1 / 34

Threat landscape and hacking HP Tippingpoint

Threat landscape and hacking HP Tippingpoint. Miroslav Knapovsky CISSP, CEH 21.5. 201 4. Today’s agenda I promise almost no product slides in this presentation. Threat landscape Hacking techniques How HP ESP can help. Threat Landscape. Typical breachers. Capture. Infiltration.

camilla-todd
Download Presentation

Threat landscape and hacking HP Tippingpoint

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat landscape and hacking HP Tippingpoint Miroslav Knapovsky CISSP, CEH 21.5.2014

  2. Today’s agenda I promise almost no product slides in this presentation Threat landscape Hacking techniques How HP ESP can help

  3. Threat Landscape

  4. Typical breachers Capture Infiltration Exfiltration Discovery Research • External threats • White hat (limited threat) • Black hat • Grey hat • Script kiddie • Neophyte/n00b • Hacktivist • Nation state • Organized criminal gangs • Bots • Internal threats • Intentional • Unintentional Their ecosystem Our enterprise

  5. Discovery part examples • Passive discovery tools • Google search hacking -http://www.exploit-db.com/google-dorks/ • The Harvester • FOCA • Maltego • SEAT – Search Engine Assessment Tool • Active discovery • NMAP/ZENMAP • Vulnerability scanning • Nessus • Nikto • OWASP ZAP • HP WebInspect

  6. Passive discovery – The Harvester [+] Emails found: ………. Removed [+] Domains found:…….. Removed

  7. Passive discovery – google hacks & SEAT

  8. Passive discovery – Available documents metadata

  9. Passive discovery – Analyze documents metadata

  10. Vulnerability scanning

  11. Vulnerability scanning with HP WebInspect Benefits Support and Docs Zero day Vulnerabilities HTLM5 support Mobile site support AcuMonitor Service DOM-based XSS Maturity level Reporting Publish to TP/WAF

  12. GeoLocation Filtering • What is it? • The ability to filter network traffic by source / destination country geography • Customer Value • Quickly put in place filters to restrict traffic to/from countries that may violate network policy • How it works • IP based, built on our Reputation engine • Geo database included on SMS, updated on TMC monthly, supports import of commercial databases from MaxMind • Flexible filter definitions, exceptions, filter prioritization

  13. Physical access tools + LTE/3G modem Cheap Raspberry Middle Odroid Expensive PWN Plug

  14. Think of a potential target and lock on it • Vulnerability scanning and “Proxy” vulnerability scanning • Combine with harvesting and social engineering • Keep in mind that people at fast on simple things… • Courier and forwarders are trusted, no one know why… • Gain physical access is mostly simple • The last hope 

  15. Create payload which Antivirus will not meet My favorite: Social-Engineer Toolkit Veil

  16. Simple testif antivirus catch ;-)

  17. Once You are inside (any previous technique) Hide Kill AV/FW Stay persistent

  18. Stay persistent and set up pivoting, look around

  19. Patch the frequently called function Uroburos Example

  20. Response: TippingPoint ATA Integration ATA Dev off SPAN port at perimeter, TP NGFW at Perimeter, IPS at Core, LAN internet Perimeter ATA Device NGFW Core LAN IPS IPS SMS

  21. ATA Integration: Deployment Example 1: Malware detonated by ATA Device but infects “patient-zero” internet 1 Perimeter ATA Device NGFW Core LAN 1 IPS IPS SMS

  22. ATA Integration: Deployment Example 2: ATA Device emits event to TippingPoint SMS internet 1 Perimeter ATA Device NGFW Core LAN 1 2 IPS IPS SMS

  23. ATA Integration: Deployment Example 3: SMS updates policy to quarantine the infected host, block the malware source, CnC internet 1 Perimeter ATA Device NGFW Core LAN 1 3 2 3 IPS IPS 3 SMS

  24. Crack the Hash – Dictionary/BruteForce/Rainbow-table tables

  25. Dictionary attack is fast

  26. But Rainbow table always works… just need some processing power & SSD’s

  27. Or use the mighty power of the cloud for just 17$

  28. Few secs physical access & FGDUMP.exe Administrator:500:NO PASSWORD*********************:NO PASSWORD*********************::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: mknapovsky:1000:NO PASSWORD*********************:9A05D45A7858DA1278D94A9GG8571285::: ___VMware_Conv_SA___:1845:NO PASSWORD*********************:NO PASSWORD*********************:::

  29. Local network activities Scan networks & obtain network topology Find interesting hosts Try ARP Spoof and play Man in the Middle Sniffer and get the Hashes Move to another subnet or obtain credentials to higher layer Obtain data Clear even logs

  30. Security Performance Suite HP Enterprise Security How HP ESP can help? HP Security Performance Suite Pillars Application Security SecurityIntelligence Network Security

  31. Yes, HP ESP can helpInterested in Proof of concept test?email: knapovsky@hp.com

More Related