Intro
Intro
1
Counter Hack Chapters
1.
2.
3.
4.
Intro
Introduction --- explains why
emphasis is on tools and techniques
Networking Overview --- we will
cover most of this
Linux and Unix Overview --- briefly
Windows Overview --- briefly
2
Counter Hack Chapters
5.
6.
7.
Intro
Reconnaissance --- low-tech, Web search
(or “Google hacking”), Whois database,
DNS, tools, defenses
Scanning --- War driving, war dialing,
network mapping, port scanning,
vulnerability scanning, IDS and IPS
Gaining Access Using Application and OS
Attacks --- buffer overflow, pwd attacks,
Web-based attacks, browser flaws
3
Counter Hack Chapters
8.
9.
10.
Intro
Gaining Access via Network Attacks --sniffing, IP address spoofing, session
hijacking, Netcat, defenses
DoS Attacks --- locally/remotely stop
services/exhaust resources, DDoS
Maintaining Access --- trojans,
backdoors, bots, rootkits, defenses
4
Counter Hack Chapters
11.
12.
13.
Intro
Covering Tracks and Hiding --- log
and accounting attacks, hard-to-find
files, covert channels, defenses
Putting it All Together: Anatomy of
an Attack --- gives 3 scenarios
The Future, References, and
Conclusions
5
Preface

Preface for new edition and old
o First edition --- somebody’s Web pages got
messed up by a “hacker”
o New edition --- info on more than 1 million
credit cards stolen

Common theme in security today
o Attacks are now more “sinister”, mafia, etc.
o In the past attacks were just fun and games

Aside: Then why did we bothered to worry
about security in the past???
Intro
6
Intro
 Attacks
happen
 Attacks
range from…
o Bad guys constantly probing
o Simple scanning to
o Truly sophisticated attacks
 Lots
of anecdotal info of real attacks
o But “hard” numbers hard to come by
Intro
7
Golden Age of Hacking
15 years ago, Internet was only of
academic interest (literally)
 Today, we are highly dependent on
computers and networks

o Medical info, guiding aircraft, financial
transactions, etc., etc.

This dependence rapidly increasing
o Cell phones, RFID, toasters, etc., etc.
Intro
8
Golden Age of Hacking

Networking/computing infrastructure full
of fundamental security flaws
o Example: TCP/IP designed for friendly academic
environment, no thought of security
o Difficult to retrofit security

The world is “inherently hackable”
o New flaws discovered on a daily basis
o Hackers are reasonably well-organized
o Any 15 year-old can be a hacker
Intro
9
Golden Age of Hacking

New technologies  new hacking
opportunities
o Personal Video Recorder (PVR)
o Heart pacemaker
o Smart cars (download maps, email, online
troubleshooting, etc.) --- “carhacking”

New applications are built on top of
security-flawed architecture
Intro
10
Golden Age of Hacking
History lesson…
 WWII was Golden Age of Cryptanalysis

o All major Axis ciphers were broken
o Several Allied ciphers weak/broken

This situation eventually changed
o Soon after WWII classified ciphers stronger
o More recently commercial ciphers strong
Many many secure modern ciphers
 Similar (optimistic) future for hacking???

Intro
11
Hacking vs Cryptanalysis


Crypto
o
o
o
o
Can be viewed as stand-alone technical problem
Amenable to mathematical techniques
Crypto is scientific/academic discipline
Nevertheless, new crypto attacks do occur
o
o
o
o
A holistic problem
“Human factor” integral part of the problem
Anti-hacking “science” is in its infancy
Architectural issues can be addressed, but…
Hacking
Intro
12
Why this Book?
 Good
work
guys must know how bad guys
o Today, this is generally accepted as OK
 Why
these specific tools/techniques?
o Most common/best/representative tools
o Analyze relatively few in more detail
o For example, lots of rootkits --- this book
looks at a few of them in detail
Intro
13
How this Book Differs
 Encyclopedia,
not a dictionary
o Doesn’t cover everything, lots of detail
 Phased
view of attacks
o All steps in the attack process
 How
tools are used together
o Simple tools combined, creative attacks
 Corny
Intro
analogies
14
The Threat
 Who
are the attackers?
 The proverbial antisocial teenager in
his parent’s basement?
o Yes, could be
o May be highly skilled, regardless of age
 Do
Intro
not underestimate attackers
15
Outsider Threats
The proverbial teenager
 Organized Crime

o Credit card info, identity theft, etc. (money!)
o Relatively “safe” type of crime

Terrorists

Governments
o Perhaps in conjunction with physical attack
o Many governments monitor own citizens
o Certainly they monitor foreign citizens, other
governments, organization, businesses, etc.
Intro
16
Outsider Threats

The competition
o May want to learn trade secrets
o DoS to drive customers to their site, etc.

Hacktivists
o Politically motivated attacks
o Could also be focused on companies

“Hired guns”
o Hired by any of the above
Intro
17
Insider Threats
Estimate: 80% of all attacks are insiders
 Disgruntled employee

o Maybe biggest threat --- know how things work

Clueless employee
o Also a big problem --- disable antivirus, click on
anything, install rogue access point, etc., etc.

Customers

Suppliers
o May want to know “inside” info
o E.g., malicious employee at customer site
Intro
18
Insider Threats

Vendors
o May have lots of access
o Software can do just about anything for you
(or to you) --- virtually impossible to check
o Outsourcing only makes this worse…

Business partners
o Networks may be closely linked
o Security is only as strong as weakest link

Contractors, temps, consultants
o Often not vetted properly, lots of access, etc.
Intro
19
The Threat
Do not overestimate attackers
 Gold-plated security may not be wise

o No point to expensive security alarm on my car
o But I still lock my doors most of the time
Security should be “commensurate with”
threat to/value of your system and info
 Easier said than done!

o Threat is extremely hard to model
o Security costs notoriously difficult to estimate
Intro
20
Skill Levels

“Script kiddies”
o Low/no skill, unsophisticated attackers (e.g.,
email attachment sent to millions)
o Usually pre-packaged/slightly modified attacks

Example: metamorphic viruses/worms
o These viruses are hard to detect
o Many metamorphic “kits” available
o Very easy to recycle old viruses in a new form
Intro
21
Skill Levels

Moderately skilled attackers
o
o
o
o
o

May produce tools for script kiddies
Tools released in public website…
…or may be more secretive
Tools may include nice GUIs
Make sophisticated attacks easy to launch
“End user” does not need to understand
anything about the vulnerability
Intro
22
Skill Levels

Evil elite attackers
o
o
o
o
o

Highly skilled
Secretive, do not share their work
Work long on customized attack
Use specialized tools
Discover new vulnerabilities
Noble elite “attackers”
o High skill, but use it for good
o May become security experts, consultants, etc.
Intro
23
Terminology
Hacker, cracker, etc., have different
meaning to different people
 Book uses “good guys” (Alice and Bob) and
“bad guys” (attacker or Eve)

o Not necessarily human, e.g., “bad guy” could be
malicious software
“White hat” == good guy
 “Black hat” == bad guy

Intro
24
These Tools Can Hurt You!
 Use
tools at your own risk
 Most have some malicious capability
 Some could act as trojans
 Use tools in controlled environment
o Set up a lab (next slide) or
o VMware (can probably get this for free)
Intro
25
Author’s Suggested Lab
Intro
26
More Concerns
 Be
careful surfing some of the sites
 Be careful when you download tools
 Don’t do anything stupid
o You could lose your job, go to jail, etc.
 Legal
Intro
disclaimers…
27
Summary

Attacks are prevalent and damaging
o Increasing in number and scope
This is the Golden Age of Hacking
 Never underestimate adversary

o But don’t overestimate them either
Terminology: attacker, bad guy, good guy,
white hat, black hat, Alice, Bob, Eve, etc.
 Be careful experimenting with the tools

Intro
28