Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to find Zero day vulnerabilities

2,404 views

Published on

Me and Raghu gave this presentation in February at OWASP Hyderabad Meet.

Published in: Technology

How to find Zero day vulnerabilities

  1. 1. H ow to Day erab ilities Vuln
  2. 2. Meet ...Imran & Raghu
  3. 3. They work as ... Web application security engineers
  4. 4. They train people in ...
  5. 5. They also contribute to... Null Open Security Community
  6. 6. And to ... Open Web Application Security Project
  7. 7. OK, Lets start
  8. 8. Before we do that ..
  9. 9. The following presentation can cause severe exposure to high octane gyan (knowledge) and could leaveparticipants exhausted with wild ideas
  10. 10. Also You may end up in ...
  11. 11. With lots of ...
  12. 12. and
  13. 13. And of course, Knowledge ...
  14. 14. beginOk ,Lets
  15. 15. What is Zero day ? Zero-day attacks occur during thevulnerability window that exists in thetime between when a vulnerability is firstexploited and when software developersstart to develop a counter to that threat Source : wikipedia
  16. 16. Vulnerabilities infamous applications
  17. 17. Vulns in Drupal
  18. 18. Vulns in Wordpress
  19. 19. Vulns in Joomla
  20. 20. How its generally done ? Target : 0 day vulnerability Fuzzin g diting ode AuSource c
  21. 21. Methodology
  22. 22. Know your enemy
  23. 23. Set up the Attacking environment
  24. 24. Study the architecture
  25. 25. Source Code Auditing
  26. 26. Requirements
  27. 27. Lots a n d lots of pat ience
  28. 28. Attitude of
  29. 29. en ;) an dP bookNo te
  30. 30. Source code Auditing Analyze the entry points Identify vulnerable Functions Analyze Input Validations. Cross check the findings
  31. 31. The entry points
  32. 32. More ...
  33. 33. Few more ...
  34. 34. Exec call
  35. 35. RIPS output
  36. 36. What is Fuzzing ?Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, orrandom data to the inputs of a computer program. The programis then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzingis commonly used to test for security problems in software orcomputer systems.
  37. 37. What exactly it is ?1. No Rules for fuzzing2. No guarantee for fuzzing
  38. 38. Fuzzing Methods1. Sending random data2. Manual protocol mutation3. Bruteforce testing4. Automatic protocol generation testing
  39. 39. Fuzzing life cycle1. To find bug2. To find 0 day/write exploit3. Fuzzer death
  40. 40. Fuzzing process1. Identify target2. Identify inputs3. Generate fuzz data4. Execute fuzz data5. Monitor for exceptions6. Determine exploitability
  41. 41. Fuzzing Payloads Find the entry points SQL Injection XSS CSRF Command Injection Click Jacking with Drag and drop
  42. 42. JBroFuzz
  43. 43. Tools for Source code auditing The mighty grep RIPS RATS
  44. 44. Tools for FuzzingJBroFuzzBurp SuiteWebScarab
  45. 45. Further Reading[1]. OWASP Testing Guide[2]. OWASP Development Guide[3]. OWASP.org
  46. 46. So you know now* what is a zero day ?* what is the methodology used ?* Information gathering of the application or product* Discovered or previous vulnerabilities of product* Study the architecture of product
  47. 47. * Identify the input points* Source code review* Source code review (one demo) demo of RIPS and grep* Fuzzing* Fuzzing (one demo) demo of JBroFuzz* Tools used for code review and Fuzzing
  48. 48. Questions ?हैकर हैक्या ? हैकर
  49. 49. Thanksimran.mohammed@owasp.orgraghunath24@gmail.com

×