Download presentation
Presentation is loading. Please wait.
Published byAndrea Roberts Modified over 9 years ago
1
Drawing blood from a Stone.. haroon meer | marco slaviero SensePost
2
2 Agenda.. Introduction What this talk is about Complete control with: –Outbound TCP Connections –IPS in the way ? –Outbound DNS Requests –Outbound *nothing* Lessons Learned Questions ?
3
3 Introduction Who we are –SensePost –{haroon|marco} @ sensepost.com –(with extra case studies from {nick|bradleyj} @ sensepost.com)
4
4 What this talk is about? Breaking into stuff! What this talk is not about? Canned demos of Metasploit vs. 2001 Why ? For a small reality check.. To determine if we need to “sweat the small stuff” Because its fun! How ? Case studies…
5
5 Arbitrary Outbound TCP is bad.. Least privilege is hardly a new concept.. Limiting outbound TCP connections is a no brainer Why? –Because attackers need to call home.. –Because we need our tools.. –Because we want to be comfortable.. –Because its your job to make sure we cant..
6
6 Case Study #1 (plink)
7
7
8
8
9
9
10
10
11
11
12
12
13
13
14
14 Why your IPS isn’t a Panacea IPS appears to be interfering with our recon. All we want to do is an innocent little port-scan.. > 10 ports on one target -> shun source > 10 targets in X seconds -> shun source Vertical and Horizontal Scans -> shun source Who does this stop ?
15
15 visio1
16
16 visio2
17
17 visio3
18
18
19
19
20
20 Case Study #2
21
21 I’m ok! I only allow outbound DNS Outbound UDP 53 is common on Firewall Configs. *shrug* we don’t know why! If I get to run commands on your server.. Then outbound DNS is my friend.. SQL Injection + DNS tunnels circa 2002.. SQL Injection + DNS tunnels circa today..
22
22 Case Study #3 (poor mans DNS tunnel)
23
23
24
24 Case Study #4 (poor mans DNS tunnel)
25
25 Ok.. What if I.. Hardened my Web-server –Apache running with limited privileges No outbound TCP No outbound UDP Teeny-Tiny reg-ex problem in my application.. (can you spot it?)
26
26 Case Study #4
27
27 Lessons Learned… Know your enemy? (who are you up against?) Know the limits of your defenses.. Detection is an important piece of the puzzle. Basics are still necessary! There is no unbeatable security measure..
28
Thank You Questions?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.