Chain Exploiting the Business

Transcript

1 Chain Exploiting the Business 1

2 Chi sono ricercatore indipendente da più di quindici anni da dieci mi occupo professionalmente di penetration testing e vulnerability assessment non mi occupo (ancora) delle sole logiche aziendali Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 2

3 Agenda VA e PT, per me pari sono penetration test, gli ultimi 10 anni vulnerabilità aziendali - case history Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 3

4 VA e PT, per me pari sono simulazione di attacco analisi del rischio attacco hacker test di penetrazione test di sicurezza verifica delle vulnerabilità VA Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 4

5 VA e PT, per me pari sono network scan web assessment security scan analisi applicativa test infrastrutturale Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 5

6 VA e PT, per me pari sono (2) Vulnerability Assessment It is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Vulnerability assessment has many things in common with risk assessment. Assessments are typically performed according to the following steps: Cataloging assets and capabilities (resources) in a system. Assigning quantifiable value (or at least rank order) and importance to those resources Identifying the vulnerabilities or potential threats to each resource Mitigating or eliminating the most serious vulnerabilities for the most valuable resources en.wikipedia.org Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 6

7 VA e PT, per me pari sono (3) Penetration Test It is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and/or malicious insiders. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 7

8 VA e PT, per me pari sono (4) It is valuable for several reasons: Determining the feasibility of a particular set of attack vectors Identifying higher-risk vulnerabilities that result from a combination of lowerrisk vulnerabilities exploited in a particular sequence Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software Assessing the magnitude of potential business and operational impacts of successful attacks Testing the ability of network defenders to successfully detect and respond to the attacks Providing evidence to support increased investments in security personnel and technology en.wikipedia.org Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 8

9 VA e PT, per me pari sono (5) Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 9

10 VA e PT, per me pari sono (6) Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 10

11 penetration test, gli ultimi 10 anni the network is the computer? nope, the web http e xml le basi di un nuovo esperanto tutto è un applicazione web Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 11

12 penetration test, gli ultimi 10 anni (2) deployment in cluster distribuiti complessi scenari perimetrali virtualizzazioni e cloud computing eterogeneità dei client Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 12

13 penetration test, gli ultimi 10 anni (3) non esistono più exploit pesanti iis, apache, ssh? a remote in ssh is a dead dream (anonimo) se esistessero, probabilmente non sarebbero venduti ai soliti noti commerciali Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 13

14 penetration test, gli ultimi 10 anni (4) oggi gli exploit servono meno (con le dovute eccezioni) strumenti come metasploit facilitano enormemente la creazione di codice di attacco i pt richiedono altro sicurezza fisica logiche client-side conoscenza dell ambiente bersaglio, delle infrastrutture, delle tecnologie Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 14

15 penetration test, gli ultimi 10 anni (5) spesso i pt sono sotto-stimati ( meglio un assessment classico ) non compresi ( fate quel che dovete, ma non toccate nulla, non copiate o modificate alcun dato, non impersonate utenze altrui, non aumentate il carico della macchina, non... ) menomati da logiche aziendali estranee ( ok i sistemi A, C e D. Il B no, perchè fa parte della linea di esercizio e sistemi, che fa capo a X. I sistemi da E a H non li testiamo perchè non siamo riusciti a contattare il referente interno Y. ) Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 15

16 Active Directory Cloning, lotek edition dominio Windows DC1 e DC2, AD1 e AD2, 150 PDL patch level da manuale credenziali complesse e lock-out degli account Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 16

17 Veritas Netbackup Sala Server Postazioni di Lavoro Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 17

18 Veritas Netbackup Sala Server Postazioni di Lavoro Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 18

19 Active Directory Cloning, lotek edition Password Guessing Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 19

20 Active Directory Cloning, lotek edition Password Guessing Srv Enable Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 19

21 Active Directory Cloning, lotek edition Password Guessing Srv Enable SADMIND Exploit Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 20

22 Active Directory Cloning, lotek edition $ holygrail2 vs. SunOS 5.9 sadmind by kcope in 2008 binds a shell to port 5555 perl ~/xpl/sadmind.pl w.x.y.z Password Guessing docfuz@giringiro $ nc w.x.y.z 5555 id uid=0(root) gid=0(root) grep root /etc/shadow Srv Enable root:mfk7894ohtmoo:12458:::::: SADMIND Exploit Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 20

23 Active Directory Cloning, lotek edition Password Guessing Srv Enable Local Privilege Escalation SADMIND Exploit echo falsema ADMIN=ALL JBP=ALL >> /nbudb/openv/java/auth.conf Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 21

24 Active Directory Cloning, lotek edition Password Guessing Srv Enable Local Privilege Escalation SADMIND Exploit Netbackup Administration Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 22

25 Active Directory Cloning, lotek edition Password Guessing Srv Enable Local Privilege Escalation SADMIND Exploit Netbackup Administration Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 23

26 Active Directory Cloning, lotek edition Windows 2003 server R2 32bit edition Password Guessing Netbackup 5.1 install + patch Srv Enable Software Leech Local Privilege Escalation SADMIND Exploit Netbackup Administration Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 24

27 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 24

28 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 24

29 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 25

30 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation Netbackup Administration SADMIND Exploit AD half restore Win2003 VM restore del server AD di backup reinstallazione driver installazione servizio nel registro creazione di utenza di dominio Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 25

31 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 26

32 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 26

33 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 26

34 Active Directory Cloning, lotek edition Password Guessing Software Leech Srv Enable Local Privilege Escalation SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 26

35 Active Directory Cloning, lotek edition rischio quantificato come basso solo SSHd e portmapper Password Guessing credenziale non di default errore procedurale Local Privilege Escalation Srv Enable SADMIND Exploit Software Leech Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 27

36 Active Directory Cloning, lotek edition rischio quantificato come basso solo SSHd e portmapper Password Guessing credenziale non di default errore procedurale Srv Enable Software Leech Local Privilege Escalation patch level non verificabile da VA blackbox SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 27

37 Active Directory Cloning, lotek edition rischio quantificato come basso solo SSHd e portmapper Password Guessing credenziale non di default errore procedurale Srv Enable VA non verifica la natura dei dati l analisi Software della componente umana Leech nelle procedure aziendali non è quasi mai automatizzabile Local Privilege Escalation patch level non verificabile da VA blackbox SADMIND Exploit Win2003 VM Netbackup Administration AD half restore AD corruption Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 27

38 Active Directory Cloning, lotek edition rischio quantificato come basso solo SSHd e portmapper Password Guessing credenziale non di default errore procedurale Srv Enable VA non verifica la natura dei dati l analisi Software della componente umana Leech nelle procedure aziendali non è quasi mai automatizzabile Local Privilege Escalation patch level non verificabile da VA blackbox Netbackup Administration SADMIND Exploit AD half restore Win2003 VM misteri delle race condition in AD corruption architetture complesse non verificabili o quantificabili nei VA automatizzati Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 27

39 Active Directory Cloning, lotek edition Risultati del VA nessun rischio HIGH qualche notifica su SSL e su protocolli di comunicazione insicuri nessuna credenziale di default Risultati del PT compromissione dei backup compromissione del dominio Active Directory e di ogni sua componente compromissione dati degli utenti Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 28

40 appliance a 6 zeri IPS applicativo grande azienda tutte le applicazioni web sono protette dall appliance three tier architecture Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 29

41 appliance a 6 zeri web application assessment XSS e SQL Injection praticamente impossibili l IPS identifica e/o filtra ogni input malevolo produce log di ogni transazione identificata Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 30

42 appliance a 6 zeri IP TCP HTTP Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 31

43 appliance a 6 zeri GET /brandprofile/vulnus.aspx?xyz=acm IP %27%3B%20CREATE%20TABL%20sqlmapoutput (data%20varchar(8000))%3b--%20and TCP %20%27PLyKB%27=%27PLyKB HTTP HTTP/1.1 Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 32

44 appliance a 6 zeri IP TCP HTTP Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 32

45 appliance a 6 zeri IP TCP HTTP Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 34

46 appliance a 6 zeri GET /brandprofile/vulnus.aspx?foo=aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa IP aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa TCP aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&xyz=acm%27%3b %20CREATE%20 TABLE%20sqlmapoutput%28data%20varchar %288000%29%29%3B--%20AND%20%27PLyKB%27=%27PLyKB HTTP/1.1 Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 34

47 appliance a 6 zeri IP TCP HTTP Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 34

48 appliance a 6 zeri Risultati del VA nessun rischio HIGH impossibilità di testare le injection Risultati del PT compromissione dell IPS compromissione dei web server protetti mediante SQLI nessuna signature nota per la procedura pseudo-0-day Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 35

49 Oracle SchemeWalking DMZ con server Linux e Windows 2003 server vari domini AD, server Oracle, 200 PDL patch level ottimo credenziali complesse e lock-out degli account Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 36

50 38

51 38

52 38

53 Oracle SchemeWalking SQLI httpd #1 ORACLE Schema DOCS Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 39

54 Oracle SchemeWalking No DBA No filesystem I/O o exec SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 39

55 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Table CMS_uSeRS Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 39

56 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Table CMS_uSeRS Schema Ops$ACME Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 39

57 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Table CMS_uSeRS Schema Ops$ACME informazioni correlabili a livello umano, sono spesso disseminate in più schemi su più istanze differenti Table Landesk_users Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 39

58 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Table CMS_uSeRS Schema Ops$ACME Table Landesk_users Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 40

59 Oracle SchemeWalking (fusys) ~/ACMEIT/sqlmap/dumps > grep Matteo Landesk_users.csv SQLI httpd #2 SQLI httpd #1 ORACLE ORACLE ACME - palazzina,beepbeep,italy,699,null,matteo,"dala2naper,il", Schema WBMSTR Schema DOCS ,0,1,699,Falsetti Table CMS_uSeRS Schema Ops$ACME Table Landesk_users (fusys) ~/ACMEIT/sqlmap/dumps > grep Matteo CMS_uSeRS.csv 10299,1,1,1,1,m.falsetti@acmeit.it,canlogin,fal00mat,Matteo,Falsetti Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 40

60 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR SQLI httpd #1 ORACLE Schema DOCS Table CMS_uSeRS Schema Ops$ACME FTP Access httpd #1 Table Landesk_users Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 41

61 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME FTP Access httpd #1 Table Landesk_users Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 41

62 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME PHP Shell FTP Access httpd #1 Table Landesk_users Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 42

63 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME PHP Shell FTP Access httpd #1 Table Landesk_users reverse shell + port forwarding Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 42

64 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME PHP Shell FTP Access httpd #1 Table Landesk_users reverse shell + port forwarding database enumeration Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 43

65 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME PHP Shell FTP Access httpd #1 Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 43

66 Oracle SchemeWalking SQLI httpd #2 ORACLE Schema WBMSTR unico account debole è sul DB core SQLI httpd #1 ORACLE Schema DOCS semi 0-day PHP LFI Table Schema httpd #2 accesso in shell sull AIX nodo CMS_uSeRS centrale della Ops$ACME rete l account oracle su un DB server è meglio di root PHP Shell FTP Access httpd #1 Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 44

67 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS SQLI httpd #1 ORACLE Schema DOCS Schema Ops$ACME PHP Shell FTP Access httpd #1 Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle OID package source code Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 45

68 Oracle SchemeWalking semi 0-day PHP LFI httpd #2 PHP Shell FTP Access httpd #1 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS rischio quantificato come basso SQLI httpd #1 solo HTTPd ORACLE e FTPd sui web server Schema DOCS credenziali complesse SQL Injection Schema non automatizzata Ops$ACME errore di separazione logica degli schemi Oracle Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle OID package source code Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 46

69 Oracle SchemeWalking regressione nel codice non visibile dalle signature degli scanner semi 0-day PHP LFI httpd #2 PHP Shell FTP Access httpd #1 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS rischio quantificato come basso SQLI httpd #1 solo HTTPd ORACLE e FTPd sui web server Schema DOCS credenziali complesse SQL Injection Schema non automatizzata Ops$ACME errore di separazione logica degli schemi Oracle Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle OID package source code Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 46

70 Oracle SchemeWalking regressione nel codice non visibile dalle signature degli scanner semi 0-day PHP LFI httpd #2 hardening locale non visibile PHP Shell da VA esterno FTP Access httpd #1 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS rischio quantificato come basso SQLI httpd #1 solo HTTPd ORACLE e FTPd sui web server Schema DOCS credenziali complesse SQL Injection Schema non automatizzata Ops$ACME errore di separazione logica degli schemi Oracle Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle OID package source code Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 46

71 Oracle SchemeWalking regressione nel codice non visibile dalle signature degli scanner semi 0-day PHP LFI httpd #2 hardening locale non visibile PHP Shell da VA esterno FTP Access httpd #1 SQLI httpd #2 ORACLE Schema WBMSTR Table CMS_uSeRS rischio quantificato come basso SQLI httpd #1 solo HTTPd ORACLE e FTPd sui web server Schema DOCS credenziali complesse SQL Injection Schema non automatizzata Ops$ACME errore di separazione logica degli schemi Oracle Table Landesk_users reverse shell + port forwarding database enumeration oracle:oracle è complesso automatizzare processi di data mining guidati da OID package source code deduzione e intuizione Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 46

72 Oracle SchemeWalking Risultati del VA nessun rischio HIGH qualche notifica su SSL, sui protocolli di comunicazione insicuri e su possibili injection da verificare a mano nessuna credenziale di default esposta su Internet Risultati del PT compromissione di un server perimetrale compromissione dell Oracle OID e delle applicazioni privilegiate da esso autenticate compromissione dati degli utenti Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 47

73 vulnerabilità aziendali - considerazioni anni fa oggi misconfiguration / hardening client-side exploit web input validation buffer overflow chained exploits Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 48

74 vulnerabilità aziendali - considerazioni anni fa oggi misconfiguration / hardening client-side exploit web input validation buffer overflow chained exploits Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 48

75 Domande? Chain Exploiting the Business Matteo Falsetti - mfalsetti@enforcer.it - fusys@sikurezza.org le immagini dei fumetti Dilbert e XKCD e del progetto Metasploit sono di proprietà dei rispettivi autori Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 49

76 Domande? Chain Exploiting the Business Matteo Falsetti - mfalsetti@enforcer.it - fusys@sikurezza.org le immagini dei fumetti Dilbert e XKCD e del progetto Metasploit sono di proprietà dei rispettivi autori Chain Exploiting the Business - Matteo Falsetti <mfalsetti@enforcer.it> - 49