It is commonly believed that Offensive Defense is just a theory that is difficult to be used effectively in practice, but that is not entirely true...
During my talk along with a new service emulation technique, that will render standard port scanner results nearly useless and leave your attackers with an arduous analysis, I will focus on practical (automated) exploitation of a hackers' offensive toolbox. A few interesting attack vectors against software taken from the Internet will be presented.
It turns out you can get pwn'ed even through your Nmap scripts if you are not careful enough.
Results of my attempt to put some of the Active Defense concepts into practiceTechnique that aims at slowing down your attackers and keeping them from staying low profile (nearly- infinite time)Example based, that tries to show the potential that lies in Offensive Defense/automated (exploiting your attackers exploits)
Knowledge is the key, port scan
Starting point for every pentest …
IdeaImplemented (Portspoof)Results?
Get a precise view …
Our offenders will get more information then they ever wanted…
Closer lookA whole range of different services (possibly none or all of them are valid)So, you have finished the scan and still know almost nothing…
Bonus protection (none port is closes)
The same goes for other port scanners…
TIME –TIME – STEALTH –
User spaceNo rootEasy configurable
- Exploiting attacker’s tools and exploitsExample based with few interesting vectors and examples (top of an ice mountain)
Lets come back to Nmap again (due itspopoularity)Injection pointsPORTSPOFO OUTPUT - Set up our software to have different payloads on each port (good approach for automated tools)
In practice if your system returns the following service banner (that will match Nmap regular expression).“Hello World” example
Non Nmap based example
Storage file content is under our controlSimple payload will exploit attackers machine
You can use the previously created payload for automated exploitation
Straigjtforward vulnerability Again whoami will exploit attackers machine…