SystemsSec 2016W Lecture 5: Difference between revisions
Created page with "Class discussion: threat models and attacker goals ==Local attacker== ==Administrative attacker== ==Remote attacker, authenticated== ==Physical attacker, authenticated== ..." |
Jessjohnson (talk | contribs) |
||
| Line 6: | Line 6: | ||
==Remote attacker, authenticated== | ==Remote attacker, authenticated== | ||
=== Group 3 === | |||
====Members==== | |||
* Dania Ghazal | |||
* Ankush Varshneya | |||
* Olivier Hamel | |||
* Michael Aaya | |||
* Ryan Morfield | |||
* Daniel Vanderveen | |||
* Jess Johnson | |||
====Example Scenario==== | |||
'''Targeted System''' | |||
* CIA database - find out who killed Kennedy? | |||
'''Attackers''' | |||
* remote authenticators | |||
* contractors (non CIA) | |||
'''Goals''' | |||
* “exfiltrating data” | |||
* Exfiltrate the CIA database to find out who killed Kennedy | |||
'''Means''' | |||
* someone at the CIA left a node.js server running in the background :) | |||
* ssh credentials | |||
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges | |||
* look around the system for more vulnerable/outdated services to exploit | |||
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp) | |||
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason | |||
====Attack Strategies==== | |||
'''Where are the Accessible Weaknesses?''' | |||
* outdated services | |||
* any service that lets attacker execute a task as another user | |||
'''How Do You Attack Them?''' | |||
* user privilege escalation | |||
* abusing service vulnerabilities | |||
==Physical attacker, authenticated== | ==Physical attacker, authenticated== | ||
Revision as of 16:16, 21 January 2016
Class discussion: threat models and attacker goals
Local attacker
Administrative attacker
Remote attacker, authenticated
Group 3
Members
- Dania Ghazal
- Ankush Varshneya
- Olivier Hamel
- Michael Aaya
- Ryan Morfield
- Daniel Vanderveen
- Jess Johnson
Example Scenario
Targeted System
- CIA database - find out who killed Kennedy?
Attackers
- remote authenticators
- contractors (non CIA)
Goals
- “exfiltrating data”
- Exfiltrate the CIA database to find out who killed Kennedy
Means
- someone at the CIA left a node.js server running in the background :)
- ssh credentials
- use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
- look around the system for more vulnerable/outdated services to exploit
- generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
- social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
Attack Strategies
Where are the Accessible Weaknesses?
- outdated services
- any service that lets attacker execute a task as another user
How Do You Attack Them?
- user privilege escalation
- abusing service vulnerabilities