Soma-notes - User contributions [en]

User:Sam

2016-02-11T15:57:02Z

Sam: Created page with "bruteforce"

bruteforce

SystemsSec 2016W Lecture 5

2016-01-26T15:24:36Z

Sam:

Class discussion: threat models and attacker goals

==Local attacker==

=== Group 1 ===
==== Members ====
* Abdulrahman Mufti
* Josiah Konrad
* William forest
* Andrew Belu
* Agheil Fazeli
* Brandon Hurley

==== Scenarios ====

* '''Scenario #1:'''
** Targeted System:
*** home computer - parent computer
*** > Windows 7
** Attackers:
*** sibling
*** someone who lives in the house
** Goals:
*** the little brother wants to access big brother's account
*** to access programs that the little brother doesn't have
*** play games for a loner time
** Means:
*** watching them typing the password
*** using safe mode to change the parents' password
*** change clock (to be able to play for a longer time)
*** take down security through the registry

==Administrative attacker==

=== Group 2 ===
==== Members ====
* Kyle T.
* Tarek K.
* Jakub L.
* Stefan C.
* Matt G.
* Remi G.
* Ibrahim M.

==== Scenarios ====

* '''Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack'''
** Targeted System: Service & Database servers
** Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture.
** Goals:
*** Full client information specifically financial billing information.
*** Showcase that Sony does not take security seriously.
*** Denial of service for PSN users.
** Means: It is rumored that ex-employees with active logins managed to access the data.

* '''Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack'''
** Targeted System: Service & Database servers
** Attackers: Employees with active administrative access.
** Goals:
*** Force Ashley Madison to shut down.
*** Expose the true ratios of male/female user base and fake accounts.
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #3: Military and Government Secrets'''
** Targeted System: Service & Database servers
** Attackers: Whistleblowers (Chelsea Manning, Edward Snowden)
** Goals:
*** Publicize and expose questionable practices and information to the general public.
*** Sway public opinion
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #4: This Wiki'''
** Targeted System: MediaWiki CMS
** Attackers: Students with editor privilege on the wiki.
** Goals:
*** Modify or delete other groups' entries.
** Means: Full access to edit the page using credentials given by the professor.

==== Attack Strategies ====

* '''Weaknesses'''
** Employee turnover
** Disgruntled current and ex-employees
** Economically vulnerable administrators (easy to bribe)
** Blackmail
** System Administrator neglect and/or incompetence

* '''How to Attack?'''
** Social Engineering
** If there are no safeguards in place, simply having admin access is enough to wreak havoc
** Installing backdoors to keep access to system
** Installing malicious updates and programs on users computers to siphon data and/or monitor.
** Remote monitoring of all users (including those with higher priviledge), using all available peripherals (webcams, microphones, keyboards, etc...)
** Denial of Access

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Lutaaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==
Members:

- Matthew Preston
- Jon Simpson
- Allan Luke
- Chang Xu
- Nilofar Mansourzadeh
- Noor sabri

- Targeted system
- Place of work’s system
- server(remote/local)
- Attacker
- anyone who has the “attacker goals"
- employee
- pretend to be employee
- Goals
- remotely look at data
- deny access
- destroy data
- corrupt
- social engineering
- Means
- If data is on a server, attacker needs some level of access to the data (some way to connect to the data)
- Put a physical key logger
- physically freeze system
- could look over your shoulder
- pull the plug
- physically disable verification points
- slow down system
- get admin access
- steal employee's hardware
- can get data by looking at camera feed
- steal mobile phone

- Attack strategies
- could put a physical key logger
- could take out the RAM(live)
- infect hardware and reconnect it to the system
- sell the stolen hardware
- stolen employee’s computer has auto-login
- most hardware is portable now so it’s easier to steal
- disable cameras
- record their behaviours
- accessible weaknesses
- isolated computers
- points of least physical security
- on/off devices
- somewhat easier to attack powered-on devices

==Physical attacker, unauthenticated==
* Abdul Bin Asif Niazi
* Dusan Rozman
* Sam Whiteley
* Jake Brown
* Nicholas Laws
* Miran Mirza

Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines.

'''Attack strategies:'''
* Duplicated cards
* Card Readers
* RFID readers: can be used to duplicate RFID data and steal NFC enabled bank access systems
* Radio-Frequency generator used to unlock different cards

'''Sort of attacks that can happen:'''
* Man in the middle attack on physical phone lines, people can access phone conversations by inserting some sort of hardware in a SIM card or a landline.
* Using the USB auto install feature to spread attacks, exploit this vulnerability to install software. An attacker can plug a USB thumb drive into computer and install software in order to escalate privileges.
* Phishing attack, a user can install some sort of software to reroute traffic through their system in order to collect data. A user can physically rewrite the hosts file on system to tamper with the DNS on the system and steal data.
* For secured areas such as labs a vulnerability would be the door which requires some sort of card based authentication, since this can be stolen it is vulnerable.
* Bank Machines: a lot of bank machines have a USB port in the bank and thus can get software installed on them. People can also install a card reader on top of the card slot to collect card numbers and other sensitive data.

'''Scenarios:'''
* A user gets physical access to a device using sort of card access and then physically destroys a computer (a literal denial of service attack).
* An attacker swaps a keyboard for a keylogging keyboard and uses it to steal sensitive data. They are exploiting the fact that users won't notice the change
* A user can exploit the reset feature on a router in order to gain access to it's settings, they can then go on to flash the firmware and infect all connected devices on the network.

==Remote attacker, unauthenticated==
=== Group 6 ===
==== Members ====
* Samuel Prashker
* Daniel Lehman
* Roman Chametka
* Derek Aubin
* Gilbert Lavergne-Shank
* Xiusan Zhou
* Abdulkadir Addulkadir

'''Scenarios'''
* '''#1 - DDOS'''
** Scenario
*** Targeted System: Web servers, or any machine connected to a network
*** Attackers: Angry trolls, political warriors
*** Goals: Denials of service, anger your target, hurt their financials, prove a point
*** Means: LOIC, Chinese Botnet with Bitcoin
** Attack strategies
*** Accessible weaknesses
**** Exploitable communication paths (example: ping, login spam)
**** In the case of a router, overpowering a signal by replacing it with your own higher powered signal
*** How do you access them?
**** Over the network
**** Over the air (wireless signals)
* '''#2 - Packet Sniffing'''
** Scenario
*** Targeted System: Phones, servers, any networked device that can be sniffed
*** Attackers: Exfiltrators who want getting data, corrupting data
*** Goals: Exfiltration of data, snooping for data over the air
*** Means: Packet sniffing tools, Wireshark,
** Attack strategies
*** Accessible weaknesses
**** Wireless signals would be easy to monitor
**** Mission security (Msec)
*** How do you access them?
**** Wireless: Network cards, monitoring tools for over the air analysis
**** Wired: Anywhere along the line to be able to hook in a middleman
* '''#3 - Remote program already running on their service/server'''
** Scenario
*** Targeted System: People (social engineering), known exploits (0days)
*** Attackers: Blackhat hackers, whitehat hackers
*** Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
*** Means: Exploitable software, social engineering
** Attack strategies
*** Accessible weaknesses?
**** Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
*** How do you access them?
**** Social networks, email, phone calls, deployed payload
** '''Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system'''

SystemsSec 2016W Lecture 5

2016-01-26T15:15:45Z

Sam:

Class discussion: threat models and attacker goals

==Local attacker==

=== Group 1 ===
==== Members ====
* Abdulrahman Mufti
* Josiah Konrad
* William forest
* Andrew Belu
* Agheil Fazeli
* Brandon Hurley

==== Scenarios ====

* '''Scenario #1:'''
** Targeted System:
*** home computer - parent computer
*** > Windows 7
** Attackers:
*** sibling
*** someone who lives in the house
** Goals:
*** the little brother wants to access big brother's account
*** to access programs that the little brother doesn't have
*** play games for a loner time
** Means:
*** watching them typing the password
*** using safe mode to change the parents' password
*** change clock (to be able to play for a longer time)
*** take down security through the registry

==Administrative attacker==

=== Group 2 ===
==== Members ====
* Kyle T.
* Tarek K.
* Jakub L.
* Stefan C.
* Matt G.
* Remi G.
* Ibrahim M.

==== Scenarios ====

* '''Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack'''
** Targeted System: Service & Database servers
** Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture.
** Goals:
*** Full client information specifically financial billing information.
*** Showcase that Sony does not take security seriously.
*** Denial of service for PSN users.
** Means: It is rumored that ex-employees with active logins managed to access the data.

* '''Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack'''
** Targeted System: Service & Database servers
** Attackers: Employees with active administrative access.
** Goals:
*** Force Ashley Madison to shut down.
*** Expose the true ratios of male/female user base and fake accounts.
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #3: Military and Government Secrets'''
** Targeted System: Service & Database servers
** Attackers: Whistleblowers (Chelsea Manning, Edward Snowden)
** Goals:
*** Publicize and expose questionable practices and information to the general public.
*** Sway public opinion
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #4: This Wiki'''
** Targeted System: MediaWiki CMS
** Attackers: Students with editor privilege on the wiki.
** Goals:
*** Modify or delete other groups' entries.
** Means: Full access to edit the page using credentials given by the professor.

==== Attack Strategies ====

* '''Weaknesses'''
** Employee turnover
** Disgruntled current and ex-employees
** Economically vulnerable administrators (easy to bribe)
** Blackmail
** System Administrator neglect and/or incompetence

* '''How to Attack?'''
** Social Engineering
** If there are no safeguards in place, simply having admin access is enough to wreak havoc
** Installing backdoors to keep access to system
** Installing malicious updates and programs on users computers to siphon data and/or monitor.
** Remote monitoring of all users (including those with higher priviledge), using all available peripherals (webcams, microphones, keyboards, etc...)
** Denial of Access

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Lutaaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==
* Abdul Bin Asif Niazi
* Dusan Rozman
* Sam Whiteley
* Jake Brown
* Nicholas Laws
* Miran Mirza

Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines.

'''Attack strategies:'''
* Duplicated cards
* Card Readers
* RFID readers: can be used to duplicate RFID data and steal NFC enabled bank access systems
* Radio-Frequency generator used to unlock different cards

'''Sort of attacks that can happen:'''
* Man in the middle attack on physical phone lines, people can access phone conversations by inserting some sort of hardware in a SIM card or a landline.
* Using the USB auto install feature to spread attacks, exploit this vulnerability to install software. An attacker can plug a USB thumb drive into computer and install software in order to escalate privileges.
* Phishing attack, a user can install some sort of software to reroute traffic through their system in order to collect data. A user can physically rewrite the hosts file on system to tamper with the DNS on the system and steal data.
* For secured areas such as labs a vulnerability would be the door which requires some sort of card based authentication, since this can be stolen it is vulnerable.
* Bank Machines: a lot of bank machines have a USB port in the bank and thus can get software installed on them. People can also install a card reader on top of the card slot to collect card numbers and other sensitive data.

'''Scenarios:'''
* A user gets physical access to a device using sort of card access and then physically destroys a computer (a literal denial of service attack).
* An attacker swaps a keyboard for a keylogging keyboard and uses it to steal sensitive data. They are exploiting the fact that users won't notice the change
* A user can exploit the reset feature on a router in order to gain access to it's settings, they can then go on to flash the firmware and infect all connected devices on the network.

==Remote attacker, unauthenticated==
* Samuel Prashker
* Daniel Lehman
* Roman Chametka
* Derek Aubin
* Gilbert Lavergne-Shank
* Xiusan Zhou
* Abdulkadir Addulkadir

'''Scenarios'''
* '''#1 - DDOS'''
** Scenario
*** Targeted System: Web servers, or any machine connected to a network
*** Attackers: Angry trolls, political warriors
*** Goals: Denials of service, anger your target, hurt their financials, prove a point
*** Means: LOIC, Chinese Botnet with Bitcoin
** Attack strategies
*** Accessible weaknesses
**** Exploitable communication paths (example: ping, login spam)
**** In the case of a router, overpowering a signal by replacing it with your own higher powered signal
*** How do you access them?
**** Over the network
**** Over the air (wireless signals)
* '''#2 - Packet Sniffing'''
** Scenario
*** Targeted System: Phones, servers, any networked device that can be sniffed
*** Attackers: Exfiltrators who want getting data, corrupting data
*** Goals: Exfiltration of data, snooping for data over the air
*** Means: Packet sniffing tools, Wireshark,
** Attack strategies
*** Accessible weaknesses
**** Wireless signals would be easy to monitor
**** Mission security (Msec)
*** How do you access them?
**** Wireless: Network cards, monitoring tools for over the air analysis
**** Wired: Anywhere along the line to be able to hook in a middleman
* '''#3 - Remote program already running on their service/server'''
** Scenario
*** Targeted System: People (social engineering), known exploits (0days)
*** Attackers: Blackhat hackers, whitehat hackers
*** Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
*** Means: Exploitable software, social engineering
** Attack strategies
*** Accessible weaknesses?
**** Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
*** How do you access them?
**** Social networks, email, phone calls, deployed payload
** '''Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system'''

SystemsSec 2016W Lecture 5

2016-01-26T15:15:05Z

Sam:

Class discussion: threat models and attacker goals

==Local attacker==

=== Group 1 ===
==== Members ====
* Abdulrahman Mufti
* Josiah Konrad
* William forest
* Andrew Belu
* Agheil Fazeli
* Brandon Hurley
* Abdulkadir Addulkadir

==== Scenarios ====

* '''Scenario #1:'''
** Targeted System:
*** home computer - parent computer
*** > Windows 7
** Attackers:
*** sibling
*** someone who lives in the house
** Goals:
*** the little brother wants to access big brother's account
*** to access programs that the little brother doesn't have
*** play games for a loner time
** Means:
*** watching them typing the password
*** using safe mode to change the parents' password
*** change clock (to be able to play for a longer time)
*** take down security through the registry

==Administrative attacker==

=== Group 2 ===
==== Members ====
* Kyle T.
* Tarek K.
* Jakub L.
* Stefan C.
* Matt G.
* Remi G.
* Ibrahim M.

==== Scenarios ====

* '''Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack'''
** Targeted System: Service & Database servers
** Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture.
** Goals:
*** Full client information specifically financial billing information.
*** Showcase that Sony does not take security seriously.
*** Denial of service for PSN users.
** Means: It is rumored that ex-employees with active logins managed to access the data.

* '''Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack'''
** Targeted System: Service & Database servers
** Attackers: Employees with active administrative access.
** Goals:
*** Force Ashley Madison to shut down.
*** Expose the true ratios of male/female user base and fake accounts.
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #3: Military and Government Secrets'''
** Targeted System: Service & Database servers
** Attackers: Whistleblowers (Chelsea Manning, Edward Snowden)
** Goals:
*** Publicize and expose questionable practices and information to the general public.
*** Sway public opinion
** Means: Ex-employees with full administrative access to databases.

* '''Scenario #4: This Wiki'''
** Targeted System: MediaWiki CMS
** Attackers: Students with editor privilege on the wiki.
** Goals:
*** Modify or delete other groups' entries.
** Means: Full access to edit the page using credentials given by the professor.

==== Attack Strategies ====

* '''Weaknesses'''
** Employee turnover
** Disgruntled current and ex-employees
** Economically vulnerable administrators (easy to bribe)
** Blackmail
** System Administrator neglect and/or incompetence

* '''How to Attack?'''
** Social Engineering
** If there are no safeguards in place, simply having admin access is enough to wreak havoc
** Installing backdoors to keep access to system
** Installing malicious updates and programs on users computers to siphon data and/or monitor.
** Remote monitoring of all users (including those with higher priviledge), using all available peripherals (webcams, microphones, keyboards, etc...)
** Denial of Access

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Lutaaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==
* Abdul Bin Asif Niazi
* Dusan Rozman
* Sam Whiteley
* Jake Brown
* Nicholas Laws
* Miran Mirza

Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines.

'''Attack strategies:'''
* Duplicated cards
* Card Readers
* RFID readers: can be used to duplicate RFID data and steal NFC enabled bank access systems
* Radio-Frequency generator used to unlock different cards

'''Sort of attacks that can happen:'''
* Man in the middle attack on physical phone lines, people can access phone conversations by inserting some sort of hardware in a SIM card or a landline.
* Using the USB auto install feature to spread attacks, exploit this vulnerability to install software. An attacker can plug a USB thumb drive into computer and install software in order to escalate privileges.
* Phishing attack, a user can install some sort of software to reroute traffic through their system in order to collect data. A user can physically rewrite the hosts file on system to tamper with the DNS on the system and steal data.
* For secured areas such as labs a vulnerability would be the door which requires some sort of card based authentication, since this can be stolen it is vulnerable.
* Bank Machines: a lot of bank machines have a USB port in the bank and thus can get software installed on them. People can also install a card reader on top of the card slot to collect card numbers and other sensitive data.

'''Scenarios:'''
* A user gets physical access to a device using sort of card access and then physically destroys a computer (a literal denial of service attack).
* An attacker swaps a keyboard for a keylogging keyboard and uses it to steal sensitive data. They are exploiting the fact that users won't notice the change
* A user can exploit the reset feature on a router in order to gain access to it's settings, they can then go on to flash the firmware and infect all connected devices on the network.

==Remote attacker, unauthenticated==
* Samuel Prashker
* Daniel Lehman
* Roman Chametka
* Derek Aubin
* Gilbert Lavergne-Shank
* Xiusan Zhou

'''Scenarios'''
* '''#1 - DDOS'''
** Scenario
*** Targeted System: Web servers, or any machine connected to a network
*** Attackers: Angry trolls, political warriors
*** Goals: Denials of service, anger your target, hurt their financials, prove a point
*** Means: LOIC, Chinese Botnet with Bitcoin
** Attack strategies
*** Accessible weaknesses
**** Exploitable communication paths (example: ping, login spam)
**** In the case of a router, overpowering a signal by replacing it with your own higher powered signal
*** How do you access them?
**** Over the network
**** Over the air (wireless signals)
* '''#2 - Packet Sniffing'''
** Scenario
*** Targeted System: Phones, servers, any networked device that can be sniffed
*** Attackers: Exfiltrators who want getting data, corrupting data
*** Goals: Exfiltration of data, snooping for data over the air
*** Means: Packet sniffing tools, Wireshark,
** Attack strategies
*** Accessible weaknesses
**** Wireless signals would be easy to monitor
**** Mission security (Msec)
*** How do you access them?
**** Wireless: Network cards, monitoring tools for over the air analysis
**** Wired: Anywhere along the line to be able to hook in a middleman
* '''#3 - Remote program already running on their service/server'''
** Scenario
*** Targeted System: People (social engineering), known exploits (0days)
*** Attackers: Blackhat hackers, whitehat hackers
*** Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
*** Means: Exploitable software, social engineering
** Attack strategies
*** Accessible weaknesses?
**** Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
*** How do you access them?
**** Social networks, email, phone calls, deployed payload
** '''Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system'''

SystemsSec 2016W Lecture 5

2016-01-21T16:36:09Z

Sam: Remote attacker, unauthenticated (group 6)

Class discussion: threat models and attacker goals

==Local attacker==

==Administrative attacker==

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Aaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==

==Remote attacker, unauthenticated==
* Samuel Prashker
* Daniel Lehman
* Roman Chametka
* Derek Aubin
* Gilbert Lavergne-Shank
* Xiusan Zhou

'''Scenarios'''
* '''#1 - DDOS'''
** Scenario
*** Targeted System: Web servers, or any machine connected to a network
*** Attackers: Angry trolls, political warriors
*** Goals: Denials of service, anger your target, hurt their financials, prove a point
*** Means: LOIC, Chinese Botnet with Bitcoin
** Attack strategies
*** Accessible weaknesses
**** Exploitable communication paths (example: ping, login spam)
**** In the case of a router, overpowering a signal by replacing it with your own higher powered signal
*** How do you access them?
**** Over the network
**** Over the air (wireless signals)
* '''#2 - Packet Sniffing'''
** Scenario
*** Targeted System: Phones, servers, any networked device that can be sniffed
*** Attackers: Exfiltrators who want getting data, corrupting data
*** Goals: Exfiltration of data, snooping for data over the air
*** Means: Packet sniffing tools, Wireshark,
** Attack strategies
*** Accessible weaknesses
**** Wireless signals would be easy to monitor
**** Mission security (Msec)
*** How do you access them?
**** Wireless: Network cards, monitoring tools for over the air analysis
**** Wired: Anywhere along the line to be able to hook in a middleman
* '''#3 - Remote program already running on their service/server'''
** Scenario
*** Targeted System: People (social engineering), known exploits (0days)
*** Attackers: Blackhat hackers, whitehat hackers
*** Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
*** Means: Exploitable software, social engineering
** Attack strategies
*** Accessible weaknesses?
**** Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
*** How do you access them?
**** Social networks, email, phone calls, deployed payload
** '''Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system'''

WebFund 2013W: Symbols

2013-01-14T23:00:20Z

Sam:

Question of the day: What is a symbol in a programming language?

== What could 'x' be to a programmer? ==

* Variable
* Operator
* Classes
* Constants
* Keywords
* Separator
* Namespace
* Undefined
* Function