at BalCCon2k17
METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Presenter m-r Mane Piperevski BalCCon2k17 Novi Sad, Serbia 2017
WORLD OF BUGS BalCCon2k17 Novi Sad, Serbia 2017
HOW DIFFICULT IS VULNERABILITY RESEARCH? Learning used technology 1. Learning hacking tools and techniques 2. Choosing the right approach method 3. Found one … What next??? 4. How much money will I earn? 5. How much money should I spend? 6. BalCCon2k17 Novi Sad, Serbia 2017
HOW DIFFICULT IS VULNERABILITY RESEARCH? All Things are Difficult Before they are Easy BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Approach method Way to find a door First doorstep activity Ending infinity Engineering Exploit Code BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY FOR VULNERABILITY RESEARCH AND EXPLOIT DEVELOPMENT Don’t forget to do this before you begin BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 1 APPROACH METHOD • Loud Automated • Detectable testing • Non Efficient Vendor dependent • Quiet Manual • Intelligent testing • Time Consuming Knowledge Base BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 2 WAY TO FIND A DOOR • Discover Inputs Enumeration • Discover Activities • Discover the Surface • Business Process Overview If possible, try them all Thinking • Identify hidden opportunities • Identify differences Diffing • Discover how they differ • Time Consuming Target Door Entries BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 3 FIRST DOORSTEP ACTIVITY • Use of Fuzzing Bruteforce • Easily Detectable • Inefficient on Production Env. • Unique Activity If applicable, try them all Hapax • It can be done only once • Related with business logic • Predefined set of activities Incantation • Smart Fuzzing • Related with business logic Discovered Target Door Entries Vulnerabilities Tested without outcome BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 3 FIRST DOORSTEP ACTIVITY BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 3 FIRST DOORSTEP ACTIVITY BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 4 ENDING INFINITY • Time Solve Problem Bonanza • Look from Different Point • New Ideas/Techniques Lucky choice • Review the Logic Breakdown • Make Mind Map • Repeat previous steps again Discovered Target Door Entries Vulnerabilities Dead End BalCCon2k17 Novi Sad, Serbia 2017
METHODOLOGY PHASE 5 ENGINEERING EXPLOIT CODE • Develop from scratch Totum meaning • Custom modules totally • Opportunity to sell it Depends on the goal • Use of Metasploit Pars meaning • Proof of concept partly • Short time to build Exploit Module Unique Exploit BalCCon2k17 Novi Sad, Serbia 2017
Approach Method No Yes Avoid Detection? Knowledge DIAGRAM VIEW Automated Testing Manual Testing Base Way to find a door Enumeration Thinking Diffing Target Door Entry s First doorstep Bruteforce Hapax Incantation activity Target Door Entry s Discovered Tested without outcome Vulnerabilities Ending infinity Bonanza Breakdown Target Door Entry s Discovered Dead End Vulnerabilities Engineering Exploit Code Totum Pars Unique Exploit Exploit Module BalCCon2k17 Novi Sad, Serbia 2017
FUTURE DEVELOPMENT AND VISION • Building testing guide for every element • Create multiple practical examples • Create OWASP project • Vulnerability Research and Exploit Development Methodology BalCCon2k17 Novi Sad, Serbia 2017
PRACTICAL EXAMPLE • Desktop Standalone Application • Поинт Финансии (http://www.point.com.mk/) • Microsoft Technologies • Use of tools • Sysinternals Suite of tools • x64dbg • Recommended starting point BalCCon2k17 Novi Sad, Serbia 2017
QUESTIONS !!! BalCCon2k17 Novi Sad, Serbia 2017
THANKS FOR ATTENTION BalCCon2k17 Novi Sad, Serbia 2017
Recommend
More recommend