{"id":110,"date":"2008-09-25T08:45:09","date_gmt":"2008-09-25T13:45:09","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=110"},"modified":"2008-09-25T08:45:09","modified_gmt":"2008-09-25T13:45:09","slug":"tiger-team-appsec-projects-owasp-appsec-nyc-2008","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/25\/tiger-team-appsec-projects-owasp-appsec-nyc-2008\/","title":{"rendered":"Tiger Team &#8211; AppSec Projects &#8211; OWASP AppSec NYC 2008"},"content":{"rendered":"<p>This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks.<\/p>\n<p>General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, &#8230;), physical (break-in, theft, physical access, physical manipulation, violence), and malfunction\/inherent (business logic flaws, software glitches, software coding holes\/exploits, process breakdown, act of god\/war\/terrorism disruption, intended backdoors) and a red team test should cover them all.<\/p>\n<p>Why red teaming?<\/p>\n<blockquote><p>How do you know you can put up a fight if you have never taken a punch?<\/p><\/blockquote>\n<p>Red teaming process: Information Gathering -&gt; Vulnerability Analysis -&gt; Target Selection -&gt; Planning -&gt; Executing the Attack -&gt; Back to step 1<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Process of Attack<\/strong><\/span><\/p>\n<ul>\n<li><strong>Information Gathering:<\/strong> Research methods and useful information (spend most time here)<\/li>\n<li><strong>Vulnerability Analysis:<\/strong> Internal\/external\/hired\/personal<\/li>\n<li><strong>Target Selection:<\/strong> Internal\/external\/hired\/personal<\/li>\n<li><strong>Planning:<\/strong> Plan a, b, e, d, pie<\/li>\n<li><strong>Executing the Attack:<\/strong> Getting what you need and getting out.\u00a0 Not getting greedy.\u00a0 Getting out cleanly.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Corporate Attack Approach<\/strong><\/span><\/p>\n<ul>\n<li><strong>External Direct:<\/strong> server\/app attack<\/li>\n<li><strong>External Indirect:<\/strong> client side\/phishing\/phone calls<\/li>\n<li><strong>Internal Indirect:<\/strong> key\/cd drops\/propaganda\/creating a spy<\/li>\n<li><strong>Internal Direct:<\/strong> social\/electronic\/physical\/blended<\/li>\n<li><strong>Exotic Attacks<\/strong>: environment manipulation (pulling the fire alarm, etc to move people)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Information Gathering Tools<\/strong><\/span><\/p>\n<ul>\n<li>Maltego: The best attacks from the best intel (gives a graphical view of how all of the information interacts)<\/li>\n<li>Metagoofil: Yer Dox on the net have Infos (Extracts information from internet documents)<\/li>\n<li>Clez.net (External Profiling)<\/li>\n<li>CentralOps.net (Network Profiling)<\/li>\n<li>Robtex (Server Profiling)<\/li>\n<li>Touchgraph (Show business relationships and links)<\/li>\n<li>ServerSniff (Get tons of webserver specific info and verification)<\/li>\n<li>Netcraft (usage info)<\/li>\n<li>DomainTools (Domain info)<\/li>\n<li>MySpace\/Friendster\/Twitter (know ya enemy)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Onsite Tools<\/strong><\/span><\/p>\n<ul>\n<li>BootRoot\/SysReQ<\/li>\n<li>Ophcrack Live<\/li>\n<li>Helix\/Backtrack<\/li>\n<li>Core Impact<\/li>\n<li>FireWire PCMCIA Card + Winlockpwn = Unlock<\/li>\n<li>Switchblade + Hacksaw + U3 drive<\/li>\n<li>Elite Keylogger<\/li>\n<li>WRT + Metasploit = Cheap leave behind<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Other Fun Toys Onsite<\/strong><\/span><\/p>\n<ul>\n<li>FlexiSpy (installs image on cell phone to read SMS, listen to phone calls, etc)<\/li>\n<li>Pen cams<\/li>\n<li>USB cams<\/li>\n<li>Cell phone jammers<\/li>\n<\/ul>\n<p>All of these different methods to test front\/back\/side doors don&#8217;t rule out the low tech attacks.\u00a0 You could spend a million dollars to prevent someone from hacking the server and they could just walk in the front door and take it.\u00a0 A really good talk by a guy who really knows his stuff and the only talk I&#8217;ve seen so far at the conference that wasn&#8217;t specifically about technical vulnerabilities.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This presentation was by Chris Nickerson, founder of Lares Consulting, and the goal was to talk about the use of layered attacks. General types of threats includes social engineering\/human (corporate\/personal manipulation, bogus e-mails, physical intrusion, media dropping, phone calls, conversation, role playing), electronic (application and business logic attacks, software vulnerability exploitation, &#8230;), physical (break-in, theft, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[127,4],"tags":[76,128,12,167,622,166,165],"class_list":["post-110","post","type-post","status-publish","format-standard","hentry","category-owasp-appsec-nyc-2008","category-web-app-sec","tag-application","tag-appsec","tag-owasp","tag-projects","tag-security","tag-team","tag-tiger"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-1M","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=110"}],"version-history":[{"count":1,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions"}],"predecessor-version":[{"id":111,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/110\/revisions\/111"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}