Five Lessons Learned From Breaking Into A Casino        Confessions of a Pentester & Other Stories                        ...
Agenda• My Background• Pentest Stories   – The Energy Company   – The Casino• Top 5 Ways We Break In   – What can you lear...
About Your Presenter• Tom Eston• Manager, SecureState Profiling & Penetration Team• CISSP, GWAPT• Physical/Network Penetra...
Disclaimer: Don’t Try This At Home• Hacking (breaking in) is illegal without permission!                                  ...
Pentest Stories                  5
The Energy Company• High Security Facility  – Barbed wire fence  – Roving patrols  – Guard station with camera coverage• O...
The Energy Company• Team A found an area not protected by security fence• Team B gained access to the control facility thr...
8
9
10
The Casino• No “Ocean’s Eleven”  required• Casino’s have Hotels right?• SecureState was able to  hack the Casino Wireless ...
What could we do?• While on the Gaming Network we had the ability to see all  slot machines, including:   – Payout informa...
13
Top 5 Ways We Break In  “Lessons Learned”                         14
#5       Poor Network Segmentation• Many networks are still “flat”• Poor ACLs• Compromised systems can be used to “pivot” ...
#4         Weak Wireless Encryption• Some companies are still using WEP (sad but true)• Some companies are using weak pass...
#3               Social Engineering• The “human layer” is always the weakest link  in a security program• Used to convince...
#2  Unpatched/Misconfigured Systems• Very common to still find systems without MS08-067  (2008) critical Microsoft patch!•...
Happy Birthday MS08-067!                           19
#1                Weak Passwords• Password1  This meets Windows complexity requirements!• Many use easy to guess dictionar...
Questions?• Visit http://www.securestate.com for more  information on our services• My Blog: http://SpyLogic.net• Email: t...
Upcoming SlideShare
Loading in …5
×

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

7,437 views

Published on

Breaking in is easy, real security is hard. Breaching the security of a Casino doesn't have to be as dramatic or dangerous as depicted in the Ocean's Eleven movies. In fact, by simply sitting in a hotel room of a Casino, hackers can find ways to breach the high security that Casino's have been known for. This type of attack has a simple goal: steal the Casino's money and cheat the system. All of this can be done without anyone seeing you and is much easier then walking directly into the Casino vault armed with guns and explosives.

In this presentation Tom Eston from SecureState walks us through some of the more interesting and exciting penetration tests his team have conducted. These include breaking into Casinos, Banks, Energy companies and other high security facilities (with permission of course). Tom's stories not only show how attackers break in but also show important lessons on how businesses can better secure their physical as well as network assets.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
7,437
On SlideShare
0
From Embeds
0
Number of Embeds
3,768
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

  1. 1. Five Lessons Learned From Breaking Into A Casino Confessions of a Pentester & Other Stories Tom Eston
  2. 2. Agenda• My Background• Pentest Stories – The Energy Company – The Casino• Top 5 Ways We Break In – What can you learn? 2
  3. 3. About Your Presenter• Tom Eston• Manager, SecureState Profiling & Penetration Team• CISSP, GWAPT• Physical/Network Penetration Testing, Web/Mobile Application Assessments, Social Engineering• Penetration Testing Team Lead for a Fortune 500 Regional Bank• Speaker at Black Hat USA, DEFCON, ShmooCon, SANS, OWASP AppSec• Blogger (SpyLogic.net) and Podcaster (Security Justice, Social Media Security) 3
  4. 4. Disclaimer: Don’t Try This At Home• Hacking (breaking in) is illegal without permission! 4
  5. 5. Pentest Stories 5
  6. 6. The Energy Company• High Security Facility – Barbed wire fence – Roving patrols – Guard station with camera coverage• Objective: Breach the facility, gain access to the control station• SecureState deployed two teams… 6
  7. 7. The Energy Company• Team A found an area not protected by security fence• Team B gained access to the control facility through social engineering the gate guards• Rendezvous with Team A at the control station (Administration Building)• Gained access to shut down the entire facility (big red button), password written on wall• Installed a Wireless Access Point that allowed remote connection into the network 7
  8. 8. 8
  9. 9. 9
  10. 10. 10
  11. 11. The Casino• No “Ocean’s Eleven” required• Casino’s have Hotels right?• SecureState was able to hack the Casino Wireless Network…from the hotel!• Weak Wireless Encryption + Poor Network “Ocean’s Eleven” ©2001 Warner Bros. Pictures. All Rights Reserved. Segmentation = $$$ 11
  12. 12. What could we do?• While on the Gaming Network we had the ability to see all slot machines, including: – Payout information for each machine – Ability to manipulate odds, generate bogus/free plays and modify systems which generate revenue for the Casino• Access to the internal security camera system – Ability to shut down and move cameras• We were met by security when attempting to visit the Casino floor  12
  13. 13. 13
  14. 14. Top 5 Ways We Break In “Lessons Learned” 14
  15. 15. #5 Poor Network Segmentation• Many networks are still “flat”• Poor ACLs• Compromised systems can be used to “pivot” to segmented networks• Example, host on a DMZ compromised. Pivot to internal network containing financial systems 15
  16. 16. #4 Weak Wireless Encryption• Some companies are still using WEP (sad but true)• Some companies are using weak passphrases with WPA/WPA2 configurations• Wireless clients can be misconfigured with WPA2 Enterprise configurations• Once the wireless network is accessed, we find poor network segmentation  16
  17. 17. #3 Social Engineering• The “human layer” is always the weakest link in a security program• Used to convince someone to do something they normally wouldn’t do• Everyone wants to be helpful!• Who would attack/scam us attitude “We would never fall for that…” 17
  18. 18. #2 Unpatched/Misconfigured Systems• Very common to still find systems without MS08-067 (2008) critical Microsoft patch!• Systems with ports and services that should be closed (RDP)• Default Credentials – Apache Tomcat/JBoss• Lack of minimum security baselines for systems – Still challenging for many companies 18
  19. 19. Happy Birthday MS08-067! 19
  20. 20. #1 Weak Passwords• Password1 This meets Windows complexity requirements!• Many use easy to guess dictionary words – Seasons of the year are quite popular “Summer12” – Anything based off of common names…• Lack of user security awareness• Easy targets: Citrix, RDP Servers, SSL VPN, Webmail 20
  21. 21. Questions?• Visit http://www.securestate.com for more information on our services• My Blog: http://SpyLogic.net• Email: teston@securestate.com• Twitter: @agent0x0 21

×