Download - Gauntlt Rugged By Example
![Page 1: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/1.jpg)
Rugged by Example
with
Gauntlt
![Page 2: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/2.jpg)
@wickett
College Startup
Web Systems Engineer
Media Startup
Web Ops Lead
DevOps
CISSP
CISSP, sounds cool
![Page 3: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/3.jpg)
a brief history of infosec
![Page 4: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/4.jpg)
1337 tools
![Page 5: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/5.jpg)
the worms and viruses didn’t stop
![Page 6: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/6.jpg)
we faced skilled
adversaries
![Page 7: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/7.jpg)
we couldn’t win
![Page 8: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/8.jpg)
Instead of
Engineering
InfoSec
became
Actuaries
![Page 9: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/9.jpg)
“[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK”
![Page 10: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/10.jpg)
there were other
movements
![Page 11: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/11.jpg)
devs became cool
![Page 12: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/12.jpg)
devs became cool agile
![Page 13: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/13.jpg)
the biz sells time
now
![Page 14: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/14.jpg)
![Page 15: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/15.jpg)
dev and ops now play nice
![Page 16: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/16.jpg)
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 17: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/17.jpg)
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
![Page 18: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/18.jpg)
cultureautomationmeasurementsharing
credit to John Willis and Damon Edwards
![Page 19: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/19.jpg)
infosec hasn’t kept
pace
![Page 20: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/20.jpg)
Your punch is soft,just like your heart
![Page 21: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/21.jpg)
“Is this
Secure?”
-Your
Customer
![Page 22: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/22.jpg)
“It’s
Certified”
-You
![Page 23: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/23.jpg)
there’s a better way
![Page 24: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/24.jpg)
![Page 25: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/25.jpg)
6 R’s of Rugged DevOps
![Page 26: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/26.jpg)
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
![Page 27: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/27.jpg)
how does one join rugged devops?
![Page 28: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/28.jpg)
![Page 29: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/29.jpg)
enter gauntlt
![Page 30: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/30.jpg)
gauntlt is
like this
![Page 31: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/31.jpg)
sqlmap sslyze
dirbcurl
generic
nmap
your appgauntlt
exit status: 0
![Page 32: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/32.jpg)
gauntlt credits:
Project Leads:
James Wickett
Jeremiah Shirk
Friends: Jason Chan, NetflixNeil Matatall, TwitterMani Tadayon
![Page 33: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/33.jpg)
security tools are confusing
![Page 34: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/34.jpg)
mapping
discovery
exploitation
![Page 35: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/35.jpg)
fuzzfind inject
![Page 36: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/36.jpg)
security
tests on
every change
![Page 37: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/37.jpg)
wisdom from
a video game
![Page 38: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/38.jpg)
always
listen to
Doc
![Page 39: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/39.jpg)
Find the
weakness of
your enemy
![Page 40: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/40.jpg)
Codify your
knowledge
(cheat sheets)
![Page 41: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/41.jpg)
sometimes, you
face the same
enemies again
![Page 42: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/42.jpg)
gauntlt is
collaboration
![Page 43: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/43.jpg)
Gauntlt helps
dev and ops
and security
to communicate
![Page 44: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/44.jpg)
gauntlt
harmonizes
our languages
![Page 45: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/45.jpg)
Behavior Driven
Development
BDD is a second-generation, outside–in, pull-based, multiple-stakeholder, multiple-scale, high-automation, agile methodology. It describes a cycle of interactions with well-defined outputs, resulting in the delivery of working, tested software that matters.
Dan North , 2009
![Page 46: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/46.jpg)
we have to start
somewhere
![Page 47: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/47.jpg)
$ gem install gauntlt
install gauntlt
![Page 48: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/48.jpg)
gauntlt design
Simple
Extensible
UNIX™: stdin, stdout, exit status
Minimum features yield maximum utility
![Page 49: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/49.jpg)
$ gauntlt --list
Defined attacks: curl dirb garmr generic nmap sqlmap sslyze
![Page 50: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/50.jpg)
Attack File
Plain Text File
Gherkin syntax:
Given
When
Then
![Page 51: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/51.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
Given
When
Then
When
Then
![Page 52: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/52.jpg)
running gauntlt with failing tests
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 failed)5 steps (1 failed, 4 passed)0m18.341s
![Page 53: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/53.jpg)
$ gauntlt
Feature: nmap attacks for example.com
Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F www.example.com """ Then the output should contain: """ 443/tcp open https """
1 scenario (1 passed)4 steps (4 passed)0m18.341s
running gauntlt with passing tests
![Page 54: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/54.jpg)
$ gauntlt --steps/^"(\w+)" is installed in my path$//^"curl" is installed$//^"dirb" is installed$//^"garmr" is installed$//^"nmap" is installed$//^"sqlmap" is installed$//^"sslyze" is installed$//^I launch a "curl" attack with:$//^I launch a "dirb" attack with:$//^I launch a "garmr" attack with:$//^I launch a "generic" attack with:$//^I launch an "nmap" attack with:$//^I launch an "sslyze" attack with:$//^I launch an? "sqlmap" attack with:$//^the "(.*?)" command line binary is installed$//^the file "(.*?)" should contain XML:$//^the file "(.*?)" should not contain XML:$//^the following cookies should be received:$//^the following profile:$/
![Page 55: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/55.jpg)
$ gauntlt --steps/^"(\w+)" is installed in my path$//^"sqlmap" is installed$//^I launch a "generic" attack with:$//^I launch an? "sqlmap" attack with:$/
![Page 56: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/56.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
setup steps
verify tool
set config
![Page 57: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/57.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
attack
get config
![Page 58: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/58.jpg)
Feature: nmap attacks for example.com Background: Given "nmap" is installed And the following profile: | name | value | | hostname | example.com |
Scenario: Verify server is open on expected ports When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should contain: """ 80/tcp open http """ Scenario: Verify that there are no unexpected ports open When I launch an "nmap" attack with: """ nmap -F <hostname> """ Then the output should not contain: """ 25/tcp """
assert
needle
haystack
![Page 59: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/59.jpg)
Supported Tools
curlnmapsqlmapsslyzeGarmrdirbgeneric
![Page 60: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/60.jpg)
Netflix
Use Case
Real World Cloud Application Security, Jason Chanhttps://vimeo.com/54157394
![Page 61: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/61.jpg)
Check your ssl certs
![Page 62: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/62.jpg)
cookie tampering
![Page 63: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/63.jpg)
curl hacking
![Page 64: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/64.jpg)
Look for common apache
misconfigurations
![Page 65: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/65.jpg)
@slowFeature: Run dirb scan on a URL
Scenario: Run a dirb scan looking for common vulnerabilities in apache
Given "dirb" is installed And the following profile: | name | value | | hostname | http://example.com | | wordlist | vulns/apache.txt |
When I launch a "dirb" attack with: """ dirb <hostname> <dirb_wordlists_path>/<wordlist> """
Then the output should contain: """ FOUND: 0 """
.htaccess.htpasswd
.meta.web
access_logcgi
cgi-bincgi-pub
cgi-scriptdummyerror
error_loghtdocshttpd
httpd.pidicons
server-infoserver-status
logsmanualprintenvtest-cgi
tmp~bin~ftp
~nobody~root
![Page 66: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/66.jpg)
I have my weakness. But I won't tell you! Ha Ha Ha!
![Page 67: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/67.jpg)
Test for SQL
Injection
![Page 68: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/68.jpg)
@slow @announceFeature: Run sqlmap against a target Scenario: Identify SQL injection vulnerabilities
Given "sqlmap" is installed And the following profile: | name | value | | target_url | http://example.com?x=1 |
When I launch a "sqlmap" attack with: """ python <sqlmap_path> -u <target_url> --dbms sqlite --batch -v 0 --tables """
![Page 69: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/69.jpg)
![Page 70: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/70.jpg)
my_first.attack
See ‘GET STARTED’ on project repo
Start here > https://github.com/gauntlt/gauntlt/tree/master/examples
Find examples for the attacks
Add your config (hostname, login url, user)
Repeat
![Page 71: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/71.jpg)
Starter Kit on GitHub
The starter kit is on GitHub:
github.com/gauntlt/gauntlt-starter-kit
Or, download a copy from:
www.gauntlt.org/
![Page 72: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/72.jpg)
@gauntlt
future plans
![Page 73: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/73.jpg)
Next Features
More output parsers
More attack adapters
JRuby & Java Support
Front end UI / web
reports
![Page 74: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/74.jpg)
Add feature requests here:
https://github.com/gauntlt/gauntlt/
issues
![Page 75: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/75.jpg)
Contribute
to gauntlt
See ‘FOR DEVELOPERS’ in
the README
Get started in 7 steps
![Page 76: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/76.jpg)
If you get
stuck
Check the README
IRC Channel: #gauntlt
on freenode
@gauntlt on twitter
Mailing List (https://groups.google.com/forum/#!forum/
gauntlt)
Office hours with
weekly google hangout
![Page 77: Gauntlt Rugged By Example](https://reader034.vdocuments.mx/reader034/viewer/2022050804/546e9b2db4af9fcd268b4709/html5/thumbnails/77.jpg)
get started with gauntlt
github/gauntlt
gauntlt.orgvideos
tutorials
google group@gauntlt
IRC #gauntltwe
help!
start here
cool vids!