SystemsSec 2016W Lecture 5: Difference between revisions
Line 14: | Line 14: | ||
* Remi G. | * Remi G. | ||
* Ibrahim M. | * Ibrahim M. | ||
==== Scenarios ==== | |||
* '''Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack''' | |||
** Targeted System: Service & Database servers | |||
** Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture. | |||
** Goals: | |||
*** Full client information specifically financial billing information. | |||
*** Showcase that Sony does not take security seriously. | |||
*** Denial of service for PSN users. | |||
** Means: It is rumored that ex-employees with active logins managed to access the data. | |||
* '''Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack''' | |||
** Targeted System: Service & Database servers | |||
** Attackers: Employees with active administrative access. | |||
** Goals: | |||
*** Force Ashley Madison to shut down. | |||
*** Expose the true ratios of male/female user base and fake accounts. | |||
** Means: Ex-employees with full administrative access to databases. | |||
* '''Scenario #3: Military and Government Secrets''' | |||
** Targeted System: Service & Database servers | |||
** Attackers: Whistle blowers (Chelsea Manning, Edward Snowden) | |||
** Goals: | |||
*** Publicize and expose questionable practices and information to the general public. | |||
*** Sway public opinion | |||
** Means: Ex-employees with full administrative access to databases. | |||
==Remote attacker, authenticated== | ==Remote attacker, authenticated== |
Revision as of 19:32, 21 January 2016
Class discussion: threat models and attacker goals
Local attacker
Administrative attacker
Group 2
Members
- Kyle T.
- Tarek K.
- Jakub L.
- Stefan C.
- Matt G.
- Remi G.
- Ibrahim M.
Scenarios
- Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack
- Targeted System: Service & Database servers
- Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture.
- Goals:
- Full client information specifically financial billing information.
- Showcase that Sony does not take security seriously.
- Denial of service for PSN users.
- Means: It is rumored that ex-employees with active logins managed to access the data.
- Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack
- Targeted System: Service & Database servers
- Attackers: Employees with active administrative access.
- Goals:
- Force Ashley Madison to shut down.
- Expose the true ratios of male/female user base and fake accounts.
- Means: Ex-employees with full administrative access to databases.
- Scenario #3: Military and Government Secrets
- Targeted System: Service & Database servers
- Attackers: Whistle blowers (Chelsea Manning, Edward Snowden)
- Goals:
- Publicize and expose questionable practices and information to the general public.
- Sway public opinion
- Means: Ex-employees with full administrative access to databases.
Remote attacker, authenticated
Group 3
Members
- Dania Ghazal
- Ankush Varshneya
- Olivier Hamel
- Michael Lutaaya
- Ryan Morfield
- Daniel Vanderveen
- Jess Johnson
Example Scenario
Targeted System
- CIA database - find out who killed Kennedy?
Attackers
- remote authenticators
- contractors (non CIA)
Goals
- “exfiltrating data”
- exfiltrate the CIA database to find out who killed Kennedy
Means
- someone at the CIA left a node.js server running in the background :)
- ssh credentials
- use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
- look around the system for more vulnerable/outdated services to exploit
- generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
- social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
Attack Strategies
Where are the Accessible Weaknesses?
- outdated services
- any service that lets attacker execute a task as another user
How Do You Attack Them?
- user privilege escalation
- abusing service vulnerabilities
Physical attacker, authenticated
Physical attacker, unauthenticated
Remote attacker, unauthenticated
- Samuel Prashker
- Daniel Lehman
- Roman Chametka
- Derek Aubin
- Gilbert Lavergne-Shank
- Xiusan Zhou
Scenarios
- #1 - DDOS
- Scenario
- Targeted System: Web servers, or any machine connected to a network
- Attackers: Angry trolls, political warriors
- Goals: Denials of service, anger your target, hurt their financials, prove a point
- Means: LOIC, Chinese Botnet with Bitcoin
- Attack strategies
- Accessible weaknesses
- Exploitable communication paths (example: ping, login spam)
- In the case of a router, overpowering a signal by replacing it with your own higher powered signal
- How do you access them?
- Over the network
- Over the air (wireless signals)
- Accessible weaknesses
- Scenario
- #2 - Packet Sniffing
- Scenario
- Targeted System: Phones, servers, any networked device that can be sniffed
- Attackers: Exfiltrators who want getting data, corrupting data
- Goals: Exfiltration of data, snooping for data over the air
- Means: Packet sniffing tools, Wireshark,
- Attack strategies
- Accessible weaknesses
- Wireless signals would be easy to monitor
- Mission security (Msec)
- How do you access them?
- Wireless: Network cards, monitoring tools for over the air analysis
- Wired: Anywhere along the line to be able to hook in a middleman
- Accessible weaknesses
- Scenario
- #3 - Remote program already running on their service/server
- Scenario
- Targeted System: People (social engineering), known exploits (0days)
- Attackers: Blackhat hackers, whitehat hackers
- Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
- Means: Exploitable software, social engineering
- Attack strategies
- Accessible weaknesses?
- Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
- How do you access them?
- Social networks, email, phone calls, deployed payload
- Accessible weaknesses?
- Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system
- Scenario