OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureNETWAYS
Since the beginning of publications by Edward Snowden last year many of the presumedly exaggerated threat models in cryptography have become reality. When operating sensitive services it's more likely than not that communcation data will be tapped at large carriers as well as internet exchanges and stored indefinitily - this calls for strong and forward-secure encryption.
On the other hand we're faced with the problem that much of the software we're using in the datacenter today is not very secure when it comes to default encryption settings. On top of that, most developers and system administrators are not very fluent in the basic workings of encryption systems.
The talk will give an introduction to SSL/TLS and explain how to check for weaknesses in existing services with tools like nmap, sslscan and sslyze. For common daemons like apache, nginx, exim, postfix and dovecot best practice on improving cryptographic strength will be discussed.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureNETWAYS
Since the beginning of publications by Edward Snowden last year many of the presumedly exaggerated threat models in cryptography have become reality. When operating sensitive services it's more likely than not that communcation data will be tapped at large carriers as well as internet exchanges and stored indefinitily - this calls for strong and forward-secure encryption.
On the other hand we're faced with the problem that much of the software we're using in the datacenter today is not very secure when it comes to default encryption settings. On top of that, most developers and system administrators are not very fluent in the basic workings of encryption systems.
The talk will give an introduction to SSL/TLS and explain how to check for weaknesses in existing services with tools like nmap, sslscan and sslyze. For common daemons like apache, nginx, exim, postfix and dovecot best practice on improving cryptographic strength will be discussed.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.
A presentation about how we can make the Internet hard to monitor - how we can and should encrypt more communication. This version includes a presentation of the TLS protocol.
Changes in 2.2: Added quotes from Viktor Dukhovni's IETF RFC 7435 about Opportunistic Security
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
These are the slides of a talk by John Bambenek at THOTCON 0x5 in Chicago.
Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
Session slides from Future Insights Live, Vegas 2015:
https://futureinsightslive.com/las-vegas-2015/
So many network intrusions, so many email spools made public. Remember HBGary, Stratfor, 'The Fappening', Sony Pictures hacks? How about the Snowden Files? The potential liabilities of communicating in plain text has become too expensive to continue to do so. Zero-Knowledge systems can be made useful, elegant even. The problem with putting privacy first in our communications tools is that most of the existing privacy applications were created by crypto-nerds, most of whom have never overlapped with the world of UX. In this talk, Privacy will be put at the core of application design by way of new metaphors for arcane cryptography jargon (that few endusers understand). Using frameworks and services created for this new 'privacy first' era, your application can be built in a way that removes liability, is regulatory-compliant and elegant.
THOTCON 0x6: Going Kinetic on Electronic Crime NetworksJohn Bambenek
Defensive security is a rat race. We detect new threats, we reverse engineer them and develop defenses while the bad guys just make new threats. We often just document a new threat and stop when the blog post is published. This talk will take it a step further on how to proactively disrupt threats and threat actors, not just from your organization but completely. As a case study, Operation Tovar and whatever else I take down between now and THOTCON will be used as examples of how this can be accomplished without a large legal team and without massive collateral damage (i.e. the No-IP incident). Tools will be demonstrated that are used for near-time surveillance of criminal networks.
A presentation about how we can make the Internet hard to monitor - how we can and should encrypt more communication. This version includes a presentation of the TLS protocol.
Changes in 2.2: Added quotes from Viktor Dukhovni's IETF RFC 7435 about Opportunistic Security
Thotcon 0x5 - Retroactive Wiretapping VPN over DNSJohn Bambenek
These are the slides of a talk by John Bambenek at THOTCON 0x5 in Chicago.
Imagine your first day at a client site and you spend your time figuring out what’s going on with the network. You query passive DNS to find tons of apparently VPN over DNS endpoints on your network. What starts as a simple incident investigation process sees the tables turned on those who used the protocol to hide their tracks. This talk will discuss reverse engineering VPN over DNS (vpnoverdns.com) and how weaknesses in using DNS tunneling makes it trivial to retroactively wiretap all communications over the protocol long after the fact.
HITCON 2015 - DGAs, DNS and Threat IntelligenceJohn Bambenek
Domain Generation Algorithms (DGAs) and DNS provide a layer of resilience to botnets and malware. They also provide new and novel ways to monitor and surveil malicious networks. This talk will discuss methods you can use to turn DGAs and DNS against malware operators in order to better protect your enterprise.
Session slides from Future Insights Live, Vegas 2015:
https://futureinsightslive.com/las-vegas-2015/
So many network intrusions, so many email spools made public. Remember HBGary, Stratfor, 'The Fappening', Sony Pictures hacks? How about the Snowden Files? The potential liabilities of communicating in plain text has become too expensive to continue to do so. Zero-Knowledge systems can be made useful, elegant even. The problem with putting privacy first in our communications tools is that most of the existing privacy applications were created by crypto-nerds, most of whom have never overlapped with the world of UX. In this talk, Privacy will be put at the core of application design by way of new metaphors for arcane cryptography jargon (that few endusers understand). Using frameworks and services created for this new 'privacy first' era, your application can be built in a way that removes liability, is regulatory-compliant and elegant.
Since the beginning of publications by Edward Snowden last year many of the presumedly exaggerated threat models in cryptography have become reality. When operating sensitive services it's more likely than not that communcation data will be tapped at large carriers as well as internet exchanges and stored indefinitily - this calls for strong and forward-secure encryption.
On the other hand we're faced with the problem that much of the software we're using in the datacenter today is not very secure when it comes to default encryption settings. On top of that, most developers and system administrators are not very fluent in the basic workings of encryption systems.
The talk will give an introduction to SSL/TLS and explain how to check for weaknesses in existing services with tools like nmap, sslscan and sslyze. For common daemons like apache, nginx, exim, postfix and dovecot best practice on improving cryptographic strength will be discussed.
OSDC 2014: Michael Renner - Secure encryption in a wiretapped futureNETWAYS
Since the beginning of publications by Edward Snowden last year many of the presumedly exaggerated threat models in cryptography have become reality. When operating sensitive services it's more likely than not that communcation data will be tapped at large carriers as well as internet exchanges and stored indefinitily - this calls for strong and forward-secure encryption.
On the other hand we're faced with the problem that much of the software we're using in the datacenter today is not very secure when it comes to default encryption settings. On top of that, most developers and system administrators are not very fluent in the basic workings of encryption systems.
The talk will give an introduction to SSL/TLS and explain how to check for weaknesses in existing services with tools like nmap, sslscan and sslyze. For common daemons like apache, nginx, exim, postfix and dovecot best practice on improving cryptographic strength will be discussed.
This presentation is in English; the announcement (beneath) & talk were in Dutch (NL)
OpenTechTalks | Ethisch hacken met Kali
Overheden, bedrijven en particulieren worden steeds kwetsbaarder voor aanvallen van black hat hackers, criminelen die de lekken in computers uitbuiten voor geldgewin of louter om schade te veroorzaken. Daartegenover staan de white hat hackers: zij testen computersystemen op fouten en dichten de lekken voordat malafide hackers inbreken. Tijl Deneut (UGent/Howest) geeft een overzicht van welke vormen van cybercriminalteit er bestaan en hoe je je ertegen kunt wapenen. De focus ligt op Kali Linux, een besturingssysteem dat honderden beveiligings- en testprogramma's bundelt. Volgende vragen komen aan bod: hoe installeer je Kali Linux? Hoe kun je in een veilige omgeving testen? Is ethisch hacken eigenlijk wel legaal? Algemene IT-kennis is aangewezen. Achteraf drinken we een glas in het café van Vooruit.
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
Kevin Johnson, John Sawyer and Tom Eston have spent quite a bit of time evaluating mobile applications in their respective jobs. In this presentation they will provide the audience an understanding of how to evaluate mobile applications, examples of how things have been done wrong and an understanding of how you can perform this testing within your organization.
This talk will work with applications from the top three main platforms; iOS, Android and Blackberry. Kevin, Tom and John have used a variety of the top 25 applications for each of these platforms to provide real world examples of the problems applications face.
The EternalBlue Exploit: how it works and affects systemsAndrea Bissoli
The purpose of this report is to focus on one particular aspect of a WannayCry malware in order to understand which vulnerability it ex- ploited and how it is spread into the internet. In the report it will be shown EternalBlue attack and how it is possible to take the pc control thanks to DoublePulsar attack and Meterpreter session. Than it is shown a study case in which it is performed a pivoting attack. In the end it is injected simple keyloggers in the machines attacked in order to take some useful informations.
The Iron triangle was initially about the policy making relationships in US politics fixed relationships between congressional committees, bureaucracy & interest groups.
In security it became a short hand for the relationship between ease of use, performance and security.
Unfortunately this had a negative impact on the industry as it lead to the belief that you had a fixed trade off between security, ease of use and performance.
Cosa sono i microservizi? Perché li devo usare? Sono una moda? In alcuni dicono che siano una soluzione "standard", altri dicono che non si dovrebbero usare, altri ne negano l'esistenza... Ma chi sviluppa software e deve portare a casa un po' di software che funziona... cosa deve fare?
Proviamo a vedere e a capire da dove arrivano, cosa sono e quali caratteristiche hanno, in modo da fare in ogni contesto una scelta una consapevole.
Describe briefly the OSI Reference model and its relevance to computer security. [4 Marks]
• Ans 1: The Open System Interconnection Model (OSI) is a standardized framework for describing how computers communicate with each other over a network system. The OSI model also conceptualizes how data flows through a stack of seven layers, beginning with the physical layer and continuing through the datalink, network, transport, session, presentation, and finally the application layer (Simoneau, 2006)
BSides Philly Finding a Company's BreakPointAndrew McNicol
We cover modern day hacking techniques to establish a foothold into a target network. This is a great introduction to hacking techniques to those new to pentesting, with hopes of breaking the mindset of "scan then exploit".
BSidesJXN 2016: Finding a Company's BreakPointAndrew McNicol
We discuss tips and tricks we have picked up along our way performing penetration tests and red teaming engagements. We also cover 5 main ways we break into a company.
"Cryptography, Data Protection, and Security For Start-Ups In The Post Snowde...HackIT Ukraine
The revelations of the Snowden Leaks and other events in modern internet times have resulted in a need for developers and security professionals working on start-up companies to rethink not just security policies and procedures but overall architecture more broadly. Cryptographic systems in communications systems have seen the largest architectural changes. However, changes are also required in data storage architecture and even networking architecture.
This talk will discuss means and methodologies for building secure, robust, and resilient start-up computing architectures. Common attacks that impact startups, data compromises, and DDoS attacks will be discussed. The impact of the required adaptations in infrastructure and software design on existing common business models, like AdRev, will be touched on.
Deja vu security Adam Cecchetti - Security is a Snapshot in Time BSidesPDX ...adamdeja
As the air gap between our daily lives and the Internet continues to shrink the security of our personal data and devices grows in importance. We are facing the daily threat of putting 2000s era computers bolted to toasters online while expecting them to defend against 2017 capable attackers. This talk will explore the continuing trend of IoT, discuss how we’ve been here before, and layout strategies for keeping pace with attackers in the future. This talk will focus on enumerating this risk, discuss the challenges involved, and explore solutions.
First, we will examine this history of how we got here, and what it means to say “security is a snapshot in time.” We then introduce the idea of shared ken – the range of one’s knowledge or sight – and how it impacts security. Third, we discuss the influence of data as code, the meta game, and secrecy as a way of mastering impact and ken.
This talk will allow attendees to walk away with
A holistic view of the history of computer security and how it impacts them today
The importance of extending the range of collective vision to reduce blind spots
Practical advice for BSiders to grow their mindset and improve their impact
Adam is a founding partner and Chief Executive Officer at Deja vu Security. He is dedicated to the leadership and relentless innovation in Deja’s products and services. Previously he has lead teams conducting application and hardware penetration tests for the Fortune 500 technology firms. Adam is a contributing author to multiple security books, benchmarks, tools, and DARPA research projects. Adam holds a degree in Computer Science and a Masters from Carnegie Mellon University in Information Networking.
Similar to Keynote - Closing the TLS Authentication Gap (20)
5. So how did this happen? It’s Microsoft’s fault! Answered a question in a forum… Which turned into a series of interesting discussions over the summer about MitM Eventually, Marsh got fed up and went spelunking in mod_ssl
6. /* To allow authentication to complete in this auth hook, the * solution used here is to fill a (bounded) buffer with the * request body, and then to reinject that request body later. */ if (renegotiate && !renegotiate_quick && (apr_table_get(r->headers_in, "transfer-encoding") || (apr_table_get(r->headers_in, "content-length") && strcmp(apr_table_get(r->headers_in, "content-length"), "0"))) && !r->expecting_100) { intrv; /* Fill the I/O buffer with the request body if possible. */ rv = ssl_io_buffer_fill(r); ...
8. That can’t be right… Buffering and replaying a request seemed… scary So, I decided to make sure authentication continuity was maintained across the renegotiation. Imagine my surprise when I couldn’t find a clear answer.
9. 7.4.1. Hello Messages ... compression algorithms are initialized to null. The current connection state is used for renegotiation messages. 7.4.1.2. Client Hello When this message will be sent: When a client first connects to a server, it is required to send the ClientHello as its first message. The client can also send a ClientHello in response to a HelloRequest or on its own initiative in order to renegotiate the security parameters in an existing connection. RFC 5246: Strangely quiet on renegotiation
16. Three attacks Client certificate-based attack Client certificates can trigger renegotiation Upgrade attack Different-strength crypto requirements can lead to renegotiation Client-initiated attack In theory, a client could start a renegotiation at any time
17. But wait, there’s more! Browsers don’t always validate the server cert before handing out the client cert! Therefore, a client cert can effectively be forwarded to any server on the net that accepts it Browsers don’t always prompt for client certificates when they make can make an “intelligent” choice Victim never knows what hit him
18. OK, does it matter? We struggled to assess scope and impact… Client certificate – first finding; mitigation painful Upgrade attack – cute, but… meh… Client-initiated – almost an afterthought at this point Not absolutely sure it would even work
19. Is Renegotiation worth saving? Disabling renegotiation completely would be: Easy Effective Solve about 95% of the problem Will it ever come back? IP Source Routing, anyone?
31. Disclosure plan Decided on a phased disclosure plan: Disclose a few respected security gurus Disclose to SSL code owners and start a fix Widen the circle carefully over time Hope for a controlled public disclosure
32. The NDA Everyone told us we were insane to want an NDA, until… …they heard about the flaw! We wanted pressure on vendors Intentionally written to expire on 1/31/2010.
33.
34. "Both the insider and his friend were active members of the hacking group, and regularly attended the organization’s meetings. They used IRC channels to communicate back and forth with one another and relay information under assumed hacker names in an attempt to mask their identities."
35. First, we asked Frank Heidt of Leviathan Security, Who confirmed our intuition about the impact of this vuln:
36.
37. Extraordinary claims require extraordinary proof Ponytail immediately began flapping wildly. Took up smoking again. Frank referred us to lots of helpful people, including: Jon Callas, as an independent security review Ben Laurie, for obvious reasons Dan Geer, Kerberos Jennifer Granick @ EFF
38. We thought we needed a plan. Turns out, we needed several. Plan A: Get code owners together and tell them all at once, under NDAs Drawback: Needed people besides coders
39. Plan B: Get programmers and limited support people to Mountain View and disclose all at once under NDA Drawbacks: Vendors needed to know the bug before committing Vendors needed some time to assess impact in order to figure out who needed to be involved
40. Plan C: Disclose bug to code owners and limited support personnel under NDA and then go to Mountain View to work out the details Drawback: Had trouble getting some companies under NDA
41. Plan D: Disclose in advance to the fewest people possible (coders, PSIRT managers, …) under group NDAs such as ICASI and Google then get people to Mountain View to work out the details in a week or two
42. Disclosure All disclosures were completed within about a week Disclosed to Ben Laurie Reproduced across the Internet, tempting the demo gods Tried to disclose to IBM: NDA fail Disclosed to Microsoft next
43. ICASI Pointed to ICASI by Frank, IBM, and Microsoft Disclosed to Steve Manzuik of Juniper/ICASI, leading to: Microsoft Intel Cisco Juniper Nokia IBM
44. Exceptions There were a few notable exceptions: Red Hat lawyers worked the weekend! Sun : “Type your vuln here and hit submit ok thx bye” Apple: We didn’t realize they had their own TLS code Others, due to an attempt to limit scope
45. Mogul meeting: September 28, 2009 About 45 people representing about a dozen organizations Description and captures, again Severity and impact Lots of time spent on client-initiated renegotiation Solution discussion Rescorla, Oskov, and Dispensa/Ray had identical proposals
46. Proposed solution The obvious solution was to bind the cryptographic state from the previous handshake to the current one This is easy: Resend the verify_data from the previous Finished message Already cryptographically secure Already under consideration as a “channel binding” Not a perfect solution, however: Requires a TLS extension Requires additional storage (bad for silicon?)
47. Post-conference work Turns out it’s hard to organize a private, cross-vendor, ad-hoc team! Manzuik requisitioned help from Paul Vixie / OpSecTrust Manzuik set up [mogul-private] and a PGP keyring We set up a private SILC channel Good initial discussion on the lists, but vendor engagement dropped off quickly No data!
48. Initial implementations of safe renegotiation Nasko Oskov from Microsoft had a working implementation quickly Eric Rescorla provided code for OpenSSL Dispensa worked up a patch for GNUTLS We suspect others were making progress
50. Timeline tension Work was going really slowly January 31 “couldn’t possibly work” Not a Patch Tuesday Not a weekday BlackHat / ShmooCon By late October, Steve was on repeated ICASI calls Insisting that we postpone publishing Our position was unchanged officially Meanwhile, Marsh and Steve started to argue about scenarios
52. So, we were all minding our own business, when…
53. To: tls at ietf.org Subject: [TLS] MITM attack on delayed TLS-client auth through renegotiation From: Martin Rex <Martin.Rex at sap.com> Date: Wed, 4 Nov 2009 18:28:00 +0100 (MET) After elaborating so much about the client cert authentication through renegotiation with Microsoft IIS, I'm beginning to believe that there is a potential security problem with that scheme, because it is susceptible to a MITM attack. ... [TLS] turns into Full-Disclosure
54. Hilarity ensues Dispensa calls Martin Rex Project Mogul is notified in a very tense call Vendors Hope It Goes Away™ Vendors end by insisting that it would be “extremely irresponsible” to publish After all, “nobody will notice.”
61. Initial reactions were… mixed. “The sky is not falling” –Moxie Marlinspike It’s just like CSRF! (Whew! … Whew?) “Most, if not all, major web applications have implementation level protections against CSRF… Those protection measures are effective against this new SSL man in the middle attack. Therefore, this vulnerability has minimal security impact for most websites and Internet users.” –Tom Cross, IBM ISS
65. Coming to terms with the bug Yeah, but who cares? The 41% of users who use the same password for Twitter as they use for… everything! More importantly - you can’t tell what will be broken In the end, the confusion was our fault
67. IETF ID ready day 1 Flawed: undercounted SSLv3 No extensions! Post-disclosure, Benn Bollay from F5 shared data: 22%! Tons of e-mails on the IETF list Practically a full-time job for Marsh Finally, we added SCSV to address old servers RFC 5746 very soon!
73. Security bugs are a no-win situation Traumatic for vendors Not great for researchers Worst, of course, for the users This was a really hard process – hard to balance lots of competing interests
74. There are other (bigger?) problems with SSL PKI is great in theory, but: ~200 trusted root certificates in Firefox – do you trust them all? There will never be a solution to the dancing bunnies problem Applies to Business Bunnies too! Sometimes, root CA’s do this:
75.
76. We needed hard data We had no success getting vendors to contribute data Would have been extremely helpful to know about SSLv3 prevalence before the IETF process Does client-initiated renegotiation ever happen?
77. IETF security process? It has been suggested that the IETF security review process is broken. If it is, this bug isn’t why: SSL was a Netscape creation SSLv3 was utterly ownerless for years The IETF did find it, a few months after us The IETF could have done a better job adopting SSL
78. One last lesson This one goes out to the slow/no-disclosure crowd with our compliments:
79.
80. So Marsh emailed Pavel Kankovsky and: "I had some free time during the last days of 2006 and wrote the PoC exploit to carry out an experimental verification of the vulnerability. It was easier than I had expected because I found a clever way to makeOpenSSLcooperate. “The exploit was finished on January 3, 2007."
81. One last question for you Did we achieve our goal of minimizing the world’s exposure to the bug?