Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li - PDF document

Sep 14, 2023 •46 likes •96 views

3/31/2011 Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong University of Alabama Goal: perform ProtoGENI experiments to find vulnerabilities; to suggest prevention approach vulnerabilities; to

3/31/2011 Practical Exploitation on System Vulnerability of ProtoGENI Dawei Li Advisor: Dr. Xiaoyan Hong University of Alabama • Goal: perform ProtoGENI experiments to find vulnerabilities; to suggest prevention approach vulnerabilities; to suggest prevention approach • Identify 3 kinds of Attacks by malicious user – Data Plane to Data Plane attack • Compromise the correctness and confidentiality of other running experiments – Data Plane to Control Plane attack • Compromise the availability of ProtoGENI resources to other users – Data plane to Internet attack • Work in progress 1
3/31/2011 Attack Experiment • Attacking Approach: ARP Poisoning – send fake, or "spoofed", ARP messages to an Ethernet LAN d f k " f d" ARP t Eth t LAN or WLAN – Purpose: DoS • Attacking Tool: Netwox – An open source network tool set – Integrate 222 tools Integrate 222 tools – Sniff, spoof, scan etc. – Used by network administrators or hackers Data Plane to Data Plane Attack • Packets in wireless channel can be easily captured due to its nature due to its nature 2
3/31/2011 Data Plane to Data Plane Attack • Use netwox tool “33” to perform ARP attack • Check the ARP cache in the victim node • The two wireless nodes cannot communicate with each other due to the faked IP/MAC address mapping Data Plane to Control Plane Attack • To “terminate” the connection of the “control ‐ router” and an experiment node through ARP poisoning • The experiment node will not be available by other users who include this particular node in their Rspec • Attack can be performed in two directions 3
3/31/2011 Data Plane to Control Plane Attack • Poison the ARP cache of the control router, Data Plane to Control Plane Attack • Poison the ARP cache of the desired node: 4
3/31/2011 How about GRE tunnel link? • No ARP cache entry for the VLAN end host • Impossible to launch ARP poisoning attack • Prevention Approach – ArpON (Arp handler inspectiON) A ON (A h dl i tiON) – static IP ‐ MAC mappings for control network • Working On – Malicious user behavior to attack the Internet 5

Recommend

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies

Web vulnerability scanning and exploitation tools Scaling vulnerability scanning Companies with 1000+ web applications running Move to m -services architectures making things worse Huge shortage of skilled security engineers to

732 views • 48 slides

Automated vulnerability scanning and exploitation Dennis Pellikaan Thijs Houtenbos University of

Automated vulnerability scanning and exploitation Dennis Pellikaan Thijs Houtenbos University of Amsterdam System and Network Engineering July 4, 2013 Dennis Pellikaan, Thijs Houtenbos Automated vulnerability scanning and exploitation 1 / 20

213 views • 20 slides

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a

Vulnerability Management Spring 2020 Jay Chen What is a vulnerability? A vulnerability is a cybersecurity flaw in a system that leave it open to attack. A vulnerability may also refer to any type of weakness in a computer system

407 views • 16 slides

Preventing Elder Investment Fraud: Assessing for Vulnerability to Financial Exploitation Dulce

Preventing Elder Investment Fraud: Assessing for Vulnerability to Financial Exploitation Dulce M. Cruz, MD, CMD Associate Professor Division of Geriatrics Saint Louis University Robert E. Roush, EdD, MPH Director, Texas Consortium GEC Baylor

954 views • 38 slides

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki 2013-06-06 Agenda Motivation ARM Primer Exploitation 101 Science, Bitches! Vulnerability classes Exploitation Defenses & Mitigation Techniques

899 views • 51 slides

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland

Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Introduction Deral Heiland, CISSP, GWAPT: Senior Security Engineer at CDW, responsible for security assessments, penetration tests and consulting for

596 views • 58 slides

Software Vulnerability Handling and practical incident recognition Idea: ( ) Sven Gabriel

EGI Community Forum 2014 Software Vulnerability Handling and practical incident recognition Idea: ( ) Sven Gabriel NIKHEF All the hard work: Heiko Reese KIT-CERT ( ) Sven Gabriel? 20042007: FZK Karlsruhe, T-1 GridKa Site Admin

1.19k views • 38 slides

good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response

Lessons Learned: Can alerting the public about exploitation do more harm than good? About Us Tom Cross, IBM X-Force Vulnerability tracking, analysis, and response IPS signature delivery MAPP (Microsoft Active Protections

855 views • 43 slides

THE ETHICAL, LEGAL, AND PRACTICAL CONSIDERATIONS INVOLVING THE FINANCIAL EXPLOITATION OF SENIORS

THE ETHICAL, LEGAL, AND PRACTICAL CONSIDERATIONS INVOLVING THE FINANCIAL EXPLOITATION OF SENIORS Francis J. Rondoni Chestnut Cambronne PA Minneapolis, Minnesota Stuart C. Bear Chestnut Cambronne PA Minneapolis, Minnesota Elizabeth C. Henry

737 views • 49 slides

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented

! Current State of Exploitation ! Return-Oriented Exploitation ! Mac OS X x86 Return-Oriented Exploitation ! Techniques ! Demo ! Mac OS X x86_64 ! Conclusion ! Morris Worm (November 1988) ! Exploited a stack buffer overflow in BSD in.fingerd on VAX

1.02k views • 80 slides

them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz

One font vulnerability to rule them all A story of cross-software ownage, shared codebases and advanced exploitation. Mateusz j00ru Jurczyk REcon 2015, Montreal PS> whoami Project Zero @ Google Low-level security researcher

2.33k views • 187 slides

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security

Kernel Pool Exploitation on Windows 7 Tarjei Mandt | Black Hat DC 2011 About Me Security Researcher at Norman Malware Detection Team (MDT) Interests Vulnerability research Operating systems internals Exploit mitigations

2.17k views • 100 slides

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a

Arjun Surendra SaciWATERs Vulnerability Vulnerability is the propensity to suffer a significant shock that brings welfare below a socially accepted level (Khl, 2003) Vulnerability increases when there is uncertainty with respect to

529 views • 21 slides

Evalua&ng Opera&ng System Vulnerability to Memory Errors

Evalua&ng Opera&ng System Vulnerability to Memory Errors Kurt B. Ferreira, Kevin Pedre1, Patrick Bridges , Ron Brightwell, David Fiala, and Frank

689 views • 23 slides

Contents What is vulnerability? Why conduct vulnerability assessments? Defining

6/19/2015 Vulnerability and Capacity Assessment Index (VCAI) for Climate Change Adaptation SVRK Prabhakar USAID ADAPT Asia-Pacific Presented at NABARD Training Workshop, Mumbai on 18 June 2015 Contents What is vulnerability? Why

705 views • 21 slides

Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1

Vulnerability Analysis and Food Aid W orking Group Chaired by W FP/ VAM Unit Vulnerability Assessm ent 2 0 0 4 Luanda, 2 5 June 2 0 0 4 Vulnerability Assessment 2004 - p1 Overview 1 . Methodology of the VA 2 0 0 4 2 . Highlights of

703 views • 28 slides

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and

Vulnerability Screening Tool Identifying and addressing vulnerability: A tool for asylum and migration systems Purpose Intended to guide & inform frontline workers & decision makers on the relevance of vulnerability factors to

507 views • 19 slides

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures

Earthquake Vulnerability Earthquake Vulnerability Vulnerability Assessment & EVR measures Islamabad Pakistan Assessment and Vulnerability Assessment and Vulnerability Reduction Measures Reduction Measures adpc Asian Disaster

702 views • 46 slides

Practical lesson Two models of the cardiovascular system: 1. Simple RLRC model 2. Accurate

Lesson 5 University of Bergamo Engineering and Management for Health FOR CHRONIC DISEASES MEDICAL SUPPORT SYSTEMS LESSON 5 Lumped parameter models of the cardiovascular system: practical lesson. Ettore Lanzarone March 25, 2020 Practical

399 views • 6 slides

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS

Project Heapbleed Thoughts on heap exploitation abstraction (WIP) ZeroNights 2014 PATROKLOS ARGYROUDIS CENSUS S.A. argp@census-labs.com www.census-labs.com Who am I Researcher at CENSUS S.A. Vulnerability research, reverse

572 views • 44 slides

Introduction What is Disaster vulnerability? Vulnerability is the inability to resist a

Vulnerability to Disasters: A Gendered Analysis on Water Availability and Livelihoods in Nadu Colony, Kovalam, Chennai, India Group No: 02 Sumaia Kashem Shreeya Lohani Shanmuga Priya. G Meththa Prabodhani Menike

834 views • 40 slides

An Introduction to Elder Abuse for Professionals: Financial Exploitation NCEA Financial

An Introduction to Elder Abuse for Professionals: Financial Exploitation NCEA Financial Exploitation 1 Learning Objectives At the end of this presentation, you will be able to: Define and describe financial exploitation Identify

386 views • 34 slides

VULNERABILITY OVERVIEW $ ls -1

VULNERABILITY OVERVIEW $ ls -1 /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/meltdown /sys/devices/system/cpu/vulnerabilities/spectre_v 1

380 views • 13 slides

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators

The Maldives Population Distribution Vulnerability Indicators Vulnerability Indicators (excluding Male') Highest elevation 1.5m Population: 298,968 above sea level less than 1000 97% of all inhabited 59 % Total number of

357 views • 4 slides