using students to pen test your network students to pen test your network ... •the contemporaneous...
TRANSCRIPT
![Page 1: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/1.jpg)
Using Students to Pen Test Your Network
(For Credit)Robert MaxwellMichael Hicks
![Page 2: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/2.jpg)
No, seriously.
This presentation leaves copyright of the content to the presenter. Unless otherwise noted in the materials, uploaded content carries the Creative Commons Attribution-NonCommercial-ShareAlikelicense, which grants usage to the general public with the stipulated criteria.
![Page 3: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/3.jpg)
Mike Hicks
• Director of the Maryland Cybersecurity Center
• Associate Professor of CS at UMCP
• Lots more: http://www.cs.umd.edu/~mwh/
![Page 4: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/4.jpg)
Rob MaxwellManager, Security Operations,
UMCPFaculty of MC^2.
![Page 5: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/5.jpg)
How did the IT guys get involved in teaching?
• Long term cooperation with some researchers for access to data (my boss gets most of the credit here, but he’d like us to forget about that)
• This leads to our involvement with the Maryland Cybersecurity Center (MC^2)
• then one day...
![Page 6: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/6.jpg)
Seriously, how did this happen?
• University signs a contract with a job site where students will post resumes, obliges departments to use it.
• CS professors are made aware of serious security holes in the site.
• To make it much worse, vendor is very unresponsive to their concerns.
by an applicant for the directorship of the center
![Page 7: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/7.jpg)
The Brainstorm
• Let’s have a class of students pen test the campus network to make it more secure.
![Page 8: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/8.jpg)
Secure Maryland
• Undergraduate Penetration Testing class
• Students do work on our live network
• Really.
![Page 9: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/9.jpg)
What could go wrong?
• Lots
![Page 10: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/10.jpg)
A Digression
• The contemporaneous state of pen testing on campus:
• nil
• At this point, we were not providing this service on a regular basis. We have since improved our capabilities in this area.
![Page 11: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/11.jpg)
Convincing Lawyers • They eventually
approved our plan:
• We argued that students wouldn’t be doing anything that anyone couldn’t do from Starbuck’s
• They deferred to our judgement
• They suggested we forego any sort of NDA
Given the state of our network defenses, this was largely true, at the time.
![Page 12: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/12.jpg)
Goals of the class
• Teach qualified undergraduates the art of penetration testing.
• Teach the foundations of ethical hacking.
• Improve the security posture of the university.
![Page 13: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/13.jpg)
Teaching Undergrads Art
• Penetration testing training, methodologies
• Using real world systems guarantees real world results
• Requires creativity and ingenuity - no assured “right answers”
![Page 14: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/14.jpg)
Ethical Considerations
• Ethical implications of this work covered thoroughly
• Business contracts involved in this work discussed
• Engagement rules and scoping covered
• Honor Code invoked
![Page 15: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/15.jpg)
Improving Our Security
• Large decentralized network (50,000+ nodes), 2x /16 networks and then some
• Students are finding problems and notifying the responsible parties to help them remedy vulnerabilities
• Things can get forgotten or abandoned on a network this big.
![Page 16: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/16.jpg)
• Students could damage systems or down services
• Students could access or exfiltrate sensitive information or intelligence about our networks
![Page 17: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/17.jpg)
Mitigation
• Students performed these tests from standard network access (no special connections - the Starbuck’s argument)
• Network traffic was recorded for later examination
Tried having dedicated network access points. Students didn’t want to use them in a lab setting. Dedicated VPN access for testing is an option that continues to be evaluated.
Also, traffic recorded as “insurance.”
![Page 18: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/18.jpg)
Scope of Work
• Students were warned away from specific sensitive systems
• Engagement level is gradually increased through semester
• Finally, actual exploitation of systems must be approved by the instructor
![Page 19: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/19.jpg)
Course Design
• Initial instruction in techniques and tools, ethics, and business processes
• As techniques are taught, students begin to use them to explore the network.
• As vulnerabilities are found, students notify system admins (and SOC) to remedy and must follow up to assist and report
![Page 20: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/20.jpg)
![Page 21: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/21.jpg)
Cooperative Course
• Wiki used to share course information
• Targeting information, interesting results
• Useful tools and techniques shared via wiki and in class
• Students provided information from security office to facilitate contacts
Tried using some scan-sharing software, but it broke under load
Students
![Page 22: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/22.jpg)
Final Project - Departmental Engagement• Final third of semester, student teams are
put in touch with departments to create a professional pen testing engagement.
• Full documentation of every step from laying out scope of work right through final recommendations.
• All techniques were on the table for negotiation
Techniques including social engineering and physical testing (taser rule)
![Page 23: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/23.jpg)
Technology
• BackTrack/Kali linux distro
• Google, Shodan
• Nmap, Nessus/OpenVAS, Metasploit
• Additional tools encouraged
Started w/ backtrack, some have moved on to Kali
tried using centrally-hosted VMs, had poor luck with them.
Dirbuster, ZAP,
![Page 24: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/24.jpg)
Student Work Product
• Notifications to admins (which become SOC tickets at the end of the class)
• Paper describing in detail their work on the greater network
• The report resulting from the departmental engagement
![Page 25: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/25.jpg)
Class paper
• Descriptions of activities, evolution of strategy, successes and failures
• Lessons learned
• Appendix containing all retained information (screen captures, pcaps, output files, etc.)
![Page 26: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/26.jpg)
Results?
• Printers
• Webcams
• Web vulnerabilities
• Printers (hundreds)
• Abandoned stuff
Printers - doc servers, no password, telnet/web interfaceconfigurable webcams
![Page 27: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/27.jpg)
SCADA
• HVAC control systems
• Lighting control systems
• Serial interfaces for card readers
![Page 28: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/28.jpg)
Byrd Stadium Scoreboard
![Page 29: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/29.jpg)
Chapel Carillon System
![Page 30: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/30.jpg)
Results
• Still completing final tally for this semester.
• Quick count has us down from over 300 to just over 100 vulnerable printers.
• Bulk of what was found in the second iteration is new
• We can prioritize the repeat offenders
![Page 31: Using Students to Pen Test Your Network Students to Pen Test Your Network ... •The contemporaneous state of pen testing ... •BackTrack/Kali linux distro](https://reader034.vdocuments.mx/reader034/viewer/2022042801/5af780467f8b9a5b1e909836/html5/thumbnails/31.jpg)
Robert Maxwell [email protected]