SlideShare ist ein Scribd-Unternehmen logo

Dmk blackops2006

Als PPT, PDF herunterladen
Dan Kaminsky
Dan Kaminsky
1 von 65
Black Ops 2006 pattern recognition Toorcon R3mix Dan Kaminsky DoxPara Research
Who Am I? • Coauthor of several book series – Hack Proofing Your Network – Stealing The Network • Formerly of Cisco and Avaya – Presently partnering with IOActive – One of the “Blue Hat Hackers” that has been auditing Windows Vista • Been doing talks at Black Hat for six years now – TCP/IP, DNS, MD5, SSH, etc.
What Was The Plan At This Year’s Black Hat? • Enforce Network Neutrality • Gaze Horrified Upon 2.4 Million SSL Servers • Fix Online Banking (just a little) • Fix the security hole I put in OpenSSH • Make entropy recognizable – Useful for cryptosystems (like SSH) – Really useful for fuzzing • Pretty, pretty pictures. – New for this year: USEFUL pretty, pretty pictures • Even if they’re +100Mpix
Making Use of 100+ Megapixels: Visual Bindiff
Enforce Network Neutrality? • Telecom Companies have essentially stated – they wish to spy upon and selectively censor traffic, so as to maximize revenue from those who will pay the most to see their traffic pass unhindered. • This devolves down to a common refrain in Crypto: “Alice and Bob are in prison, and are attempting to communicate without the Warden interfering” – Don’t believe the premise?
Internet Isolationism: $1140 A Year To Check Your Email • “To accommodate the needs of our customers who do choose to operate VPN, Comcast offers the Comcast @Home Professional product. @Home Pro is designed to meet the needs of the ever growing population of small office/home office customers and telecommuters that need to take advantage of protocols such as VPN. This product will cost $95 per month, and afford you with standards which differ from the standard residential product.” – What, you didn’t actually think the fight against Network Neutrality had anything to do with video, did you?
What It’s Really About • It’s all about $1100+ a year per telecommuter – 40M telecommuters in 2004 * $1140 a year = $45.6B – How many telecommuters if the US has to cut back on oil consumption, by saying every Friday is a telecommute-to-work day? • As people realize what’s coming, the question will stop being, “Should the network be neutral”, and will become, “Is it possible to detect non-neutral networks?” – The answer is yes. Yes it is.
TCP Bandwidth Estimation: An Elegant Weapon, For A More Civilized Age • TCP automatically determines the amount of available bandwidth between any two points – Multiple TCP streams sharing the same communication channel do not send packets to one another – All communication happens implicitly, via dropped packets – Dropped packets are a source of information about the amount of bandwidth available on a given channel • If more packets show up, then a particular line is willing to route, then some will be dropped, and TCP will quickly notice. – Can we figure out who’s causing our packets to drop?
Active Network Probing, or how TTLs just never go out of style • Suppose you can only send data to someone at 5k/sec, and you’re curious, why so slow? – What this means is – you get dropped packets whenever you try to send faster than 5k/sec. • Experiment: Send more data alongside the session, but TTL limit the transmissions until you figure out which hop causes packet drops in the primary. – Too much data…one hop…no effect on 5k/sec stream. – Too much data…two hops…no effect on 5k/sec stream. – Too much data…three hops…5k/sec stream stops. Third hop is your limiting node.
Demo • cat /dev/urandom | cpipe -vt | ssh -i ~/.ssh/id_dsa dan@bla "cat > /dev/null“ – thru: 695.813ms at 184.0kB/s ( 380.3kB/s avg) 6.0MB • hping -t 5 -i u100000 -d 64000 bla – thru: 350.839ms at 364.8kB/s ( 391.7kB/s avg) 7.2MB (no speed impact) • hping -t 14 -i u100000 -d 64000 bla – thru: 1004.204ms at 127.5kB/s ( 188.8kB/s avg) 12.8MB (speed impact detected)
What Can You Detect? • Source Preference (hping –a) – Spoof the source IP for your extra packets. If Viacom can send extra data, but random_blackhole_ip can’t, then you know Viacom has preference. • Possible to detect this even if full TCP sessions are required, by controlling the client (Google Desktop) and having it send the requisite series of fake SYNs and ACKs, TTL limited to prevent the real site from responding. Ask me later if you want more details. • Content Preference (hping –p for port, -E for file content) – Spoof particular payloads for your extra packets. If encrypted traffic causes TCP to detect dropped packets, but unencrypted traffic gets through just fine, you get signal.
Of Course They’d Block Crypto • 1) Precedent – Comcast already tried to knock out IPsec • 2) Proxy Avoidance – “The Open Internet” is still out there – you just need to route to it, via SSH, SSL, IPsec, DNS… • Bouncing through proxies is a standard passtime in some lands – Encryption keeps them from being able to see that you’re not stealing service, therefore Encryption = Theft of Service • 3) Profit Capture – Who uses encryption? • Workplaces that make money from their employees at home • E-Commerce sites that make money from consumers at home • Money made = increased ability to pay • As security professionals, it’s hard enough deploying secure solutions without wondering if/when the telco’s going to block traffic for it being encrypted.
Getting The Jitters… • Problem: What if we don’t want to saturate lines – what if we just want to see if one IP can send traffic faster than another? – We can’t pretend to be someone else…can we? That would at least require custom code on the client...wouldn’t it?
Windows Media Player: More Than Just DRM. Really! • Bulk Transfer: RTP – Runs over Unicast UDP – Yes, the same Unicast UDP that penetrates NAT so well! • Flow Control / Quality Monitoring: RTCP • No technical reason RTCP needs to go back to the same address that RTP stream is coming from – So: We pretend to provide media streams from all sorts of sites, and use WMP to collect traffic stats for us  • It might work…
On Deploying SSL • SSL/TLS: Standard Internet protocol for certificate-based authentication of otherwise unknown parties – Has a couple of basic rules for deployment: • Do not put anything secret into an SSL cert; there’s a reason they’re called public keys • Do not put the same key on two different boxes. SSL lacks Perfect Forward Secrecy, so not only will Alice be able to impersonate Bob, but Alice will be able to passively monitor all of Bob’s traffic. • I have a high speed scanning node called Deluvian, with which I found 2.4M SSL hosts (specifically, HTTPS) – Weirdest results of any scan I’ve ever done (weirder than DNS!) • MANY MANY IP addresses will SYN|ACK 443/tcp packets w/o SSL enabled. Present belief is that this is a common IIS5 trait • Surprisingly high variability in terms of what certs return from which IP addresses.
Total Mysterious Statement • IF YOU ARE THE SORT OF SITE THAT DOES NOT WANT PEOPLE KNOWING ALL YOUR INTERNAL DNS NAMES, BE VERY CAREFUL WHAT SSL CERTS YOU LET THE PUBLIC SCAN FOR – Side note: You might not want to put this on your honeypot: – '/C=JP/ST=TOKYO/O=XXXXXX/OU=IT Division/CN=honeypot.xxxxxx.com/emailAddres s=nw-admin@xxxxxx.com'
But What Do The Numbers Say, Messed With Or Not? • What DID the numbers say? – Good: 90% of keys on only one box – Bad: 10% of keys were everywhere, enough that only one out of three boxes found had a unique key. • Theory: No two devices are supposed to have the same key – Reality: A depressing number of VPN concentrators and embedded devices had SSL keys pre-burned into them at ship. – Depressing Reality: It vaguely appears like a group that really should know better has deployed tens of thousands of machines with the same cert • Caveat: Absolute numbers are really sketchy. Only half of IP addresses that respond to TCP/443 actually had anything there, and a fair number of those addresses actually changed what key they were hosting when tested. – Someone in the audience probably knows WTF  – In the mean time, there is a very obvious SSL flaw…
“Why Is This Secure” The World’s Most Depressing Google Search • Everything here is delivered over HTTP. So an attacker can just replace https with http and hijack your login. • 26% of the Top 50 banks operate insecurely; all but one use a picture of a lock to assure users the link is safe – .
We’re Going To Need A Bigger Boat • People have been complaining about this for quite some time – believe me, I’m not the first to notice • Choices seem to be: – 1) Force everyone at the home page to go to SSL • Too expensive to send everyone to SSL, so that’s out – 2) Force everyone at the home page to click through to a login page • Confuses users = still too expensive. Users might call up instead, and who wants to talk to users? – 3) Allow people to log in directly through the home page • *crickets* • Is it possible for users on online applications to use a home page login screen securely?
Another Option • Web pages aren’t static – they can recode themselves in response to user input • <IFRAME> is a mechanism for putting a “mini- window” of another site in a page. – Known: IFRAMEs are useful for precaching entire web pages – Not Known: IFRAMEs can contain https links • Solution: When the user first interacts with the Username field, document.write an IFRAME to your SSL site. This initializes SSL, and starts precaching site content. When they shift focus into the password field, immediately redirect the window to the https site. – Demo
Example(HTML) • Create a username and password field, plus a SPAN to inject an IFRAME into <td>Username: <input name="login" id="username" type="text" onKeyUp="precache();"</td> Password: <input name="password" id="username" type="text" onFocus="window.location.href='https:// login.yahoo.com';"></td> <hr> <span id="TextDisplay"></span>
Example(JS) • Add an iframe, once, if precache is called. • <script> var changed=0; function precache() { if(changed) {return 0;} changed=1; var divel=document.getElementById("TextDisplay"); divel.innerHTML='<iframe height=400 width=400 SECURITY="restricted“ src="https://login.yahoo.com"></iframe>'; } </script>
Results 3) Immediate redirect to https://login.yahoo.com upon entry into password field. • How to make users understand the quick screen flicker? Use an animated GIF of a lock closing. • You will need to move username from http to https, w/o XSS please.
As Long As We’re Talking About Bugs In Cryptosystems… • 2001: Found that SSH can be turned into an extremely flexible VPN solution. Problem is…when used as one, it will in many instances leak DNS resolution requests required for remote use, onto the Local LAN. Who knows who will answer, or with what? – Mozilla can use SOCKS5 support via hidden settings; sends full DNS name upstream – IE6/7 does not support SOCKS5 • Is it possible to fix this problem w/o changing client code?
Why Not Forward DNS over SSH? • DNS is a UDP protocol, and SSH only moves TCP. – Could put a big huge translation layer into SSH, whereby it converted UDP requests into TCP, decapsulated them back to UDP, and sent them off to some UDP server… – Or we could just tell the local DNS client that whenever they request something over UDP, the response is just too big…better retry over TCP  • Put up a server that does nothing but set the truncation bit to one • Tell SSH to do a Local Port Forward as normal • Set system to use 127.0.0.1 as system DNS server. • This is a general purpose strategy for anything that only moves TCP (Tor, some SSL-VPN clients).
Sadly, I Am Going To Hell • 2006: DNS->SSH • 2004: SSH->DNS • DNS->SSH->DNS == DNS->DNS • Malkovich Malkovich Malkovich
SSH’s Wetware Bug • $ ssh dan@blah The authenticity of host 'blah (1.2.3.4)' can't be established. RSA key fingerprint is 09:a9:b1:99:84:17:7d:ba:c6:55:46:5a:17:f8:8 3:01. Are you sure you want to continue connecting (yes/no)? • 09:a9:b1…am I supposed to do something with this? – Yes. According to SSH’s design, you’re supposed to reject the proposed fingerprint if it looks unfamiliar. (Seriously.) • The “Two Billion SSH Key” attack (by ADM) just comes up with 2B keys and emits the visibly closest key. It works.
Cryptomnemonics • There are three classes of memory, at least to the degree as is useful in cryptography – Rejection: “I’ve never seen that before” – Recognition: “It’s that one, not that other one” – Recollection: “Let me describe it to you.” • SSH just requires rejection – “What? That’s new.” • Hex domain clearly does not work. What else is available?
Other Attempts • Abstract Art via déjà vu • Calculated faces via Passfaces • Both have attempted to address limited capacity for recollection by moving authentication to a recognition problem • But recognition offers only a limited number of bits: 9^5=59049 < 2^16 – This is OK, since Passfaces is online and thus can lock a user out before 59K attempts are up – We are not online – but we only need to reject, not recognize and certainly not recollect
Betcha Didn’t Think I Could Make A DNS Reference • Humans do not remember arbitrary strings of characters effectively. • Humans do remember stories well, but stories can morph over time. The most stable element of any story, though, are the names of its participants. • We do seem to have “hardware acceleration” for names • What if we represent “rejection proposals” as a short series of names?
#DEFINE BIZARRE_BUT_EFFECTIVE • 1) Take US Census Data for names, available at http://www.census.gov/genealogy/names/names_files.html • 2) Noting that there are more unique female names than male names, and way more last names than either, find: – 512 Male names (9 bits) – 1024 Female names (10 bits) – 8192 Last names (13 bits) – Use an Edit Distance metric (Perl’s String::Similarity, Python’s Levenshtein, C’s fstrcmp) to prevent two names from going on the final list that may be confused for one another. May also use acoustic measures, like Soundex or Metaphone. • 3) Split the 160 bit hash rejection proposal from OpenSSH into 32 bit chunks. Male+Female+Last=9+10+13=32 bits, so you’ll get five couples.
Demo • $ ssh dan@blah Key Data: julio and epifania dezzutti luther and rolande doornbos manual and twyla imbesi dirk and cuc kolopajlo omar and jeana hymel The authenticity of host 'blah (1.2.3.4)' can't be established. Are you sure you want to continue connecting (yes/no)? • It is critical that the Key Data be shown every time there’s a connection. The user must become familiar with the “characters” in the “story”. – This actually seems to work.
Interesting Concept: Name-Based Passwords? • Suppose you have 8 characters with one of 64 characters in each slot. – aI7$13nM – 64==2^6, so (2^6^8) == 48 bits – “Capital A, lowercase l, seven, dollar sign, one, three, lower case n, upper case M” • This is twenty three syllables! • What if, instead, you typed: – dirk and cuc kolopajlo omar and jeana hymel – 64 bits of entropy, 14 syllables, can be spell checked as user types it in
Speaking of broken representations of Entropy • $ od -t x1 foo • 0000000 6a ac 06 2d f2 86 76 4c a3 b6 d4 29 26 45 ef 9c • 0000020 40 07 42 8b e3 de d3 9e 67 c8 8f fa 80 86 32 72 • 0000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 • * • 0000240 40 56 7c 5a 84 25 6c c8 8a 26 57 7d 50 b9 16 df • 0000260 5c b4 72 ec 5e 44 ff e8 37 54 7c 53 f9 77 96 e3 • 0000300 • There has got to be a better way to represent complex file signals than “um, here’s some hex bytes, and there’s a big section of zeros right here” – “Yeah! Add ASCII!” I mean, more than that. • Better entropy representations needed for: – Data analysis (first view of new protocols) – Fuzzing
Fuzzing A Midpoint • “Dumb Fuzzing”: Take a file, flip some bits, see what happens • “Smart Fuzzing”: Take a file, understand its internal structure, fuzz the structure, see what happens • Understanding requires skill, potentially non- existent documentation, time. – Dumb fuzzing requires none of these things – Can we increase the intelligence of dumb fuzzers? • Well, we’ve got this this that’ll find structure in anything…
N’est’ce pas Non Sequitur • Sequitur: Linear Time Pattern Finder – Creates hierarchal Context Free Grammars from arbitrary input • Compression Algorithm in which you can “look under the covers” to see what’s going on • Created by Craig Neville-Manning as his PhD thesis a decade ago – He’s now Chief Research Scientist at Google
Syntax Highlighting For Hex Dumps • Trivial Algorithm: In a hierarchical grammar, each byte requires traversing to a certain depth in order to recover the raw literal. • Color each byte by how deep in the tree you have to go. • Can we do more?
BLUR-O-VISION
Setting Up For The CFG9000 • Turns code on left into symbolic set on right; it’s easy then to link the symbols together as per the graph. • This works for non-textual data • Sequitur imputes meaningful symbols from arbitrary input data
Context Free Grammar Fuzzer: THE CFG9000 • Reduce input data to a stream of symbols • Fuzz data at the symbol level, rather than at pure bytes – Shuffle – Drop – Repeat • Sequitur is not necessarily the best way to generate a grammar. In fact, Suffix Trees are probably the appropriate mathematical construct. – Sequitur may scale better (100MB input)
Sample CFG9000 Output • calculate_rule_usage(p->rulep->rulep->rulep- >rulep->rulep->rulep->rulep->rulep->rulep- >rulep->rulep->rulep->rulep->rule() } • calculate_rule_usage(calculate_rule_usage(calc ulate_rule_usage(calculate_rule_usage(calculat e_rule_usage(calculate_rule_usage(calculate_ru le_usage(calculate_rule_usage(calculate_rule_u sage(calculate_rule_usage(calculate_rule_usag e(calculate_rule_usage(calculate_rule_usage(ca lculate_rule_usage(calculate_rule_usage(calcula te_rule_usage(calculate_rule_usage(calculate_r ule_usage(p->rule());
TODO • Create “Requitur”; Sequitur implementation optimized for fuzzer use – Generate larger symbols • No two byte symbols please; we’re not trying to compress, we’re trying to elucidate structure – Eliminate redundant symbols • Keiffer-Yang optimization in ~2001: If symbol (x) == symbol (y), then delete (y) and set all instances of (y) to (x) • Need to do this to actually consistently fuzz all instances of a particular trope – Possibly remove in-memory grammar requirement • Use mechanisms from Ray, a out-of-memory variant – Add foreign grammar capability • Sequitur is really cool, but not yet where we need it…
Another Approach: DotPlots • Remembered an old paper, entitled Visualizing Music And Audio Using Self-Similarity – Jonathan Foote from Xerox • Brute Force solution – compare songs to themselves, splitting them into tiny chunks and marking light for similar and dark for dissimilar – Disassociated Audio will do this for you
Day Tripper from the Beatles… can we get something similar from fuzz targets? •
Pirate Baby MPEG Says Yes
What Exactly Are We Doing • Jonathan Helman’s “DotPlot Patterns: A Literal Look at Pattern Languages” offers an introduction • Instead of “to, be, not” etc, we use chunks of data from arbitrary files – The same similarity metric used to disambiguate names for the SSH hack, is used to measure similarity here 
History • Extensive history in bioinformatics world (talk about legacy code) • Can’t find any reference to it being used to guide security research • What would we want: – 1) Global view of section boundries • Can I separate out clearly different sections? – 2) Local view of what exactly is going on • Can I get some idea of exactly what’s happening, given certain visible patterns?
Java Class Files
.NET Assemblies
CNN’s Home Page
SMBTorture Traffic (Packets!)
Kernel32.dll
Chromosome 22
The Legend Of Zelda
Autocorrelation Dotplots Appear Helpful • Tool being released shortly (hardcorr) calculates these images – Hacking: IMAX Style (100Mpix images are very common) • Global goal clearly achieved – Fuzzing is a combinatorial game – Uniquely identifying self-similar sections gives us finite regions to analyze and comprehend • Can we get any local knowledge?
From The Paper
We have those patterns, but we have some pretty weird stuff too…
???
More Research To Do • Determine meaning of various visual tropes that are evolving from the data • Create interactive tools for dotplot evaluation – Data Microscopy  • Colorize – Use different similarity metrics to evoke different colors – Did build a generic similarity construction out of bzip2/gzip; it works but finds too many similarities • Better Symbol Selection – X86 aware, jump target normalization, integrate Sequitur CFG, reimplement Halvar • That’s what I might do. What, you don’t think I’m done, do you?
If autocorrelation is interesting… • Cross-Correlation is where the real fun lies – Autocorrelation: Compare A to A – Cross-Correlation: Compare A to B • Most files are sufficiently dissimilar that not very interesting structure shows up – Notable exception: Different versions of the same binary
Visual Bindiff!
MSVCR70.DLL v. MSVCR71.DLL
Anything New?
Tilt-Shifted Dotplots • Normal Dotplot: X and Y are absolute offset in file • Tilt-Shift Dotplot: Y is absolute offset in file. X is relative from Y, with absolute being Y-X. • Certainly more usable for static output, not necessarily more comprehensible though.
In Summary • Your VPN is under threat – tell your boss! – If steroids aren’t illegal, a test isn’t useful • Check your devices for generic SSL certs – Especially you guys. • Fix any application that submits to HTTPS from HTTP, it’s easy • Use apps that support SOCKS5 for SSH Dynamic Forwarding if you can, or reset your system DNS as described if you can’t • Stop expecting users to remember long strings of hex characters • FUZZ YOUR FILE FORMATS, seriously • Take a look at your data, you might be surprised at what you find.

Empfohlen

Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 

Empfohlen

Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Black opspki 2
Black opspki 2Black opspki 2
Black opspki 2Dan Kaminsky
 
Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Black ops of tcp2005 japan
Black ops of tcp2005 japanBlack ops of tcp2005 japan
Black ops of tcp2005 japanDan Kaminsky
 
Black ops 2012
Black ops 2012Black ops 2012
Black ops 2012Dan Kaminsky
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructurePhreebird Suite 1.0: Introducing the Domain Key Infrastructure
Phreebird Suite 1.0: Introducing the Domain Key InfrastructureDan Kaminsky
 
Interpolique
InterpoliqueInterpolique
InterpoliqueDan Kaminsky
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminskyDan Kaminsky
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007Dan Kaminsky
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Dan Kaminsky
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8Dan Kaminsky
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 cccDan Kaminsky
 
Bugs Aren't Random
Bugs Aren't RandomBugs Aren't Random
Bugs Aren't RandomDan Kaminsky
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix ThingsDan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...DTM Security
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_cccDan Kaminsky
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningChristopher Grayson
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageMichael Rushanan
 
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tDefcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tpseudor00t overflow
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 

Weitere ähnliche Inhalte

Was ist angesagt?

Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Dan Kaminsky
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Dan Kaminsky
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminskyDan Kaminsky
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slidesDan Kaminsky
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Dan Kaminsky
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 cccDan Kaminsky
 
Bugs Aren't Random
Bugs Aren't RandomBugs Aren't Random
Bugs Aren't RandomDan Kaminsky
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryDan Kaminsky
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix ThingsDan Kaminsky
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...DTM Security
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageMichael Rushanan
 
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tDefcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tpseudor00t overflow
 

Was ist angesagt? (20)

Interpolique
InterpoliqueInterpolique
Interpolique
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)Domain Key Infrastructure (From Black Hat USA)
Domain Key Infrastructure (From Black Hat USA)
 
Dmk shmoo2007
Dmk shmoo2007Dmk shmoo2007
Dmk shmoo2007
 
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)Black Ops of TCP/IP 2011 (Black Hat USA 2011)
Black Ops of TCP/IP 2011 (Black Hat USA 2011)
 
Bh fed-03-kaminsky
Bh fed-03-kaminskyBh fed-03-kaminsky
Bh fed-03-kaminsky
 
Dmk bo2 k8
Dmk bo2 k8Dmk bo2 k8
Dmk bo2 k8
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
232 md5-considered-harmful-slides
232 md5-considered-harmful-slides232 md5-considered-harmful-slides
232 md5-considered-harmful-slides
 
Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017Wo defensive trickery_13mar2017
Wo defensive trickery_13mar2017
 
Dmk blackops2006 ccc
Dmk blackops2006 cccDmk blackops2006 ccc
Dmk blackops2006 ccc
 
Bugs Aren't Random
Bugs Aren't RandomBugs Aren't Random
Bugs Aren't Random
 
A Technical Dive into Defensive Trickery
A Technical Dive into Defensive TrickeryA Technical Dive into Defensive Trickery
A Technical Dive into Defensive Trickery
 
Move Fast and Fix Things
Move Fast and Fix ThingsMove Fast and Fix Things
Move Fast and Fix Things
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
@dtmsecurity Mitre ATT&CKcon - Playing Devil's Advocate to Security Initiativ...
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
Grey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache PoisoningGrey H@t - DNS Cache Poisoning
Grey H@t - DNS Cache Poisoning
 
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted StorageReading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
Reading Group Presentation: Web Attacks on Host-Proof Encrypted Storage
 
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00tDefcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
Defcon 21-caceres-massive-attacks-with-distributed-computing by pseudor00t
 

Ähnlich wie Dmk blackops2006

Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
Introduction to Computer Networking
Introduction to Computer NetworkingIntroduction to Computer Networking
Introduction to Computer NetworkingAmit Saha
 
Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slideschintaan
 
Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the HypeSalman Baset
 
The stories of IXP development and the way forward, MYNOG 7
The stories of IXP development and the way forward, MYNOG 7The stories of IXP development and the way forward, MYNOG 7
The stories of IXP development and the way forward, MYNOG 7APNIC
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureTiago Mendo
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and FutureLuis Grangeia
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defenseDan Kaminsky
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaHai Nguyen
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat Security Conference
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareJohn Bambenek
 
Evolution of network - computer networks
Evolution of network - computer networksEvolution of network - computer networks
Evolution of network - computer networksSabarishSanjeevi
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 

Ähnlich wie Dmk blackops2006 (20)

Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
 
Introduction to Computer Networking
Introduction to Computer NetworkingIntroduction to Computer Networking
Introduction to Computer Networking
 
Dmk bo2 k7_web
Dmk bo2 k7_webDmk bo2 k7_web
Dmk bo2 k7_web
 
Anon p2p slides
Anon p2p slidesAnon p2p slides
Anon p2p slides
 
Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the Hype
 
The stories of IXP development and the way forward, MYNOG 7
The stories of IXP development and the way forward, MYNOG 7The stories of IXP development and the way forward, MYNOG 7
The stories of IXP development and the way forward, MYNOG 7
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
SSL: Past, Present and Future
SSL: Past, Present and FutureSSL: Past, Present and Future
SSL: Past, Present and Future
 
Dmk sb2010 web_defense
Dmk sb2010 web_defenseDmk sb2010 web_defense
Dmk sb2010 web_defense
 
Defcon 16-pilosov-kapela
Defcon 16-pilosov-kapelaDefcon 16-pilosov-kapela
Defcon 16-pilosov-kapela
 
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
BlueHat v17 || Dyre to Trickbot: An Inside Look at TLS-Encrypted Command-And-...
 
Blackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of RansomwareBlackhat USA 2014 - The New Scourge of Ransomware
Blackhat USA 2014 - The New Scourge of Ransomware
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
 
Evolution of network - computer networks
Evolution of network - computer networksEvolution of network - computer networks
Evolution of network - computer networks
 
Darknet
DarknetDarknet
Darknet
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
 
Blockchain
BlockchainBlockchain
Blockchain
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
P2P Lecture.ppt
P2P Lecture.pptP2P Lecture.ppt
P2P Lecture.ppt
 

Mehr von Dan Kaminsky

I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetDan Kaminsky
 
Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenDan Kaminsky
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On BitcoinDan Kaminsky
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingDan Kaminsky
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 

Mehr von Dan Kaminsky (13)

Chicken
ChickenChicken
Chicken
 
I Want These * Bugs Off My * Internet
I Want These * Bugs Off My * InternetI Want These * Bugs Off My * Internet
I Want These * Bugs Off My * Internet
 
Chicken Chicken Chicken Chicken
Chicken Chicken Chicken ChickenChicken Chicken Chicken Chicken
Chicken Chicken Chicken Chicken
 
Some Thoughts On Bitcoin
Some Thoughts On BitcoinSome Thoughts On Bitcoin
Some Thoughts On Bitcoin
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackops
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Dmk neut toor
Dmk neut toorDmk neut toor
Dmk neut toor
 
Dmk audioviz
Dmk audiovizDmk audioviz
Dmk audioviz
 
Bo2004
Bo2004Bo2004
Bo2004
 
Gwc3
Gwc3Gwc3
Gwc3
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 

Dmk blackops2006

  • 1. Black Ops 2006 pattern recognition Toorcon R3mix Dan Kaminsky DoxPara Research
  • 2. Who Am I? • Coauthor of several book series – Hack Proofing Your Network – Stealing The Network • Formerly of Cisco and Avaya – Presently partnering with IOActive – One of the “Blue Hat Hackers” that has been auditing Windows Vista • Been doing talks at Black Hat for six years now – TCP/IP, DNS, MD5, SSH, etc.
  • 3. What Was The Plan At This Year’s Black Hat? • Enforce Network Neutrality • Gaze Horrified Upon 2.4 Million SSL Servers • Fix Online Banking (just a little) • Fix the security hole I put in OpenSSH • Make entropy recognizable – Useful for cryptosystems (like SSH) – Really useful for fuzzing • Pretty, pretty pictures. – New for this year: USEFUL pretty, pretty pictures • Even if they’re +100Mpix
  • 4. Making Use of 100+ Megapixels: Visual Bindiff
  • 5. Enforce Network Neutrality? • Telecom Companies have essentially stated – they wish to spy upon and selectively censor traffic, so as to maximize revenue from those who will pay the most to see their traffic pass unhindered. • This devolves down to a common refrain in Crypto: “Alice and Bob are in prison, and are attempting to communicate without the Warden interfering” – Don’t believe the premise?
  • 6. Internet Isolationism: $1140 A Year To Check Your Email • “To accommodate the needs of our customers who do choose to operate VPN, Comcast offers the Comcast @Home Professional product. @Home Pro is designed to meet the needs of the ever growing population of small office/home office customers and telecommuters that need to take advantage of protocols such as VPN. This product will cost $95 per month, and afford you with standards which differ from the standard residential product.” – What, you didn’t actually think the fight against Network Neutrality had anything to do with video, did you?
  • 7. What It’s Really About • It’s all about $1100+ a year per telecommuter – 40M telecommuters in 2004 * $1140 a year = $45.6B – How many telecommuters if the US has to cut back on oil consumption, by saying every Friday is a telecommute-to-work day? • As people realize what’s coming, the question will stop being, “Should the network be neutral”, and will become, “Is it possible to detect non-neutral networks?” – The answer is yes. Yes it is.
  • 8. TCP Bandwidth Estimation: An Elegant Weapon, For A More Civilized Age • TCP automatically determines the amount of available bandwidth between any two points – Multiple TCP streams sharing the same communication channel do not send packets to one another – All communication happens implicitly, via dropped packets – Dropped packets are a source of information about the amount of bandwidth available on a given channel • If more packets show up, then a particular line is willing to route, then some will be dropped, and TCP will quickly notice. – Can we figure out who’s causing our packets to drop?
  • 9. Active Network Probing, or how TTLs just never go out of style • Suppose you can only send data to someone at 5k/sec, and you’re curious, why so slow? – What this means is – you get dropped packets whenever you try to send faster than 5k/sec. • Experiment: Send more data alongside the session, but TTL limit the transmissions until you figure out which hop causes packet drops in the primary. – Too much data…one hop…no effect on 5k/sec stream. – Too much data…two hops…no effect on 5k/sec stream. – Too much data…three hops…5k/sec stream stops. Third hop is your limiting node.
  • 10. Demo • cat /dev/urandom | cpipe -vt | ssh -i ~/.ssh/id_dsa dan@bla "cat > /dev/null“ – thru: 695.813ms at 184.0kB/s ( 380.3kB/s avg) 6.0MB • hping -t 5 -i u100000 -d 64000 bla – thru: 350.839ms at 364.8kB/s ( 391.7kB/s avg) 7.2MB (no speed impact) • hping -t 14 -i u100000 -d 64000 bla – thru: 1004.204ms at 127.5kB/s ( 188.8kB/s avg) 12.8MB (speed impact detected)
  • 11. What Can You Detect? • Source Preference (hping –a) – Spoof the source IP for your extra packets. If Viacom can send extra data, but random_blackhole_ip can’t, then you know Viacom has preference. • Possible to detect this even if full TCP sessions are required, by controlling the client (Google Desktop) and having it send the requisite series of fake SYNs and ACKs, TTL limited to prevent the real site from responding. Ask me later if you want more details. • Content Preference (hping –p for port, -E for file content) – Spoof particular payloads for your extra packets. If encrypted traffic causes TCP to detect dropped packets, but unencrypted traffic gets through just fine, you get signal.
  • 12. Of Course They’d Block Crypto • 1) Precedent – Comcast already tried to knock out IPsec • 2) Proxy Avoidance – “The Open Internet” is still out there – you just need to route to it, via SSH, SSL, IPsec, DNS… • Bouncing through proxies is a standard passtime in some lands – Encryption keeps them from being able to see that you’re not stealing service, therefore Encryption = Theft of Service • 3) Profit Capture – Who uses encryption? • Workplaces that make money from their employees at home • E-Commerce sites that make money from consumers at home • Money made = increased ability to pay • As security professionals, it’s hard enough deploying secure solutions without wondering if/when the telco’s going to block traffic for it being encrypted.
  • 13. Getting The Jitters… • Problem: What if we don’t want to saturate lines – what if we just want to see if one IP can send traffic faster than another? – We can’t pretend to be someone else…can we? That would at least require custom code on the client...wouldn’t it?
  • 14. Windows Media Player: More Than Just DRM. Really! • Bulk Transfer: RTP – Runs over Unicast UDP – Yes, the same Unicast UDP that penetrates NAT so well! • Flow Control / Quality Monitoring: RTCP • No technical reason RTCP needs to go back to the same address that RTP stream is coming from – So: We pretend to provide media streams from all sorts of sites, and use WMP to collect traffic stats for us  • It might work…
  • 15. On Deploying SSL • SSL/TLS: Standard Internet protocol for certificate-based authentication of otherwise unknown parties – Has a couple of basic rules for deployment: • Do not put anything secret into an SSL cert; there’s a reason they’re called public keys • Do not put the same key on two different boxes. SSL lacks Perfect Forward Secrecy, so not only will Alice be able to impersonate Bob, but Alice will be able to passively monitor all of Bob’s traffic. • I have a high speed scanning node called Deluvian, with which I found 2.4M SSL hosts (specifically, HTTPS) – Weirdest results of any scan I’ve ever done (weirder than DNS!) • MANY MANY IP addresses will SYN|ACK 443/tcp packets w/o SSL enabled. Present belief is that this is a common IIS5 trait • Surprisingly high variability in terms of what certs return from which IP addresses.
  • 16. Total Mysterious Statement • IF YOU ARE THE SORT OF SITE THAT DOES NOT WANT PEOPLE KNOWING ALL YOUR INTERNAL DNS NAMES, BE VERY CAREFUL WHAT SSL CERTS YOU LET THE PUBLIC SCAN FOR – Side note: You might not want to put this on your honeypot: – '/C=JP/ST=TOKYO/O=XXXXXX/OU=IT Division/CN=honeypot.xxxxxx.com/emailAddres s=nw-admin@xxxxxx.com'
  • 17. But What Do The Numbers Say, Messed With Or Not? • What DID the numbers say? – Good: 90% of keys on only one box – Bad: 10% of keys were everywhere, enough that only one out of three boxes found had a unique key. • Theory: No two devices are supposed to have the same key – Reality: A depressing number of VPN concentrators and embedded devices had SSL keys pre-burned into them at ship. – Depressing Reality: It vaguely appears like a group that really should know better has deployed tens of thousands of machines with the same cert • Caveat: Absolute numbers are really sketchy. Only half of IP addresses that respond to TCP/443 actually had anything there, and a fair number of those addresses actually changed what key they were hosting when tested. – Someone in the audience probably knows WTF  – In the mean time, there is a very obvious SSL flaw…
  • 18. “Why Is This Secure” The World’s Most Depressing Google Search • Everything here is delivered over HTTP. So an attacker can just replace https with http and hijack your login. • 26% of the Top 50 banks operate insecurely; all but one use a picture of a lock to assure users the link is safe – .
  • 19. We’re Going To Need A Bigger Boat • People have been complaining about this for quite some time – believe me, I’m not the first to notice • Choices seem to be: – 1) Force everyone at the home page to go to SSL • Too expensive to send everyone to SSL, so that’s out – 2) Force everyone at the home page to click through to a login page • Confuses users = still too expensive. Users might call up instead, and who wants to talk to users? – 3) Allow people to log in directly through the home page • *crickets* • Is it possible for users on online applications to use a home page login screen securely?
  • 20. Another Option • Web pages aren’t static – they can recode themselves in response to user input • <IFRAME> is a mechanism for putting a “mini- window” of another site in a page. – Known: IFRAMEs are useful for precaching entire web pages – Not Known: IFRAMEs can contain https links • Solution: When the user first interacts with the Username field, document.write an IFRAME to your SSL site. This initializes SSL, and starts precaching site content. When they shift focus into the password field, immediately redirect the window to the https site. – Demo
  • 21. Example(HTML) • Create a username and password field, plus a SPAN to inject an IFRAME into <td>Username: <input name="login" id="username" type="text" onKeyUp="precache();"</td> Password: <input name="password" id="username" type="text" onFocus="window.location.href='https:// login.yahoo.com';"></td> <hr> <span id="TextDisplay"></span>
  • 22. Example(JS) • Add an iframe, once, if precache is called. • <script> var changed=0; function precache() { if(changed) {return 0;} changed=1; var divel=document.getElementById("TextDisplay"); divel.innerHTML='<iframe height=400 width=400 SECURITY="restricted“ src="https://login.yahoo.com"></iframe>'; } </script>
  • 23. Results 3) Immediate redirect to https://login.yahoo.com upon entry into password field. • How to make users understand the quick screen flicker? Use an animated GIF of a lock closing. • You will need to move username from http to https, w/o XSS please.
  • 24. As Long As We’re Talking About Bugs In Cryptosystems… • 2001: Found that SSH can be turned into an extremely flexible VPN solution. Problem is…when used as one, it will in many instances leak DNS resolution requests required for remote use, onto the Local LAN. Who knows who will answer, or with what? – Mozilla can use SOCKS5 support via hidden settings; sends full DNS name upstream – IE6/7 does not support SOCKS5 • Is it possible to fix this problem w/o changing client code?
  • 25. Why Not Forward DNS over SSH? • DNS is a UDP protocol, and SSH only moves TCP. – Could put a big huge translation layer into SSH, whereby it converted UDP requests into TCP, decapsulated them back to UDP, and sent them off to some UDP server… – Or we could just tell the local DNS client that whenever they request something over UDP, the response is just too big…better retry over TCP  • Put up a server that does nothing but set the truncation bit to one • Tell SSH to do a Local Port Forward as normal • Set system to use 127.0.0.1 as system DNS server. • This is a general purpose strategy for anything that only moves TCP (Tor, some SSL-VPN clients).
  • 26. Sadly, I Am Going To Hell • 2006: DNS->SSH • 2004: SSH->DNS • DNS->SSH->DNS == DNS->DNS • Malkovich Malkovich Malkovich
  • 27. SSH’s Wetware Bug • $ ssh dan@blah The authenticity of host 'blah (1.2.3.4)' can't be established. RSA key fingerprint is 09:a9:b1:99:84:17:7d:ba:c6:55:46:5a:17:f8:8 3:01. Are you sure you want to continue connecting (yes/no)? • 09:a9:b1…am I supposed to do something with this? – Yes. According to SSH’s design, you’re supposed to reject the proposed fingerprint if it looks unfamiliar. (Seriously.) • The “Two Billion SSH Key” attack (by ADM) just comes up with 2B keys and emits the visibly closest key. It works.
  • 28. Cryptomnemonics • There are three classes of memory, at least to the degree as is useful in cryptography – Rejection: “I’ve never seen that before” – Recognition: “It’s that one, not that other one” – Recollection: “Let me describe it to you.” • SSH just requires rejection – “What? That’s new.” • Hex domain clearly does not work. What else is available?
  • 29. Other Attempts • Abstract Art via déjà vu • Calculated faces via Passfaces • Both have attempted to address limited capacity for recollection by moving authentication to a recognition problem • But recognition offers only a limited number of bits: 9^5=59049 < 2^16 – This is OK, since Passfaces is online and thus can lock a user out before 59K attempts are up – We are not online – but we only need to reject, not recognize and certainly not recollect
  • 30. Betcha Didn’t Think I Could Make A DNS Reference • Humans do not remember arbitrary strings of characters effectively. • Humans do remember stories well, but stories can morph over time. The most stable element of any story, though, are the names of its participants. • We do seem to have “hardware acceleration” for names • What if we represent “rejection proposals” as a short series of names?
  • 31. #DEFINE BIZARRE_BUT_EFFECTIVE • 1) Take US Census Data for names, available at http://www.census.gov/genealogy/names/names_files.html • 2) Noting that there are more unique female names than male names, and way more last names than either, find: – 512 Male names (9 bits) – 1024 Female names (10 bits) – 8192 Last names (13 bits) – Use an Edit Distance metric (Perl’s String::Similarity, Python’s Levenshtein, C’s fstrcmp) to prevent two names from going on the final list that may be confused for one another. May also use acoustic measures, like Soundex or Metaphone. • 3) Split the 160 bit hash rejection proposal from OpenSSH into 32 bit chunks. Male+Female+Last=9+10+13=32 bits, so you’ll get five couples.
  • 32. Demo • $ ssh dan@blah Key Data: julio and epifania dezzutti luther and rolande doornbos manual and twyla imbesi dirk and cuc kolopajlo omar and jeana hymel The authenticity of host 'blah (1.2.3.4)' can't be established. Are you sure you want to continue connecting (yes/no)? • It is critical that the Key Data be shown every time there’s a connection. The user must become familiar with the “characters” in the “story”. – This actually seems to work.
  • 33. Interesting Concept: Name-Based Passwords? • Suppose you have 8 characters with one of 64 characters in each slot. – aI7$13nM – 64==2^6, so (2^6^8) == 48 bits – “Capital A, lowercase l, seven, dollar sign, one, three, lower case n, upper case M” • This is twenty three syllables! • What if, instead, you typed: – dirk and cuc kolopajlo omar and jeana hymel – 64 bits of entropy, 14 syllables, can be spell checked as user types it in
  • 34. Speaking of broken representations of Entropy • $ od -t x1 foo • 0000000 6a ac 06 2d f2 86 76 4c a3 b6 d4 29 26 45 ef 9c • 0000020 40 07 42 8b e3 de d3 9e 67 c8 8f fa 80 86 32 72 • 0000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 • * • 0000240 40 56 7c 5a 84 25 6c c8 8a 26 57 7d 50 b9 16 df • 0000260 5c b4 72 ec 5e 44 ff e8 37 54 7c 53 f9 77 96 e3 • 0000300 • There has got to be a better way to represent complex file signals than “um, here’s some hex bytes, and there’s a big section of zeros right here” – “Yeah! Add ASCII!” I mean, more than that. • Better entropy representations needed for: – Data analysis (first view of new protocols) – Fuzzing
  • 35. Fuzzing A Midpoint • “Dumb Fuzzing”: Take a file, flip some bits, see what happens • “Smart Fuzzing”: Take a file, understand its internal structure, fuzz the structure, see what happens • Understanding requires skill, potentially non- existent documentation, time. – Dumb fuzzing requires none of these things – Can we increase the intelligence of dumb fuzzers? • Well, we’ve got this this that’ll find structure in anything…
  • 36. N’est’ce pas Non Sequitur • Sequitur: Linear Time Pattern Finder – Creates hierarchal Context Free Grammars from arbitrary input • Compression Algorithm in which you can “look under the covers” to see what’s going on • Created by Craig Neville-Manning as his PhD thesis a decade ago – He’s now Chief Research Scientist at Google
  • 37. Syntax Highlighting For Hex Dumps • Trivial Algorithm: In a hierarchical grammar, each byte requires traversing to a certain depth in order to recover the raw literal. • Color each byte by how deep in the tree you have to go. • Can we do more?
  • 39. Setting Up For The CFG9000 • Turns code on left into symbolic set on right; it’s easy then to link the symbols together as per the graph. • This works for non-textual data • Sequitur imputes meaningful symbols from arbitrary input data
  • 40. Context Free Grammar Fuzzer: THE CFG9000 • Reduce input data to a stream of symbols • Fuzz data at the symbol level, rather than at pure bytes – Shuffle – Drop – Repeat • Sequitur is not necessarily the best way to generate a grammar. In fact, Suffix Trees are probably the appropriate mathematical construct. – Sequitur may scale better (100MB input)
  • 41. Sample CFG9000 Output • calculate_rule_usage(p->rulep->rulep->rulep- >rulep->rulep->rulep->rulep->rulep->rulep- >rulep->rulep->rulep->rulep->rule() } • calculate_rule_usage(calculate_rule_usage(calc ulate_rule_usage(calculate_rule_usage(calculat e_rule_usage(calculate_rule_usage(calculate_ru le_usage(calculate_rule_usage(calculate_rule_u sage(calculate_rule_usage(calculate_rule_usag e(calculate_rule_usage(calculate_rule_usage(ca lculate_rule_usage(calculate_rule_usage(calcula te_rule_usage(calculate_rule_usage(calculate_r ule_usage(p->rule());
  • 42. TODO • Create “Requitur”; Sequitur implementation optimized for fuzzer use – Generate larger symbols • No two byte symbols please; we’re not trying to compress, we’re trying to elucidate structure – Eliminate redundant symbols • Keiffer-Yang optimization in ~2001: If symbol (x) == symbol (y), then delete (y) and set all instances of (y) to (x) • Need to do this to actually consistently fuzz all instances of a particular trope – Possibly remove in-memory grammar requirement • Use mechanisms from Ray, a out-of-memory variant – Add foreign grammar capability • Sequitur is really cool, but not yet where we need it…
  • 43. Another Approach: DotPlots • Remembered an old paper, entitled Visualizing Music And Audio Using Self-Similarity – Jonathan Foote from Xerox • Brute Force solution – compare songs to themselves, splitting them into tiny chunks and marking light for similar and dark for dissimilar – Disassociated Audio will do this for you
  • 44. Day Tripper from the Beatles… can we get something similar from fuzz targets? •
  • 45. Pirate Baby MPEG Says Yes
  • 46. What Exactly Are We Doing • Jonathan Helman’s “DotPlot Patterns: A Literal Look at Pattern Languages” offers an introduction • Instead of “to, be, not” etc, we use chunks of data from arbitrary files – The same similarity metric used to disambiguate names for the SSH hack, is used to measure similarity here 
  • 47. History • Extensive history in bioinformatics world (talk about legacy code) • Can’t find any reference to it being used to guide security research • What would we want: – 1) Global view of section boundries • Can I separate out clearly different sections? – 2) Local view of what exactly is going on • Can I get some idea of exactly what’s happening, given certain visible patterns?
  • 54. The Legend Of Zelda
  • 55. Autocorrelation Dotplots Appear Helpful • Tool being released shortly (hardcorr) calculates these images – Hacking: IMAX Style (100Mpix images are very common) • Global goal clearly achieved – Fuzzing is a combinatorial game – Uniquely identifying self-similar sections gives us finite regions to analyze and comprehend • Can we get any local knowledge?
  • 57. We have those patterns, but we have some pretty weird stuff too…
  • 58. ???
  • 59. More Research To Do • Determine meaning of various visual tropes that are evolving from the data • Create interactive tools for dotplot evaluation – Data Microscopy  • Colorize – Use different similarity metrics to evoke different colors – Did build a generic similarity construction out of bzip2/gzip; it works but finds too many similarities • Better Symbol Selection – X86 aware, jump target normalization, integrate Sequitur CFG, reimplement Halvar • That’s what I might do. What, you don’t think I’m done, do you?
  • 60. If autocorrelation is interesting… • Cross-Correlation is where the real fun lies – Autocorrelation: Compare A to A – Cross-Correlation: Compare A to B • Most files are sufficiently dissimilar that not very interesting structure shows up – Notable exception: Different versions of the same binary
  • 64. Tilt-Shifted Dotplots • Normal Dotplot: X and Y are absolute offset in file • Tilt-Shift Dotplot: Y is absolute offset in file. X is relative from Y, with absolute being Y-X. • Certainly more usable for static output, not necessarily more comprehensible though.
  • 65. In Summary • Your VPN is under threat – tell your boss! – If steroids aren’t illegal, a test isn’t useful • Check your devices for generic SSL certs – Especially you guys. • Fix any application that submits to HTTPS from HTTP, it’s easy • Use apps that support SOCKS5 for SSH Dynamic Forwarding if you can, or reset your system DNS as described if you can’t • Stop expecting users to remember long strings of hex characters • FUZZ YOUR FILE FORMATS, seriously • Take a look at your data, you might be surprised at what you find.