Your Internet Exposure the Makes You Vulnerable

Transcript

1. Your Internet Exposure The Makes you Vulnerable Abhisek Datta Head

   of Technology, Appsecco

2. InfoSec for Startups

3. About Me – Abhisek Datta • Head of Technology (appsecco.com)

   • A boutique security consulting company • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in MS Office, Internet Explorer, HP SiteScope etc. • Open Source Contributor • Wireplay, RbWinDBG etc. github.com/abhisek

4. Attackers Attack What They See

5. Let's start with how attackers work An attacker wants to

   hack a target and for this, will perform a bunch of activities 1. Online Attack Surfaces 2. Breached Credentials 3. Known Vulnerable Software 4. (Easy to?) exploit security vulnerabilities

6. Asset Discovery From Attacker’s Perspective

7. Your-Company.com What Attacker Sees

8. • Your-Company.com • Who is the registrar • Where is

   it hosted • Self-hosted or managed e-mail service • External help desk services • 3rd party services What Attackers See – Domain Enumeration whois whois your-company.com whois <IP> dig dig your-company.com NS dig @NS1 your-company.com MX dig @NS1 your-company.com TXT

9. What Attackers See – Subdomain Enumeration • Your-Company.com • Host-1

   • Host-2 • Host-3 • Etc. amass enum –passive –d your-company.com amass intel –whois –d your-company.com

10. What Attackers See – Email Enumeration • Your-Company.com • [email protected]

    • [email protected] • [email protected] • [email protected] • Etc. Hunter.io theHarvester Many more …

11. What Attackers See – Breached Credentials

12. • haveibeenpwned.com • hacked-email.com • etc. What Attackers See –

    Breached Credentials

13. What Attackers See – Application Discovery • Your-Company.com • http://app1.your-company.com

    • http://app2.your-company.com • Etc. nmap –p 80,443,8080 -sV -A –iL hosts.txt

14. What Attackers See – Technology Discovery • Your-Company.com • App1

    – Java/JavaEE • App2 – NodeJS, AngularJS • App3 – PHP • Etc. Wappalyzer npm i -g wappalyzer wappalyzer https://app1.your- company.com

15. Domain External Services Help Desk Mailers Email Breached Credentials Hosts

    Apps Technologies What Attackers See – Putting it all Together Unpatched Services App Vulnerabilities Credential Spraying Ticket Trick Credential Spraying

16. Real-life Breaches Leveraging Internet Exposure Discovery Techniques

17. Invoice Fraud

18. Publicly Accessible Cloud Storage Buckets

19. Sub-domain Take Over Static site hosted on S3 and then

    forgot about it :)

20. Framework / Software Vulnerabilities

21. Cloud Account Take Over

22. Staying Safe What can I do?

23. How to be secure? By establishing TRUST

24. Threat What can I do about it? Attacker able to

    identify host names Ensure all hosts exposed online are patched Attacker able to discover email address Enforce strong password policy along with use of password managers Attacker able to discovered breached credentials from public password dump Enforce 2FA where possible Subscribe to breach notification and rotate passwords Attackers able to discover applications Follow AppSec best practices OWASP Testers Guide OWASP Secure Coding Practices OWASP Proactive Security Controls Attacker able to discover my application technology and dependencies Ensure regular patching of application framework and external dependencies Attacker able to discover untracked or long forgotten online asset Asset inventory Infrastructure as Code Auditing, Logging and Alerting Staying Safe

25. Fill the form below by 4pm today and we will

    share the results with you by 21 August 2019 https://bit.ly/31Jl7ed Interested in Discovering Your Internet Exposure?

26. Abhisek Datta https://github.com/abhisek https://twitter.com/abh1sek Thank You Want us to discover

    your Internet exposure and give a report? https://bit.ly/31Jl7ed