org/wiki/File:%22Don%27t_Discuss_Secrets_on_the_Telephone%22_-_NARA_-_514138.jpg

  11. LLNL-PRES-761319 11

  12. LLNL-PRES-761319 12

  13. LLNL-PRES-761319 13

  14. LLNL-PRES-761319 14

  15. LLNL-PRES-761319 15

  16. LLNL-PRES-761319 16 https://pixabay.com/en/history-blackboard-chalk-chalkboard-998337/

  17. LLNL-PRES-761319 17

  18. LLNL-PRES-761319 18

  19. LLNL-PRES-761319 19 https://www.unixmen.com/prevent-ssh-disconnecting-sessions/

  20. LLNL-PRES-761319 20

  21. LLNL-PRES-761319 21

  22. LLNL-PRES-761319 22

  23. LLNL-PRES-761319 23

  24. LLNL-PRES-761319 24 https://www.flickr.com/photos/christiaancolen/33904011850

  25. LLNL-PRES-761319 25

  26. LLNL-PRES-761319 26

  27. LLNL-PRES-761319 27

  28. LLNL-PRES-761319 28

  29. LLNL-PRES-761319 29 Not just for attackers penetration testers http://trulyhappylife.com/wp-content/uploads/2015/02/Persistence-1024x637.jpg

  30. LLNL-PRES-761319 30

  31. LLNL-PRES-761319 31 CTRL + A, CTRL + D

  32. LLNL-PRES-761319 32

  33. LLNL-PRES-761319 33

  34. LLNL-PRES-761319 34

  35. LLNL-PRES-761319 35

  36. LLNL-PRES-761319 36 Recap § Loot — App tokens — SSH

    keypairs — Developer source code (important IP) — Passive recon (other servers / services) — Built in persistence § Mitigations — Training / monitoring — Static Source Code Analysis — Version Control-aware Analysis • https://github.com/18F/git-seekret • https://github.com/awslabs/git-secrets https://cdn.pixabay.com/photo/2017/11/07/23/55/pirate-2928821_960_720.jpg

  37. LLNL-PRES-761319 37

  38. LLNL-PRES-761319 38

  39. LLNL-PRES-761319 39

  40. LLNL-PRES-761319 40

  41. LLNL-PRES-761319 41 https://software.llnl.gov

  42. Thank you! @IanLee1521 ian@llnl.gov This document was prepared as an

    account of work sponsored by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes.