operating systems security and why it ... - redteam pentesting · operating systems security and...
TRANSCRIPT
![Page 1: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/1.jpg)
OperatingSystemsSecurity
AndWhyIt(Mostly)Doesn'tMatter
PatrickHof-RedTeamPentestingGmbHpatrick.hof@redteam-pentesting.de
https://www.redteam-pentesting.de/
RadboudUniversity,Nijmegen,19December2016
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 2: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/2.jpg)
Foundedin2004atRWTHAachenUniversity
9penetrationtesters
Conductingpenetrationtestsworld-wide
Specialisationexclusivelyonpenetrationtests
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
RedTeamPentesting,Dates&Facts
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 3: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/3.jpg)
Targetsandattacker-modeldefinedinpreliminarymeeting
Conductedfromtheattacker'sperspective→Samemethodsas“badguys”
Individualisedsearchforsecurityvulnerabilities
Detaileddocumentation
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Pentest–Introduction
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 4: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/4.jpg)
Ifyoulookatthesecurity-relatedheadlinesin2016,we'reprettymuchdoomed
Largedatabreaches2016(justtonameafew):Dec14th,Yahoo:Morethan1B(!)useraccounts(fromAugust2013)
Nov23rd,AdultFriendFinder:421Museraccounts
Sep2nd,Dropbox:68Museraccounts(from2012)
May17th,LinkedIn:117Museraccounts(from2012)
andthelistgoeson...1
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
DataBreaches2016
1:Source:https://www.identityforce.com/blog/2016-data-breaches
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 5: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/5.jpg)
CVE-2016-5195
CVE-2016-0800
CVE-2016-3714
CVE-2015-0235
CVE-2014-6271
CVE-2014-0160
Weevenhavelogosnow!Finally,peoplewillunderstandtheseverityofthesituation!
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
BrandedSecurityVulns
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 6: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/6.jpg)
Whydoweseesomanyincidents?
Thereseemtobemoresecurity-relatedincidentsthanever
Inourpentests,weusuallycanachievewhatweagreedbeforeshouldnothappen,whyisthat?
ItriedtofindthecheesiestimageIcouldget...
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
SecurityIncidentsWhereverYouLook
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 7: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/7.jpg)
IDS/IPS
Trafficanalysisuptoapplicationlayer
Antivirus
Securityappliancescombiningalloftheabove
Operatingsystemssecurity(ASLR,DEP/NXetc.)
2FA
Centralizedsecurity,e.g.grouppoliciesonWindows
...
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
DefenseMechanismsAreGettingMoreAdvanced
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 8: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/8.jpg)
Whenwestarted10yearsago,“pentests”werenotwidelyknown
Now,companiesareinvestingmorethaneverinITsecurity(searchfor“HotCybersecurityStocks2016”onGoogle,Idareyou)
Shouldn'tthisreducetheamountofincidents?
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
InvestmentsinITSecurityareRising
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 9: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/9.jpg)
Ok,somaybethingsarenotasbadasImakeitlooklike.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 10: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/10.jpg)
Theory:Workingasapentesteronlyshowsveryvulnerablecompanies,everyoneelseissecureandthereforedoesn'tdopentests.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 11: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/11.jpg)
Theory:Workingasapentesteronlyshowsveryvulnerablecompanies,everyoneelseissecureandthereforedoesn'tdopentests.
Answer:No,thosewhodopentestsarerathersecurity-aware,otherwisetheywouldn'tbother.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 12: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/12.jpg)
Theory:Themediaaregivingaskewedviewonthingsforthesakeofmakingscaryheadlinesabout“thecybers”,thereforemakingitseemworsethanitactuallyis.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
Sowehavetogetvery,verytoughoncyberandcyberwarfare.Itisa,itisahugeproblem.Ihaveason.He's10yearsold.Hehascomputers.Heissogoodwiththesecomputers,it'sunbelievable.Thesecurityaspectofcyberisvery,verytough.–AbrahamLincoln
“”
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 13: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/13.jpg)
Theory:Themediaaregivingaskewedviewonthingsforthesakeofmakingscaryheadlinesabout“thecybers”,thereforemakingitseemworsethanitactuallyis.
Answer:Mightbepartlytrue,butapartfromtheusualmediasensationalism,manyhacksarereal.Wedoseealotofvulnerablesystemsinourworkandwealsogetfeedbackfromclientsaboutbreachestheyhadthatwereneverreportedtoanyone.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 14: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/14.jpg)
Theory:Thereissomuchmoneyinthesecurityindustrythateveryoneisinterestedinscaringpeopleintobuyingasmuch“security”aspossible.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 15: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/15.jpg)
Theory:Thereissomuchmoneyinthesecurityindustrythateveryoneisinterestedinscaringpeopleintobuyingasmuch“security”aspossible.
Answer:Partlytrue,there'salotofveryquestionablestuffouttherethatmakesmillionsinprofits,butasIalreadysaid:wedoseealotofveryinsecuresystemsinourwork,andifyoulookattherecentsecurityresearch,othersdotoo.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
TheSituation
Explanations?
WhysoManyIncidents?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 16: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/16.jpg)
Someideaswhattherealproblemscouldbe:
Everythingisonlinethesedays,orintheprocessofgoingonline:Banking,shopping,socialinteraction...
ITismoreandmoreprevalentineverycompany,(almost)nobodyworkswithoutITortheInternet
Employeesshouldbeabletoworkfromanywhere(andbeavailable24/7),soremoteaccessisneededevenfromprivatehardware(BYOD)
Thingschangefast,companiesaretryingtokeepupwiththelatesttrends
Thereisahugemarketforcheapgadgetsandthe“InternetofThings”
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
TheRealProblems
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 17: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/17.jpg)
Complexitybreedsbugs,bugsarevulnerabilitieswaitingtobeexploited
Companiesaddmorefeaturesinsteadofsecuringthealreadyavailable
Attackersareinterestedindata,notnecessarilyarootshell
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
TheRealProblems
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 18: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/18.jpg)
Malvertising:Adnetworkscurrentlyhaveahugemalwareproblem
ContentDeliveryNetworks(CDN):Onehack,millionsofvictims
Hidebehindthe“bigname”whendeliveringmalware
JavaScriptbloat
March2016:The“left-padfiasco”1:2.486.696downloadsinFebruaryaloneforamodulethatleft-padsstrings!
Again:hackonedeveloper,targetloadsofapplications
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
TheRealProblems
1:http://www.haneycodes.net/npm-left-pad-have-we-forgotten-how-to-program/
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 19: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/19.jpg)
MoreBuzzwords:
InternetofThings(IoT)
TheCloud
Antivirus
Smartphones
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
TheRealProblems
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 20: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/20.jpg)
9.12.2016:Netgear,8modelscanbeexploitedlikeit's'99:
http://<router_IP>/cgi-bin/;COMMAND
ThisishowIexploitedmyLinksysWRT54GWi-firoutertoinstallLinux,in2002!Eventhen,commandinjectionswerealreadyawell-knownvulnerability.
Thereareexploitkitsusedbymalvertiserstoopenuphomerouterswithvulnerabilitieslikethisone.
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
Example:HomeRouters
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 21: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/21.jpg)
Antivirussoftwareisoftenindistinguishablefromakernelrootkit
Embedsitselfdeeplyintothesystem,hookingkernelfunctions
CheckoutTavisOrmandy'sworkatGoogleProjectZeroExploitsforSymantecandNorton,Avast,TrendMicro...
Recentresearch(12.12.2016)byAndrewFasano:McAfeeVirusScanforLinux,10vulnerabilitiesthatcanbe
chainedtoachieveremotecommandexecutionasroot1
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
Example:Antivirus
1:https://nation.state.actor/mcafee.html
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 22: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/22.jpg)
Problem:Transparentlysendingobjectsbackandforthblursthedistinctionbetweenuntrustedclientandtrustedserverforprogrammers
Oneofthenewertools(released2015):ysoserial1
ObjectInputStream.readObject()AnnotationInvocationHandler.readObject()[...]Runtime.getRuntime()InvokerTransformer.transform()Method.invoke()Runtime.exec()
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
Example:SerializationConsideredHarmful
1:https://github.com/frohoff/ysoserial
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 23: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/23.jpg)
OperatingSystemsSecurity:
MostlyPostExploitationaka:wealreadygotthedata,butwhilewe'reatit...
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
WhatElse?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 24: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/24.jpg)
Inmanycases:Onceyouarepartofthedomain,itisjustamatteroftimeuntilyouaredomainadmin
Getlocaluserhashes/ticketsfrommemory
Ifnotalreadydomainadmin:Accessothermachineswithcredentials/hashes/ticketsfounduntilyouhaveadomainadminaccount
Gameover,connecttodomaincontrollerandcreateforexampleagoldenticket
mimikatz1implementsallthis
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
OperatingSystemsSecurity:Windows
1:https://github.com/gentilkiwi/mimikatz
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 25: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/25.jpg)
Linuxisfoundmostlyonservers
There,youhavetheusualproblem:Onlyfewinstalltheirpatchesontime→Outdatedkernel,glibcetc.
Uselocalprivilegeescalationtogetroot
Morefragmented,ratherindividualhowyoucangetaccesstomoresystems
E.g.passwordsinthe.bash_history,privateSSHkeys,weakpasswords,openshares,configfileswithcredentials...
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
OperatingSystemsSecurity:Linux
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 26: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/26.jpg)
Westarttoseethatconsumersdemandsecurity,butonlywhenithurts(e.g.Ransomware)
Nobodycaresifthey'repartofabotnet,everyonecaresiftheirfamilyphotosareencrypted(orforcompanies:theirpreciousExcelreports)
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
AreWeReallyDoomed?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 27: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/27.jpg)
Reducecomplexity(KISS)insteadofincreasingit
Makesecuritypartofthedevelopmentcycle
Patchyoursystemsregularly!
NoteverythingneedstobeconnectedtotheInternet
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
AreWeReallyDoomed?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter
![Page 28: Operating Systems Security And Why It ... - RedTeam Pentesting · Operating Systems Security And Why It (Mostly) Doesn't Matter Patrick Hof - RedTeam Pentesting GmbH patrick.hof@redteam-pentesting.de](https://reader034.vdocuments.mx/reader034/viewer/2022042620/5ac5983e7f8b9a57528dba5f/html5/thumbnails/28.jpg)
Thankyouforlistening!
RedTeamPentesting
PenetrationTests
We'reDoomed
WhatNow?
Explanations!
OperatingSystemsSecurity
Conclusion
Questions?
RedTeamPentestingGmbH OSSecurityAndWhyIt(Mostly)Doesn'tMatter