Path of Cyber Security
-
Upload
satria-ady-pradana -
Category
Technology
-
view
591 -
download
0
Transcript of Path of Cyber Security
2
# Whoami?• Satria Ady Pradana– Teknik Informatika ITB 2010– Embedded Software Engineer– DracOS Dev Team– Interest in low level stuffs– Contact me: [email protected]
http://xathrya.id/
http://xathrya.id/ 3
Provided Material
• “Playground” VM– bWapp– Certain boot2root
Distributed for free, ask official
http://xathrya.id/ 7
We Have So Many Colors• White Hat• Gray Hat• Black Hat• Red Hat• Blue Hat• Green Hat• etc
http://xathrya.id/ 8
The Essence of Hacking
• Getting and using other people’s computers(without getting caught)
• Defeat protection to attain some goals.• Exploiting something and gaining profit.• To have fun.
http://xathrya.id/ 9
But my talk wont cover hacking as crime.
Refine word “hacker” to be “security professional”
We have two sides:• Attacker• Defender
http://xathrya.id/ 10
Be Defender
• Know why you do this.• Know how attacker (might) attacks.• Know how to defend yourself, your assets, etc.• Know what to do when something happen• Know why it can be like this.
(If you are screwed, at least you know why)
http://xathrya.id/ 11
Be Attacker
• Know how target organized.• Know how target reacts to certain event.• Have vast knowledge about system• Know how to be “evil” (not necessary to be
one)
Hacking Steps
We call it penetration testing.• Reconnaissance & Analysis• Vulnerability Mapping• Gaining Access• Privilege Escalation• Maintaining Access• Covering Tracks
Stage 1: Reconnaissance
Gathering information, search for valuable information related to our target. Analyze and extract knowledge if appropriate.Basically:• Footprinting• OSINT (Open-Source INTelligence)
http://xathrya.id/ 16
• Reconnaissance is about intelligence gathering.
• Gaining facts, inferring something, relating back to target.
• Direct and indirect relevance might be helpful in later stage.
• The more useful information you get, the better chance you have to compromise.
http://xathrya.id/ 17
FootprintingGather information about node, machine, system, infrastructure used. Grasping the environment before execution.
• Publicly exposed machine(which one we available to us)
• Open port(available door to us in)
• Network(relation of other systems)
• Application(ex: version)
• Server spesifics(OS, kernel, important drivers, existing services, etc)
http://xathrya.id/ 18
OSINT
• Open Source INTelligence• Open = overt, publicly available source• Not about Open-Source Software.
• Try to google yourself, did you find something useful?
Stage 2: Vulnerability Mapping
Mapping threats and potential breach to information found.• Based on the system we found, what threat available?• How we can conduct attack?• Make priority from the list, decide which one give
greater chance of success.
Simulate scenarios to break in before we get to the next stage.
http://xathrya.id/ 22
Your Goal!
• Find possible paths to penetrate target.• Creating Threat Model is helpful.
Stage 3: Gaining Access
The actual penetrating phase. Our purpose is to break in, using the vulnerabilities found in previous steps.
Or we might gain something when we are in this process. Just populate the list.
http://xathrya.id/ 24
Your Goal!
• Break in / compromise.• Create a connection (persistent / non
persistent) between target and us. Mostly reverse connection.– Setup listener to receive callback.– Plant backdoor.
• Do something in target.– Ex: Create new user
Stage 4: Privilege Escalation
When we break in, we might not have enough privilege to take over. Therefore, we need to exploit other thing to take higher privilege.
Stage 5: Maintaining Access
If we want to do a long-time campaign, we need to keep the access to compromised host available.Corporating malware is one of preferred way.
Stage 6: Covering Tracks
Don’t let any trace left.• Delete logs• Fabricate logs
(smarter yet trickier way)
Create fake evidence (might be predefined)• Memory and Pool• File
Bonus Stage
Basically do your mission or fulfill the objective.• Dump data• Maintain persistent access• Harvest credentials• Pivoting• Proxying• Etc
http://xathrya.id/ 32
How Could I be the One?
Starting Path:• Networking• Programming
Security is another application of computer science, with several extras.
Deep understanding of subjects give better result.
Extra communication skills is better.
http://xathrya.id/ 33
Area of Expertise
Some of fields (not all):• Network Security• Web Security• Mobile Security• IoT & Embedded System Security
Pick one and dive to it.
http://xathrya.id/ 34
Exploits
• What is it?• Why it is important?• How to develop one?
Exploit is specific to certain product or family of product, having same / similar vulnerability.
http://xathrya.id/ 35
• Given code, find bugs• Given bugs, how to coerce them into an
exploit?• Given exploit, how do you deploy it?• Given pwned system, how do you hide
yourself?
http://xathrya.id/ 39
Okay, so where we can REALLY start learning?(Assuming you want to be expert)
• Take course on computer science (seriously)• Participate in competitions– CTF– Wargame
• Create practice lab
http://xathrya.id/ 40
CTF
• Good environment to learn.• Normal security professional would do day to
day… on easy mode.
http://xathrya.id/ 41
Competition (Recommended)
• IDSecconf CTF• Cyber Defense Challenge• Indonesia Cyber Army
http://xathrya.id/ 43
Advance Stuffs
• Researching and discover vulnerability• Creating toolkit• Building tradecraft• Deploying “assets” in the wild• Creating forest to hide.• etc