SlideShare une entreprise Scribd logo

Obfuscation Methods And Planning

Télécharger en tant que PPTX, PDF
T
tmacuk
1  sur  18
Thomas Mackenzie Obfuscation methods and planning
Northumbria University Web Application Testing WordPress upSploit About Me
WINDOWS METASPLOIT / METEPRETER NOTE
Based upon and continued work and research by Carlos Perez. All about a new vector / idea / problem that needs to reported to a client EARLY STAGES 15 minutes: Overview of what I want to find and some information about what I want to get out of it in the end About The Project
Locard Exchange Principle
“WITH CONTACT BETWEEN TWO ITEMS, THERE WILL BE AN EXCHANGE”
Every action you take will always leave a trace. Even when the action is to cover or delete the trace of another action. You will not only leave artefacts and traces on the target system but also on some of the devices you transit and communicate through. ?
Developers may create vulnerable code (always has and always will be a problem) Another problem however, that I don’t believe is looked at is: At what stage to SysAdmin’s know that their system is being attacked / is this early enough? Problem?
Create part of a testing stage that the SysAdmin’s can join in with! A low to high noise area of testing. What does this mean? Idea?
Checklist or Testing Guide. Make sure that the SysAdmin is aware of what is going to happen and ask them to co-operate. Plan a low – medium – high framework that can used. See where the SysAdmin picks it up. Incorporate this into the report. Idea (2)?
It is all well and good know you have been attacked, but the fact you don’t know when is when you need to worry. What information has been compromised. Idea (3)?
Not all companies have IR Teams Low hanging fruit with be checked first: Processes, connections, EventLog and in some cases memory dumps Knowing your enemy
Process lists that are specifically checked: Time of Creation Parent PID Owner Command Line Knowing your enemy (2)
On connections things that stand out are obvious: Why is notepad connecting to the web? Why is Internet Explorer connecting to 1337 Once they believe there is a possible compromise they will create a timeline Knowing your enemy (3)
Hide your connections Connections from svchost.exe look normal is connecting to high ports IE, Firefox, Chrome, AV, Dropbox and other 443 and 80 Meterpreter offers and API to read and clear Event Logs What types of things can we do?
New methodology Should be testing the security of knowledge as well as the security of the app or the infrastructure Learn new ways to hide so that we can learn new ways to find! Summary

Recommandé

W01p2virus wayman robert
W01p2virus wayman robertW01p2virus wayman robert
W01p2virus wayman robertrobsworld
 
Awesome Tips for Data Security
Awesome Tips for Data SecurityAwesome Tips for Data Security
Awesome Tips for Data SecurityMillennium Systems International
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
Tips to avoid malware
Tips to avoid malwareTips to avoid malware
Tips to avoid malwareSpeedMaxPC
 
Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Bonnie Brzozowski
 
3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account Hacks3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account HacksNexgate
 
Computer
ComputerComputer
ComputerSruthiM29
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2samsniderheld
 

Recommandé

W01p2virus wayman robert
W01p2virus wayman robertW01p2virus wayman robert
W01p2virus wayman robertrobsworld
 
Awesome Tips for Data Security
Awesome Tips for Data SecurityAwesome Tips for Data Security
Awesome Tips for Data SecurityMillennium Systems International
 
2011 Social Media Malware Trends
2011 Social Media Malware Trends2011 Social Media Malware Trends
2011 Social Media Malware TrendsLumension
 
Tips to avoid malware
Tips to avoid malwareTips to avoid malware
Tips to avoid malwareSpeedMaxPC
 
Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Bonnie Brzozowski
 
3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account Hacks3 Steps to Stopping Social Media Account Hacks
3 Steps to Stopping Social Media Account HacksNexgate
 
Computer
ComputerComputer
ComputerSruthiM29
 
Hacker halted2
Hacker halted2Hacker halted2
Hacker halted2samsniderheld
 
Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromiseCal Bryant
 
When love kills
When love killsWhen love kills
When love killsSpain View Travel Guide
 
Some basics of computer security
Some basics of computer securitySome basics of computer security
Some basics of computer securityshivam paswan
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observabilityYan Cui
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF PrincipleMarco Gralike
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayQuek Lilian
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessYan Cui
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesMark Nunnikhoven
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
Computer virus
Computer virus Computer virus
Computer virus AshishVasan
 
E mail essay
E mail essayE mail essay
E mail essaySamoLount
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Brian Brazil
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptAndrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptBUSHRASHAIKH804312
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docx1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docxpaynetawnya
 
An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Meterpreter awareness
Meterpreter awarenessMeterpreter awareness
Meterpreter awarenessHaydn Johnson
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network securityInformation Technology Society Nepal
 

Contenu connexe

Tendances

Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromiseCal Bryant
 
Some basics of computer security
Some basics of computer securitySome basics of computer security
Some basics of computer securityshivam paswan
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observabilityYan Cui
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF PrincipleMarco Gralike
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayQuek Lilian
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessYan Cui
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesMark Nunnikhoven
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from virusesar-rifke.com
 
E mail essay
E mail essayE mail essay
E mail essaySamoLount
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015Major Hayden
 

Tendances (12)

Checking Windows for signs of compromise
Checking Windows for signs of compromiseChecking Windows for signs of compromise
Checking Windows for signs of compromise
 
When love kills
When love killsWhen love kills
When love kills
 
Some basics of computer security
Some basics of computer securitySome basics of computer security
Some basics of computer security
 
The present and future of serverless observability
The present and future of serverless observabilityThe present and future of serverless observability
The present and future of serverless observability
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF Principle
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
 
Applying principles of chaos engineering to Serverless
Applying principles of chaos engineering to ServerlessApplying principles of chaos engineering to Serverless
Applying principles of chaos engineering to Serverless
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's Defences
 
14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses14 household ways to protect your computer from viruses
14 household ways to protect your computer from viruses
 
Computer virus
Computer virus Computer virus
Computer virus
 
E mail essay
E mail essayE mail essay
E mail essay
 
The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015The New Normal - Rackspace Solve 2015
The New Normal - Rackspace Solve 2015
 

Similaire à Obfuscation Methods And Planning

Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Brian Brazil
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementAndrew McNicol
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptAndrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptBUSHRASHAIKH804312
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docx1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docxpaynetawnya
 
An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)Brian Brazil
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Meterpreter awareness
Meterpreter awarenessMeterpreter awareness
Meterpreter awarenessHaydn Johnson
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri
 
Digital Immunity -The Myths and Reality
Digital Immunity -The Myths and RealityDigital Immunity -The Myths and Reality
Digital Immunity -The Myths and Realityamiable_indian
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for EveryoneNikhil Mittal
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Processphanleson
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Prometheus (Prometheus London, 2016)
Prometheus (Prometheus London, 2016)Prometheus (Prometheus London, 2016)
Prometheus (Prometheus London, 2016)Brian Brazil
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Alexander Kot
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primeramiable_indian
 

Similaire à Obfuscation Methods And Planning (20)

Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
Monitoring What Matters: The Prometheus Approach to Whitebox Monitoring (Berl...
 
BSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability ManagementBSidesJXN 2017 - Improving Vulnerability Management
BSidesJXN 2017 - Improving Vulnerability Management
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.pptAndrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docx1. Security and vulnerability assessment analysis tool - Microsoft.docx
1. Security and vulnerability assessment analysis tool - Microsoft.docx
 
An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)An Introduction to Prometheus (GrafanaCon 2016)
An Introduction to Prometheus (GrafanaCon 2016)
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Meterpreter awareness
Meterpreter awarenessMeterpreter awareness
Meterpreter awareness
 
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for AssociatesSyed Ubaid Ali Jafri - Black Box Penetration testing for Associates
Syed Ubaid Ali Jafri - Black Box Penetration testing for Associates
 
Power of logs: practices for network security
Power of logs: practices for network securityPower of logs: practices for network security
Power of logs: practices for network security
 
Digital Immunity -The Myths and Reality
Digital Immunity -The Myths and RealityDigital Immunity -The Myths and Reality
Digital Immunity -The Myths and Reality
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
3.Secure Design Principles And Process
3.Secure Design Principles And Process3.Secure Design Principles And Process
3.Secure Design Principles And Process
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Prometheus (Prometheus London, 2016)
Prometheus (Prometheus London, 2016)Prometheus (Prometheus London, 2016)
Prometheus (Prometheus London, 2016)
 
Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.Bsides Tampa Blue Team’s tool dump.
Bsides Tampa Blue Team’s tool dump.
 
The Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A PrimerThe Top 10/20 Internet Security Vulnerabilities – A Primer
The Top 10/20 Internet Security Vulnerabilities – A Primer
 
1435488539 221998
1435488539 2219981435488539 221998
1435488539 221998
 

Obfuscation Methods And Planning

  • 1. Thomas Mackenzie Obfuscation methods and planning
  • 2.
  • 3. Northumbria University Web Application Testing WordPress upSploit About Me
  • 4. WINDOWS METASPLOIT / METEPRETER NOTE
  • 5. Based upon and continued work and research by Carlos Perez. All about a new vector / idea / problem that needs to reported to a client EARLY STAGES 15 minutes: Overview of what I want to find and some information about what I want to get out of it in the end About The Project
  • 7. “WITH CONTACT BETWEEN TWO ITEMS, THERE WILL BE AN EXCHANGE”
  • 8. Every action you take will always leave a trace. Even when the action is to cover or delete the trace of another action. You will not only leave artefacts and traces on the target system but also on some of the devices you transit and communicate through. ?
  • 9. Developers may create vulnerable code (always has and always will be a problem) Another problem however, that I don’t believe is looked at is: At what stage to SysAdmin’s know that their system is being attacked / is this early enough? Problem?
  • 10.
  • 11. Create part of a testing stage that the SysAdmin’s can join in with! A low to high noise area of testing. What does this mean? Idea?
  • 12. Checklist or Testing Guide. Make sure that the SysAdmin is aware of what is going to happen and ask them to co-operate. Plan a low – medium – high framework that can used. See where the SysAdmin picks it up. Incorporate this into the report. Idea (2)?
  • 13. It is all well and good know you have been attacked, but the fact you don’t know when is when you need to worry. What information has been compromised. Idea (3)?
  • 14. Not all companies have IR Teams Low hanging fruit with be checked first: Processes, connections, EventLog and in some cases memory dumps Knowing your enemy
  • 15. Process lists that are specifically checked: Time of Creation Parent PID Owner Command Line Knowing your enemy (2)
  • 16. On connections things that stand out are obvious: Why is notepad connecting to the web? Why is Internet Explorer connecting to 1337 Once they believe there is a possible compromise they will create a timeline Knowing your enemy (3)
  • 17. Hide your connections Connections from svchost.exe look normal is connecting to high ports IE, Firefox, Chrome, AV, Dropbox and other 443 and 80 Meterpreter offers and API to read and clear Event Logs What types of things can we do?
  • 18. New methodology Should be testing the security of knowledge as well as the security of the app or the infrastructure Learn new ways to hide so that we can learn new ways to find! Summary