CYBER	
  SECURITY	
  VIA	
  TECHNOLOGY	
  FAILS

Jeremy	
  Conway	
  
Introduc:ons	
  
•  Founder	
  and	
  Managing	
  Partner	
  @	
  
SudoSecure	
  
•  Creden:als:	
  
–  16+	
  Years	
  in...
The	
  true	
  sign	
  of	
  intelligence	
  is	
  not	
  
knowledge	
  but	
  imagina9on.	
  

Albert	
  Einstein	
  
Demo	
  1:	
  
This	
  is	
  not	
  the	
  A@ack	
  your	
  Looking	
  for!	
  
IDS/IPS	
  and	
  Correla:on	
  Engines	
  
•  Evading	
  an	
  IDS/IPS	
  requires	
  understanding	
  
the	
  signature	...
Demo	
  2:	
  Can	
  you	
  spot	
  the	
  Imposter?	
  
SSL	
  MiTM	
  
•  “YES”	
  SSL	
  can	
  be	
  MiTM’ed	
  
•  Encryp:on	
  does	
  not	
  imply	
  “No	
  Worries”!	
  
•...
Demo	
  3:	
  
Outsourced	
  Trust,	
  the	
  Domino	
  Effect	
  
Outsourced	
  Trust	
  
•  The	
  Web	
  and	
  your	
  Browser	
  are	
  GREAT	
  at	
  
CACHING	
  
–  Even	
  when	
  i...
Demo	
  4:	
  
Begging	
  to	
  be	
  Hi-­‐Jacked	
  
WiFi	
  Hi-­‐Jacking	
  
•  By	
  DEFAULT	
  most	
  Wireless	
  Devices	
  Probe	
  and	
  Connect	
  
to	
  Preferred	
 ...
Demo	
  5:	
  
Passwords	
  –	
  Are	
  you	
  doing	
  it	
  wrong?	
  
LM	
  Passwords	
  
• 
• 
• 
• 

Used	
  to	
  support	
  the	
  legacy	
  LAN	
  Manager	
  protocol	
  
Disabled	
  by	
...
Something	
  to	
  consider!	
  

Albert	
  Einstein	
  
Ques9ons?	
  
Jeremy	
  Conway	
  

jeremy@sudosecure.com	
  
twi@er:	
  cj3r3my	
  

Thank	
  You!	
  
References	
  
THC-­‐Hydra:	
  h@p://www.thc.org/thc-­‐hydra/	
  
Mitmproxy:	
  h@p://mitmproxy.org/	
  
Burp	
  Suite:	
 ...
Upcoming SlideShare
Loading in …5
×

TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway

481 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
481
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

TakeDownCon Rocket City: Cyber Security via Technology Fails by Jeremy Conway

  1. 1. CYBER  SECURITY  VIA  TECHNOLOGY  FAILS Jeremy  Conway  
  2. 2. Introduc:ons   •  Founder  and  Managing  Partner  @   SudoSecure   •  Creden:als:   –  16+  Years  in  Informa:on     Security   –  NASA,  DoD,  US  Army   –  MS,  Informa:on  Security   –  BS,  Computer  Science  and     Math   –  20+  Industry  Cer:fica:ons  
  3. 3. The  true  sign  of  intelligence  is  not   knowledge  but  imagina9on.   Albert  Einstein  
  4. 4. Demo  1:   This  is  not  the  A@ack  your  Looking  for!  
  5. 5. IDS/IPS  and  Correla:on  Engines   •  Evading  an  IDS/IPS  requires  understanding   the  signature  (matching  paVern)   –  Most  cases  it  is  TRIVIAL  at  BEST  to  evade!   •  Correla:on  Engines  tend  to  use  simple  logic   –  Evading  these  complex  and  expensive  devices  is  EASY   when  it  relies  on  Insecure  Protocols!   •  Ge[ng  it  RIGHT!   –  Understand  the  limita:ons  of  Signature  Detec:on  Engines   –  Decompose  complex  rule  engines  and  correla:on  logic  to   iden:fy  possible  evasion  techniques   –  Consider  adding  a  “TRUSTED”     metric  value  when  designing     a  Secured  Architecture  
  6. 6. Demo  2:  Can  you  spot  the  Imposter?  
  7. 7. SSL  MiTM   •  “YES”  SSL  can  be  MiTM’ed   •  Encryp:on  does  not  imply  “No  Worries”!   •  Ge[ng  it  right!   –  Never  use  self-­‐signed  Cer:ficates   –  Never  allow  an  Exemp:on   –  Be  OVERLY  Paranoid!  
  8. 8. Demo  3:   Outsourced  Trust,  the  Domino  Effect  
  9. 9. Outsourced  Trust   •  The  Web  and  your  Browser  are  GREAT  at   CACHING   –  Even  when  it  is  Malicious  Injected  Badness   •  Two-­‐Factor  Authen:ca:on  doesn’t  solve   EVERTHING!   •  Ge[ng  it  Right!   –  Never  include  content  you  don’t  control  on  a  Secure  Site!  
  10. 10. Demo  4:   Begging  to  be  Hi-­‐Jacked  
  11. 11. WiFi  Hi-­‐Jacking   •  By  DEFAULT  most  Wireless  Devices  Probe  and  Connect   to  Preferred  Networks   •  Ge[ng  it  Right   –  Disable  Automa:c  Connec:ons  to  Preferred  Network  List   –  Disable  WiFi  when  NOT  in  Use  
  12. 12. Demo  5:   Passwords  –  Are  you  doing  it  wrong?  
  13. 13. LM  Passwords   •  •  •  •  Used  to  support  the  legacy  LAN  Manager  protocol   Disabled  by  default  on  Windows  star:ng  with  Vista   S:ll  found  enabled  everywhere  though!   Weaknesses:   –  Password  truncated  at  14  Chars     –  Split  into  2  halves  of  7  Char  passwords   –  Password  is  converted  to  UPPERCASE   •  PROTIPS:   –  Crack  LM  hashes  then  use  Cracked  password  to  aVack  NTLM   password   –  Free  Rainbow  Tables  (freerainbowtables.com)  will  crack  about   99%  of  LM  hashes  using  rcracki_mt   –  John  the  ripper  use:  -­‐-­‐loopback  -­‐-­‐format=nt    -­‐-­‐rules=NT     –  Hashcat  use  -­‐a  to  toggle  case  of  LM  cracked  hashes    
  14. 14. Something  to  consider!   Albert  Einstein  
  15. 15. Ques9ons?   Jeremy  Conway   jeremy@sudosecure.com   twi@er:  cj3r3my   Thank  You!  
  16. 16. References   THC-­‐Hydra:  h@p://www.thc.org/thc-­‐hydra/   Mitmproxy:  h@p://mitmproxy.org/   Burp  Suite:  h@p://portswigger.net/burp/   HTTPS  Cache  Injec:on  AVack  (Bad  Memories):   h@p://elie.im/talks/bad-­‐memories   •  Wifi  Pineapple  (Karma  AVack):     h@ps://wifipineapple.com/   •  LM  Hash:     h@p://en.wikipedia.org/wiki/LM_hash   •  •  •  • 

×