SlideShare a Scribd company logo

Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

Source Conference
Source Conference
Technology
1 of 33
Download to read offline
Presented by: Jeremy Allen Rajendra Umadas April 21, 2011 Network Stream Hacking with Mallory
Agenda • Who are we? • What annoys us? – Rajendra Umadas – Proxy setup – Jeremy Allen – Throwaway Tools – Wasted or Redundant effort • What do we do? – Mobile Application Assessments, • What did we do Thick Clients, about it? COTS (lots of other – Mallory! assessments)
Who Are We
Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break things before the bad guys do
Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobile Application Security = fun;
What we do
What we do: Assessment Types Application Assessments  Mobile Applications  Acronym and Name Overload: QUALCOMM/BREW, RIM, Windows Mobile, Windows Phone, iPhone, Android …  Web Applications  XSS, SQL Injection – Pays the bills, still how many get owned  Other Apps  Thick clients, binary protocols, “harder” targets
What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentified network streams in tested application
What we do: Tools Other Tools  What tools exist that are good for MiTM and app testing for application assessments?  dsniff, cain, tcpdump ,wireshark (about that…), others
Solution
Solution: Mallory “The enemy knows the system” – Claude Shannon
Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
Solution Easy Way
Solution Demo  Intro to Mallory GUI
Soltuion: Mallory Architecture
Solution What have others done with Mallory?  WSJ Application Privacy Research
Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matter, Mallory can see the traffic
Demos + Deep Dive
Demos and Deep Dive
Solution GUI Configuration  Common tasks are fast, easy (configuring mallory, editing TCP streams)  Uncommon tasks are possible, fairly easy (rules, known protocols)  Rare tasks are harder, require some trickery (python plugins, python code)
Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
Solution Demo – Something More Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in advanced view
Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
Solution How does Mallory Fuzz?  DEMO
Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic fuzzing
Solution Common App Testing Problem  SSL
Solution Mallory Knows SSL  DEMO - SSL
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
Conclusion
Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTPS, SSL, DNS, SSH  Mallory make common app testing tasks easy

Recommended

Englishtown lifestyle
Englishtown lifestyleEnglishtown lifestyle
Englishtown lifestyleTony Shao
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011Source Conference
 
Dan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsDan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsSource Conference
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 
Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 

Recommended

Englishtown lifestyle
Englishtown lifestyleEnglishtown lifestyle
Englishtown lifestyleTony Shao
 
Who should the security team hire next?
Who should the security team hire next?Who should the security team hire next?
Who should the security team hire next?Source Conference
 
Matthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxMatthew Coles - Izar Tarandach - Security Toolbox
Matthew Coles - Izar Tarandach - Security ToolboxSource Conference
 
James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011James Beeson SOURCE Boston 2011
James Beeson SOURCE Boston 2011Source Conference
 
Dan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsDan Crowley - Jack Of All Formats
Dan Crowley - Jack Of All FormatsSource Conference
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsSource Conference
 
Paul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackPaul Asadoorian - Bringing Sexy Back
Paul Asadoorian - Bringing Sexy BackSource Conference
 
Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Wim Remes SOURCE Boston 2011
Wim Remes SOURCE Boston 2011 Source Conference
 
The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management Rundeck
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...meritnorthwest
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsPro777
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber securityNascenia IT
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Websec México, S.C.
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Codemotion
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!Sophia Russell
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in processElad Maimon
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...Enterprise Management Associates
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?Israel Blancas
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesSoftware Guru
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downCompuware ASEAN
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementPerficient, Inc.
 
Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser BotnetSource Conference
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 

More Related Content

Similar to Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management Rundeck
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...meritnorthwest
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Rundeck
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsPro777
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewSymantec
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber securityNascenia IT
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Websec México, S.C.
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Codemotion
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiShah Sheikh
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!Sophia Russell
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in processElad Maimon
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...Enterprise Management Associates
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?Israel Blancas
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesSoftware Guru
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downCompuware ASEAN
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Osama Salah
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementPerficient, Inc.
 

Similar to Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory (20)

The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management The Last Mile Continued: Incident Management
The Last Mile Continued: Incident Management
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
Merit Event - Monitor, Secure & Control Your Network with JMC IT & Lightspeed...
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE
 
Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE Incident Management in the Age of DevOps and SRE
Incident Management in the Age of DevOps and SRE
 
Scaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise ApplicationsScaling Ruby for Enterprise Applications
Scaling Ruby for Enterprise Applications
 
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical OverviewCyber Tech Israel 2016: Advanced Threat Protection Technical Overview
Cyber Tech Israel 2016: Advanced Threat Protection Technical Overview
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Software quality assurance and cyber security
Software quality assurance and cyber securitySoftware quality assurance and cyber security
Software quality assurance and cyber security
 
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
Echidna, sistema de respuesta a incidentes open source [GuadalajaraCON 2013]
 
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
Microservices done right or SOA lessons learnt - Sean Farmar - Codemotion Mil...
 
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed BedewiBalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
BalCcon 2015 - DTS Solution - Attacking the Unknown by Mohamed Bedewi
 
Subverting the monolith!
Subverting the monolith!Subverting the monolith!
Subverting the monolith!
 
Code quality as a built-in process
Code quality as a built-in processCode quality as a built-in process
Code quality as a built-in process
 
5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...5 Best Practices for Application-aware Network Performance Management (AANPM)...
5 Best Practices for Application-aware Network Performance Management (AANPM)...
 
What is happening with my microservices?
What is happening with my microservices?What is happening with my microservices?
What is happening with my microservices?
 
Encontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de AplicacionesEncontrando la Aguja en el Rendimiento de Aplicaciones
Encontrando la Aguja en el Rendimiento de Aplicaciones
 
How to stop fingerpointing when your application is down
How to stop fingerpointing when your application is downHow to stop fingerpointing when your application is down
How to stop fingerpointing when your application is down
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Using Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee EngagementUsing Yammer & SharePoint Intranets to Drive Employee Engagement
Using Yammer & SharePoint Intranets to Drive Employee Engagement
 

More from Source Conference

iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on AndroidSource Conference
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICSource Conference
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsSource Conference
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesSource Conference
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network SecuritySource Conference
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration TestersSource Conference
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSource Conference
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSource Conference
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserSource Conference
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItSource Conference
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of AnonymousSource Conference
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary plantingSource Conference
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudSource Conference
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawSource Conference
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendSource Conference
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationSource Conference
 

More from Source Conference (20)

Million Browser Botnet
Million Browser BotnetMillion Browser Botnet
Million Browser Botnet
 
iBanking - a botnet on Android
iBanking - a botnet on AndroidiBanking - a botnet on Android
iBanking - a botnet on Android
 
I want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUICI want the next generation web here SPDY QUIC
I want the next generation web here SPDY QUIC
 
From DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and BobsFrom DNA Sequence Variation to .NET Bits and Bobs
From DNA Sequence Variation to .NET Bits and Bobs
 
Extracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus DerivativesExtracting Forensic Information From Zeus Derivatives
Extracting Forensic Information From Zeus Derivatives
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Wfuzz para Penetration Testers
Wfuzz para Penetration TestersWfuzz para Penetration Testers
Wfuzz para Penetration Testers
 
Security Goodness with Ruby on Rails
Security Goodness with Ruby on RailsSecurity Goodness with Ruby on Rails
Security Goodness with Ruby on Rails
 
Securty Testing For RESTful Applications
Securty Testing For RESTful ApplicationsSecurty Testing For RESTful Applications
Securty Testing For RESTful Applications
 
Esteganografia
EsteganografiaEsteganografia
Esteganografia
 
Men in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the BrowserMen in the Server Meet the Man in the Browser
Men in the Server Meet the Man in the Browser
 
Advanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done ItAdvanced Data Exfiltration The Way Q Would Have Done It
Advanced Data Exfiltration The Way Q Would Have Done It
 
Adapting To The Age Of Anonymous
Adapting To The Age Of AnonymousAdapting To The Age Of Anonymous
Adapting To The Age Of Anonymous
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Advanced (persistent) binary planting
Advanced (persistent) binary plantingAdvanced (persistent) binary planting
Advanced (persistent) binary planting
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
The Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime LawThe Latest Developments in Computer Crime Law
The Latest Developments in Computer Crime Law
 
JSF Security
JSF SecurityJSF Security
JSF Security
 
How To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security SpendHow To: Find The Right Amount Of Security Spend
How To: Find The Right Amount Of Security Spend
 
Everything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitationEverything you should already know about MS-SQL post-exploitation
Everything you should already know about MS-SQL post-exploitation
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Jeremy Allen - Rajendra Umadas - Network Stream Hacking With Mallory

  • 1. Presented by: Jeremy Allen Rajendra Umadas April 21, 2011 Network Stream Hacking with Mallory
  • 2. Agenda • Who are we? • What annoys us? – Rajendra Umadas – Proxy setup – Jeremy Allen – Throwaway Tools – Wasted or Redundant effort • What do we do? – Mobile Application Assessments, • What did we do Thick Clients, about it? COTS (lots of other – Mallory! assessments)
  • 4. Who are we: Jeremy Allen Jeremy Allen  Principal Consultant  iOS Assessment Lead  Writes a lot of Python  Try to break things before the bad guys do
  • 5. Who are we: Rajendra Umadas Rajendra Umadas  Consultant  Mobile Application Hacker  Does not afraid of anything  Mobile Application Security = fun;
  • 7. What we do: Assessment Types Application Assessments  Mobile Applications  Acronym and Name Overload: QUALCOMM/BREW, RIM, Windows Mobile, Windows Phone, iPhone, Android …  Web Applications  XSS, SQL Injection – Pays the bills, still how many get owned  Other Apps  Thick clients, binary protocols, “harder” targets
  • 8. What we do: Tools HTTP Proxy  When is a HTTP Proxy Not Enough?  Protocols that just use HTTP for transport  Unidentified network streams in tested application
  • 9. What we do: Tools Other Tools  What tools exist that are good for MiTM and app testing for application assessments?  dsniff, cain, tcpdump ,wireshark (about that…), others
  • 11. Solution: Mallory “The enemy knows the system” – Claude Shannon
  • 12. Solution Hard Way  ARP  DNS Spoofing  iptables and custom scripts  Packet level techniques
  • 14. Solution Demo  Intro to Mallory GUI
  • 16. Solution What have others done with Mallory?  WSJ Application Privacy Research
  • 17. Solution Application Testing  WSJ Application Privacy Research  Chose Mallory because it is pervasive  Apps don’t matter, Mallory can see the traffic
  • 18. Demos + Deep Dive
  • 20. Solution GUI Configuration  Common tasks are fast, easy (configuring mallory, editing TCP streams)  Uncommon tasks are possible, fairly easy (rules, known protocols)  Rare tasks are harder, require some trickery (python plugins, python code)
  • 21. Solution GUI Configuration  Getting traffic to the stream editor  Echo Server  Rules Config Demo
  • 22. Solution Demo – Something More Serious  TCP Stream Editing  All flows and datagrams go to a database  Show database in advanced view
  • 23. Solution Programmatic Modification  What about places where editing is harder?  DEMO – Modifying VNC Keystrokes
  • 24. Solution What about Fuzzing?  Fuzzing Paradigms  File fuzzing  Network fuzzing
  • 25. Solution How does Mallory Fuzz?  ProxFuzz  Opportunistic Fuzzing  Protocol Depth
  • 26. Solution How does Mallory Fuzz?  DEMO
  • 27. Solution Fuzzing Results  Can vary greatly  Depends on your app  We have seen good returns with opportunistic fuzzing
  • 28. Solution Common App Testing Problem  SSL
  • 29. Solution Mallory Knows SSL  DEMO - SSL
  • 30. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  • 31. Solution SSL Usage  Mallory acts as a CA  Generates Certs in Memory  Makes Look Alike Certs
  • 33. Conclusion Conclusion  Mallory is a MiTM Proxy  Focus on streams and datagrams  Mallory can decode and MiTM: HTTP, HTTPS, SSL, DNS, SSH  Mallory make common app testing tasks easy