Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.

Published byCecil Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development."— Presentation transcript:

1 Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development

2 2 Tripwire delivers advanced threat protection, security, and compliance solutions 9,000+ Customers in 96 Countries $$$ Profitable 450+ Employees $195M+ Annual

3 3 Threat Landscape Percentage of breaches that could be prevented by remediating known vulnerabilities US-CERT Average time to detect an advanced persistent threat on a corporate network Mandiant Percentage of unauthorized data access was through compromised servers Verizon DBIR Days the average malicious data breach took to resolve Ponemon

4 4 Solution: Adaptive Threat Protection Adaptive Threat Protection Endpoint Intelligence Vulnerability Intelligence Threat Intelligence Threat Analytics Forensics Zero-Day Detection Threat Response Log & Event Intelligence

5 PRIMARYSECONDARYTERTIARY Vulnerabilities

6 PRIMARYSECONDARYTERTIARY Most Common Programmatic Vulnerability Types Buffer Overflow Format String Race Condition Privilege Escalation Denial of Service

7 PRIMARYSECONDARYTERTIARY Buffer Overflows Program requires first name input Developer writes char firstName[10] User’s name is ‘Christopher’. Program Crashes Attacker exploits this to control the return address (EIP) Images from Wikipedia: Stack buffer overflowWikipedia: Stack buffer overflow

8 PRIMARYSECONDARYTERTIARY Format String Injection Often involves improper use of printf Allows potential disclosure and manipulation of memory Can allow privilege escalation, arbitrary execution of commands

9 PRIMARYSECONDARYTERTIARY Race Condition Program that checks and then uses something. Sometimes referred to as TOCTTOU (TOCK-too) > “Time Of Check vs. Time Of Use” E.g. > SUID program checks to see if a user has permissions to access a file, then accesses the file with SUID permissions. > Program checks to see if a file exists, then writes data to that file. In either situation, there’s a race between the attacker and the software to attempt to manipulate access between the check and the use.

10 PRIMARYSECONDARYTERTIARY Privilege Escalation The ability to take yourself from a regular user to Administrator/root to SYSTEM (or any single step). Program abc.exe runs as a service as LocalSystem. User replaces abc.exe with cmd.exe. Cmd.exe now runs as LocalSystem instead of running as User.

11 PRIMARYSECONDARYTERTIARY Denial of Service Attacks which prevent a system or program from providing service. E.g. > Resource Utilization > E.g. HTTP Post Attacks > Crash Condition > E.g. Buffer Overflow

12 PRIMARYSECONDARYTERTIARY Finding Vulnerabilities Five primary ways: Fuzzing Reverse Engineering Static Code Analysis Manual Testing Accidental Discovery

13 PRIMARYSECONDARYTERTIARY What Do We Do With Them?

14 PRIMARYSECONDARYTERTIARY MITRE & NIST – Vulnerability Normalization CVE > Dictionary of publicly known vulnerabilities > E.g. CVE-2009-3555 or CVE-2008-4250 CPE > Dictionary of Platforms (Apps & OSs) > E.g. cpe:/o:microsoft:windows_xp::gold > E.g. cpe:/a:microsoft:windows_explorer CWE > Dictionary of publicly known weaknesses (programming flaws) > E.g. CWE-120 (Classic Buffer Overflow)

15 PRIMARYSECONDARYTERTIARY CVE – CWE Why Vulnerabilities, Exposures & Weaknesses A vulnerability is a unique instance of a flaw that leads to access to a system or network An exposure is a unique instance of a flaw that reveals information about a system or network A weakness is the generic flaw that lead to the unique instance described by a vulnerability or exposure. In other words, each CVE is based on at least one CWE.

16 PRIMARYSECONDARYTERTIARY 16

17 PRIMARYSECONDARYTERTIARY Responsible Disclosure

18 PRIMARYSECONDARYTERTIARY 18 Responsible Disclosure Allows entities to correct “Zero Day” vulnerabilities prior to public disclosure Essentially a “code of ethics” for white hat researchers Process (typical): > Researcher discovers vulnerability > Researcher reports vulnerability to vendor / creator > Dialog occurs between researcher and vendor > Fix is made available (typically in a patch) > Vulnerability is publicly disclosed > Note: Some organizations pay for responsible disclosure via “bug bounties” or similar programs

19 PRIMARYSECONDARYTERTIARY Q&A

Download ppt "Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development."

Similar presentations

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Vulnerability Assessments

Vulnerability Assessments
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.

John Prisco President and CEO Triumfant, Inc. Our defenses are designed to defeat threats we have seen before. We have very little protection against.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.

Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.
1 60-564 Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”

Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”
W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation 07.02.2008 Christian Gruber.

W HAT DOES EXPLOIT MEAN ? A ND THE S ASSER WORM Seminar on Software Engineering, Short Presentation Christian Gruber.

Similar presentations

Ads by Google