SlideShare una empresa de Scribd logo

Putting the tea back into cyber terrorism

SensePost
SensePost

Presentation by Charl van der Walt, Roelof Temmingh and Haroon Meer at BlackHat USA 2003. This presentation is about targeted, effective, automated attacks that could be used in countrywide cyberterrorism. A worm that targets internal networks is discussed as an example of such an attack.

Tecnología
1 de 16
Descargar para leer sin conexión
Cyber terrorism/warfare A packet can’t fly a plane… Typical types of attack: –Denial of service –Breeching the perimeter Problems with these attacks –Does not hurt enough –Not effective
What we really need is… Attacks that are: –Targeted / Closely focused (T) –Closely coordinated –Wide enough to cripple a country –Very effective (E) –Too fast for human intervention – i.e. automated (A)
Part I: A very nasty worm… Internal networks are weak Perimeters are strong Internal network: –Machines are never patched –Installed with unpatched software –New machines are added –Not segmented on network layer A multi–exploit worm’s paradise
Part I: A very nasty worm… Let’s see: 1. Microsoft IIS Unicode / 2x decode 2. Microsoft IIS MSADC 3. Microsoft IIS .printer extensions 4. Microsoft IIS WebDAV 5. Microsoft SQL with blank SA configured 6. Blank local administrator passwords on Microsoft Windows hosts 7. …slammer… 8. Apache Chunked Encoding 9. OpenSSL < 0.9.6
Part I: A very nasty worm… Finding more food Targeting on internal network and Internet very different. 1. Find your current network/mask 2. SNMP queries all around 3. Traceroute to Internet 4. Pingsweep one class C higher and lower 5. …brute force…
Part I: A very nasty worm… Denial of service on internal networks is fun: –Wire speed flooding –ICMP redirection –MAC/ARP table trickery –DHCP lease exhaustion –Hijacking of TCP connections Since we are here…: –DOC/XLS/ZIP/MDB file corruption –BIOS flashing –Pop-up messages –Disable all routers you can find – island-ification
IP/MASK TRACEROUTE LOCAL EXE INFECTION SNMP BRUTE FORCE FLOODS TESTER BIOS FLASH ETC POP-UPS MAC/ARP POISON COPY REMOTE EXEC DHCP EXHAUST MESSAGE PROTOCOL
Part II: Delivery Who needs 0day silent delivery when you can mail an EXE to someone: • Using the correct language • From marketing@companyXX.com • Subject: “New screensaver for companyXX – click here” • With HTTPS link to intranet.companyXX.com…and then some funny characters…☺ • SSL neatly bypass all content level filters (even PowerPoint thinks its valid)
Part II: Delivery Some stats: – Target group : IT security team – bank – 13 people in group – 8 downloaded the EXE – 5 executed it One guy executed it 3 times…
Part III: Targeted delivery How do you find someone on the Internet? • Google is your friend • +@companyXX.com -www.companyXX.com • Scrape it (TOC of Google) • Example…Hurriyet Newspaper in Turkey # perl emails.pl hurriyet.com.tr Received 83 Hits: [bavci@hurriyet.com.tr] [tturenc@hurriyet.com.tr] [ecolasan@hurriyet.com.tr] [yatakan@hurriyet.com.tr] [dhizlan@hurriyet.com.tr] [fsever@hurriyet.com.tr] [rcaglayangil@hurriyet.com.tr] </snip>
Part III: Footprinting a country We can extract email addresses from companies – we need to find companies for each country in the following sectors: – Telecommunication – Energy providers (hydro, nuclear, fossil fuel, oil etc.) – Government departments / Military – Media providers – Financial services – Prominent businesses – Emergency services – Transport
Part III: Footprinting a country Private sector/Public sector Private: • Problems with online directories (e.g. Google/DMOZ) • Solution is specialized directories • Some online (http://www.world-newspapers.com/), some better to extract (pros/cons) • Challenge – mapping company name to domain name • Method – page 9 of paper.
Part III: Footprinting a country Private sector/Public sector Public – government and military Concept of sub TLD – e.g. gov.za Not the same for every country – e.g. France (gouv.fr) Interested in sub domains – maps to departments • We have Google scraper • We scrape gov.za (for example) • Look at all the subdomains • These becomes targets Many military domains contained in gov sub TLD. Recursive scraping…finding *all* the sub domains
Part IV: Putting it all together Years in the industry taught us well- you need a GUI…!
We love Turkey Conclusion Focused cyber attacks are possible This method would most likely have negative impact How does it compare to real life attacks? Is this YABMT? (yet another bigger mouse trap) What’s the chances of this happening? Should we worry?

Recomendados

Cyberwar
CyberwarCyberwar
Cyberwarzapp0
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine cloudsSensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSensePost
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summarySensePost
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksSensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 

Recomendados

Cyberwar
CyberwarCyberwar
Cyberwarzapp0
 
Threats to machine clouds
Threats to machine cloudsThreats to machine clouds
Threats to machine cloudsSensePost
 
SNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSNMP : Simple Network Mediated (Cisco) Pwnage
SNMP : Simple Network Mediated (Cisco) PwnageSensePost
 
Major global information security trends - a summary
Major global information security trends - a summaryMajor global information security trends - a summary
Major global information security trends - a summarySensePost
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarRadware
 
ZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksZaCon 2015 - Zombie Mana Attacks
ZaCon 2015 - Zombie Mana AttacksSensePost
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudWebinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudInternap
 
Mobile Cloud Architectures
Mobile Cloud ArchitecturesMobile Cloud Architectures
Mobile Cloud ArchitecturesDavid Coallier
 
Hacking Rapidshare
Hacking RapidshareHacking Rapidshare
Hacking RapidshareSais Abdelkrim
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Android
AndroidAndroid
AndroidSanthosh Sachithanantham
 
Web 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business ModelsWeb 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business Modelscghollins
 
Jtag Powersky
Jtag PowerskyJtag Powersky
Jtag PowerskySais Abdelkrim
 
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric WautersDynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wautersdynamicscom
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeEki Hendrawanbrata
 
AIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business ContinuityAIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business ContinuityAISDC
 
Satellite With Alt Dvb
Satellite With Alt DvbSatellite With Alt Dvb
Satellite With Alt DvbSais Abdelkrim
 
iOS Architecture and MVC
iOS Architecture and MVCiOS Architecture and MVC
iOS Architecture and MVCMarian Ignev
 
Jeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brandsJeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brandsCommunicate Magazine
 
Alt Dvb
Alt DvbAlt Dvb
Alt DvbSais Abdelkrim
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Machine Purpose
Machine PurposeMachine Purpose
Machine PurposeSais Abdelkrim
 
Scalable JavaScript Application Architecture
Scalable JavaScript Application ArchitectureScalable JavaScript Application Architecture
Scalable JavaScript Application ArchitectureNicholas Zakas
 
Ubiquisys at Femtocells Americas 11
Ubiquisys at Femtocells Americas 11Ubiquisys at Femtocells Americas 11
Ubiquisys at Femtocells Americas 11Ubiquisys Small Cells
 
The purpose of operating systems
The purpose of operating systemsThe purpose of operating systems
The purpose of operating systems93DragonNinja
 
objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile explorationSensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationSensePost
 

Más contenido relacionado

Similar a Putting the tea back into cyber terrorism

Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudWebinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudInternap
 
Mobile Cloud Architectures
Mobile Cloud ArchitecturesMobile Cloud Architectures
Mobile Cloud ArchitecturesDavid Coallier
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GSavvius, Inc
 
Web 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business ModelsWeb 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business Modelscghollins
 
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric WautersDynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wautersdynamicscom
 
AIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business ContinuityAIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business ContinuityAISDC
 
Satellite With Alt Dvb
Satellite With Alt DvbSatellite With Alt Dvb
Satellite With Alt DvbSais Abdelkrim
 
iOS Architecture and MVC
iOS Architecture and MVCiOS Architecture and MVC
iOS Architecture and MVCMarian Ignev
 
Jeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brandsJeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brandsCommunicate Magazine
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE AtlasRIPE NCC
 
Scalable JavaScript Application Architecture
Scalable JavaScript Application ArchitectureScalable JavaScript Application Architecture
Scalable JavaScript Application ArchitectureNicholas Zakas
 
The purpose of operating systems
The purpose of operating systemsThe purpose of operating systems
The purpose of operating systems93DragonNinja
 

Similar a Putting the tea back into cyber terrorism (20)

Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the CloudWebinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
Webinar: Top 5 Mistakes Your Don't Want to Make When Moving to the Cloud
 
Mobile Cloud Architectures
Mobile Cloud ArchitecturesMobile Cloud Architectures
Mobile Cloud Architectures
 
Hacking Rapidshare
Hacking RapidshareHacking Rapidshare
Hacking Rapidshare
 
Network Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10GNetwork Forensics - Your Only Choice at 10G
Network Forensics - Your Only Choice at 10G
 
Android
AndroidAndroid
Android
 
Web 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business ModelsWeb 3.0 - Concepts, Technologies, and Evolving Business Models
Web 3.0 - Concepts, Technologies, and Evolving Business Models
 
Jtag Powersky
Jtag PowerskyJtag Powersky
Jtag Powersky
 
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric WautersDynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
Dynamics NAV, Windows Azure & Windows Phone 7, Eric Wauters
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
AIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business ContinuityAIS DIsaster Recovery & Business Continuity
AIS DIsaster Recovery & Business Continuity
 
Satellite With Alt Dvb
Satellite With Alt DvbSatellite With Alt Dvb
Satellite With Alt Dvb
 
iOS Architecture and MVC
iOS Architecture and MVCiOS Architecture and MVC
iOS Architecture and MVC
 
Jeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brandsJeremiah Caron, Context, Google+ for businesses and brands
Jeremiah Caron, Context, Google+ for businesses and brands
 
Alt Dvb
Alt DvbAlt Dvb
Alt Dvb
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
 
Machine Purpose
Machine PurposeMachine Purpose
Machine Purpose
 
Scalable JavaScript Application Architecture
Scalable JavaScript Application ArchitectureScalable JavaScript Application Architecture
Scalable JavaScript Application Architecture
 
Ubiquisys at Femtocells Americas 11
Ubiquisys at Femtocells Americas 11Ubiquisys at Femtocells Americas 11
Ubiquisys at Femtocells Americas 11
 
The purpose of operating systems
The purpose of operating systemsThe purpose of operating systems
The purpose of operating systems
 

Más de SensePost

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile explorationSensePost
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationSensePost
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17SensePost
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitSensePost
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsSensePost
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemSensePost
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get HackedSensePost
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application HackingSensePost
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and DefencesSensePost
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2SensePost
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nationSensePost
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?SensePost
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessessSensePost
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerceSensePost
 
Penetration testing and social engineering
Penetration testing and social engineeringPenetration testing and social engineering
Penetration testing and social engineeringSensePost
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the faceSensePost
 

Más de SensePost (20)

objection - runtime mobile exploration
objection - runtime mobile explorationobjection - runtime mobile exploration
objection - runtime mobile exploration
 
Vulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based ApplicationVulnerabilities in TN3270 based Application
Vulnerabilities in TN3270 based Application
 
Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17Ruler and Liniaal @ Troopers 17
Ruler and Liniaal @ Troopers 17
 
Introducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration ToolkitIntroducing (DET) the Data Exfiltration Toolkit
Introducing (DET) the Data Exfiltration Toolkit
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tat
 
Hacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation SystemsHacking Z-Wave Home Automation Systems
Hacking Z-Wave Home Automation Systems
 
Inside .NET Smart Card Operating System
Inside .NET Smart Card Operating SystemInside .NET Smart Card Operating System
Inside .NET Smart Card Operating System
 
Its Ok To Get Hacked
Its Ok To Get HackedIts Ok To Get Hacked
Its Ok To Get Hacked
 
Web Application Hacking
Web Application HackingWeb Application Hacking
Web Application Hacking
 
Attacks and Defences
Attacks and DefencesAttacks and Defences
Attacks and Defences
 
Corporate Threat Modeling v2
Corporate Threat Modeling v2Corporate Threat Modeling v2
Corporate Threat Modeling v2
 
State of the information security nation
State of the information security nationState of the information security nation
State of the information security nation
 
OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?OK I'm here, so what's in it for me?
OK I'm here, so what's in it for me?
 
Security threats facing SA businessess
Security threats facing SA businessessSecurity threats facing SA businessess
Security threats facing SA businessess
 
Security in e-commerce
Security in e-commerceSecurity in e-commerce
Security in e-commerce
 
Penetration testing and social engineering
Penetration testing and social engineeringPenetration testing and social engineering
Penetration testing and social engineering
 
Getting punched in the face
Getting punched in the faceGetting punched in the face
Getting punched in the face
 

Último

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Putting the tea back into cyber terrorism

  • 1.
  • 2. Cyber terrorism/warfare A packet can’t fly a plane… Typical types of attack: –Denial of service –Breeching the perimeter Problems with these attacks –Does not hurt enough –Not effective
  • 3. What we really need is… Attacks that are: –Targeted / Closely focused (T) –Closely coordinated –Wide enough to cripple a country –Very effective (E) –Too fast for human intervention – i.e. automated (A)
  • 4. Part I: A very nasty worm… Internal networks are weak Perimeters are strong Internal network: –Machines are never patched –Installed with unpatched software –New machines are added –Not segmented on network layer A multi–exploit worm’s paradise
  • 5. Part I: A very nasty worm… Let’s see: 1. Microsoft IIS Unicode / 2x decode 2. Microsoft IIS MSADC 3. Microsoft IIS .printer extensions 4. Microsoft IIS WebDAV 5. Microsoft SQL with blank SA configured 6. Blank local administrator passwords on Microsoft Windows hosts 7. …slammer… 8. Apache Chunked Encoding 9. OpenSSL < 0.9.6
  • 6. Part I: A very nasty worm… Finding more food Targeting on internal network and Internet very different. 1. Find your current network/mask 2. SNMP queries all around 3. Traceroute to Internet 4. Pingsweep one class C higher and lower 5. …brute force…
  • 7. Part I: A very nasty worm… Denial of service on internal networks is fun: –Wire speed flooding –ICMP redirection –MAC/ARP table trickery –DHCP lease exhaustion –Hijacking of TCP connections Since we are here…: –DOC/XLS/ZIP/MDB file corruption –BIOS flashing –Pop-up messages –Disable all routers you can find – island-ification
  • 8. IP/MASK TRACEROUTE LOCAL EXE INFECTION SNMP BRUTE FORCE FLOODS TESTER BIOS FLASH ETC POP-UPS MAC/ARP POISON COPY REMOTE EXEC DHCP EXHAUST MESSAGE PROTOCOL
  • 9. Part II: Delivery Who needs 0day silent delivery when you can mail an EXE to someone: • Using the correct language • From marketing@companyXX.com • Subject: “New screensaver for companyXX – click here” • With HTTPS link to intranet.companyXX.com…and then some funny characters…☺ • SSL neatly bypass all content level filters (even PowerPoint thinks its valid)
  • 10. Part II: Delivery Some stats: – Target group : IT security team – bank – 13 people in group – 8 downloaded the EXE – 5 executed it One guy executed it 3 times…
  • 11. Part III: Targeted delivery How do you find someone on the Internet? • Google is your friend • +@companyXX.com -www.companyXX.com • Scrape it (TOC of Google) • Example…Hurriyet Newspaper in Turkey # perl emails.pl hurriyet.com.tr Received 83 Hits: [bavci@hurriyet.com.tr] [tturenc@hurriyet.com.tr] [ecolasan@hurriyet.com.tr] [yatakan@hurriyet.com.tr] [dhizlan@hurriyet.com.tr] [fsever@hurriyet.com.tr] [rcaglayangil@hurriyet.com.tr] </snip>
  • 12. Part III: Footprinting a country We can extract email addresses from companies – we need to find companies for each country in the following sectors: – Telecommunication – Energy providers (hydro, nuclear, fossil fuel, oil etc.) – Government departments / Military – Media providers – Financial services – Prominent businesses – Emergency services – Transport
  • 13. Part III: Footprinting a country Private sector/Public sector Private: • Problems with online directories (e.g. Google/DMOZ) • Solution is specialized directories • Some online (http://www.world-newspapers.com/), some better to extract (pros/cons) • Challenge – mapping company name to domain name • Method – page 9 of paper.
  • 14. Part III: Footprinting a country Private sector/Public sector Public – government and military Concept of sub TLD – e.g. gov.za Not the same for every country – e.g. France (gouv.fr) Interested in sub domains – maps to departments • We have Google scraper • We scrape gov.za (for example) • Look at all the subdomains • These becomes targets Many military domains contained in gov sub TLD. Recursive scraping…finding *all* the sub domains
  • 15. Part IV: Putting it all together Years in the industry taught us well- you need a GUI…!
  • 16. We love Turkey Conclusion Focused cyber attacks are possible This method would most likely have negative impact How does it compare to real life attacks? Is this YABMT? (yet another bigger mouse trap) What’s the chances of this happening? Should we worry?