Layer8 exploitation: Lock'n Load Target

•

0 gefällt mir•573 views

Prathan Phongthiproek

Technologie

www.cdicconference.com

“Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity”

อ. ประธาน พงศ์ทิพย์ฤกษ์
SANS GIAC GPEN, eCPPT, ECSA, CEH, CPTS, CIW Security Analyst, CWNA, CWSP, Security+, ITIL-F
Section Manager, Senior Information Security Consultant

อ. สุทธาพงศ์ วราอัศวปติ
Information Security Consultant

1

Let’s Talk

 Layer 8 Exploitation
 Lock’n Load Target
 Automated Exploitation

2 2

Types of Hacking

 Network services
 Web Application / Mobile Application
 Remote dial-up war dial
 Wireless Security
 Social Engineering
 Physical Security
 Cryptanalysis
 Client Side (Layer 8)

4 4

Client-side Hacking

 Client-side Software + Social Engineering
“There is no patch for stupid”
 Client-side software
 Web browsers
 Media Players
 Microsoft Office
 Adobe Reader
 Java runtime environment
 Flash player
 Etc
5 5

PWN2OWN: Result

 Google Chrome is the first browser to fail at
pwn2own
 Bypass DEP/ASLR
 Bypass Sandbox

 Internet Explorer 9 is the second browser
 It will work on IE6-10 on Window 8

 Firefox 10.0.2 is the Third browser
 Bypass DEP/ASLR
 Heap spray Exploit
10 15

Lock the target

 Information gathering
 Social Networking
 Job Requisition
 Document Metadata
 Harvesting Email
 Social Engineering
 Spear Phishing

12 17

Document Metadata

 Most document formats include a significant
amount of metadata (data about data)
 Information sometimes included in metadata
 Usernames
 Operating Systems
 Network info
 Internal Server info
 Device info
 Software version

15 20

Document Types that are Rich
in Metadata
 Most types of documents have some metadata
in them, but the following types are often
especially interesting

16 21

Protection ?

 User Awareness Training
 Security Policy
 Clean all public documents

27

Clean your documents:
MSoffice 2k3 and XP

30

CVE-2010-1349
Opera 10.10, 10.50 on Windows

CVE-2011-1260 IE6, IE7, IE8
MS11-050 2000, 2003, XP, Vista, 7

CVE-2011-0065
Firefox 3.5.19, 3.6.17

42 42

CVE-2011-0611
Adobe flash player 10.2.154.27
Adobe reader 10.0.2

CVE-2011-3544
Java 6 update 27
Java 7

43 43

How to Avoid Automate
Exploitation?

51 20

Thank You

www.cdicconference.com

52 34

Empfohlen

CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek

Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek

What I Learned at RSAC 2020Ulf Mattsson

How I Learned to Stop Information Sharing and Love the DIKWSounil Yu

[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE

Risk Management Practices for PCI DSS 2.0Ulf Mattsson

CybersecurityNational LECET

The day when role based access control disappearsUlf Mattsson

Empfohlen

CDIC 2013-Mobile Application Pentest WorkshopPrathan Phongthiproek

Don't Trust, And Verify - Mobile Application AttacksPrathan Phongthiproek

What I Learned at RSAC 2020Ulf Mattsson

How I Learned to Stop Information Sharing and Love the DIKWSounil Yu

[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...CODE BLUE

Risk Management Practices for PCI DSS 2.0Ulf Mattsson

CybersecurityNational LECET

The day when role based access control disappearsUlf Mattsson

The emerging pci dss and nist standardsUlf Mattsson

[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama

OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek

Software Piracy Protectionijtsrd

We explain the security flaw that's freaking out the internetaditi agarwal

ISSA: Cloud data securityUlf Mattsson

Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson

Jump-Start The MASVSPrathan Phongthiproek

INSECURE Magazine - 35Felipe Prado

Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal

cyber security analyst certificationVskills

[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz

Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson

150819_oml_pki_v1pStéphane Roule

Attacking the cloud with social engineeringPeter Wood

Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup

Internet & iot securityUsman Anjum

Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group

[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE

Invisible Public Debt (Presentation)Kassymkhan Kapparov

How Pinterest Can Work for Your DestinationStephanie Lynch

Weitere ähnliche Inhalte

Was ist angesagt?

The emerging pci dss and nist standardsUlf Mattsson

[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SMCarlos Valderrama

OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek

Software Piracy Protectionijtsrd

We explain the security flaw that's freaking out the internetaditi agarwal

ISSA: Cloud data securityUlf Mattsson

Data Protection & Privacy During the Coronavirus PandemicUlf Mattsson

Jump-Start The MASVSPrathan Phongthiproek

INSECURE Magazine - 35Felipe Prado

Deepfake anyone, the ai synthetic media industry enters a dangerous phaseaditi agarwal

cyber security analyst certificationVskills

[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz

Issa chicago next generation tokenization ulf mattsson apr 2011Ulf Mattsson

150819_oml_pki_v1pStéphane Roule

Attacking the cloud with social engineeringPeter Wood

Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problemsscoopnewsgroup

Internet & iot securityUsman Anjum

Webinar–Mobile Application Hardening Protecting Business Critical AppsSynopsys Software Integrity Group

[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE

Was ist angesagt? (20)

The emerging pci dss and nist standards

[4YFN]Cyber Security Innovation, an urgent call to cyber heroes SM

OWASP Day - OWASP Day - Lets secure!

Software Piracy Protection

We explain the security flaw that's freaking out the internet

ISSA: Cloud data security

Data Protection & Privacy During the Coronavirus Pandemic

Jump-Start The MASVS

INSECURE Magazine - 35

Deepfake anyone, the ai synthetic media industry enters a dangerous phase

cyber security analyst certification

[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Issa chicago next generation tokenization ulf mattsson apr 2011

150819_oml_pki_v1p

Attacking the cloud with social engineering

Devil's Bargain: Sacrificing Strategic Investments to Fund Today's Problems

Internet & iot security

Webinar–Mobile Application Hardening Protecting Business Critical Apps

[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi

Andere mochten auch

Invisible Public Debt (Presentation)Kassymkhan Kapparov

How Pinterest Can Work for Your DestinationStephanie Lynch

1merchanoscargaliza

Cd coversKatherine Brittain

testeeeestesMarcelo Cost

Inlichtingenfunctie Presentatie 17 3 2010BertilVoogd

Community Grantmaking Program Information Webinar - Spring 2011Triangle Community Foundation

Outlook Expressproser tech

Porta Ce Cursor A Contextual Eye Cursor For General Pointing In Windows Envir...Kalle

Vpnproser tech

XNA coding seriesUditha Bandara (.NET MVP)

Morimoto Context Switching For Fast Key Selection In Text Entry ApplicationsKalle

Web 2 0NatkaOA

Flex automation. tools comparisonAlex

ลักษณะภูมิประเทศแอฟริกกาใหม่Princess Chulabhorn's College, Chiang Rai Thailand

ParaEmpezarSeasonsandWeatherSenoraAmandaWhite

Tactical AssassinsPrathan Phongthiproek

Diaoscargaliza

Statby school 2555_m3_1057012007Princess Chulabhorn's College, Chiang Rai Thailand

Social Networking Security WorkshopPrathan Phongthiproek

Andere mochten auch (20)

Invisible Public Debt (Presentation)

How Pinterest Can Work for Your Destination

1merchan

Cd covers

testeeeestes

Inlichtingenfunctie Presentatie 17 3 2010

Community Grantmaking Program Information Webinar - Spring 2011

Outlook Express

Porta Ce Cursor A Contextual Eye Cursor For General Pointing In Windows Envir...

Vpn

XNA coding series

Morimoto Context Switching For Fast Key Selection In Text Entry Applications

Web 2 0

Flex automation. tools comparison

ลักษณะภูมิประเทศแอฟริกกาใหม่

ParaEmpezarSeasonsandWeather

Tactical Assassins

Dia

Statby school 2555_m3_1057012007

Social Networking Security Workshop

Ähnlich wie Layer8 exploitation: Lock'n Load Target

Advanced Malware AnalysisPrathan Phongthiproek

SecTor '09 - When Web 2.0 Attacks!Rafal Los

Dan Guido SOURCE Boston 2011Source Conference

Mobile securityStefaan

Android Hackingantitree

Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP

2013 Security Threat Report PresentationSophos

Fireshark - Brucon 2010Stephan Chenette

End of Studies project: Malware Repsonse CenterAbdessabour Arous

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerFelipe Prado

Professional Software Development, Practices and EthicsLemi Orhan Ergin

The Ultimate Deobfuscator - ToorCON San Diego 2008Stephan Chenette

Breaking the Laws of Robotics: Attacking Industrial RobotsSpeck&Tech

Internet security: a landscape of unintended consequencesSarah Allen

Secureview 3Felipe Prado

Luiz eduardo. introduction to mobile snitchYury Chemerkin

Nullbyte 6ed. 2019Ricardo L0gan

Smart Bombs: Mobile Vulnerability and ExploitationTom Eston

Defcon 18 "Hacking Electronic Door Access Controllers" shawn_merdinger

Banking malware zeu s zombies are using in online banking theft.Nahidul Kibria

Ähnlich wie Layer8 exploitation: Lock'n Load Target (20)

Advanced Malware Analysis

SecTor '09 - When Web 2.0 Attacks!

Dan Guido SOURCE Boston 2011

Mobile security

Android Hacking

Disruptionware-TRustedCISO103020v0.7.pptx

2013 Security Threat Report Presentation

Fireshark - Brucon 2010

End of Studies project: Malware Repsonse Center

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer

Professional Software Development, Practices and Ethics

The Ultimate Deobfuscator - ToorCON San Diego 2008

Breaking the Laws of Robotics: Attacking Industrial Robots

Internet security: a landscape of unintended consequences

Secureview 3

Luiz eduardo. introduction to mobile snitch

Nullbyte 6ed. 2019

Smart Bombs: Mobile Vulnerability and Exploitation

Defcon 18 "Hacking Electronic Door Access Controllers"

Banking malware zeu s zombies are using in online banking theft.

Mehr von Prathan Phongthiproek

Mobile Defense-in-Dev (Depth)Prathan Phongthiproek

The CARzyPire - Another Red Team OperationPrathan Phongthiproek

Cyber Kill Chain: Web Application ExploitationPrathan Phongthiproek

Mobile App Hacking In A NutshellPrathan Phongthiproek

OWASP Mobile Top 10 Deep-DivePrathan Phongthiproek

The Hookshot: Runtime ExploitationPrathan Phongthiproek

Understanding ransomwarePrathan Phongthiproek

Owasp Top 10 Mobile RisksPrathan Phongthiproek

Point-Of-Sale Hacking - 2600Thailand#20Prathan Phongthiproek

OWASP Thailand-Beyond the Penetration TestingPrathan Phongthiproek

Mobile Application Pentest [Fast-Track]Prathan Phongthiproek

Hack and Slash: Secure CodingPrathan Phongthiproek

Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek

Tisa mobile forensicPrathan Phongthiproek

Tisa-Social Network and Mobile SecurityPrathan Phongthiproek

Tisa social and mobile securityPrathan Phongthiproek

Operation outbreakPrathan Phongthiproek

The Operation CloudBurst AttackPrathan Phongthiproek

The Art of Grey-Box AttackPrathan Phongthiproek

Full MSSQL Injection PWNagePrathan Phongthiproek

Mehr von Prathan Phongthiproek (20)

Mobile Defense-in-Dev (Depth)

The CARzyPire - Another Red Team Operation

Cyber Kill Chain: Web Application Exploitation

Mobile App Hacking In A Nutshell

OWASP Mobile Top 10 Deep-Dive

The Hookshot: Runtime Exploitation

Understanding ransomware

Owasp Top 10 Mobile Risks

Point-Of-Sale Hacking - 2600Thailand#20

OWASP Thailand-Beyond the Penetration Testing

Mobile Application Pentest [Fast-Track]

Hack and Slash: Secure Coding

Web Application Firewall: Suckseed or Succeed

Tisa mobile forensic

Tisa-Social Network and Mobile Security

Tisa social and mobile security

Operation outbreak

The Operation CloudBurst Attack

The Art of Grey-Box Attack

Full MSSQL Injection PWNage

Kürzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘RTylerCroy

Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK

TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j

Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun

A Call to Action for Generative AI in 2024Results

Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2

GenCyber Cyber Security Day PresentationMichael W. Hawkins

[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745

Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer

Automating Google Workspace (GWS) & more with Apps Scriptwesley chun

Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge

Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik

08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j

Slack Application Development 101 Slidespraypatel2

Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge

Kürzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘

Unblocking The Main Thread Solving ANRs and Frozen Frames

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...

Data Cloud, More than a CDP by Matt Robison

A Call to Action for Generative AI in 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

GenCyber Cyber Security Day Presentation

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Automating Google Workspace (GWS) & more with Apps Script

Axa Assurance Maroc - Insurer Innovation Award 2024

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Injustice - Developers Among Us (SciFiDevCon 2024)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Slack Application Development 101 Slides

Driving Behavioral Change for Information Management through Data-Driven Gree...

Layer8 exploitation: Lock'n Load Target

1. www.cdicconference.com “Is Your Privacy at Risk? Security and Privacy Challenges in the Digital Modernity” อ. ประธาน พงศ์ทิพย์ฤกษ์ SANS GIAC GPEN, eCPPT, ECSA, CEH, CPTS, CIW Security Analyst, CWNA, CWSP, Security+, ITIL-F Section Manager, Senior Information Security Consultant อ. สุทธาพงศ์ วราอัศวปติ Information Security Consultant 1

2. Let’s Talk  Layer 8 Exploitation  Lock’n Load Target  Automated Exploitation 2 2

3. Layer 8 Exploitation 3 3

4. Types of Hacking  Network services  Web Application / Mobile Application  Remote dial-up war dial  Wireless Security  Social Engineering  Physical Security  Cryptanalysis  Client Side (Layer 8) 4 4

5. Client-side Hacking  Client-side Software + Social Engineering “There is no patch for stupid”  Client-side software  Web browsers  Media Players  Microsoft Office  Adobe Reader  Java runtime environment  Flash player  Etc 5 5

6. Web Browser Security Fight !! 6 11

7. Google Hands out $60k 7 12

8. PWN2OWN 2012 Hacking Contest 8 13

9. No software is unbreakable! 9 14

10. PWN2OWN: Result  Google Chrome is the first browser to fail at pwn2own  Bypass DEP/ASLR  Bypass Sandbox  Internet Explorer 9 is the second browser  It will work on IE6-10 on Window 8  Firefox 10.0.2 is the Third browser  Bypass DEP/ASLR  Heap spray Exploit 10 15

11. Lock’n Load Target 11 16

12. Lock the target  Information gathering  Social Networking  Job Requisition  Document Metadata  Harvesting Email  Social Engineering  Spear Phishing 12 17

13. LinkedIn Search 13 18

14. Job Requisition 14 19

15. Document Metadata  Most document formats include a significant amount of metadata (data about data)  Information sometimes included in metadata  Usernames  Operating Systems  Network info  Internal Server info  Device info  Software version 15 20

16. Document Types that are Rich in Metadata  Most types of documents have some metadata in them, but the following types are often especially interesting 16 21

17. Exif Tool 17 22

18. Libextractor Tool 18 23

19. FOCA Tool 19 24

20. FOCA: Case Study 20 25

21. FOCA: Case Study 21 26

22. FOCA: Case Study 22 27

23. FOCA: Case Study 23 28

24. Harvesting Email 24 29

25. Spear Phishing 25 30

26. Intranet Internet 31 26

27. Protection ?  User Awareness Training  Security Policy  Clean all public documents 27

28. Clean your documents: MSoffice 2k7 28

29. Clean your documents: MSoffice 2k7 29

30. Clean your documents: MSoffice 2k3 and XP 30

31. Automated Exploitation 31 32

32. Blackbox Hacking 32 33

33. Old Style Hacking 33 34

34. New Style Hacking 34 34

35. Hacking Object 35 35

36. MS Internet Explorer 36 36

37. Opera Opera 37 37

38. Mozilla Firefox 38 38

39. Apple Safari 39 39

40. Google Chrome 40 40

41. 41 41

42. CVE-2010-1349 Opera 10.10, 10.50 on Windows CVE-2011-1260 IE6, IE7, IE8 MS11-050 2000, 2003, XP, Vista, 7 CVE-2011-0065 Firefox 3.5.19, 3.6.17 42 42

43. CVE-2011-0611 Adobe flash player 10.2.154.27 Adobe reader 10.0.2 CVE-2011-3544 Java 6 update 27 Java 7 43 43

44. Hacking Diagram 44 45

45. Exploitation Result 45 45

46. 46

47. 47

48. 48

49. 49

50. Exploitation Demonstration 50 45

51. How to Avoid Automate Exploitation? 51 20

52. Thank You www.cdicconference.com 52 34