how to backdoor invulnerable code
play

How to Backdoor Invulnerable Code Josh Schwartz, Director of - PowerPoint PPT Presentation

Feb 05, 2024 •178 likes •1.03k views

How to Backdoor Invulnerable Code Josh Schwartz, Director of Offensive Security @Salesforce Bio Offensive Security aka Red Team at Salesforce Realistic Adversary Simulation Security Change Catalyst Im a hacker, rule

  1. How to Backdoor “Invulnerable Code” Josh Schwartz, Director of Offensive Security @Salesforce

  2. Bio Offensive Security aka Red Team at Salesforce “Realistic Adversary Simulation” “Security Change Catalyst” I’m a hacker, rule breaker, general troublemaker.

  3. “ “A red team is an independent group that challenges an organization to improve its effectiveness.”

  4. Spoiler Alert No such thing as “invulnerable code”.

  5. Invulnerable Code At best you get code that is “secure enough”

  6. Invulnerable Code What is secure enough?

  7. Invulnerable Code Code without security bugs…?

  8. “ Code that enforces expected states, rather than allowing users to do things with your system that you did not account for.

  9. Invulnerable Code How do you secure code? Obvious!? Don’t write code with bugs! Right?

  10. Yes, you should do that. But, there is more...

  11. Invulnerable Code Let’s imagine that “invulnerable code” is this nickel, and on one side is all the lines of code that you write without any security related bugs

  12. Invulnerable Code Now let’s take a look at the other side and flip that nickel over.

  13. Invulnerable Code The other side is every other aspect that goes into writing that code.

  14. Invulnerable Code The third party libraries that you didn’t write yourself

  15. Invulnerable Code The code repo that stores the code

  16. Invulnerable Code The integration systems that put it together and test it

  17. Invulnerable Code The build pipeline that moves it around and deploys it

  18. Invulnerable Code The humans that create and maintain all of those systems

  19. Invulnerable Code The humans that have access to those human’s computers...

  20. Invulnerable Code Perhaps some of you realize there is still another side of this coin?

  21. Invulnerable Code It’s the side you don’t see.

  22. Invulnerable Code The side you can’t see.

  23. Invulnerable Code The things we can’t account for.

  24. The Black Swan Theory

  25. The best we can do Accept there is no ubiquitous security perfection

  26. On the bright side We can think like an adversary We can challenge where we set the bar

  27. I’m going to share with you some of my tactics as the attacker

  28. What is Social Engineering

  29. You are probably thinking Isn’t that just a fancy word for lying?

  30. “ “Any act that influences a person to take an action that may or may not be in their best interest”

  31. Core Concepts Influence through emotional response Pretext Manipulation vs Elicitation

  32. Social Engineering vs. Phishing

  33. Phishing Examples ⊡ Classic Credential Capturing ⊡ The Nigerian Prince with a Diamond Mine ⊡ The IRS Call

  34. Phishing This type of phishing is weak.

  35. Phishing It’s impersonal.

  36. Spear Phishing ⊡ More targeted ⊡ More personal ⊡ More effort per person ⊡ Less likely to be detected ⊡ More likely to succeed

  37. Spear Phishing Example I’m volunteering with Surf For Life! Vibe Manager Red Team

  38. Spear Phishing Example Red Team

  39. Spear Phishing Example

  40. Spear Phishing Example

  41. Spear Phishing Example Of course there is no form

  42. Spear Phishing Example

  43. How we start a Spear Phish Step 1: Social Recon

  44. Social Recon

  45. Social Recon: LinkedIn

  46. Social Recon: Employment

  47. Social Recon: Personal Site

  48. Social Recon: Twitter

  49. Social Recon: Facebook

  50. Social Recon: Google Sites

  51. Social Recon: Result

  52. Yeah Sorry Attackers can stalk you using the internet to get access to the things that you have access to. This is not a new thing. also it get’s worse.

  53. Identity Duplication: Orig

  54. Identity Duplication: Fake

  55. Identity Duplication: Result Cloning public profiles allows a social engineer to leverage a targets subliminal familiarity with identity based content to gain instant rapport.

  56. Identity Duplication: Result

  57. Gmail Helps Prevent Malware Blocking malicious file types in emails

  58. Google Drive Sharing You can share any type of file through Google Drive

  59. Google Drive Sharing Real Example

  60. Google Drive Sharing They receive this

  61. Google Drive Sharing Google Hosts the file

  62. Google Drive Sharing They send back:

  63. But What if something so simple doesn't work?

  64. Example 2 1. Notice our target has nice offices from pictures they post on social media 2. Create our pretext: Freelance journalist for a magazine that features interior design 3. Contact target asking to feature them alongside other big companies 4. Set up “interview”

  65. Example 2 Our request gets a response and fwd from their PR firm

  66. Example 2 They are totally stoked and set up the interview

  67. Example 2 Interview and tour of offices lasts for about 4 hours ⊡ ⊡ Take pictures of security systems, whiteboards, post-it notes, etc. ⊡ Spring the trap

  68. Example 2

  69. Example 2

  70. What then? So what happens after you get that access? Sure would be nice to get that person’s password...

  71. Local Phishing osascript -e 'tell app "System Events" to display dialog "Software Update requires your password to apply ." & return & return default answer "" with icon file ":System:Library:CoreServices:Software Update.app:Contents:Resources:SoftwareUpdate.icns" with hidden answer with title "Software Update" buttons {"OK"} default button "OK"'

  72. Local Phishing $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", "$env:username", "NetBiosUserName") $credential.Password | ConvertFrom-SecureString $env:username $credential.GetNetworkCredential().password

  73. Local Phishing DISPLAY=:0 gksudo -p -m "Enter your password to apply changes."

  74. 2FA is Good We are good at stealing passwords. 2FA will go a long way here. It makes it way harder for us but it isn’t perfect. Here are a few ways we get around it:

  75. Cookie Stealing

  76. SSH Multiplexing Bypassing 2FA

  77. Continuous Integration JENKINS!

  78. Backdooring Code you understand the company you have access internally you have passwords you can bypass 2FA you have access to internal documents you have access to servers you have access to the code pipeline

  79. Backdooring Code Is backdooring your production code really that hard?

  80. Zero Bugs

  81. This isn’t everything

  82. The End

  83. Questions / Complaints?

  84. Thank You

Recommend

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak ,

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak ,

Upper and Lower Bounds for Weak Backdoor Set Detection Neeldhara Misra, Sebastian Ordyniak , Venkatesh Raman, and Stefan Szeider SAT 2013 Backdoor Sets Introduced by Crama et al. 1997 and independently by Williams et al. 2003 in an

768 views • 12 slides
Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of

Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of

Invulnerable software D. J. Bernstein University of Illinois at Chicago Public goal of computer-security research: Protection of the average home computer; critical-infrastructure computers; and everything in between. Public goal of

728 views • 36 slides
Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov,

Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov,

Breakthrough silicon scanning discovers backdoor in military chip CHES2012 Workshop, Leuven, Belgium, 9-12 September 2012 Breakthrough silicon scanning discovers backdoor in military chip Sergei Skorobogatov, Christopher Woods

353 views • 20 slides
The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where

The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where

The Bicho An Advanced Car Backdoor Maker by @UnaPibaGeek and @holesec Who we are? And Where We are from? When we start with this? Ekoparty / 2016 Why? A quick review 5) Signal 4) Chassis ground 6) CAN High ground 2) J1850 Bus +

681 views • 47 slides
A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W.

A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W.

Welcome! A Solder-Defined Computer Architecture for Backdoor and Malware Resistance Examinee: Marc W. Abel Committee: Travis Doom, Ph.D. (chair) Jack Jean, Ph.D. Michael Raymer, Ph.D. Krishnaprasad Thirunarayan, Ph.D. (T.K. Prasad) Vincent

1.94k views • 28 slides
MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs

MALWARE: VIRUSES CMSC 414 FEB 08 2018 MALWARE Malicious code that is stored on and runs on a victims system How does it get to run? Attacks a user- or network-facing vulnerable service Backdoor: Added by a malicious

1.02k views • 81 slides
Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor

Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor

Librarian presentation on Data Management for the CSCRS Below is a screen shot of the backdoor editing page for the CSCRS Data Repository. It is not published, therefore not visible on the UNC Dataverse. Note that the Publish and Edit buttons will

138 views • 3 slides
Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris

Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris

Fraud Investigation during COVID-19 Is the pandemic a backdoor to increased fraud risk? Aris Dimitriadis, Executive Director Compliance, ERM & Insurance OTE Group 07.05.2020 Covid-19 outbreak: an opportunity for fraudsters Stay vigilant

372 views • 9 slides
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*,

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Bolun Wang*, Yuanshun Yao, Shawn Shan, Huiying Li, Bimal Viswanath , Haitao Zheng, Ben Y. Zhao University of Chicago, *UC Santa Barbara, Virginia Tech

770 views • 17 slides
Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio

Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio

Backdoor Detection Tools for the Working Analyst Sam L. Thomas (based on joint work with Flavio D. Garcia & Tom Chothia) School of Computer Science University of Birmingham Birmingham United Kingdom B15 2TT s.l.thomas@cs.bham.ac.uk

814 views • 37 slides
80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up

Slammer s Bandwidth-Limited Growth 80% of Code Red 2 Code Red 2 re-re- Code Red 1 and Code Red 2 Code Red 2 re- cleaned up due to released Jan 2004 Nimda endemic dies off released with Oct. onset of Blaster (and 2005; not since

450 views • 34 slides
True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David

True2F: Backdoor-resistant authentication tokens Emma Dauterman , Henry Corrigan-Gibbs, David Mazires, Dan Boneh, Dominic Rizzo Stanford and Google IEEE Security & Privacy 2019 U2F: Effective hardware 2FA 2 U2F: Effective hardware 2FA

781 views • 65 slides
Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9

Ex. 8.4 7-4-2-1 code Codeconverter 7-4-2-1-code to BCD-code. When encoding the digits 0 ... 9 sometimes in the past a code having weights 7-4-2-1 instead of the binary code weights 8-4-2-1 was used. In the cases where a digit's code word

830 views • 66 slides
Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne

Clean Code 1 / 24 Clean Code What is clean code? Elegant and efficient. Bjarne Stroustrup Simple and direct. Readable. Grady Booch Understandable by others, tested, literate. Dave Thomas Code works pretty much as

351 views • 24 slides
Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation

Code Generation Chapter 9 1 Compiler Construction Code Generation Issues in Code Generation Target language Relocatable machine code Commercial compilers produce this Absolute machine code OS code must start at a particular memory

503 views • 19 slides
CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong

CloPlag A Study of Effects of Code Obfuscation to Code Similarity Detection Tools Chaiyong Ragkhitwetsagul, Jens Krinke, Albert Cabr Juan Cloned Code vs Plagiarised Code A result from source code Created in a similar way as code

479 views • 31 slides
SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE

BAKERSFIELD COLLEGE SOUTHWEST BCSW ENROLLMENT GROWTH FTES by ZIP CODE FTES by ZIP CODE 2013-14 FTES by ZIP CODE 2014-15 FTES by ZIP CODE 2015-16 FTES by ZIP CODE 2016-17 FTES by ZIP CODE 2017-18 State Apportionment for Previous Three

343 views • 31 slides
Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate

Code Generation Machine code generation cs4713 1 Machine code generation machine Intermediate Code optimizer Code generator Code generator Input: intermediate code + symbol tables In our case, three-address code All variables

717 views • 38 slides
Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us

Code Code Code on the Presentation of Persons with Disabilities in the Media What you call us IS HOW YOU SEE US This publication is funded by SIDA, the Swedish International Development Cooperation Agency, through MyRight- Empowers People

343 views • 20 slides
Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the

Genealogy of D3 Code Cathy Zhu, Lucas Throckmorton Genealogy of D3 Code Goal: identify the shared pieces of code amongst pieces of d3 code via MOSS and visualize the evolution of D3 code snippets. Scope: about 30k examples of D3 code

278 views • 16 slides
Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that

Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that

Topic 5 Polymorphism "Inheritance is new code that reuses old code. Polymorphism is old code that reuses new code. 1 Polymorphism Another feature of OOP literally having many forms object variables in Java are

570 views • 17 slides
Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code

Similar code fragment A code fragment that has similar part to it in source code introduced in source code because of various reasons. e.g. copy-and-paste makes software maintenance difficult. It is necessary to It is

488 views • 9 slides
Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN

Alembic Pharmaceuticals Limited Investor Presentation April 2015 BSE Code: 533573 NSE Code: APLLTD Bloomberg Code: ALPM:IN Reuters Code: ALEM.NS www.alembic-india.com Safe Harbor Statement Materials and information provided during this

553 views • 30 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides

More recommend