Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineering Secure Software

Published byMark Fletcher Modified over 5 years ago

Similar presentations

Presentation on theme: "Engineering Secure Software"— Presentation transcript:

1 Engineering Secure Software
Penetration Testing

2 Testing that Digs Deeper
Penetration testing is about attempting to exploit as much as possible (ethically) Purposes Demonstrate the person-hours required to break in Create a real scenario Compared to typical SE testing Typical: “found a stacktrace! Report bug” Pentesting: “how can we use this stacktrace? Map out a long set of chains of attacks

3 Preconditions Requires a working system Outsider
Not necessarily finished, but working As networked as possible – for pivoting Highly skilled testers Outsider Not pre-knowing company secrets Most companies hire out pentesters, but in-house pentesters are highly marketable Can be a good “side-hustle” for you in existing dev organizations

4 MITRE’s ATT&CK & CAPEC ATT&CK CAPEC
A taxonomy of tactics and techniques for general-purpose pentesting knowledge Tactics: broad categories Techniques: tool-agnostic approaches Somewhat technology-dependent CAPEC “Common Attack Pattern Enumeration and Classification” A dictionary of attack patterns Organized by mechanisms and domains Not covered in this lecture, but referenced in a few VotD

5 Let’s talk about ATT&CK (Enterprise version)

6 ATT&CK Tactics Pre-ATT&CK. The adversary is building capabilities and doing initial research Initial Access. The adversary is trying to get into your network. Discovery. The adversary is trying to figure out your environment. Privilege Escalation. The adversary is trying to gain higher-level permissions. Defense Evasion. The adversary is trying to avoid being detected. Credential Access. The adversary is trying to steal account names and passwords. Collection. The adversary is trying to gather data of interest to their goal. Quoting from

7 ATT&CK Tactics cont. Execution. The adversary is trying to run malicious code. Persistence. The adversary is trying to maintain their foothold. Lateral Movement. The adversary is trying to move through your environment. Command and Control. The adversary is trying to communicate with compromised systems to control them. Exfiltration. The adversary is trying to steal data. Impact. The adversary is trying to manipulate, interrupt, or destroy your systems and data. Quoting from

8 ATT&CK Techniques There’s a lot of techniques.
For this class, including exams, we’ll focus on just a few key ones..

9 Key Techniques: Initial Access
Drive-by compromise Users visit malicious sites e.g. executing Javascript with a browser exploit in it that takes control of a machine Hardware additions Introducing new hardware to the system e.g. hardware keystroke loggers, keystroke injection, network sniffers, portable cell-phone towers Spearphishing Confidence scamming exploiting the specific company We see these at RIT all the time

10 Discovery Network and Service Scanning Account Discovery
Run tools to enumerate hosts and ports Figure out what services are running e.g. nmap, unicornscan Account Discovery Find a listing of the existing accounts e.g. /etc/passwd

11 Credential Access Brute Force Credential Dumping Valid Accounts
e.g. dump a database table with credentials e.g. copy the /etc/shadow file Valid Accounts e.g. using default accounts e.g. using discovered credentials from other access

12 Execution & Persistence
Command-line interface e.g. ssh terminal, powershell Service execution e.g. adding a new “service” to be executed Persistence Bootkit Place malware in the Master Boot Record of the HDD Executed even after reformatting OS partition Scheduled task (also an Execution technique) e.g. crontab or Windows Task Scheduler Create account Component firmware

13 Privilege Escalation Process Injection
Executing arbitrary code in an existing, legit process space e.g. Changing the path of a DLL at runtime, stack smashing, LD_LIBRARY_PATH setuid and setgid (we’ll cover this later)

14 Defense Evasion

15 Lateral Movement Pass the Hash Remote File Copy

16

17 CPTC, Kali, and OSCP Collegiate PenTesting Competition Kali Linux
RIT helps and competes in an annual national competition (Oct-Nov) Like a varsity sport Kali Linux A distro designed for penetration testing TONS of tools, steep learning curve on many of them Offensive Security Certified Professional One of the best certs out there for pentesting About the effort of a college course 24-hour final exam where you have to break into every machine

Download ppt "Engineering Secure Software"

Similar presentations

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.

Cyber Attack Scenario Overview Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile.
A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.

A Complete Tool For System Penetration Testing Presented By:- Mahesh Kumar Sharma B.Tech IV Year Computer Science Roll No. :- CS09047.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
The Business of Penetration Testing

The Business of Penetration Testing
Penetration Testing.

Penetration Testing.
Introduction to Application Penetration Testing

Introduction to Application Penetration Testing
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
MIS 5212.001 Week 2 Site:

MIS Week 2 Site:
How to Hack Primarily, hacking was used in the good old days for learning information about systems and IT in general. In recent years, thanks to a few.

How to Hack Primarily, hacking was used in the "good old days" for learning information about systems and IT in general. In recent years, thanks to a few.
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
Cracking Techniques Onno W. Purbo

Cracking Techniques Onno W. Purbo
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Advanced Persistent Threats (APT) Sasha Browning.

Advanced Persistent Threats (APT) Sasha Browning.
Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.

Module 7 – Gaining Access & Privilege Escalation  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability.
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.

SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.

Module 6 – Penetration  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.

Similar presentations

Ads by Google