Defending Against 1,000,000 Cyber Attacks by Michael Banks
-
Upload
ec-council -
Category
Technology
-
view
133 -
download
0
Transcript of Defending Against 1,000,000 Cyber Attacks by Michael Banks
![Page 1: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/1.jpg)
Defending Against 1,000,000 Cyber Attacks
Michael Banks | Rendition InfoSec
![Page 2: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/2.jpg)
$whoamiMichael Banks (@4MikeBanks)
• Information Security Consultant
• SigO
![Page 3: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/3.jpg)
$./disclaimer.py | OVAMO | IANAL | TINLA
OVAMO: Opinions and Views of this presentation are my own and not of any of my employers
IANAL: I am not a lawyer
TINLA: This is not legal advice
![Page 4: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/4.jpg)
• Background
• Cyber Attacks
• Numbers
• Project Slam
• take-a-ways
$./Overview.py
![Page 5: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/5.jpg)
$./Background.py
![Page 6: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/6.jpg)
$./helloWorld.py
Standard Form - 86
![Page 7: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/7.jpg)
$./traceRoute.py --myLifeandData“Hacking of Government Computers Exposed 21.5 Million People” –NY Times
![Page 8: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/8.jpg)
$./drill.py | grep “WTF”
“…OPM, for example thwarts 10 million confirmed intrusion attempts targeting our network.” - KATHERINE ARCHULETA
![Page 9: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/9.jpg)
$./theme.py
1. Need more talent.
2. <insert org here> faces MILLIONS of cyber attacks…
3. The inevitable:
Cyber Pearl Harbor
![Page 10: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/10.jpg)
$./CyberAttacks.py
Who are you asking?
![Page 11: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/11.jpg)
$./cyberAttacks.py --congress18 U.S.C. § 1030.
Computer Fraud & Abuse Act “Fraud and related activity in connection with computers: (a) Whoever—
(1) having knowingly accessed a computer without authorization or exceeding authorized access…”
![Page 12: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/12.jpg)
$./cyberAttacks.py --dodDOD Joint Terminology for
Cyberspace Operations
“A hostile act using computer or related
networks or systems, and intended to disrupt and/ or
destroy an adversary’s critical cyber systems, assets, or functions.”
![Page 13: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/13.jpg)
$./cyberAttacks.py --defineAudience18 U.S.C. § 1030.
Computer Fraud & Abuse ActDOD Joint Terminology for
Cyberspace Operations
![Page 14: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/14.jpg)
$./Numbers.py
![Page 15: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/15.jpg)
$./numbers.py --shhh
“Officials said Saturday that over 62,000
cyberattacks had been registered in a single day…”
“…70 million hacker attacks on the servers…”
“The Kingdom had experienced more than 60
million cyber-attacks last
year…”
“..systems automatically detect and prevent more than 10 million attacks,
from tens of thousands of locations, including millions of attacks where the
attacker has valid credentials. That’s over 4 billion attacks prevented last
year alone…”
![Page 16: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/16.jpg)
$./numbers.py
“Up to 300 Million Cyber Attacks on XXX (3LA) Data Centers Take Place Each Day”
![Page 17: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/17.jpg)
$./numbers.py --includeReality
What do they even mean and how are they calculating these.
![Page 18: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/18.jpg)
$./numbers.py --strangeAdditionMedia/Public
• SSH Brute Force Attempt• Wordlist of 10,000• 1 IP (x.x.x.x)• 3 Mins• Unsuccessful Login
• Reported as:• 10,000 Rapid Sophisticated
Cyber Attacks Thwarted
Analyst/Community• SSH Brute Force Attempt
• Wordlist of 10,000• 1 IP (x.x.x.x)• 3 Mins• Unsuccessful Login
• Reported as:• 1 Failed Attempted
Intrusion Event
![Page 19: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/19.jpg)
$./numbers.py --strangeAdditionMedia/Public
• All Port nMap Scan• 65535 Ports• 1 IP (x.x.x.x)• 1 Min
• Reported as:• Over 65,000 Rapid
Sophisticated Cyber Attacks Thwarted
Analyst/Community• All Port nMap Scan
• 65535 Ports• 1 IP (x.x.x.x)• 1 Min
• Reported as:• No Report (”We get
scanned all the time”)
![Page 20: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/20.jpg)
![Page 21: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/21.jpg)
$./projectSlam.py
A project designed to research
adversary behavior and utilize the
data captured to generate wordlists,
blacklists, and methodologies of
various threat actors that can be
provided back to the public.
![Page 22: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/22.jpg)
$./projectSlam.py
• v1 (2016)
• Kippo-0.9
• Debian 8
• Cloud Based Deployment
• Geographically Located in New York
• Public Accessible Ports:
• 22 (kippo), 80, 443, xxx (ssh)
![Page 23: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/23.jpg)
$./projectSlam.py
• Username / Pass (Wordlist)
• Source IP (Location)
• Full TTY Sessions
• A!! D@ Toolz
![Page 24: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/24.jpg)
$./projectSlam.py
• v2 (2017) – a full interaction honeypot to
enumerate more information from the attacker.
• Docker (Pre-Populated)
![Page 25: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/25.jpg)
$./projectSlam.py
Trailing 27 Weeks
![Page 26: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/26.jpg)
$./projectSlam.py
![Page 27: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/27.jpg)
$./projectSlam.py
![Page 28: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/28.jpg)
$./projectSlam.py
Usernames Count
1. root 543,328
2. admin 14,174
3. Administrator 1,428
4. support 1,154
5. user 1,028
6. test 856
7. ubnt 724
8. guest 582
Usernames Count
9. oracle 418
10. ftpuser 404
11. PlcmSpIp 400
12. pi 357
13. postgres 282
14. operator 248
15. git 241
![Page 29: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/29.jpg)
$./projectSlam.py
Passwords Count1. 123456 4,0722. admin 3,9413. password 3,6304. root 3,3535. 1234 3,2926. 12345 3,1787. !@ 3,1058. test 2,9919. 123 2,84810. 1 2,750
Passwords Count11. p@ssw0rd 2,70612. wubao 2,64113. root123 2,59614. jiamima 2,56215. !q@w 2,52416. ! 2,52217. !qaz@wsx 2,49918. idc!@ 2,43919. admin!@ 2,42520. support 830
![Page 30: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/30.jpg)
$./projectSlam.py
Trailing 27 Weeks
![Page 31: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/31.jpg)
$./projectSlam.py
~4,000 Every Day
~1.4 Million in a year
![Page 32: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/32.jpg)
$./projectSlam.py |whatsNext
![Page 33: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/33.jpg)
$./projectSlam.py |whatsNext• Report for 2016 (Jan ‘17)
• Full Report• Wordlist• IP List & More
• Deployment for 2017 (Jan-Dec)
• Report for 2017 (Jan ‘18)• Full Report• Wordlist• IP List
![Page 34: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/34.jpg)
$TakeHome.py
![Page 35: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/35.jpg)
$TakeHome.py
Github.com/mikebanks/projectSlam
![Page 36: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/36.jpg)
$TakeHome.py
•Partial Wordlist•Partial IP List
![Page 37: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/37.jpg)
$TakeHome.py
Github.com/mikebanks/projectSlam
![Page 38: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/38.jpg)
$Conclusion.py• Reset default credentials
• Where possible use 2FA
• Change your SSH port
• Don’t use simple passwords• Use unique usernames• Disable Root to login
![Page 39: Defending Against 1,000,000 Cyber Attacks by Michael Banks](https://reader035.fdocuments.in/reader035/viewer/2022070603/5871e0641a28ab6a7b8b59ab/html5/thumbnails/39.jpg)
$Questions.py |audience
RenditionInfoSec.com@4MikeBanks | [email protected] | (847) 208-2393
MichaelBanks.org