PETER WOOD – THE ETHICAL HACKER                                  1
The Ultimate Defence:             Think Like a HackerAn Ethical Hacker’s View of Corporate Security                       ...
Who is Peter Wood?Worked in computers & electronics since 1969Founded First Base in 1989     (one of the first ethical hac...
Thinking like a hacker• Hacking is a way of thinking  A hacker is someone who thinks outside the box. Its someone who  dis...
Network Device Compromise
SNMP                 Simple Network Management Protocol• A protocol developed to manage nodes (servers, workstations,  rou...
SNMP Scanning
SNMP for hackers•   If you know the read string (default public) you can read the entire MIB for    that device•   If you ...
Windows Hacking
Windows architecture                             Domain logonLocal users                                                  ...
List privileged accounts and  look for service accounts
Case study: Administrator passwords                                             admin5                                    ...
Case study: password crack• 26,310 passwords from a Windows domain• 11,279 (42.9%) cracked in 2½ minutes• It’s not a chall...
Laptop hacking
If we can boot from CD or USB …
We have some passwords!
… or just read the disk
Change the Administrator password
Desktop & Laptop Security• Physical security on Windows desktops and laptops  doesn’t exist• Native Windows security is in...
Attack the building
Impersonating an employee
Impersonating a supplier
Do-it-yourself ID cards
Impersonate a cleaner•   No vetting•   Out-of-hours access•   Cleans the desks•   Takes out large black sacks
Data theft by keylogger
Keyghost log fileKeystrokes recorded so far is 2706 out of 107250 ...<PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab>...
Need more information?    Peter Wood    Chief Executive OfficerFirst•Base Technologies LLP peterw@firstbase.co.uk     http...
Upcoming SlideShare
Loading in …5
×

Peter wood – the ethical hacker

930 views
782 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
930
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • One of our clients (a major international bank) was attacked in a scenario which involved cleaners.
  • Peter wood – the ethical hacker

    1. 1. PETER WOOD – THE ETHICAL HACKER 1
    2. 2. The Ultimate Defence: Think Like a HackerAn Ethical Hacker’s View of Corporate Security Peter Wood Chief Executive Officer First•Base Technologies LLP
    3. 3. Who is Peter Wood?Worked in computers & electronics since 1969Founded First Base in 1989 (one of the first ethical hacking firms)CEO First Base Technologies LLPSocial engineer & penetration testerConference speaker and security ‘expert’Member of ISACA Security Advisory GroupVice Chair of BCS Information Risk Management and Audit GroupUK Chair, Corporate Executive ProgrammeFBCS, CITP, CISSP, MIEEE, M.Inst.ISPRegistered BCS Security ConsultantMember of ACM, ISACA, ISSA, Mensa
    4. 4. Thinking like a hacker• Hacking is a way of thinking A hacker is someone who thinks outside the box. Its someone who discards conventional wisdom, and does something else instead. Its someone who looks at the edge and wonders whats beyond. Its someone who sees a set of rules and wonders what happens if you dont follow them. [Bruce Schneier]• Hacking applies to all aspects of life - not just computers
    5. 5. Network Device Compromise
    6. 6. SNMP Simple Network Management Protocol• A protocol developed to manage nodes (servers, workstations, routers, switches and hubs etc.) on an IP network• Enables network administrators to manage network performance, find and solve network problems, and plan for network growth• SNMP v1 is the de facto network management protocol• SNMP v1 has been criticised for its poor security. Authentication is performed only by a ‘community string’, in effect a type of password, which is transmitted in clear text
    7. 7. SNMP Scanning
    8. 8. SNMP for hackers• If you know the read string (default public) you can read the entire MIB for that device• If you know the read-write string (default private) you may be able to change settings on that device• You may be able to ‘sniff’ community strings off the network if they’ve been changed from the defaults• You may be able to control a router or switch: – Intercept traffic and read sensitive information – ‘Crash’ the network repeatedly – Lock the device out, requiring physical access to reset it• You may be able to list users, groups, shares etc. on servers• You may be able to subvert wireless network security
    9. 9. Windows Hacking
    10. 10. Windows architecture Domain logonLocal users Domain usersand groups Workstation Domain and groups Controller Global group in local group LoLocal users Workstation ca Domain Domain usersand groups l lo and groups go Controller nLocal users Local usersand groups Workstation Member and groups Server Local users Member and groups Server
    11. 11. List privileged accounts and look for service accounts
    12. 12. Case study: Administrator passwords admin5 crystal financeGlobal firm worth £800million friday macadmin• 67 Administrator accounts monkey orange• 43 simple passwords (64%) password password1 prague• 15 were “password” (22%) pudding rocky4• Some examples we found -> security security1 sparkle webadmin yellow
    13. 13. Case study: password crack• 26,310 passwords from a Windows domain• 11,279 (42.9%) cracked in 2½ minutes• It’s not a challenge!
    14. 14. Laptop hacking
    15. 15. If we can boot from CD or USB …
    16. 16. We have some passwords!
    17. 17. … or just read the disk
    18. 18. Change the Administrator password
    19. 19. Desktop & Laptop Security• Physical security on Windows desktops and laptops doesn’t exist• Native Windows security is ineffective if you have physical access• Everything is visible: e-mails, spreadsheets, documents, passwords• If it’s on your machine - it’s stolen!• Encryption is the best defence, coupled with lots of training!
    20. 20. Attack the building
    21. 21. Impersonating an employee
    22. 22. Impersonating a supplier
    23. 23. Do-it-yourself ID cards
    24. 24. Impersonate a cleaner• No vetting• Out-of-hours access• Cleans the desks• Takes out large black sacks
    25. 25. Data theft by keylogger
    26. 26. Keyghost log fileKeystrokes recorded so far is 2706 out of 107250 ...<PWR><CAD>fsmith<tab><tab>arabella xxxxxxx <tab><tab> None<tab><tab> None<tab><tab>None<tab><tab> <CAD> arabella<CAD><CAD> arabella<CAD><CAD> arabellaexittracert 192.168.137.240telnet 192.168.137.240cisco
    27. 27. Need more information? Peter Wood Chief Executive OfficerFirst•Base Technologies LLP peterw@firstbase.co.uk http://firstbase.co.uk http://white-hats.co.uk http://peterwood.com Blog: fpws.blogspot.com Twitter: @peterwoodx

    ×