SystemsSec 2016W Lecture 5: Difference between revisions
Miranmirza (talk | contribs) |
Miranmirza (talk | contribs) |
||
Line 105: | Line 105: | ||
==Physical attacker, unauthenticated== | ==Physical attacker, unauthenticated== | ||
Abdul Bin Asif Niazi | * Abdul Bin Asif Niazi | ||
Dusan Rozman | * Dusan Rozman | ||
Sam Whiteley | * Sam Whiteley | ||
Jake Brown | * Jake Brown | ||
Nicholas Laws | * Nicholas Laws | ||
Miran Mirza | * Miran Mirza | ||
Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines. | Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines. | ||
'''Attack strategies:''' | '''Attack strategies:''' | ||
* Duplicated cards | |||
* Card Readers | |||
* RFID readers: can be used to duplicate RFID data and steal NFC enabled bank access systems | |||
* Radio-Frequency generator used to unlock different cards | |||
'''Sort of attacks that can happen:''' | '''Sort of attacks that can happen:''' | ||
* Man in the middle attack on physical phone lines, people can access phone conversations by inserting some sort of hardware in a SIM card or a landline. | |||
* Using the USB auto install feature to spread attacks, exploit this vulnerability to install software. An attacker can plug a USB thumb drive into computer and install software in order to escalate privileges. | |||
* Phishing attack, a user can install some sort of software to reroute traffic through their system in order to collect data. A user can physically rewrite the hosts file on system to tamper with the DNS on the system and steal data. | |||
* For secured areas such as labs a vulnerability would be the door which requires some sort of card based authentication, since this can be stolen it is vulnerable. | |||
* Bank Machines: a lot of bank machines have a USB port in the bank and thus can get software installed on them. People can also install a card reader on top of the card slot to collect card numbers and other sensitive data. | |||
'''Scenarios:''' | '''Scenarios:''' | ||
* A user gets physical access to a device using sort of card access and then physically destroys a computer (a literal denial of service attack). | |||
* An attacker swaps a keyboard for a keylogging keyboard and uses it to steal sensitive data. They are exploiting the fact that users won't notice the change | |||
* A user can exploit the reset feature on a router in order to gain access to it's settings, they can then go on to flash the firmware and infect all connected devices on the network. | |||
==Remote attacker, unauthenticated== | ==Remote attacker, unauthenticated== |
Revision as of 03:32, 22 January 2016
Class discussion: threat models and attacker goals
Local attacker
Administrative attacker
Group 2
Members
- Kyle T.
- Tarek K.
- Jakub L.
- Stefan C.
- Matt G.
- Remi G.
- Ibrahim M.
Scenarios
- Scenario #1: Disgruntled Ex-Employee(s?) - Sony Hack
- Targeted System: Service & Database servers
- Attackers: Disgruntled ex-employees with active administrative access and knowledge of internal system architecture.
- Goals:
- Full client information specifically financial billing information.
- Showcase that Sony does not take security seriously.
- Denial of service for PSN users.
- Means: It is rumored that ex-employees with active logins managed to access the data.
- Scenario #2: Current & Ex-Employee(s?) - Ashley Madison Hack
- Targeted System: Service & Database servers
- Attackers: Employees with active administrative access.
- Goals:
- Force Ashley Madison to shut down.
- Expose the true ratios of male/female user base and fake accounts.
- Means: Ex-employees with full administrative access to databases.
- Scenario #3: Military and Government Secrets
- Targeted System: Service & Database servers
- Attackers: Whistleblowers (Chelsea Manning, Edward Snowden)
- Goals:
- Publicize and expose questionable practices and information to the general public.
- Sway public opinion
- Means: Ex-employees with full administrative access to databases.
- Scenario #4: This Wiki
- Targeted System: MediaWiki CMS
- Attackers: Students with editor privilege on the wiki.
- Goals:
- Modify or delete other groups' entries.
- Means: Full access to edit the page using credentials given by the professor.
Attack Strategies
- Weaknesses
- Employee turnover
- Disgruntled current and ex-employees
- Economically vulnerable administrators (easy to bribe)
- Blackmail
- System Administrator neglect and/or incompetence
- How to Attack?
- Social Engineering
- If there are no safeguards in place, simply having admin access is enough to wreak havoc
- Installing backdoors to keep access to system
- Installing malicious updates and programs on users computers to siphon data and/or monitor.
- Remote monitoring of all users (including those with higher priviledge), using all available peripherals (webcams, microphones, keyboards, etc...)
- Denial of Access
Remote attacker, authenticated
Group 3
Members
- Dania Ghazal
- Ankush Varshneya
- Olivier Hamel
- Michael Lutaaya
- Ryan Morfield
- Daniel Vanderveen
- Jess Johnson
Example Scenario
Targeted System
- CIA database - find out who killed Kennedy?
Attackers
- remote authenticators
- contractors (non CIA)
Goals
- “exfiltrating data”
- exfiltrate the CIA database to find out who killed Kennedy
Means
- someone at the CIA left a node.js server running in the background :)
- ssh credentials
- use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
- look around the system for more vulnerable/outdated services to exploit
- generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
- social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
Attack Strategies
Where are the Accessible Weaknesses?
- outdated services
- any service that lets attacker execute a task as another user
How Do You Attack Them?
- user privilege escalation
- abusing service vulnerabilities
Physical attacker, authenticated
Physical attacker, unauthenticated
- Abdul Bin Asif Niazi
- Dusan Rozman
- Sam Whiteley
- Jake Brown
- Nicholas Laws
- Miran Mirza
Typically targeted systems include: portable systems such as laptops, smartphones, tablets, USB keys, card systems, banking machines.
Attack strategies:
- Duplicated cards
- Card Readers
- RFID readers: can be used to duplicate RFID data and steal NFC enabled bank access systems
- Radio-Frequency generator used to unlock different cards
Sort of attacks that can happen:
- Man in the middle attack on physical phone lines, people can access phone conversations by inserting some sort of hardware in a SIM card or a landline.
- Using the USB auto install feature to spread attacks, exploit this vulnerability to install software. An attacker can plug a USB thumb drive into computer and install software in order to escalate privileges.
- Phishing attack, a user can install some sort of software to reroute traffic through their system in order to collect data. A user can physically rewrite the hosts file on system to tamper with the DNS on the system and steal data.
- For secured areas such as labs a vulnerability would be the door which requires some sort of card based authentication, since this can be stolen it is vulnerable.
- Bank Machines: a lot of bank machines have a USB port in the bank and thus can get software installed on them. People can also install a card reader on top of the card slot to collect card numbers and other sensitive data.
Scenarios:
- A user gets physical access to a device using sort of card access and then physically destroys a computer (a literal denial of service attack).
- An attacker swaps a keyboard for a keylogging keyboard and uses it to steal sensitive data. They are exploiting the fact that users won't notice the change
- A user can exploit the reset feature on a router in order to gain access to it's settings, they can then go on to flash the firmware and infect all connected devices on the network.
Remote attacker, unauthenticated
- Samuel Prashker
- Daniel Lehman
- Roman Chametka
- Derek Aubin
- Gilbert Lavergne-Shank
- Xiusan Zhou
Scenarios
- #1 - DDOS
- Scenario
- Targeted System: Web servers, or any machine connected to a network
- Attackers: Angry trolls, political warriors
- Goals: Denials of service, anger your target, hurt their financials, prove a point
- Means: LOIC, Chinese Botnet with Bitcoin
- Attack strategies
- Accessible weaknesses
- Exploitable communication paths (example: ping, login spam)
- In the case of a router, overpowering a signal by replacing it with your own higher powered signal
- How do you access them?
- Over the network
- Over the air (wireless signals)
- Accessible weaknesses
- Scenario
- #2 - Packet Sniffing
- Scenario
- Targeted System: Phones, servers, any networked device that can be sniffed
- Attackers: Exfiltrators who want getting data, corrupting data
- Goals: Exfiltration of data, snooping for data over the air
- Means: Packet sniffing tools, Wireshark,
- Attack strategies
- Accessible weaknesses
- Wireless signals would be easy to monitor
- Mission security (Msec)
- How do you access them?
- Wireless: Network cards, monitoring tools for over the air analysis
- Wired: Anywhere along the line to be able to hook in a middleman
- Accessible weaknesses
- Scenario
- #3 - Remote program already running on their service/server
- Scenario
- Targeted System: People (social engineering), known exploits (0days)
- Attackers: Blackhat hackers, whitehat hackers
- Goals: Exfiltrate, corrupt, deny access, destroy, ransomware, (whitehat only: protect!)
- Means: Exploitable software, social engineering
- Attack strategies
- Accessible weaknesses?
- Stupid people, exploitable equipment known to be accessible to 0days, leveraging bugs
- How do you access them?
- Social networks, email, phone calls, deployed payload
- Accessible weaknesses?
- Point is you're trying to get someone to install software for you, or exploit software to inject the payload on the targeted system
- Scenario