SystemsSec 2016W Lecture 5
Class discussion: threat models and attacker goals
Local attacker
Administrative attacker
Remote attacker, authenticated
Group 3
Members
- Dania Ghazal
- Ankush Varshneya
- Olivier Hamel
- Michael Aaya
- Ryan Morfield
- Daniel Vanderveen
- Jess Johnson
Example Scenario
Targeted System
- CIA database - find out who killed Kennedy?
Attackers
- remote authenticators
- contractors (non CIA)
Goals
- “exfiltrating data”
- exfiltrate the CIA database to find out who killed Kennedy
Means
- someone at the CIA left a node.js server running in the background :)
- ssh credentials
- use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
- look around the system for more vulnerable/outdated services to exploit
- generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
- social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
Attack Strategies
Where are the Accessible Weaknesses?
- outdated services
- any service that lets attacker execute a task as another user
How Do You Attack Them?
- user privilege escalation
- abusing service vulnerabilities