Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Shahee living with-the_ghost-final

60 Aufrufe

Veröffentlicht am

Configuration errors can cause similiar system failure like software bugs. misconfigurations can replicate crashes, hangs, silent failures of the system, the common characteristics found in every software bugs. But sysadmins usually ignores these misconfiguration issues if systems seems up and running smoothly. Usually unlike software bugs which gets much attention, the misconfiguration issues are usually neglected, which may lead to a data breach even system breach and unauthorised network access. And one day these misconguration becomes a living place of the ghosts in the network.

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Shahee living with-the_ghost-final

  1. 1. Living With The Ghost A tale of Misconfigurations
  2. 2. -Head of Security Operations @ BEETLES -Father of XAVIAN -Security Researcher -Lame Joke poster at FB Status -CCISO, CEH, MCSA, MCP -Serious at Twitter: @shaheemirza
  3. 3. Whoever said, “There’s no such thing as bad publicity” never experienced a data breach.
  4. 4. What we do
  5. 5. What we know
  6. 6. What we see [from a small POC test]
  7. 7. But SysAdmins only see RED
  8. 8. Gh0sT in the Ignored
  9. 9. Security Misconfiguration Security misconfiguration can happen at any level of an application stack, including the network services, platform, web server, application server, database, frameworks, custom code, and pre-installed virtual machines, containers, or storage.
  10. 10. How it happens ● Information disclosures ● Directory listing ● Stack traces or debug mode enabled ● Outdated or unpatched software/hardware ● Default credential ● Unnecessary features ● Unprotected resources ● Overly permissive policies ● CNAME record and unclaimed cloud resources
  11. 11. Unpatched routers Bangladesh have nearly 400+ vulnerable CISCO devices to CVE-2018-0171
  12. 12. Unpatched routers Bangladesh have nearly 800+ vulnerable MIKROTIK devices to CVE-2018-14847 are already infected by COINHIVE miner.
  13. 13. Unprotected resources Bangladesh have 1000++ unprotected devices directly connected to internet.
  14. 14. Default credential Bangladesh is the HOME of default credential enabled Systems.
  15. 15. ISP’s are using common password workinher
  16. 16. This is a global problem
  17. 17. What we found [Case X]
  18. 18. The Mind Gap Biz VS Devs VS OPS
  19. 19. THANKS