Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Infrastructure Fuzzing

102 views

Published on

Infrastructure fuzzing by Salo Shp, SRE Expert.
In this session We will cover the reason and methods hackers use to DDOS our production, and learn how to mitigate that threat by doing it ourselves as part of an overall Chaos Engineering methodology.

Published in: Engineering
  • Be the first to comment

Infrastructure Fuzzing

  1. 1. FUZZING INFRASTRUCTURE Salo Shp
  2. 2. /whoami 2 https://www.linkedin.com/in/salo-shp/ tikalk.com Salo Shp
  3. 3. 1 2 3 4 DISTRIBUTED DENIAL OF https://www.yellowstonepark.com/news/wolves-hunt SERVICE
  4. 4. STRESSERS LOIC http://sourceforge.net/projects/loic/files/loic/loic-1.0.8/LOIC-1.0.8-binary.zip/download
  5. 5. STRESSERS HOIC http://sourceforge.net/projects/highorbitioncannon/files/Hoic.rar/download
  6. 6. STRESSERS XOIC
  7. 7. STRESSERS MOAR WAREZ ▸ https://packetstormsecurity.com/distributed/trinoo.tgz ▸ https://packetstormsecurity.com/distributed/tfn2k.tgz ▸ https://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html ▸ http://packetstormsecurity.com/files/98831/ ▸ http://packetstormsecurity.com/files/123084/DAVOSET-1.1.3.html ▸ http://packetstormsecurity.com/files/120966/GoldenEye-HTTP-Denial-Of-Service-Tool.html ▸ http://sourceforge.net/projects/ddosim/ ▸ http://sourceforge.net/projects/pyloris/ ▸ https://code.google.com/p/owasp-dos-http-post/ ▸ https://code.google.com/p/r-u-dead-yet/ Salo Shp
  8. 8. STRESSERS DDOS AS A SERVICE https://www.ipstresser.com
  9. 9. STRESSERS MOAR LINKZ ▸ https://www.stressthem.to ▸ https://bullstresser.to ▸ https://freeipstress.com/ ▸ https://fiberstresser.com/ ▸ https://www.stresser.wtf/ ▸ https://zodiac-stresser.com/ ▸ https://www.booter.pw/ ▸ https://vdos-s.co/ ▸ https://booter.xyz/ ▸ https://www.webstresser.biz/ ▸ https://www.stresser.pw/ ▸ https://bootstresser.com/ ▸ https://networkstress.xyz/ ▸ https://www.stressed.host/ ▸ https://criticalsecurity.to/ ▸ https://arkstresser.com/ ▸ https://instant-stresser.com/ ▸ http://stresser.io/ ▸ https://meteor-stresser.to/
  10. 10. 未来 https://github.com/jgamblin/Mirai-Source-Code https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
  11. 11. SYN flood
  12. 12. Amplification factor TFTP: 60 CHARGEN: 358.8 NTP: 556.9 DNS: 28 TO 54 SNMP: 650 https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/ MEMCACHED: 10,000 TO 51,000 https://www.us-cert.gov/ncas/alerts/TA14-017A https://tools.ietf.org/html/rfc2827 https://tools.ietf.org/html/rfc3704
  13. 13. https://github.blog/2018-03-01-ddos-incident-report/ http://www.techrepublic.com/article/chinese-government-linked-to-largest-ddos-attack-in-github-history/
  14. 14. https://www.cnbc.com/2019/05/08/binance-bitcoin-hack-over-40-million-of-cryptocurrency-stolen.html
  15. 15. ATTACK CLASSIFICATION VOLUMETRIC ATTACKS PROTOCOL BASED ATTACKS APPLICATION LAYER ATTACKS UDP Amplification SNMP Reflection SYN flood BWRaep PING of death HTTP GET flood ICMP flood HTTP POST flood SSDP reflection Slowloris Smurf Fraggle Teardrop R.U.D.Y MIRAI Salo Shp ARME :(){ :|:& };:
  16. 16. https://theconversation.com/abss-night-of-disaster-as-servers-crash-and-millions-fail-to-complete-the-census-63737
  17. 17. ATTACK CLASSIFICATION Design Implementation Operation Application Presentation Session Transport Network Link Physical Spoofing Tampering Repudiation Information disclosure Degr. of service Elevation of privilege Damage Reproducibility Exploitability Affected users Discoverability Salo Shp
  18. 18. https://www.bloomberg.com/news/articles/2019-04-11/sensors-linked-to-737-crashes-vulnerable-to-failure-data-show Mar 10, 2019
  19. 19. “What’s in a name? That which we call a rose, By any other name would smell as sweet.” ÉMILE BOREL
 1871 - 1956
  20. 20. https://en.wikipedia.org/wiki/Punched_card A punch-card is a piece of stiff paper that can be used to contain digital data represented by the presence or absence of holes in predefined positions. ArnoldReinhold, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=16041053 1950
  21. 21. https://ieeexplore.ieee.org/abstract/document/5010257 … results are presented which suggest that random testing may often be more cost effective than partition testing schemes. 1981 - Random Testing https://dl.acm.org/citation.cfm?id=802530
  22. 22. http://www.folklore.org/StoryView.py?story=Monkey_Lives.txt A small desk accessory that used the journaling hooks to feed random events to the current application, so the Macintosh seemed to be operated by an incredibly fast, somewhat angry monkey, banging away at the mouse and keyboard, generating clicks and drags at random positions with wild abandon 1983 - The monkey STEVE CAPPS
  23. 23. https://books.google.co.il/books?isbn=1596932155 I needed to give this kind of testing a name that would evoke the feeling of random, unstructured data. After Trying out several ideas, I settled on the term “fuzz”. 1988 - Barton Miller
  24. 24. ▸ CVE-2014-6271 ▸ CVE-2014-6277 ▸ CVE-2014-6278 ▸ CVE-2014-7169 ▸ CVE-2014-7186 ▸ CVE-2014-7187 Sep 24, 2014 SHELLSHOCK (BASHDOOR)
  25. 25. FUZZERS AMERICAN FUZZY LOP (AFL) http://lcamtuf.coredump.cx/afl/ https://events.static.linuxfound.org/sites/events/files/slides/AFL%20filesystem%20fuzzing,%20Vault%202016_0.pdf
  26. 26. https://blog.mozilla.org/security/2007/08/02/javascript-fuzzer-available/ https://engineering.mongodb.com/post/mongodbs-javascript-fuzzer-creating-chaos/
  27. 27. https://google.github.io/clusterfuzz/ https://github.com/google/oss-fuzz
  28. 28. https://github.com/Netflix/SimianArmy/wiki/Chaos-Monkey
  29. 29. NUDNIK MULTILAYER DISTRIBUTION AB C Node A Node B
  30. 30. NUDNIK MESSAGE TYPES - BASELINE A B C D E 20ms 10ms 20ms 10ms 10ms 20ms 10ms 10ms ▸Tiny fingerprint ▸GRPC / REST ▸Multiplatform
  31. 31. NUDNIK MESSAGE TYPES - LOAD A B C D E 10ms 10ms 10ms ▸CPU ▸Memory ▸Disk ▸Network ▸Executable
  32. 32. NUDNIK MESSAGE TYPES - CHAOS A B C D E10% 10% +? ms ? % ▸Set failure % ▸Set latency ▸.. Or randomise
  33. 33. NUDNIK REPORTING ▸InfluxDB ▸ElasticSearch ▸Prometheus PG ▸Text csv / TTY AB TS C
  34. 34. A SCALE PLANNING / TESTING B C RuOK
  35. 35. SETUP NUDNIK - INFRASTRUCTURE HEARTBEAT ▸ https://pypi.org/project/nudnik/ ▸ pip install nudnik ▸ https://aur.archlinux.org/packages/ nudnik/ ▸ pacman -S nudnik ▸ git clone
 https://github.com/salosh/nudnik

×