Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Gone in 60 minutes – Practical Approach to Hacking an Enterprise with Yasuo
1. A Practical Approach to Hacking an
Enterprise with
YASUO
Saurabh Harit {@0xsauby}
Stephen Hall {@_stephen_h}
2. root@msf:~$>getuid
Saurabh Harit (@0xsauby)
Director of Security Research @Security Compass
Pentester i.e. Domain Admin at many companies
Have a secret crush on reverse engineering
Gym freak / Proud father of two beautiful dogs
Stephen Hall (@_stephen_h)
Security Consultant @Security Compass
…
…
Owner of a Christmas hat
4. Scenario
You’re on a red-team
engagement
You’ve bypassed
physical security
You’ve bypassed NAC
What next? How would
you pwn the network?
Vulnerability scanner?
5. The Problem
Can’t use network vulnerability scanner
Have to be Stealth & Quick
Can’t use Google dorks (internal network)
site, link, inurl
6. Where do $hells come
from?
It’s not about what,
it’s about WHERE
15. YASUO
what???
Written in ruby
Did not write it on our flight here
Scans the network for vulnerable
applications
Currently supports around 100+
vulnerable applications
All currently supported apps are
Metasploit-able
16. Why Yasuo
Because there are tons of vulnerable
applications and its not easy to find them
18. What’s currently out there
Nikto by Chris Sullo
https://www.cirt.net/Nikto2
Nmap script – http-enum.nse by Ron Bowes,
Andrew Orr, Rob Nicholls
http://nmap.org/nsedoc/scripts/http-enum.html
Nmap script – http-default-accounts.nse by
Paulino Calderon
https://www.nmap.org/nmap-exp/
calderon/scripts/http-default-accounts.nse
25. RaNdOmIzAtIoN!!!
More robust check to detect false positives
Properly formatted output table
More application signatures
Signatures for IP Cameras / Encoder /
Decoders
Modular & Cleaned-up Code – if there is any
such thing
29. Future Development
Smarter version detection
Support masscan output format (because y’all love to scan the
Interwebs)
Add support for more vulnerable applications, Ofcourse
Add secondary signature
Make current crappy code modular
Add multi-threading
Add support for vFeed???
Change format of default path file – CSV to YAML? or JSON?
30. CFH (cry for help)
Signatures Signatures Signatures & Signatures
Please submit application signatures:
Post a comment on Github
Update default path file on Github
Drop us an Email
Send a Pigeon.