economies of scale in hacking - immunity inc · economies of scale in hacking dave aitel immunity...
TRANSCRIPT
![Page 1: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/1.jpg)
10/01/08 1
Economies of Scale in HackingDave AitelImmunity
Ekoparty, 2008 (Argentina)
![Page 2: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/2.jpg)
10/01/08 2
Demand Side/Supply SideEconomies of Scale
● Networked increase in value
● High barrier of entry● Cheaper as you get
bigger
![Page 3: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/3.jpg)
10/01/08 3
Applying this to hacking
The best offense is a good offense
Your source code wants to be free
The 10.0.0.0 and IPv6problems
Networked reverse engineering toolkits
Attack frameworks
XSS vs Heap Overflows
![Page 4: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/4.jpg)
10/01/08 4
Ignore the network effects to your own peril
● Case Studies:– AV– IDS– Static Analysis
● Questions to ask:– What is growing exponentially?– How did the technology handle that?
![Page 5: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/5.jpg)
10/01/08 5
The Twitter Effect
● To Twitter: (verb) to fail under exponential growth
![Page 6: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/6.jpg)
10/01/08 6
AntiVirus
Not a good sign
6 hours to defeat 10 AV's
![Page 7: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/7.jpg)
10/01/08 7
IDS: What grows exponentially?
● Targets– And hence vulnerabilities
● Protocols– Protocol complexity
● IDS/IPS failed because decoding DCOM is ten times harder than decoding SMB which is ten times harder than decoding IP Ethernet
IP
TCP
SMB
DCE
DCOM
The tower of Babble
![Page 8: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/8.jpg)
10/01/08 8
Static Analysis: Checklists are not the answer
● NIST Static Analysis survey– 6 target programs (Java/C)– Lots of products and services– Extremely high false positive rate– Over 1 man year to sort through 47000 warnings– Guess how many 0day they found!?
![Page 9: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/9.jpg)
10/01/08 9
Sniff For It
Scan for it
Best of the 90's
Security Problem?
![Page 10: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/10.jpg)
10/01/08 10
Demand Side Economies of Scale: Offense == More Offense
The best offense is a good offense
![Page 11: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/11.jpg)
10/01/08 11
The best password cracker in the world
?
![Page 12: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/12.jpg)
10/01/08 12
The best password cracker in the world
grep targetname passwords.txtChances are I
already have your password
![Page 13: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/13.jpg)
10/01/08 13
To a hacker who is everywhere...
Your web of trust is shallow and visible
![Page 14: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/14.jpg)
10/01/08 14
Poor Attacker
Attacker TargetLaw Enforcement
Hmm, What's that?
![Page 15: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/15.jpg)
10/01/08 15
Rich Attacker
Attacker Target
AttackerBounce
Box NearTarget
Law Enforcement
Tunnel
![Page 16: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/16.jpg)
10/01/08 16
Trust the Source
Your source code wants to be free
![Page 17: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/17.jpg)
10/01/08 17
“Damage” is strategic, not monetary
![Page 18: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/18.jpg)
10/01/08 18
Networks, plural.
The 10.0.0.0 and IPv6problems
![Page 19: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/19.jpg)
10/01/08 19
10.0.0.owned
Scanning is for suckers.
![Page 20: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/20.jpg)
10/01/08 20
OS Detection
● Knowing a host is Windows 2000 is great for scanner reports
● To get beyond the scanner reports we need to think beyond “OS” to a concept of “is this vulnerable” and “will this be vulnerable”. – Automated statistical techniques can do this on a
large scale
![Page 21: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/21.jpg)
10/01/08 21
GIT + ASM = GITASM?
Networked reverse engineering toolkits
![Page 22: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/22.jpg)
10/01/08 22
There's no I in hacking.
DB of all programunderstanding
![Page 23: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/23.jpg)
10/01/08 23
Applying this to hacking
Attack frameworks
![Page 24: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/24.jpg)
10/01/08 24
Know Your Customer
● “iTunes” for Exploits● “Facebook” for trojans● Customer Relationship Management for targets
![Page 25: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/25.jpg)
10/01/08 25
This is not your father's heap
XSS vs Heap Overflows
![Page 26: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/26.jpg)
10/01/08 26
The Bazaar● Good offensive security research is being driven
underground– It's too expensive to give away!– Not just a “Vulnerability Marketplace”:
● Audit technologies● Bug classes● Exploit techniques
Show me the MONEY!
![Page 27: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/27.jpg)
10/01/08 27
Why are memory corruption bugs so expensive
● Heap/Stack cookies (/gS)● SafeSEH● ASLR● DEP/NX/W^X/PAX● Process Isolation● System call ACLs● Automated code review programs● Managed languages
![Page 28: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/28.jpg)
10/01/08 28
Security made the news
● Security built into development lifecycles– And compiler tools
● Security responses driving vendor differentiation
● Security being built into platforms
![Page 29: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/29.jpg)
10/01/08 29
A gathering storm
● “But this doesn't affect me I write web applications in Ruby on Rails”
● “There hasn't been a real remote overflow in IIS since version 5”
● “What part of managed language don't you understand?”
This is all true!
![Page 30: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/30.jpg)
10/01/08 30
$>$$$
● Vulnerability research is so expensive it cannot be funded out of your marketing budget anymore
● Not only are bugs expensive but the techniques for reliably exploiting bugs becomes expensive– You no longer know if you are really at risk!
![Page 31: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/31.jpg)
10/01/08 31
The market is reacting
● The memory corruption problem is “solved”● The worm problem is “solved”
– Hence, the slow takeup of IPS – it's just not worth the pain!
● Microsoft Exploitability Index– Q: What are you going to do when for months on
end everything is “pretty much not exploitable”– A: Stop patching– A: Stop investing in security
![Page 32: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/32.jpg)
10/01/08 32
Exploit 7 Impossible Bugs Before Breakfast
![Page 33: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/33.jpg)
10/01/08 33
Things you can do at large scale
● Defeat Secure Development Lifecycles● Attain a significant advantage by combining
different levels of information
![Page 34: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/34.jpg)
10/01/08 34
Attack the next big mistake
● C/C++– Memory corruption
● Ruby on Rails, Java, C#, Python, etc.– No buffer overflows (we're MANAGED)– Threading!
![Page 35: Economies of Scale in Hacking - Immunity Inc · Economies of Scale in Hacking Dave Aitel Immunity Ekoparty, 2008 (Argentina) 10/01/08 2 Demand Side/Supply Side Economies of Scale](https://reader033.vdocuments.mx/reader033/viewer/2022053014/5f131c8e356aa21b565c6319/html5/thumbnails/35.jpg)
10/01/08 35
The Conclusion
Hacking has a strong trend towards natural monopoly!