Preparing for the Next Shellshock
-
Upload
threat-stack -
Category
Technology
-
view
202 -
download
1
Transcript of Preparing for the Next Shellshock
0
2000
4000
6000
8000
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerabilities by Score 1999 - 2014
7439
source: http://www.cvedetails.com/
At a Glance
• 6 CVEs
• Initial report (CVE-2014-6271), CVE-2014-627, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
• ??? Vendors/Tools Affected
"To put these exponential numbers into perspective, we’re about to transition from an Internet the size of a golf ball to an Internet the size of the sun." Marc Goodman, Global Security Futurist
How To PrepareUnderstand Your Responsibility
Uncover New Threats
Protect Customer Data w/ Continuous Monitoring
• The Setup
• 1 VM running vulnerable version of bash shell with real-life Nagios cgi-bin exploit.
• Threat Stack installed.
• The Investigation
• See how the exploit works, and attack is detected without signatures
• The Response
• How to track down impact.