Embed Size (px)
Citation preview
2
root@labla/# whoami
The OWASP Foundationhttp://www.owasp.org
Nahidul Kibria
Co-Leader, OWASP Bangladesh Chapter,Senior Software Engineer, KAZ Software
Ltd.
Writing code for fun and food.And security enthusiastic
Twitter:@nahidupa
What is the event all about?
Computer security? Information security? Cyber Security?
Is it a game?
Are we going to learn hacking?
5
Capture The Flag(CTF)
In computer security, Capture the Flag (CTF) is a computer security wargame. Each team is given a machine (or small network) to defend on an isolated network.--wikipedia
6
Its not just a competition… more than it…
HOW?
7
8
9
The domain is giant
10
If you want to be a Penetration Tester
11
A penetration test, occasionally pentest, is a method of
evaluating the security of a computer system or network by
simulating an attack from malicious outsiders with authorize by
the owner of that system.
Prerequisites
1. Good understanding network architecture.
2. How modern operating system work and system administration.
3. Application/Database/Service how they designed and work.
12
Penetration testingPenetration testing methodology
• Information Gathering/Reconnaissance
• Scanning/Enumeration
• Vulnerability Identification
• Exploitation
13
Tools and tactics
Do not reinvent the wheel…Use existing tools
But do not just depends on Tools/Scripts…In some case you have to write your own
14
Books
15
If you want to be a Malware Analyst
16
Kick start
Basic Static Analysis
Basic Dynamic Analysis
17
Lab Setup
18
Collect sample
Hashing: A Fingerprint for Malware
Look like--373e7a863a1a345c60edb9e20ec3231
19
Reverse engineering
ollydbg
Immunity debugger
Ida Pro
20
Books
21
If you want to be a Vulnerability Researcher
22
Common techniques
Fuzzing
Code review
Disassemblers
Debuggers
23
2
4
25
Books
26
If you want to be a Exploit Developer
Prerequisites
Programming
Assembly
Memory management
Windows/*nix internal
Kernel
27
28
Books
29
If you want to be a Forensic Analyst
Prerequisites
30
31
Books
32
Coolest Jobs in Information Security
#1 Information Security Crime Investigator/Forensics Expert
#2 System, Network, and/or Web Penetration Tester
#3 Forensic Analyst#4 Incident Responder
#5 Security Architect
#6 Malware Analyst#7 Network Security Engineer
#8 Security Analyst
#9 Computer Crime Investigator
#10 CISO/ISO or Director of Security
#11 Application Penetration Tester#12 Security Operations Center Analyst
#13 Prosecutor Specializing in Information Security Crime
#14 Technical Director and Deputy CISO
#15 Intrusion Analyst
#16 Vulnerability Researcher/ Exploit Developer#17 Security Auditor
#18 Security-savvy Software Developer
#19 Security Maven in an Application Developer Organization
#20 Disaster Recovery/Business Continuity Analyst/Manager
But you have only one life
33
Just become a learning machine
34
Here comes communityCollaborative teaching
35
36
About OWASPOWASP’s mission is “to make application security visible, so
that people and organizations can make informed decisions about true application”
Attacker not use black art to exploit your application
OWASP Bangladesh• Bangladeshi community of Security professional
• Globally recognized
• Open for all
• Free for all
What do we have to offer?
• Monthly Meetings
• Mailing List
• Presentations & Groups
• Open Forums for Discussion
• Vendor Neutral Environments
220 Chapters
39
Our SuccessesOWASP Tools and
Documentation:
• ~15,000 downloads (per month)
• ~30,000 unique visitors (per month)
• ~2 million website hits (per month)
OWASP Chapters are blossoming worldwide
• 1500+ OWASP Members in active chapters worldwide
• 20,000+ participants
OWASP AppSec Conferences:
• Chicago, New York, London, Washington D.C, Brazil, China, Germany, more…
Distributed content portal
• 100+ authors for tools, projects, and chapters
OWASP and its materials are used, recommended and referenced by many government, standards and industry organizations.
40
Conferences
41
Ok enough ! Can you please tell
me what I need to do today?
WE DO NOT HAVE ANY PREPARATION
Questions.
1. A question from cryptography. (300 points)
2. A question from malware analysis. (not that much hardcore as it sound) (150 points)
3. A forensic analysis ( The easiest question of the contest) (50 points)
45
Final Questions.
1. A server named GetRoot_v00t will be given. (500 points)
2. Another server named GetRoot_Drag0n will be given. (1000 points)
Both server is take down from live because it suspected to compromise by attacker and the attacker changed it root password. So your job is recover the root password of this server as well as create a report of what venerability this server has to the judge.
46
Rules
1. You must run the given Virtual machine only in NATed mode.
2. Take Screenshots in each success steps include them to a document.
3. Cheating is allowed if you can manage it silently.
47
We select the winner according the following criteria (We will do partial marking.)
1.How many points the participants has (scoring).
2.How complete the solutions are (quality).
3. Creativity, Geek Factor.
48
49
Open Talk
Subscribe Google group
Keep up to date!
5
0
Netcat
Originally released in 1996, Netcat is a networking program designed to read and write data across both Transmission Control Protocol TCP and User Datagram Protocol (UDP) connections using the TCP/Internet Protocol (IP) protocol suite. Netcat is often referred to as a ”Swiss Army knife” utility, and for good reason.
Basic Operations
Simple Chat InterfacePort ScanningTransferring FilesBanner GrabbingRedirecting Ports and TrafficCreating backdoor
and what else u need ..........
Basic Operations
Simple Chat Interface
Port scanning
Banner grab
Creating backdoor...(^_-)
1) Get info about remote host ports and OS detection
nmap -sS -P0 -sV -O <target>
Where < target > may be a single IP, a hostname or a subnet
-sS TCP SYN scanning (also known as half-open, or stealth scanning)
-P0 option allows you to switch off ICMP pings.
-sV option enables version detection
-O flag attempt to identify the remote operating system
Other option:
-A option enables both OS fingerprinting and version detection
-v use -v twice for more verbosity.
nmap -sS -P0 -A -v < target >
2) Get list of servers with a specific port open
nmap -sT -p 80 -oG – 192.168.1.* | grep open
Change the -p argument for the port number. See “man nmap” for different ways to specify address ranges.
3) Find all active IP addresses in a network
nmap -sP 192.168.0.*
There are several other options. This one is plain and simple.
Another option is:
nmap -sP 192.168.0.0/24
for specific subnets
4) Ping a range of IP addresses
nmap -sP 192.168.1.100-254
nmap accepts a wide variety of addressing notation, multiple targets/ranges, etc.
5) Find unused IPs on a given subnet
nmap -T4 -sP 192.168.2.0/24 && egrep “00:00:00:00:00:00″ /proc/net/arp
6) Scan for the Confickervirus on your LAN ect.
nmap -PN -T4 -p139,445 -n -v –script=smb-check-vulns –script-args safe=1 192.168.0.1-254
replace 192.168.0.1-256 with the IP’s you want to check.
7) Scan Network for Rogue APs.
nmap -A -p1-85,113,443,8080-8100 -T4 –min-hostgroup 50 –max-rtt-timeout 2000 –initial-rtt-timeout 300 –max-retries 3 –host-timeout 20m –max-scan-delay 1000 -oAwapscan 10.0.0.0/8
I’ve used this scan to successfully find many rogue APs on a very, very large network.
9) How Many Linux And Windows Devices Are On
Your Network?
sudo nmap -F -O 192.168.0.1-255 | grep“Running: ” > /tmp/os; echo “$(cat /tmp/os | grep Linux | wc -l) Linux device(s)”; echo “$(cat /tmp/os | grepWindows | wc -l) Window(s) devices”
OS fingerprinting1. XP with service pack 1
2. XP with service pack 2
3. Linux 64.0.33
4. MAC os
5. Open BSD
6. Etc etc
TOOLS
P0f (passive )
Xprobe/ Xprobe2
DMitry
Demo
Web Application threat surface
67
XSS
CSRF
Click jacking
Parameter
tempering /sniffing
FORGED
TOKEN
Directory
Traversal
DIRECT
OBJECT
REFERENCE
SQL Injection
XML Injection
OWASP Top 10 Web Application Security Risks (2010 Edition)
http://www.owasp.org/index.php/Top_10
Learning tools
OWASP Web Goat.
Mutillidae
69
Zap Proxy
Burp Proxy
70
Firefox proxy settings
71
7
2
![0/home.deib.polimi.it/mbrambil/SistInfoAvanzati/xqbe/XQBE.pdf · 0 n|{ &y} '¶2 n nwny{y f¤,± ² y2w {|} ... I S S E,G3T M/UWV4EYX[Z H/P\E,G3T^],_I%` E,G1U^V4I](https://img.dokumen.tips/doc/110x75/5b1d5b2c7f8b9a8e158b6590/0homedeib-0-n-y-2-n-nwnyy-f-y2w-i-s-s-eg3t-muwv4eyxz.jpg)
