SlideShare una empresa de Scribd logo

Charla antifingerprinting

Descargar como PPT, PDF
N
navajanegra
Tecnología
1 de 61
The art of disguise Anti-fingerprinting techniques 1 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Creative Commons License The art of disguise - Anti-fingerprinting techniques by Daniel García García a.k.a. cr0hn is licensed under a: Creative Commons Reconocimiento-NoComercial-SinObraDerivada 3.0 Unported License. Permissions beyond the scope of this license may be available at: dani@iniqua.com. 2 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Index 2.FreeBSD: A brief introduction. 3.How fingerprint works? 4.How to defeat it? 3 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
FreeBSD… A brief introduction 4 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
1 - FreeBSD: A brief introduction 2.How install it? 3.How manage the software? 4.How install program? 5.Main differences between GNU/Linux. 5 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
How install it? Simple… With a wizard 6 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Software management • What is a port system? • Why port is a good idea? • How port works? 7 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Installing new software Compiling… 8 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Installing new software From binaries… 9 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Main differences with GNU/Linux FreeBSD GNU/Linux General config file: /etc/rc.conf Multiple config files and directories Services start •/etc/rc.d/ Service start: /etc/init.d/ •/usr/local/etc/rc.d/ User directories: /usr/home User directories: /home Kernel: Kernel: - config: about 200 lines - config file: very complicated - Many security features included - Extra features via patches Only some distribution can do it, like Software, natively, can be compiled Gentoo. 10 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
The fingerprinting… How it works? 11 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
2 – Fingerprinting: How it works? 1. Why hide your systems? 2. Operating system level. 3. Service level. 4. Application level. 12 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Why hide your OS and services? 1. To hide of known (and unknown!) exploits. 2. Necessaries unpatched versions of software. 3. If somebody knows OS you’re running also may guess the application that run in. 4. Privacy: nobody needs to know the systems you've got running 13 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Fingerprinting: Risk demo Risk demo 14 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Operating System level mmm ... fish • TTL OpenBSD: 255 Linux/*BSD: 64 Windows: 128 AIX: 30 15 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Operating System level • Common TCP Initial Windows size *BSD: FFFF OpenBSD: 4000 Linux: 16A0 Windows: 2000 AIX: 4470/FFFF 16 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Operating System level • IP ID sequence generation algorithm. • Invalid TCP flags combination. • Answer to closed port: RST, nothing, ICMP unreachable. • TCP send/receive window sizes. • Port ranges 17 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level • Banners 18 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level • Session ID var (PHPSESID/JSESSIONID) • Hidden/lost files. • Meta headers. • Vars and methods names. 19 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level A practical example: Metadata. 20 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level A practical example: Lost files. 21 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
The fight… How to defeat it? 22 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
3 – Defeating fingerprinting • Kernel parameters • Changing banners • Modifying applications 23 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Kernel parameters Disable (if you don’t need) • SCTP • IPv6 24 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Kernel parameters In your /etc/sysctl.conf 25 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level How to defeat it? • Changing configuration files • Changing source code of software 26 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
How to make a patch Step to make a patch: 2. Download the source code of app you want to patch. 3. Extract code an create a copy of code. 4. From your copy, make the changes you need. 5. Apply a diff to extract changes. 6. Save change into a patch-* file. 27 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
How to make a patch: Nginx Step 1 and 2: 2. Download the source code of Nginx. 3. Creating a copy of source. 28 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
How to make a patch: Nginx Step 3: • Locate file that contains information of version: • Change file information: 29 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
How to make a patch: Nginx Step 4 and 5: • Make a diff with original file and save into patch. 30 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
FreeBSD patching method What need FreeBSD to apply our path? • Put your file into: /usr/ports/CATEGORY/PROG/files • Your patch must be named like: patch-ORIGINAL_FILE_NAME • Change relative path in your patch: 31 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
FreeBSD patching method And now, how compile our patched software…? 32 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
FreeBSD patching method Even an idiot can do it! 33 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level Learning with examples: Nginx • OpenSSH • PureFTPd • Apache Tomcat 34 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: Nginx Where is version information? • In nginx.h 35 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: Nginx Yes! I use a public The result: IP for my LAN 36 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: OpenSSH Where is version information? • In Makefile: • Or in version.h: 37 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: OpenSSH The result: 38 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: PureFTPd Where is version information? • In pure-ftphow.c • In altlog.c • In ftp_parser.c • In ftpd.c 39 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: PureFTPd The result: 40 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: Tomcat Where is version information: • /usr/local/apache-tomcat-7.0/conf/server.xml 41 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: Tomcat The result: 42 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: nmap What think nmap? 43 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Service level: fingerprinting database Where can we find a database of fingerprintings? 44 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level Learning with examples… …Testing WordPress 45 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Hiding our WordPress information: 2.WordPress version. 3.WordPress’s plugins versions. 4.Session ID 5.Custom error pages. 6.Metadata info 7.Hash of static and common files. 46 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadanie
Application level: WordPress Step 1: WordPress version. 47 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 2: Plugins versions. 48 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 1 and 2: Hiding versions. 49 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 3: Session ID var. 50 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 3: Hiding session ID var. 51 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 4: Custom error pages… of IIS 52 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 5: Metadata info. 53 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 5: Hiding metadata info. 54 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 6: Hash of static and common files. • Site.com/wp-includes/css/admin-bar.css: • Some programs have a database of hashes: 55 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Step 6: Hiding common hashes: 2.Modify our static files, like css: 4.Check the new hash: 56 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress The result: • Plecost (http://www.iniqua.com/labs/plecost/ ) No plugins found!! 57 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress The result: • WP-scan (http://code.google.com/p/wpscan/) wp-scan don’t like our filters 58 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress The result: • Nmap 59 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Application level: WordPress Final result…. We've earned a beer! 60 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
Questions? 61 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel

Recomendados

The art of disguise - Antifingerprinting techniques
The art of disguise - Antifingerprinting techniquesThe art of disguise - Antifingerprinting techniques
The art of disguise - Antifingerprinting techniquesDaniel Garcia (a.k.a cr0hn)
 
Extreme security in web servers
Extreme security in web serversExtreme security in web servers
Extreme security in web serversDaniel Garcia (a.k.a cr0hn)
 
Venezuela2
Venezuela2Venezuela2
Venezuela2TanDesil
 
1100101001001110
11001010010011101100101001001110
1100101001001110navajanegra
 
LIOS: a tool for IOS Forensic
LIOS: a tool for IOS ForensicLIOS: a tool for IOS Forensic
LIOS: a tool for IOS Forensicnavajanegra
 
Adivina quién viene a CDNear esta noche
Adivina quién viene a CDNear esta nocheAdivina quién viene a CDNear esta noche
Adivina quién viene a CDNear esta nochenavajanegra
 
All your appliances are belong to us
All your appliances are belong to usAll your appliances are belong to us
All your appliances are belong to usnavajanegra
 
Natural User Interfaces in a Nutshel
Natural User Interfaces in a NutshelNatural User Interfaces in a Nutshel
Natural User Interfaces in a NutshelMichael Heydt
 

Recomendados

The art of disguise - Antifingerprinting techniques
The art of disguise - Antifingerprinting techniquesThe art of disguise - Antifingerprinting techniques
The art of disguise - Antifingerprinting techniquesDaniel Garcia (a.k.a cr0hn)
 
Extreme security in web servers
Extreme security in web serversExtreme security in web servers
Extreme security in web serversDaniel Garcia (a.k.a cr0hn)
 
Venezuela2
Venezuela2Venezuela2
Venezuela2TanDesil
 
1100101001001110
11001010010011101100101001001110
1100101001001110navajanegra
 
LIOS: a tool for IOS Forensic
LIOS: a tool for IOS ForensicLIOS: a tool for IOS Forensic
LIOS: a tool for IOS Forensicnavajanegra
 
Adivina quién viene a CDNear esta noche
Adivina quién viene a CDNear esta nocheAdivina quién viene a CDNear esta noche
Adivina quién viene a CDNear esta nochenavajanegra
 
All your appliances are belong to us
All your appliances are belong to usAll your appliances are belong to us
All your appliances are belong to usnavajanegra
 
Natural User Interfaces in a Nutshel
Natural User Interfaces in a NutshelNatural User Interfaces in a Nutshel
Natural User Interfaces in a NutshelMichael Heydt
 
DrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic OverviewDrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic OverviewJohn Studdard
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
ODROID Magazine January 2015
ODROID Magazine January 2015ODROID Magazine January 2015
ODROID Magazine January 2015Nanik Tolaram
 
Distributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDLDistributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDLYulia Tell
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)Phillip Maddux
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesRootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesDaniel Garcia (a.k.a cr0hn)
 
Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)iotmadrid
 
Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...Anthony Ogbonna
 
Building your own CPAN with Pinto
Building your own CPAN with PintoBuilding your own CPAN with Pinto
Building your own CPAN with Pintoandrefsantos
 
Open Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial MeetupOpen Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial MeetupChris Schalk
 
Keep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal SecureKeep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal SecureAlex Burrows
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010Manu Arjó
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas MoreKevin Van den Abeele
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas MoreJWORKS powered by Ordina
 
Cryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a gameCryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a gamenavajanegra
 
Automated and unified opensource web application testing
Automated and unified opensource web application testingAutomated and unified opensource web application testing
Automated and unified opensource web application testingnavajanegra
 

Más contenido relacionado

Similar a Charla antifingerprinting

DrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic OverviewDrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic OverviewJohn Studdard
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
ODROID Magazine January 2015
ODROID Magazine January 2015ODROID Magazine January 2015
ODROID Magazine January 2015Nanik Tolaram
 
Distributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDLDistributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDLYulia Tell
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)Phillip Maddux
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesRootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesDaniel Garcia (a.k.a cr0hn)
 
Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)iotmadrid
 
Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...Anthony Ogbonna
 
Building your own CPAN with Pinto
Building your own CPAN with PintoBuilding your own CPAN with Pinto
Building your own CPAN with Pintoandrefsantos
 
Open Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial MeetupOpen Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial MeetupChris Schalk
 
Keep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal SecureKeep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal SecureAlex Burrows
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Opersys inc.
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and RoadmapImply
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big DataFrank Denis
 
Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010Manu Arjó
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 

Similar a Charla antifingerprinting (20)

DrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic OverviewDrupalCampSFL OpenPublic Overview
DrupalCampSFL OpenPublic Overview
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
 
ODROID Magazine January 2015
ODROID Magazine January 2015ODROID Magazine January 2015
ODROID Magazine January 2015
 
Distributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDLDistributed Deep Learning At Scale On Apache Spark With BigDL
Distributed Deep Learning At Scale On Apache Spark With BigDL
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)HoneyPy & HoneyDB (LASCON 2016)
HoneyPy & HoneyDB (LASCON 2016)
 
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker imagesRootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
RootedCON 2017 - Docker might not be your friend. Trojanizing Docker images
 
Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)Internet of Things & Open Hardware (LeanCamp Madrid 2012)
Internet of Things & Open Hardware (LeanCamp Madrid 2012)
 
Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...Introducing Drupal: The open source content management and web application fr...
Introducing Drupal: The open source content management and web application fr...
 
Building your own CPAN with Pinto
Building your own CPAN with PintoBuilding your own CPAN with Pinto
Building your own CPAN with Pinto
 
Open Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial MeetupOpen Social Shindig Preso for FB and OpenSocial Meetup
Open Social Shindig Preso for FB and OpenSocial Meetup
 
Keep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal SecureKeep it out - How to keep Drupal Secure
Keep it out - How to keep Drupal Secure
 
Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012Embedded Android Workshop part I ESC SV 2012
Embedded Android Workshop part I ESC SV 2012
 
Apache Druid Vision and Roadmap
Apache Druid Vision and RoadmapApache Druid Vision and Roadmap
Apache Druid Vision and Roadmap
 
Malware vs Big Data
Malware vs Big DataMalware vs Big Data
Malware vs Big Data
 
Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010Sironta at OpenOffice.org Conference 2010
Sironta at OpenOffice.org Conference 2010
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
IoT Session Thomas More
IoT Session Thomas MoreIoT Session Thomas More
IoT Session Thomas More
 
Cc internet of things @ Thomas More
Cc internet of things @ Thomas MoreCc internet of things @ Thomas More
Cc internet of things @ Thomas More
 

Más de navajanegra

Cryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a gameCryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a gamenavajanegra
 
Automated and unified opensource web application testing
Automated and unified opensource web application testingAutomated and unified opensource web application testing
Automated and unified opensource web application testingnavajanegra
 
Cool Boot: It's cool!
Cool Boot: It's cool!Cool Boot: It's cool!
Cool Boot: It's cool!navajanegra
 
El lado oscuro de TOR: La Deep Web
El lado oscuro de TOR: La Deep WebEl lado oscuro de TOR: La Deep Web
El lado oscuro de TOR: La Deep Webnavajanegra
 
Telephaty: Harness the code
Telephaty: Harness the codeTelephaty: Harness the code
Telephaty: Harness the codenavajanegra
 
Trash Robotic Router Platform (TRRP)
Trash Robotic Router Platform (TRRP)Trash Robotic Router Platform (TRRP)
Trash Robotic Router Platform (TRRP)navajanegra
 
Economías criptográficas
Economías criptográficasEconomías criptográficas
Economías criptográficasnavajanegra
 
Where is my money? The evolution of Internet fraud
Where is my money? The evolution of Internet fraudWhere is my money? The evolution of Internet fraud
Where is my money? The evolution of Internet fraudnavajanegra
 
Divulgación del trabajo de la Brigada de Investigación Tecnológica
Divulgación del trabajo de la Brigada de Investigación TecnológicaDivulgación del trabajo de la Brigada de Investigación Tecnológica
Divulgación del trabajo de la Brigada de Investigación Tecnológicanavajanegra
 
Anteproyecto del código procesal penal: Análisis Técnico
Anteproyecto del código procesal penal: Análisis TécnicoAnteproyecto del código procesal penal: Análisis Técnico
Anteproyecto del código procesal penal: Análisis Técniconavajanegra
 
Fuzzing browsers by generating malformed HTML/HTML5
Fuzzing browsers by generating malformed HTML/HTML5Fuzzing browsers by generating malformed HTML/HTML5
Fuzzing browsers by generating malformed HTML/HTML5navajanegra
 
¿Nadie piensa en las DLLs?
¿Nadie piensa en las DLLs?¿Nadie piensa en las DLLs?
¿Nadie piensa en las DLLs?navajanegra
 
SDR: Lowcost receiving in radio communications
SDR: Lowcost receiving in radio communicationsSDR: Lowcost receiving in radio communications
SDR: Lowcost receiving in radio communicationsnavajanegra
 
A brief introduction to reversing code with OllyDbg and other tools
A brief introduction to reversing code with OllyDbg and other toolsA brief introduction to reversing code with OllyDbg and other tools
A brief introduction to reversing code with OllyDbg and other toolsnavajanegra
 
HASH COLLISIONS: Welcome to the (un)real World!
HASH COLLISIONS: Welcome to the (un)real World!HASH COLLISIONS: Welcome to the (un)real World!
HASH COLLISIONS: Welcome to the (un)real World!navajanegra
 
Show me your intents
Show me your intentsShow me your intents
Show me your intentsnavajanegra
 
Take a walk on the wild side
Take a walk on the wild sideTake a walk on the wild side
Take a walk on the wild sidenavajanegra
 
From mail to jail: Exploit your ex-girlfriend
From mail to jail: Exploit your ex-girlfriendFrom mail to jail: Exploit your ex-girlfriend
From mail to jail: Exploit your ex-girlfriendnavajanegra
 

Más de navajanegra (20)

Cryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a gameCryptography: The mathematics of secret codes is a game
Cryptography: The mathematics of secret codes is a game
 
Automated and unified opensource web application testing
Automated and unified opensource web application testingAutomated and unified opensource web application testing
Automated and unified opensource web application testing
 
Offensive MitM
Offensive MitMOffensive MitM
Offensive MitM
 
Cool Boot: It's cool!
Cool Boot: It's cool!Cool Boot: It's cool!
Cool Boot: It's cool!
 
El lado oscuro de TOR: La Deep Web
El lado oscuro de TOR: La Deep WebEl lado oscuro de TOR: La Deep Web
El lado oscuro de TOR: La Deep Web
 
Telephaty: Harness the code
Telephaty: Harness the codeTelephaty: Harness the code
Telephaty: Harness the code
 
Trash Robotic Router Platform (TRRP)
Trash Robotic Router Platform (TRRP)Trash Robotic Router Platform (TRRP)
Trash Robotic Router Platform (TRRP)
 
Economías criptográficas
Economías criptográficasEconomías criptográficas
Economías criptográficas
 
Where is my money? The evolution of Internet fraud
Where is my money? The evolution of Internet fraudWhere is my money? The evolution of Internet fraud
Where is my money? The evolution of Internet fraud
 
Divulgación del trabajo de la Brigada de Investigación Tecnológica
Divulgación del trabajo de la Brigada de Investigación TecnológicaDivulgación del trabajo de la Brigada de Investigación Tecnológica
Divulgación del trabajo de la Brigada de Investigación Tecnológica
 
Anteproyecto del código procesal penal: Análisis Técnico
Anteproyecto del código procesal penal: Análisis TécnicoAnteproyecto del código procesal penal: Análisis Técnico
Anteproyecto del código procesal penal: Análisis Técnico
 
Zeus-R-Us
Zeus-R-UsZeus-R-Us
Zeus-R-Us
 
Fuzzing browsers by generating malformed HTML/HTML5
Fuzzing browsers by generating malformed HTML/HTML5Fuzzing browsers by generating malformed HTML/HTML5
Fuzzing browsers by generating malformed HTML/HTML5
 
¿Nadie piensa en las DLLs?
¿Nadie piensa en las DLLs?¿Nadie piensa en las DLLs?
¿Nadie piensa en las DLLs?
 
SDR: Lowcost receiving in radio communications
SDR: Lowcost receiving in radio communicationsSDR: Lowcost receiving in radio communications
SDR: Lowcost receiving in radio communications
 
A brief introduction to reversing code with OllyDbg and other tools
A brief introduction to reversing code with OllyDbg and other toolsA brief introduction to reversing code with OllyDbg and other tools
A brief introduction to reversing code with OllyDbg and other tools
 
HASH COLLISIONS: Welcome to the (un)real World!
HASH COLLISIONS: Welcome to the (un)real World!HASH COLLISIONS: Welcome to the (un)real World!
HASH COLLISIONS: Welcome to the (un)real World!
 
Show me your intents
Show me your intentsShow me your intents
Show me your intents
 
Take a walk on the wild side
Take a walk on the wild sideTake a walk on the wild side
Take a walk on the wild side
 
From mail to jail: Exploit your ex-girlfriend
From mail to jail: Exploit your ex-girlfriendFrom mail to jail: Exploit your ex-girlfriend
From mail to jail: Exploit your ex-girlfriend
 

Último

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Último (20)

Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

Charla antifingerprinting

  • 1. The art of disguise Anti-fingerprinting techniques 1 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 2. Creative Commons License The art of disguise - Anti-fingerprinting techniques by Daniel García García a.k.a. cr0hn is licensed under a: Creative Commons Reconocimiento-NoComercial-SinObraDerivada 3.0 Unported License. Permissions beyond the scope of this license may be available at: dani@iniqua.com. 2 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 3. Index 2.FreeBSD: A brief introduction. 3.How fingerprint works? 4.How to defeat it? 3 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 4. FreeBSD… A brief introduction 4 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 5. 1 - FreeBSD: A brief introduction 2.How install it? 3.How manage the software? 4.How install program? 5.Main differences between GNU/Linux. 5 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 6. How install it? Simple… With a wizard 6 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 7. Software management • What is a port system? • Why port is a good idea? • How port works? 7 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 8. Installing new software Compiling… 8 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 9. Installing new software From binaries… 9 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 10. Main differences with GNU/Linux FreeBSD GNU/Linux General config file: /etc/rc.conf Multiple config files and directories Services start •/etc/rc.d/ Service start: /etc/init.d/ •/usr/local/etc/rc.d/ User directories: /usr/home User directories: /home Kernel: Kernel: - config: about 200 lines - config file: very complicated - Many security features included - Extra features via patches Only some distribution can do it, like Software, natively, can be compiled Gentoo. 10 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 11. The fingerprinting… How it works? 11 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 12. 2 – Fingerprinting: How it works? 1. Why hide your systems? 2. Operating system level. 3. Service level. 4. Application level. 12 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 13. Why hide your OS and services? 1. To hide of known (and unknown!) exploits. 2. Necessaries unpatched versions of software. 3. If somebody knows OS you’re running also may guess the application that run in. 4. Privacy: nobody needs to know the systems you've got running 13 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 14. Fingerprinting: Risk demo Risk demo 14 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 15. Operating System level mmm ... fish • TTL OpenBSD: 255 Linux/*BSD: 64 Windows: 128 AIX: 30 15 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 16. Operating System level • Common TCP Initial Windows size *BSD: FFFF OpenBSD: 4000 Linux: 16A0 Windows: 2000 AIX: 4470/FFFF 16 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 17. Operating System level • IP ID sequence generation algorithm. • Invalid TCP flags combination. • Answer to closed port: RST, nothing, ICMP unreachable. • TCP send/receive window sizes. • Port ranges 17 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 18. Service level • Banners 18 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 19. Application level • Session ID var (PHPSESID/JSESSIONID) • Hidden/lost files. • Meta headers. • Vars and methods names. 19 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 20. Application level A practical example: Metadata. 20 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 21. Application level A practical example: Lost files. 21 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 22. The fight… How to defeat it? 22 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 23. 3 – Defeating fingerprinting • Kernel parameters • Changing banners • Modifying applications 23 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 24. Kernel parameters Disable (if you don’t need) • SCTP • IPv6 24 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 25. Kernel parameters In your /etc/sysctl.conf 25 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 26. Service level How to defeat it? • Changing configuration files • Changing source code of software 26 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 27. How to make a patch Step to make a patch: 2. Download the source code of app you want to patch. 3. Extract code an create a copy of code. 4. From your copy, make the changes you need. 5. Apply a diff to extract changes. 6. Save change into a patch-* file. 27 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 28. How to make a patch: Nginx Step 1 and 2: 2. Download the source code of Nginx. 3. Creating a copy of source. 28 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 29. How to make a patch: Nginx Step 3: • Locate file that contains information of version: • Change file information: 29 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 30. How to make a patch: Nginx Step 4 and 5: • Make a diff with original file and save into patch. 30 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 31. FreeBSD patching method What need FreeBSD to apply our path? • Put your file into: /usr/ports/CATEGORY/PROG/files • Your patch must be named like: patch-ORIGINAL_FILE_NAME • Change relative path in your patch: 31 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 32. FreeBSD patching method And now, how compile our patched software…? 32 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 33. FreeBSD patching method Even an idiot can do it! 33 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 34. Service level Learning with examples: Nginx • OpenSSH • PureFTPd • Apache Tomcat 34 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 35. Service level: Nginx Where is version information? • In nginx.h 35 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 36. Service level: Nginx Yes! I use a public The result: IP for my LAN 36 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 37. Service level: OpenSSH Where is version information? • In Makefile: • Or in version.h: 37 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 38. Service level: OpenSSH The result: 38 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 39. Service level: PureFTPd Where is version information? • In pure-ftphow.c • In altlog.c • In ftp_parser.c • In ftpd.c 39 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 40. Service level: PureFTPd The result: 40 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 41. Service level: Tomcat Where is version information: • /usr/local/apache-tomcat-7.0/conf/server.xml 41 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 42. Service level: Tomcat The result: 42 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 43. Service level: nmap What think nmap? 43 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 44. Service level: fingerprinting database Where can we find a database of fingerprintings? 44 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 45. Application level Learning with examples… …Testing WordPress 45 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 46. Application level: WordPress Hiding our WordPress information: 2.WordPress version. 3.WordPress’s plugins versions. 4.Session ID 5.Custom error pages. 6.Metadata info 7.Hash of static and common files. 46 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadanie
  • 47. Application level: WordPress Step 1: WordPress version. 47 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 48. Application level: WordPress Step 2: Plugins versions. 48 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 49. Application level: WordPress Step 1 and 2: Hiding versions. 49 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 50. Application level: WordPress Step 3: Session ID var. 50 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 51. Application level: WordPress Step 3: Hiding session ID var. 51 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 52. Application level: WordPress Step 4: Custom error pages… of IIS 52 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 53. Application level: WordPress Step 5: Metadata info. 53 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 54. Application level: WordPress Step 5: Hiding metadata info. 54 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 55. Application level: WordPress Step 6: Hash of static and common files. • Site.com/wp-includes/css/admin-bar.css: • Some programs have a database of hashes: 55 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 56. Application level: WordPress Step 6: Hiding common hashes: 2.Modify our static files, like css: 4.Check the new hash: 56 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 57. Application level: WordPress The result: • Plecost (http://www.iniqua.com/labs/plecost/ ) No plugins found!! 57 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 58. Application level: WordPress The result: • WP-scan (http://code.google.com/p/wpscan/) wp-scan don’t like our filters 58 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 59. Application level: WordPress The result: • Nmap 59 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 60. Application level: WordPress Final result…. We've earned a beer! 60 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel
  • 61. Questions? 61 Daniel García a.k.a. cr0hn - @ggdaniel - http://es.linkedin.com/in/garciagarciadaniel