It is possible to create a comprehensive attack surface of any organizations just with open data available on the public internet It is possible to search vulnerable targets and compromise the targets. The organizations can be compromised without any RCE vulnerability. It is possible to create inhouse team to continuously monitor your attack surface and fix flaws before attackers find them.
4. Let's start with how attackers work
An attacker wants to hack a target and for this, will
perform a bunch of activities
1. Online Attack Surfaces
2. Breached Credentials
3. Known Vulnerable Software
4. (Easy to?) exploit security vulnerabilities
7. • Your-Company.com
• Who is the registrar
• Where is it hosted
• Self-hosted or managed
e-mail service
• External help desk
services
• 3rd party services
What Attackers See – Domain Enumeration
whois
whois your-company.com
whois <IP>
dig
dig your-company.com NS
dig @NS1 your-company.com MX
dig @NS1 your-company.com TXT
8. What Attackers See – Subdomain Enumeration
• Your-Company.com
• Host-1
• Host-2
• Host-3
• Etc.
amass enum –passive –d
your-company.com
amass intel –whois –d
your-company.com
9. What Attackers See – Email Enumeration
• Your-Company.com
• u1@your-company.com
• u2@your-company.com
• u3@your-company.com
• u4@your-company.com
• Etc.
Hunter.io
theHarvester
Many more …
22. An Example AppSec Workflow
Domain
Hosts
Subdomain
Enumeration
CIDRASN Search
DNS
SPF, MX etc.
Port and
Service
Scanning
URLs
Technologies
Cloud
Infrastructure
Emails Public
Breach DB
Query
Password
Spraying
Application
Security Scan
25. Driving the System – Events FTW!
API Service
HTTP POST
NATS
Write to NATS Message Queue
Scanners
(Client)
Minio Object
Storage
Persist Output
Output Analysis
and Feedback
Alerting and
Notification
Tool Output Event
26. • 3rd Party Tools are not in our control
• We need to be able to
• Receive input from NATS
• Run tool with tool specific command line
• Receive output or check for error
• Persist output to Minio
The Tool Adapter (Pattern)
27. 1. Package 3rd party tools as Docker containers
2. Add Tool Adapter binary and set as entrypoint
3. Write Kubernetes deployment spec (YAML)
4. Deploy to Kubernetes
5. Write YAML rules for Feedback Processing
Adding a Security Tool (3rd Party)
32. • State management is difficult due to asynchronous
nature of the system
• NATS connection issue with preemptible nodes on GKE
• Capacity planning and analysis
• Cost analysis
Challenges, Constraints and Things to do
33. How to
Contribute
1. Clone the repository from Github
2. Try out and report bugs
3. Add new security tools
4. Add feedback processor rules
5. Submit PR
github.com/appsecco/kubeseco