SystemsSec 2016W Lecture 5

From Soma-notes

Class discussion: threat models and attacker goals

Local attacker

Administrative attacker

Remote attacker, authenticated

Group 3

Members

  • Dania Ghazal
  • Ankush Varshneya
  • Olivier Hamel
  • Michael Aaya
  • Ryan Morfield
  • Daniel Vanderveen
  • Jess Johnson

Example Scenario

Targeted System

  • CIA database - find out who killed Kennedy?

Attackers

  • remote authenticators
  • contractors (non CIA)

Goals

  • “exfiltrating data”
  • exfiltrate the CIA database to find out who killed Kennedy

Means

  • someone at the CIA left a node.js server running in the background :)
  • ssh credentials
  • use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
  • look around the system for more vulnerable/outdated services to exploit
  • generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
  • social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason

Attack Strategies

Where are the Accessible Weaknesses?

  • outdated services
  • any service that lets attacker execute a task as another user

How Do You Attack Them?

  • user privilege escalation
  • abusing service vulnerabilities

Physical attacker, authenticated

Physical attacker, unauthenticated

Remote attacker, unauthenticated