Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker know everything about your organization? - Know the Unknowns


Published on

It is possible to create a comprehensive attack surface of any organizations just with open data available on the public internet It is possible to search vulnerable targets and compromise the targets. The organizations can be compromised without any RCE vulnerability. It is possible to create inhouse team to continuously monitor your attack surface and fix flaws before attackers find them.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

(SACON) Nilanjan, Jitendra chauhan & Abhisek Datta - How does an attacker know everything about your organization? - Know the Unknowns

  1. 1. Attacker Techniques Using Open Source Intelligence and Data Abhisek Datta Head, Security Products @ Appsecco
  2. 2. Attackers Attack What They See
  3. 3. Let's start with how attackers work An attacker wants to hack a target and for this, will perform a bunch of activities 1. Online Attack Surfaces 2. Breached Credentials 3. Known Vulnerable Software 4. (Easy to?) exploit security vulnerabilities
  4. 4. Asset Discovery From Attacker’s Perspective
  5. 5. What Attacker Sees
  6. 6. • • Who is the registrar • Where is it hosted • Self-hosted or managed e-mail service • External help desk services • 3rd party services What Attackers See – Domain Enumeration whois whois whois <IP> dig dig NS dig @NS1 MX dig @NS1 TXT
  7. 7. What Attackers See – Subdomain Enumeration • • Host-1 • Host-2 • Host-3 • Etc. amass enum –passive –d amass intel –whois –d
  8. 8. What Attackers See – Email Enumeration • • • • • • Etc. theHarvester Many more …
  9. 9. What Attackers See – Breached Credentials
  10. 10. • • • etc. What Attackers See – Breached Credentials
  11. 11. What Attackers See – Application Discovery • • • • Etc. nmap –p 80,443,8080 -sV -A –iL hosts.txt
  12. 12. What Attackers See – Technology Discovery • • App1 – Java/JavaEE • App2 – NodeJS, AngularJS • App3 – PHP • Etc. Wappalyzer npm i -g wappalyzer wappalyzer https://app1.your-
  13. 13. Domain External Services Help Desk Mailers Email Breached Credentials Hosts Apps Technologies What Attackers See – Putting it all Together Unpatched Services App VulnerabilitiesCredential Spraying Ticket Trick Credential Spraying
  14. 14. Real-life Breaches Leveraging Internet Exposure Discovery Techniques
  15. 15. Invoice Fraud
  16. 16. Publicly Accessible Cloud Storage Buckets
  17. 17. Sub-domain Take Over Static site hosted on S3 and then forgot about it :)
  18. 18. Framework / Software Vulnerabilities
  19. 19. Cloud Account Take Over
  20. 20. Automation at Scale Using Docker, Kubernetes and Cloud Native Technologies
  21. 21. An Example AppSec Workflow Domain Hosts Subdomain Enumeration CIDRASN Search DNS SPF, MX etc. Port and Service Scanning URLs Technologies Cloud Infrastructure Emails Public Breach DB Query Password Spraying Application Security Scan
  22. 22. Data Collection Analysis Inference Further Actions How does it look like from Automation Perspective? Security Tools Human + Learning Systems Human + Learning Systems Feedback Loop
  23. 23. Security Tool Workflow Rules Security Automation Automating AppSec Workflow
  24. 24. Driving the System – Events FTW! API Service HTTP POST NATS Write to NATS Message Queue Scanners (Client) Minio Object Storage Persist Output Output Analysis and Feedback Alerting and Notification Tool Output Event
  25. 25. • 3rd Party Tools are not in our control • We need to be able to • Receive input from NATS • Run tool with tool specific command line • Receive output or check for error • Persist output to Minio The Tool Adapter (Pattern)
  26. 26. 1. Package 3rd party tools as Docker containers 2. Add Tool Adapter binary and set as entrypoint 3. Write Kubernetes deployment spec (YAML) 4. Deploy to Kubernetes 5. Write YAML rules for Feedback Processing Adding a Security Tool (3rd Party)
  27. 27. Security Tool Dockerfile
  28. 28. Security Tool Kubernetes Spec (YAML)
  29. 29. Match Transform Take Action Feedback Processor (Driving the System)
  30. 30. Feedback Processor - Example
  31. 31. • State management is difficult due to asynchronous nature of the system • NATS connection issue with preemptible nodes on GKE • Capacity planning and analysis • Cost analysis Challenges, Constraints and Things to do
  32. 32. How to Contribute 1. Clone the repository from Github 2. Try out and report bugs 3. Add new security tools 4. Add feedback processor rules 5. Submit PR
  33. 33. Questions? That’s all for now.. @abh1sek