traps of gold - def con® hacking conference€¦ · title: traps of gold author: andrew wilson...
TRANSCRIPT
![Page 1: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/1.jpg)
Traps of Gold Michael Brooks & Andrew Wilson
![Page 2: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/2.jpg)
Cau.on. Please vet anything discussed with legal and
management.
![Page 3: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/3.jpg)
FRUSTRATION
http://www.flickr.com/photos/14511253@N04/4411497087/sizes/o/in/photostream/
![Page 4: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/4.jpg)
Our en.re defense strategy is REACTIVE…
AKA, losing
![Page 5: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/5.jpg)
Fixes known issues Someone already pwnd it Already in Produc@on!
Patch Management
![Page 6: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/6.jpg)
Reduces Vulnerabili@es Expensive Limited Effec@veness
Secure Development
![Page 7: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/7.jpg)
Free groping at airport You aren’t safer Introduces vulnerabili@es
Security Theater
![Page 8: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/8.jpg)
What is missing? But if they aren’t working…
![Page 9: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/9.jpg)
Fight Back
http://www.flickr.com/photos/superwebdeveloper/5604789818/sizes/l/in/photostream/
![Page 10: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/10.jpg)
“We conclude that there exists no clear division between the offense and defense. -‐ USMC, Warfigh.ng
![Page 11: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/11.jpg)
http://www.flickr.com/photos/travis_simon/3865383863/sizes/z/in/photostream/
![Page 12: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/12.jpg)
They have: AUackers are human too.
• Finite @me • Imperfect tools • Emo@on / Ego / Bias • Risk
![Page 13: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/13.jpg)
AUack them there. So...
![Page 14: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/14.jpg)
“If I have seen further, it is only by standing on the shoulder of giants. -‐ Sir Isaac Newton
![Page 15: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/15.jpg)
Traps of Gold
IDS Systems
Honeypots
Exploits
![Page 16: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/16.jpg)
Attrition Maneuver
Two Models of Warfare
![Page 17: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/17.jpg)
Maneuverability
http://www.flickr.com/photos/travis_simon/3865383863/sizes/z/in/photostream/
![Page 18: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/18.jpg)
Stack the Deck http://www.flickr.com/photos/jonathanrh/5817317551/sizes/o/in/photostream/
![Page 19: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/19.jpg)
“To act in such a way that the enemy does not know what to expect.
Ambiguity: Ambiguity
![Page 20: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/20.jpg)
Server Banners
File Extensions
Default Files
Who needs this?
The browser doesn’t care.
Why leave these up?
![Page 21: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/21.jpg)
Shut up. If knowing is half the baUle
![Page 22: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/22.jpg)
“Convince the enemy we are going to do something other than what we are really going to do
Decep.on
![Page 23: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/23.jpg)
Lie about the rest. Reduce what they can know
![Page 24: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/24.jpg)
Blatantly lying. Increase the noise by…
![Page 25: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/25.jpg)
Issues Iden
@fied
Before AUer
19 5462 Nikto
6 300 Skipfish
6 300 Wapiti
6 300 w3af
6 300 Prod scan
6 300 Prod scan
6 300 Prod scan
See updates after talk
That’s real though!
![Page 26: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/26.jpg)
Will it? But that wont fool people…
![Page 27: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/27.jpg)
Some lies are beUer.
http://www.flickr.com/photos/randomurl/459180872/sizes/l/in/photostream/
![Page 28: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/28.jpg)
“The secrets of victory thus lie in the taking of ini.a.ve.
Ambiguity: Tempo
![Page 29: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/29.jpg)
It’s about awareness and ac.ng sooner.
It’s not about reac.on
![Page 30: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/30.jpg)
Perceived
Actual
AXack Surface I made this
up!
And I can watch for
this.
![Page 31: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/31.jpg)
http://www.flickr.com/photos/derek_b/5837741974/sizes/o/in/photostream/
![Page 32: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/32.jpg)
“I love it when a plan comes together. -‐Hannibal
![Page 33: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/33.jpg)
Misdirec@on ShuYng down tools Increasing awareness
So far we’ve shown:
![Page 34: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/34.jpg)
Can we break it? But…
![Page 35: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/35.jpg)
http://www.flickr.com/photos/20106852@N00/2238271809/sizes/o/in/photostream/
![Page 36: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/36.jpg)
To recap. Stop ac.ng like this…
![Page 37: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/37.jpg)
![Page 38: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/38.jpg)
Start ac.ng like this.
http://www.flickr.com/photos/kriztofor/3253758933/sizes/o/in/photostream/
![Page 39: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/39.jpg)
Fight Back
http://www.flickr.com/photos/superwebdeveloper/5604789818/sizes/l/in/photostream/
![Page 40: Traps of Gold - DEF CON® Hacking Conference€¦ · Title: Traps of Gold Author: Andrew Wilson Security Consultant, Trustwave SpiderLabs, Michael Brooks Security Researcher Subject:](https://reader033.vdocuments.mx/reader033/viewer/2022060507/5f1f9c3531c2604bc22984cb/html5/thumbnails/40.jpg)
Capture The Flag
The winner takes all
hUp://cY.doublethunk.org