SlideShare a Scribd company logo

Bash Code-Injection Briefing

Avirot Mitamura
Avirot Mitamura

Bash Code-Injection Briefing

Engineering
1 of 13
Download to read offline
“Shellshock” bash code injection vulnerability CVE-2014-6271 & CVE-2014-7169 Johannes B. Ullrich, Ph.D. jullrich@sans.edu
Outline • How important is this vulnerability? • What is the nature of the problem? • Why are there two CVE Numbers? • How do I check if I am vulnerable? • What can I do to protect myself?
The Vulnerability • The “bash” shell commonly used in Unix systems allows code execution via environment variables • Attacker has to be able to trick the user into opening bash after setting specifically crafted variables
Attack Vectors • CGI: Web servers using cgi-bin mechanism to execute bash scripts. HTTP headers sent by the attacker are converted to environment variables • SSH: Can be used to escape restricted ssh shells • DHCP: Code may be executed by DHCP Clients
What can an attacker accomplish? • The attacker will be able to execute any shell command • Only limited by user permissions (e.g. apache web server) • Exploit is easy to perform. Various PoC exploits are available
How important is this? • Patch quickly • Worry if you have web servers that run bash from cgi-bin! • Not an issue for Windows systems • Not an issue for clients. It is a server problem • This problem has been around “forever”
How could this happen? • Bash, like all shells, have environment variables • However, in bash, these variables may contain code • Bash does not correctly separate code from data • As a result, the attacker can inject additional code
Why are there two CVE Numbers • The originally reported (and fixed) problem only covered one way to inject code (Stephane Schazelas CVE-2014-6271 ) • Earlier today, a second method was found (Travis Ormandy CVE-2014-7169) • There is currently no patch for the second attack vector.
Google Searches
How do I check if I am vulnerable? • Two test strings that can be run safely while logged in on a system: env x='() { :;}; echo vulnerable' sh -c "echo this is a test”! env -i X='() { (a)=>' bash -c 'echo date'; cat echo! • Various Metasploit Modules: https://github.com/rapid7/metasploit-framework/ pull/3880! !!
How do I protect myself? • Apply the patch current patch is incomplete • Change shells from bash to alternatives (ksh, sh…) will likely break things • Apply WAF/IPS rules current public rules are lacking
Summary • The biggest exposure are bash cgi-bin scripts • Start with the Google check to find low hanging fruit • Apply the patch quickly, watch for updated patch • Inventory!
Thanks! Please send any information to https://isc.sans.edu/contact.html or email: handlers@sans.edu

Recommended

Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661snyff
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Chris Hernandez
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystackssnyff
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-PillageVeilFramework
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-FrameworkVeilFramework
 

Recommended

Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
Ruxmon cve 2012-2661
Ruxmon cve 2012-2661Ruxmon cve 2012-2661
Ruxmon cve 2012-2661snyff
 
BH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkBH Arsenal '14 TurboTalk: The Veil-framework
BH Arsenal '14 TurboTalk: The Veil-frameworkVeilFramework
 
Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Enemy at the gates: vulnerability research in embedded appliances
Enemy at the gates: vulnerability research in embedded appliances Chris Hernandez
 
A Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxA Distributed Malware Analysis System Cuckoo Sandbox
A Distributed Malware Analysis System Cuckoo SandboxAndy Lee
 
Finding Needles in Haystacks
Finding Needles in HaystacksFinding Needles in Haystacks
Finding Needles in Haystackssnyff
 
Defcon - Veil-Pillage
Defcon - Veil-PillageDefcon - Veil-Pillage
Defcon - Veil-PillageVeilFramework
 
The Veil-Framework
The Veil-FrameworkThe Veil-Framework
The Veil-FrameworkVeilFramework
 
Veil-Ordnance
Veil-OrdnanceVeil-Ordnance
Veil-OrdnanceVeilFramework
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Owasp tds
Owasp tdsOwasp tds
Owasp tdssnyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101snyff
 
How to Test PowerShell Code Using Pester
How to Test PowerShell Code Using PesterHow to Test PowerShell Code Using Pester
How to Test PowerShell Code Using PesterChris Wahl
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automationOWASP
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railssnyff
 
Nguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunterNguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunterSecurity Bootcamp
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentAlienVault
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 
Node.js introduction
Node.js introductionNode.js introduction
Node.js introductionPrasoon Kumar
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric WarfareWill Schroeder
 
Pwnstaller
PwnstallerPwnstaller
PwnstallerWill Schroeder
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
PSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShellPSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShellWill Schroeder
 
Vulnerability desing patterns
Vulnerability desing patternsVulnerability desing patterns
Vulnerability desing patternsPeter Hlavaty
 
Curriculum
CurriculumCurriculum
CurriculumMtrafalgar
 
I protagonisti - 40th FARO Meeting | 12/14 November at Fontanafredda
I protagonisti - 40th FARO Meeting | 12/14 November at FontanafreddaI protagonisti - 40th FARO Meeting | 12/14 November at Fontanafredda
I protagonisti - 40th FARO Meeting | 12/14 November at FontanafreddaFARO The International Commodities Club
 

More Related Content

What's hot

Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeilFramework
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?Peter Hlavaty
 
Owasp tds
Owasp tdsOwasp tds
Owasp tdssnyff
 
Entomology 101
Entomology 101Entomology 101
Entomology 101snyff
 
How to Test PowerShell Code Using Pester
How to Test PowerShell Code Using PesterHow to Test PowerShell Code Using Pester
How to Test PowerShell Code Using PesterChris Wahl
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahOWASP Delhi
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automationOWASP
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railssnyff
 
Nguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunterNguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunterSecurity Bootcamp
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentAlienVault
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildCTruncer
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...Hackito Ergo Sum
 
Node.js introduction
Node.js introductionNode.js introduction
Node.js introductionPrasoon Kumar
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric WarfareWill Schroeder
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?OWASP
 
PSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShellPSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShellWill Schroeder
 
Vulnerability desing patterns
Vulnerability desing patternsVulnerability desing patterns
Vulnerability desing patternsPeter Hlavaty
 

What's hot (20)

Veil-Ordnance
Veil-OrdnanceVeil-Ordnance
Veil-Ordnance
 
Veil-PowerView - NovaHackers
Veil-PowerView - NovaHackersVeil-PowerView - NovaHackers
Veil-PowerView - NovaHackers
 
How Safe is your Link ?
How Safe is your Link ?How Safe is your Link ?
How Safe is your Link ?
 
Owasp tds
Owasp tdsOwasp tds
Owasp tds
 
Entomology 101
Entomology 101Entomology 101
Entomology 101
 
How to Test PowerShell Code Using Pester
How to Test PowerShell Code Using PesterHow to Test PowerShell Code Using Pester
How to Test PowerShell Code Using Pester
 
Windows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv ShahWindows privilege escalation by Dhruv Shah
Windows privilege escalation by Dhruv Shah
 
[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation[Wroclaw #7] Security test automation
[Wroclaw #7] Security test automation
 
Ruxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to railsRuxmon feb 2013 what happened to rails
Ruxmon feb 2013 what happened to rails
 
Nguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunterNguyen phuong truong anh a story of bug bounty hunter
Nguyen phuong truong anh a story of bug bounty hunter
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
 
Ever Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the WildEver Present Persistence - Established Footholds Seen in the Wild
Ever Present Persistence - Established Footholds Seen in the Wild
 
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
[HES2013] Virtually secure, analysis to remote root 0day on an industry leadi...
 
Node.js introduction
Node.js introductionNode.js introduction
Node.js introduction
 
Adventures in Asymmetric Warfare
Adventures in Asymmetric WarfareAdventures in Asymmetric Warfare
Adventures in Asymmetric Warfare
 
Pwnstaller
PwnstallerPwnstaller
Pwnstaller
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege Escalation
 
[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?[Wroclaw #7] Why So Serial?
[Wroclaw #7] Why So Serial?
 
PSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShellPSConfEU - Building an Empire with PowerShell
PSConfEU - Building an Empire with PowerShell
 
Vulnerability desing patterns
Vulnerability desing patternsVulnerability desing patterns
Vulnerability desing patterns
 

Viewers also liked

Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013
Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013
Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013mairitsch
 
El Nuevo Orden Mundial busca la desaparición de la Iglesia Católica
El Nuevo Orden Mundial busca la desaparición de la Iglesia CatólicaEl Nuevo Orden Mundial busca la desaparición de la Iglesia Católica
El Nuevo Orden Mundial busca la desaparición de la Iglesia CatólicaRamón Copa
 
The Trusted HR Transformation Partner - Rolling Arrays
The Trusted HR Transformation Partner - Rolling ArraysThe Trusted HR Transformation Partner - Rolling Arrays
The Trusted HR Transformation Partner - Rolling ArraysRolling Arrays
 
COMERCIO ELECTRONICO
COMERCIO ELECTRONICOCOMERCIO ELECTRONICO
COMERCIO ELECTRONICOmartinceba
 
records management-brochure_v2
records management-brochure_v2records management-brochure_v2
records management-brochure_v2snbk83
 
Cooperativas e importes 2015
Cooperativas e importes 2015Cooperativas e importes 2015
Cooperativas e importes 2015Cole Navalazarza
 
Sintesis informativa 10 04 2013
Sintesis informativa 10 04 2013Sintesis informativa 10 04 2013
Sintesis informativa 10 04 2013megaradioexpress
 
JAMES THORNE Y MANUELITA SAENZ
JAMES THORNE Y MANUELITA SAENZJAMES THORNE Y MANUELITA SAENZ
JAMES THORNE Y MANUELITA SAENZguest7d55555
 
Formulario registro apicultores_declarac_apiarios
Formulario registro apicultores_declarac_apiariosFormulario registro apicultores_declarac_apiarios
Formulario registro apicultores_declarac_apiariosRuralticnova
 
Guys Just Want to Have Fun - Keys to Targeting Men on Social
Guys Just Want to Have Fun - Keys to Targeting Men on SocialGuys Just Want to Have Fun - Keys to Targeting Men on Social
Guys Just Want to Have Fun - Keys to Targeting Men on SocialHY Connect
 
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?"
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?" Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?"
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?" Allergie-frei-leben
 
Aideas booklet 2015
Aideas booklet 2015Aideas booklet 2015
Aideas booklet 2015Dang Ly
 
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...yydcug
 
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...Miodrag Ranisavljevic
 
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)Alexia Griffin
 

Viewers also liked (20)

Curriculum
CurriculumCurriculum
Curriculum
 
I protagonisti - 40th FARO Meeting | 12/14 November at Fontanafredda
I protagonisti - 40th FARO Meeting | 12/14 November at FontanafreddaI protagonisti - 40th FARO Meeting | 12/14 November at Fontanafredda
I protagonisti - 40th FARO Meeting | 12/14 November at Fontanafredda
 
Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013
Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013
Vermieterschulung "Das Ein Mal Eins des Internetmarketings - Herbst 2013
 
El Nuevo Orden Mundial busca la desaparición de la Iglesia Católica
El Nuevo Orden Mundial busca la desaparición de la Iglesia CatólicaEl Nuevo Orden Mundial busca la desaparición de la Iglesia Católica
El Nuevo Orden Mundial busca la desaparición de la Iglesia Católica
 
The Trusted HR Transformation Partner - Rolling Arrays
The Trusted HR Transformation Partner - Rolling ArraysThe Trusted HR Transformation Partner - Rolling Arrays
The Trusted HR Transformation Partner - Rolling Arrays
 
COMERCIO ELECTRONICO
COMERCIO ELECTRONICOCOMERCIO ELECTRONICO
COMERCIO ELECTRONICO
 
records management-brochure_v2
records management-brochure_v2records management-brochure_v2
records management-brochure_v2
 
Cooperativas e importes 2015
Cooperativas e importes 2015Cooperativas e importes 2015
Cooperativas e importes 2015
 
Sintesis informativa 10 04 2013
Sintesis informativa 10 04 2013Sintesis informativa 10 04 2013
Sintesis informativa 10 04 2013
 
Sevilla patios
Sevilla patiosSevilla patios
Sevilla patios
 
JAMES THORNE Y MANUELITA SAENZ
JAMES THORNE Y MANUELITA SAENZJAMES THORNE Y MANUELITA SAENZ
JAMES THORNE Y MANUELITA SAENZ
 
Formulario registro apicultores_declarac_apiarios
Formulario registro apicultores_declarac_apiariosFormulario registro apicultores_declarac_apiarios
Formulario registro apicultores_declarac_apiarios
 
Guys Just Want to Have Fun - Keys to Targeting Men on Social
Guys Just Want to Have Fun - Keys to Targeting Men on SocialGuys Just Want to Have Fun - Keys to Targeting Men on Social
Guys Just Want to Have Fun - Keys to Targeting Men on Social
 
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?"
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?" Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?"
Präsentation Allergiestudie "Was kostet der Gesellschaft eine Allergie?"
 
Aideas booklet 2015
Aideas booklet 2015Aideas booklet 2015
Aideas booklet 2015
 
Religión maya [modo de compatibilidad]
Religión maya [modo de compatibilidad]Religión maya [modo de compatibilidad]
Religión maya [modo de compatibilidad]
 
Preisliste Fassadenverkleidung
Preisliste FassadenverkleidungPreisliste Fassadenverkleidung
Preisliste Fassadenverkleidung
 
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...
Mechanistic rate decline analysis in shale gas reservoirs@dr. george stewart[...
 
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...
eRazvoj 2015 konferencija: Miodrag Ranisavljević - Poslovni Softver i Upravlj...
 
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)
Guides yoosecurity com_how_remove_fbi_moneypak_virus_malware (1)
 

Similar to Bash Code-Injection Briefing

Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
PowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsPowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsDev 010101
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012Jonathan Sinclair
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseStephan Chenette
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkVeilFramework
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureTamas K Lengyel
 
Static Code Analysis: Keeping the Cost of Bug Fixing Down
Static Code Analysis: Keeping the Cost of Bug Fixing DownStatic Code Analysis: Keeping the Cost of Bug Fixing Down
Static Code Analysis: Keeping the Cost of Bug Fixing DownAndrey Karpov
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?HackIT Ukraine
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality Andrey Karpov
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013midnite_runr
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsNETWAYS
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Stephan Chenette
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecNETWAYS
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Mandi Walls
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionNeel Pathak
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisTamas K Lengyel
 

Similar to Bash Code-Injection Briefing (20)

Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 
PowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity TopicsPowerShell Defcon for Cybersecurity Topics
PowerShell Defcon for Cybersecurity Topics
 
Shell Shock (Bash Bug)
Shell Shock (Bash Bug)Shell Shock (Bash Bug)
Shell Shock (Bash Bug)
 
State of virtualisation -- 2012
State of virtualisation -- 2012State of virtualisation -- 2012
State of virtualisation -- 2012
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
AV Evasion with the Veil Framework
AV Evasion with the Veil FrameworkAV Evasion with the Veil Framework
AV Evasion with the Veil Framework
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware Generation
 
Virtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot ArchitectureVirtual Machine Introspection in a Hyberid Honeypot Architecture
Virtual Machine Introspection in a Hyberid Honeypot Architecture
 
pentest
pentestpentest
pentest
 
Static Code Analysis: Keeping the Cost of Bug Fixing Down
Static Code Analysis: Keeping the Cost of Bug Fixing DownStatic Code Analysis: Keeping the Cost of Bug Fixing Down
Static Code Analysis: Keeping the Cost of Bug Fixing Down
 
Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?Алексей Старов - Как проводить киберраследования?
Алексей Старов - Как проводить киберраследования?
 
Static analysis as means of improving code quality
Static analysis as means of improving code quality Static analysis as means of improving code quality
Static analysis as means of improving code quality
 
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013
 
Tranning-2
Tranning-2Tranning-2
Tranning-2
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
Detecting Web Browser Heap Corruption Attacks - Stephan Chenette, Moti Joseph...
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detectionAnti-virus Mechanisms and Various Ways to Bypass Antivirus detection
Anti-virus Mechanisms and Various Ways to Bypass Antivirus detection
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 

More from Avirot Mitamura

Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Mental illness-at-work-race-en-20921
Mental illness-at-work-race-en-20921Mental illness-at-work-race-en-20921
Mental illness-at-work-race-en-20921Avirot Mitamura
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
CEH - Module 11 : Session Hijacking
CEH - Module 11 : Session HijackingCEH - Module 11 : Session Hijacking
CEH - Module 11 : Session HijackingAvirot Mitamura
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceAvirot Mitamura
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsAvirot Mitamura
 
CEH - Module 5 : System Hacking
CEH - Module 5 : System HackingCEH - Module 5 : System Hacking
CEH - Module 5 : System HackingAvirot Mitamura
 
CEH - Module4 : Enumeration
CEH - Module4 : EnumerationCEH - Module4 : Enumeration
CEH - Module4 : EnumerationAvirot Mitamura
 
Kingdom of Thailand - visa
Kingdom of Thailand - visaKingdom of Thailand - visa
Kingdom of Thailand - visaAvirot Mitamura
 
Preparation company limited registration
Preparation company limited registrationPreparation company limited registration
Preparation company limited registrationAvirot Mitamura
 
Elevate - Three Disciplines of Strategic Thinking
Elevate - Three Disciplines of Strategic ThinkingElevate - Three Disciplines of Strategic Thinking
Elevate - Three Disciplines of Strategic ThinkingAvirot Mitamura
 
Lead with-humility-krames-en-22453
Lead with-humility-krames-en-22453Lead with-humility-krames-en-22453
Lead with-humility-krames-en-22453Avirot Mitamura
 
Rising to Power of Exceptional Executives
Rising to Power of Exceptional ExecutivesRising to Power of Exceptional Executives
Rising to Power of Exceptional ExecutivesAvirot Mitamura
 
Imperial violet by poodle attacks on ss-lv3
Imperial violet by poodle attacks on ss-lv3Imperial violet by poodle attacks on ss-lv3
Imperial violet by poodle attacks on ss-lv3Avirot Mitamura
 
Excise department project_fin
Excise department project_finExcise department project_fin
Excise department project_finAvirot Mitamura
 
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550Avirot Mitamura
 
Executive presentation [4] - NHSO IT Master Plan B.C.2550
Executive presentation [4] - NHSO IT Master Plan B.C.2550Executive presentation [4] - NHSO IT Master Plan B.C.2550
Executive presentation [4] - NHSO IT Master Plan B.C.2550Avirot Mitamura
 

More from Avirot Mitamura (20)

Rpa case study 2020 r1
Rpa case study 2020 r1Rpa case study 2020 r1
Rpa case study 2020 r1
 
Ui path rpa_intro_v1
Ui path rpa_intro_v1Ui path rpa_intro_v1
Ui path rpa_intro_v1
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186
 
Mental illness-at-work-race-en-20921
Mental illness-at-work-race-en-20921Mental illness-at-work-race-en-20921
Mental illness-at-work-race-en-20921
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
CEH - Module 11 : Session Hijacking
CEH - Module 11 : Session HijackingCEH - Module 11 : Session Hijacking
CEH - Module 11 : Session Hijacking
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of Service
 
CEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and BackdoorsCEH - Module 6 : Trojans and Backdoors
CEH - Module 6 : Trojans and Backdoors
 
CEH - Module 5 : System Hacking
CEH - Module 5 : System HackingCEH - Module 5 : System Hacking
CEH - Module 5 : System Hacking
 
CEH - Module4 : Enumeration
CEH - Module4 : EnumerationCEH - Module4 : Enumeration
CEH - Module4 : Enumeration
 
Kingdom of Thailand - visa
Kingdom of Thailand - visaKingdom of Thailand - visa
Kingdom of Thailand - visa
 
Preparation company limited registration
Preparation company limited registrationPreparation company limited registration
Preparation company limited registration
 
Elevate - Three Disciplines of Strategic Thinking
Elevate - Three Disciplines of Strategic ThinkingElevate - Three Disciplines of Strategic Thinking
Elevate - Three Disciplines of Strategic Thinking
 
Lead with-humility-krames-en-22453
Lead with-humility-krames-en-22453Lead with-humility-krames-en-22453
Lead with-humility-krames-en-22453
 
Rising to Power of Exceptional Executives
Rising to Power of Exceptional ExecutivesRising to Power of Exceptional Executives
Rising to Power of Exceptional Executives
 
Imperial violet by poodle attacks on ss-lv3
Imperial violet by poodle attacks on ss-lv3Imperial violet by poodle attacks on ss-lv3
Imperial violet by poodle attacks on ss-lv3
 
Excise department project_fin
Excise department project_finExcise department project_fin
Excise department project_fin
 
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550
คู่มือจัดทำแผนแม่บทของกระทรวง ICT 2550
 
Executive presentation [4] - NHSO IT Master Plan B.C.2550
Executive presentation [4] - NHSO IT Master Plan B.C.2550Executive presentation [4] - NHSO IT Master Plan B.C.2550
Executive presentation [4] - NHSO IT Master Plan B.C.2550
 
PKI101 polk
PKI101 polkPKI101 polk
PKI101 polk
 

Recently uploaded

Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHC Sai Kiran
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIkoyaldeepu123
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 

Recently uploaded (20)

Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Introduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECHIntroduction to Machine Learning Unit-3 for II MECH
Introduction to Machine Learning Unit-3 for II MECH
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
EduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AIEduAI - E learning Platform integrated with AI
EduAI - E learning Platform integrated with AI
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 

Bash Code-Injection Briefing

  • 1. “Shellshock” bash code injection vulnerability CVE-2014-6271 & CVE-2014-7169 Johannes B. Ullrich, Ph.D. jullrich@sans.edu
  • 2. Outline • How important is this vulnerability? • What is the nature of the problem? • Why are there two CVE Numbers? • How do I check if I am vulnerable? • What can I do to protect myself?
  • 3. The Vulnerability • The “bash” shell commonly used in Unix systems allows code execution via environment variables • Attacker has to be able to trick the user into opening bash after setting specifically crafted variables
  • 4. Attack Vectors • CGI: Web servers using cgi-bin mechanism to execute bash scripts. HTTP headers sent by the attacker are converted to environment variables • SSH: Can be used to escape restricted ssh shells • DHCP: Code may be executed by DHCP Clients
  • 5. What can an attacker accomplish? • The attacker will be able to execute any shell command • Only limited by user permissions (e.g. apache web server) • Exploit is easy to perform. Various PoC exploits are available
  • 6. How important is this? • Patch quickly • Worry if you have web servers that run bash from cgi-bin! • Not an issue for Windows systems • Not an issue for clients. It is a server problem • This problem has been around “forever”
  • 7. How could this happen? • Bash, like all shells, have environment variables • However, in bash, these variables may contain code • Bash does not correctly separate code from data • As a result, the attacker can inject additional code
  • 8. Why are there two CVE Numbers • The originally reported (and fixed) problem only covered one way to inject code (Stephane Schazelas CVE-2014-6271 ) • Earlier today, a second method was found (Travis Ormandy CVE-2014-7169) • There is currently no patch for the second attack vector.
  • 10. How do I check if I am vulnerable? • Two test strings that can be run safely while logged in on a system: env x='() { :;}; echo vulnerable' sh -c "echo this is a test”! env -i X='() { (a)=>' bash -c 'echo date'; cat echo! • Various Metasploit Modules: https://github.com/rapid7/metasploit-framework/ pull/3880! !!
  • 11. How do I protect myself? • Apply the patch current patch is incomplete • Change shells from bash to alternatives (ksh, sh…) will likely break things • Apply WAF/IPS rules current public rules are lacking
  • 12. Summary • The biggest exposure are bash cgi-bin scripts • Start with the Google check to find low hanging fruit • Apply the patch quickly, watch for updated patch • Inventory!
  • 13. Thanks! Please send any information to https://isc.sans.edu/contact.html or email: handlers@sans.edu