Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

Five Lessons Learned From Breaking Into A Casino Confessions of a Pentester & Other Stories Tom Eston

Agenda• My Background• Pentest Stories – The Energy Company – The Casino• Top 5 Ways We Break In – What can you learn? 2

About Your Presenter• Tom Eston• Manager, SecureState Profiling & Penetration Team• CISSP, GWAPT• Physical/Network Penetration Testing, Web/Mobile Application Assessments, Social Engineering• Penetration Testing Team Lead for a Fortune 500 Regional Bank• Speaker at Black Hat USA, DEFCON, ShmooCon, SANS, OWASP AppSec• Blogger (SpyLogic.net) and Podcaster (Security Justice, Social Media Security) 3

Disclaimer: Don’t Try This At Home• Hacking (breaking in) is illegal without permission! 4

Pentest Stories 5

The Energy Company• High Security Facility – Barbed wire fence – Roving patrols – Guard station with camera coverage• Objective: Breach the facility, gain access to the control station• SecureState deployed two teams… 6

The Energy Company• Team A found an area not protected by security fence• Team B gained access to the control facility through social engineering the gate guards• Rendezvous with Team A at the control station (Administration Building)• Gained access to shut down the entire facility (big red button), password written on wall• Installed a Wireless Access Point that allowed remote connection into the network 7

The Casino• No “Ocean’s Eleven” required• Casino’s have Hotels right?• SecureState was able to hack the Casino Wireless Network…from the hotel!• Weak Wireless Encryption + Poor Network “Ocean’s Eleven” ©2001 Warner Bros. Pictures. All Rights Reserved. Segmentation = $$$ 11

What could we do?• While on the Gaming Network we had the ability to see all slot machines, including: – Payout information for each machine – Ability to manipulate odds, generate bogus/free plays and modify systems which generate revenue for the Casino• Access to the internal security camera system – Ability to shut down and move cameras• We were met by security when attempting to visit the Casino floor  12

Top 5 Ways We Break In “Lessons Learned” 14

#5 Poor Network Segmentation• Many networks are still “flat”• Poor ACLs• Compromised systems can be used to “pivot” to segmented networks• Example, host on a DMZ compromised. Pivot to internal network containing financial systems 15

#4 Weak Wireless Encryption• Some companies are still using WEP (sad but true)• Some companies are using weak passphrases with WPA/WPA2 configurations• Wireless clients can be misconfigured with WPA2 Enterprise configurations• Once the wireless network is accessed, we find poor network segmentation  16

#3 Social Engineering• The “human layer” is always the weakest link in a security program• Used to convince someone to do something they normally wouldn’t do• Everyone wants to be helpful!• Who would attack/scam us attitude “We would never fall for that…” 17

#2 Unpatched/Misconfigured Systems• Very common to still find systems without MS08-067 (2008) critical Microsoft patch!• Systems with ports and services that should be closed (RDP)• Default Credentials – Apache Tomcat/JBoss• Lack of minimum security baselines for systems – Still challenging for many companies 18

Happy Birthday MS08-067! 19

#1 Weak Passwords• Password1 This meets Windows complexity requirements!• Many use easy to guess dictionary words – Seasons of the year are quite popular “Summer12” – Anything based off of common names…• Lack of user security awareness• Easy targets: Citrix, RDP Servers, SSL VPN, Webmail 20

Questions?• Visit http://www.securestate.com for more information on our services• My Blog: http://SpyLogic.net• Email: teston@securestate.com• Twitter: @agent0x0 21

http://www.spylogic.net	3113
http://feeds2.feedburner.com	59
http://www.securitybloggersnetwork.com	12
http://translate.googleusercontent.com	6
http://131.253.14.66	4
https://si0.twimg.com	3
http://feeds.feedburner.com	3
http://www.newsblur.com	3
https://twimg0-a.akamaihd.net	1
http://spylogic.net.	1

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories

by Tom Eston

Accessibility

Categories

Upload Details

Usage Rights

10 Embeds 3,205

Statistics

Five Lessons Learned From Breaking Into A Casino: Confessions of a Penetration Tester & Other Stories Presentation Transcript