Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup

michaelxin2015
Oct. 6, 2018
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup
1 of 21

Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup

Oct. 6, 2018
Download to read offline
Technology

We now live in a world where individuals or groups of individuals hold the same destructive power that only nation states once held. For as little as a couple of dollars an hour, fortune 500 companies and even nation states have been wiped off the Internet. The emergence of professional DDoS services is changing the threat landscape of the Internet once again. We'll take a look at DDoS tools and services and what we can do to combat them.

michaelxin2015

Recommended

Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...
Meet Remaiten : Malware Builds Botnet on Linux based routers and potentially ...APNIC478 views28 slides
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectAPNIC1.6K views30 slides
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC665 views25 slides
Cryptolocker WebcastCryptolocker Webcast
Cryptolocker WebcastOpenDNS2.3K views33 slides
DNS SecurityDNS Security
DNS Securityjohnmcclure00762 views12 slides
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS SecurityThousandEyes956 views19 slides

More Related Content

Slideshows for you

How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoSjgrahamc194.4K views29 slides
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentOpenDNS1.1K views42 slides
Angler talkAngler talk
Angler talkArtsiom Holub4.4K views29 slides
Death of Web App FirewallDeath of Web App Firewall
Death of Web App FirewallBrian A. McHenry2.1K views30 slides
Death of WAF - GoSec '15Death of WAF - GoSec '15
Death of WAF - GoSec '15Brian A. McHenry775 views33 slides
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиPositive Hack Days1.1K views28 slides

Slideshows for you(20)

How to launch and defend against a DDoSHow to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc194.4K views
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
OpenDNS1.1K views
Angler talkAngler talk
Angler talk
Artsiom Holub4.4K views
Death of Web App FirewallDeath of Web App Firewall
Death of Web App Firewall
Brian A. McHenry2.1K views
Death of WAF - GoSec '15Death of WAF - GoSec '15
Death of WAF - GoSec '15
Brian A. McHenry775 views
Мобильная связь небезопасна. Аргументы, подкрепленные фактамиМобильная связь небезопасна. Аргументы, подкрепленные фактами
Мобильная связь небезопасна. Аргументы, подкрепленные фактами
Positive Hack Days1.1K views
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan9.7K views
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
Using Algorithms to Brute Force Algorithms...A Journey Through Time and Names...
OpenDNS8.7K views
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
Christopher Gerritz149 views
Reverse Engineering Malware: A look inside Operation TovarReverse Engineering Malware: A look inside Operation Tovar
Reverse Engineering Malware: A look inside Operation Tovar
Lancope, Inc.1.5K views
Blackhat 2018 - The New Pentest? Rise of the Compromise AssessmentBlackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Blackhat 2018 - The New Pentest? Rise of the Compromise Assessment
Christopher Gerritz669 views
DNS как линия защиты/DNS as a Defense VectorDNS как линия защиты/DNS as a Defense Vector
DNS как линия защиты/DNS as a Defense Vector
Positive Hack Days899 views
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Jennifer Nichols682 views
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksTHOTCON 0x6: Going Kinetic on Electronic Crime Networks
THOTCON 0x6: Going Kinetic on Electronic Crime Networks
John Bambenek711 views
DNS VulnerabilitiesDNS Vulnerabilities
DNS Vulnerabilities
Mike Spaulding1.2K views
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
Frank Victory418 views
Zero Day Malware Detection/Prevention Using Open Source SoftwareZero Day Malware Detection/Prevention Using Open Source Software
Zero Day Malware Detection/Prevention Using Open Source Software
MyNOG3.7K views
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
Sam Bowne351 views
BSidesLV 2016 - Powershell - Hunting on the Endpoint - GerritzBSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz9K views
CNIT 50: 7. Graphical Tools & 8. NSM ConsolesCNIT 50: 7. Graphical Tools & 8. NSM Consoles
CNIT 50: 7. Graphical Tools & 8. NSM Consoles
Sam Bowne799 views

Similar to Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup

DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16Radware2.7K views37 slides
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewMarketingArrowECS_CZ378 views30 slides
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS AttackCloudflare1.1K views28 slides
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threatSensePost850 views45 slides
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...ThousandEyes1.7K views32 slides
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes439 views22 slides

Similar to Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup(20)

DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware2.7K views
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ378 views
What You Should Know Before The Next DDoS AttackWhat You Should Know Before The Next DDoS Attack
What You Should Know Before The Next DDoS Attack
Cloudflare1.1K views
Denial of services : limiting the threatDenial of services : limiting the threat
Denial of services : limiting the threat
SensePost850 views
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
ThousandEyes1.7K views
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
Wilson Rogerio Lopes439 views
DDoS Attack Preparation and MitigationDDoS Attack Preparation and Mitigation
DDoS Attack Preparation and Mitigation
Jerod Brennen3K views
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
Infradata419 views
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
Felipe Prado71 views
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga1.1K views
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf AliPLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PROIDEA115 views
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
Arun Modi156 views
DrupalCon Vienna 2017 - Anatomy of DDoSDrupalCon Vienna 2017 - Anatomy of DDoS
DrupalCon Vienna 2017 - Anatomy of DDoS
Suzanne Aldrich484 views
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
Amazon Web Services17.7K views
Atelier Technique CISCO ACSS 2018Atelier Technique CISCO ACSS 2018
Atelier Technique CISCO ACSS 2018
African Cyber Security Summit463 views
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc2K views
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
Guardicore1.2K views
DoS/DDoSDoS/DDoS
DoS/DDoS
Vihari Piratla1.2K views
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
swang2010235 views
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Professor Lili Saghafi679 views

Recently uploaded

FewShotExamples.pptxFewShotExamples.pptx
FewShotExamples.pptxAlok Ranjan20 views3 slides
AI and ML Series - Introduction to Generative AI and LLMs - Session 1AI and ML Series - Introduction to Generative AI and LLMs - Session 1
AI and ML Series - Introduction to Generative AI and LLMs - Session 1DianaGray10179 views38 slides
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdfMustafa Kuğu165 views27 slides
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docxRayJ1215 views6 slides
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...DianaGray1048 views38 slides
INASLA_AI and Landscape Architecture.pptxINASLA_AI and Landscape Architecture.pptx
INASLA_AI and Landscape Architecture.pptxJonathon Geels66 views26 slides

Recently uploaded(20)

FewShotExamples.pptxFewShotExamples.pptx
FewShotExamples.pptx
Alok Ranjan20 views
AI and ML Series - Introduction to Generative AI and LLMs - Session 1AI and ML Series - Introduction to Generative AI and LLMs - Session 1
AI and ML Series - Introduction to Generative AI and LLMs - Session 1
DianaGray10179 views
NTGapps DTB Platform.pdfNTGapps DTB Platform.pdf
NTGapps DTB Platform.pdf
Mustafa Kuğu165 views
Carrom Pool Mod APK.docxCarrom Pool Mod APK.docx
Carrom Pool Mod APK.docx
RayJ1215 views
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
AI and ML Series - Leveraging Generative AI and LLMs Using the UiPath Platfor...
DianaGray1048 views
INASLA_AI and Landscape Architecture.pptxINASLA_AI and Landscape Architecture.pptx
INASLA_AI and Landscape Architecture.pptx
Jonathon Geels66 views
GDSC23 SAC - Info Session GDSC.pptxGDSC23 SAC - Info Session GDSC.pptx
GDSC23 SAC - Info Session GDSC.pptx
SAC221 views
GDSC Final PPT.pptxGDSC Final PPT.pptx
GDSC Final PPT.pptx
DishaSharma73798420 views
What’s new in Kotlin 12-08-2023 Google IO Cairo 23What’s new in Kotlin 12-08-2023 Google IO Cairo 23
What’s new in Kotlin 12-08-2023 Google IO Cairo 23
Ahmed Nabil66 views
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)
zkStudyClub - Lasso/Jolt (Justin Thaler, GWU/a16z)
Alex Pruden17 views
Doorsvision-The-Future-of-Smart-Communities gama adj.pdfDoorsvision-The-Future-of-Smart-Communities gama adj.pdf
Doorsvision-The-Future-of-Smart-Communities gama adj.pdf
Mustafa Kuğu84 views
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
[KCD GT 2023] Demystifying etcd failure scenarios for Kubernetes.pdf
William Caban45 views
An Introduction To Using ChatGPT For BusinessAn Introduction To Using ChatGPT For Business
An Introduction To Using ChatGPT For Business
Paul Nguyen56 views
Stanford AI Report 2023Stanford AI Report 2023
Stanford AI Report 2023
Kapil Khandelwal (KK)19 views
A new era of Wi-Fi has arrivedA new era of Wi-Fi has arrived
A new era of Wi-Fi has arrived
Adtran67 views
Deploying CloudStack with CephDeploying CloudStack with Ceph
Deploying CloudStack with Ceph
ShapeBlue108 views
Generative AI PotentialGenerative AI Potential
Generative AI Potential
Kapil Khandelwal (KK)25 views
GDSC23 - Info Session GDSC KIET (1).pptxGDSC23 - Info Session GDSC KIET (1).pptx
GDSC23 - Info Session GDSC KIET (1).pptx
SnehaAggarwal40119 views
dvss.pptdvss.ppt
dvss.ppt
SaikrishnaCheruvu1354 views
Artificial Intelligence (AI).pptxArtificial Intelligence (AI).pptx
Artificial Intelligence (AI).pptx
SharifulShishir49 views

Weapons of Mass Disruption by Roman Lara for OWASP San Antonio Chapter meetup

  1. DDoS Weapons of Mass Disruption Created by: Roman Lara Sr. DDoS Security Engineer Modified Date: September 28, 2018 Classification: TLP Green
  2. 2 DoS vs DDoS www.rackspace.com DoS DDoS
  3. Targets 3www.rackspace.com Alcoy, P. (n.d.). 13th worldwide infrastructure Security Report [PDF]
  4. DDoS Evolution 4www.rackspace.com
  5. DDoS Tools
  6. 6 Rent-a-DDoS
  7. Firewall / Web-Application Firewall (WAF) • Application Vulnerability Threats - ✭✭✭ • Network Transmission Protocol Threats - ✭✭✭ • DoS Mitigation Capability - ✭✭ Ratings ✭ Weak ✭✭ Good ✭✭✭ Superior ✭✭✭✭ Best
  8. Load-Balancer • Internet Security Threats - ✭✭ • Network Protocol Threats - ✭✭✭ • DoS Mitigation Capability - ✭✭ Ratings ✭ Weak ✭✭ Good ✭✭✭ Superior ✭✭✭✭ Best
  9. IDS/IPS • Application Vulnerability Threats - ✭✭✭✭ • Network Protocol Threats - ✭✭ • DoS Mitigation Capability - ✭✭ Ratings ✭ Weak ✭✭ Good ✭✭✭ Superior ✭✭✭✭ Best
  10. Volumetric Attack 10www.rackspace.com • Easy to create attack mostly UDP traffic • ICMP and TCP SYN-ACK • Designed to saturate and overwhelm network resources, circuits etc by brute force • Small request that generates a significantly-larger response/reply • Widespread collateral damage • Common Names NTP/DNS/SSDP/, Chargen Attacks, Memcached, Ping Attack, Smurf Attack, reflection attacks, UDP flood, Reflection/Amplification Attack
  11. Volumetric Attack 11www.rackspace.com Warbot attack tool
  12. Volumetric Attack UDP/80 – UDP/123, ~50 bytes/packet Spoofed Spoofed Source: 172.19.234.6 Destinations: Multiple NTP servers NTP query: monlist UDP/123 – UDP/80, ~468 bytes/packet Non-Spoofed Sources: Multiple NTP Servers Destinations : 172.19.234.6 Reply: Up to 500 packets of monlist replies Internet accessible Servers, Routers Home CPE devices, etc. DDoS 12www.rackspace.com Impact Impact Impact Impact Impact 172.19.234.6/32
  13. State-exhaustion 13www.rackspace.com • Flood, TCP SYN, and Protocol Attacks • Flood of traffic for one or more IP protocol and protocol ports • Designed to look like normal traffic • Reflection attacks • May use spoofed source addresses or non-spoofed • Common Names • TCP Idle attacks, Challenge Collapsar (CC) attack, SYN Flood Connection Attacks
  14. State-exhaustion 14www.rackspace.com Low Orbit Ion Cannon (LOIC)
  15. State-exhaustion 15www.rackspace.com 172.19.234.6/32 SYN SYN-ACK ACK Connection Establish Down Available Connections TCP/*** – TCP/80 (e.g.), 64 bytes/packet Spoofed Sources Destination: 172.19.234.6
  16. Application Attacks 16www.rackspace.com • Designed to overwhelm applications • Targeted at a particular software component • Common attack targets HTTP servers, DNS resolvers, and SIP gateways • Low packet rate and very stealthy • Common Names • LOIC (Low Orbit Ion Cannon), HOIC (High Orbit Ion Cannon), HTTP GET floods, SIP Invite floods, DNS amplification attacks, R-U-Dead-Yet?
  17. Application Attacks 17www.rackspace.com Slowloris Attack tool
  18. Application Attacks Single Host 18www.rackspace.com 172.19.234.6/32 SYN SYN-ACK ACK Connection Establish Down Connection Pool TCP/*** – TCP/80 (e.g.), 64 bytes/packet Non Spoofed Sources Destination: 172.19.234.6 Slowloris Attack Methodology
  19. Application Attacks 19www.rackspace.com Dirt Jumper
  20. Attacks Botnet 20www.rackspace.com 172.19.234.6/32 SYN SYN-ACK ACK Connection Establish Down System Resources HTTP GET /index.php HTTP GET /index.php VERY LARGE FILE HTTP GET /index.php VERY LARGE FILE HTTP GET /index.php VERY LARGE FILE HTTP G ET /index.php VERY LARGE FILE HTTP G ET /index.php VERY LARGE FILE HTTP GET /index.php VERY LARGE FILE HTTPGET/index.phpVERYLARGEFILE HTTPGET/index.phpVERYLARGEFILE HTTPGET/index.phpVERYLARGEFILE HTTPGET/index.phpVERYLARGEFILE Malicious Signature: (Dirt Jumper) GET / HTTP/1.0 <-- randomized variable Host: [domain name] Keep-Alive: 300 Connection: keep-alive User-Agent: Opera/9.00 (Nintendo Wii; U; ; 1309-9; en) <-- randomized variable
  21. Question