BsidesLV 2024 - Common Ground - Wednesday
Show transcript [en]
the [Music] [Music] [Applause] [Music]
[Music]
[Music]
a [Music] [Music] [Music] [Applause] [Music]
[Music]
[Music] oh
[Music] o [Music]
[Applause] [Music] he [Applause] [Music] [Applause] [Music]
he [Music]
he
[Music]
[Music]
[Music]
[Music] track a [Music] hey hey hey [Applause] [Music]
hey hey hey [Applause] [Music]
he [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music] he [Music] [Music] [Music]
[Music] he [Music] [Applause] [Music] he [Music]
[Music] he yeah
[Music] h
[Music]
[Music] [Applause] [Music] [Applause] [Music] a oh [Music] [Applause] [Music] I'm just I'm just TR to give you [Music] something I'm just try to give you something do I'm just TR to give you something [Music] oh [Music] w
[Music]
[Music] [Music] I'm just I I'm just TR to give you [Music] something I'm just trying to give you something I do you I'm just trying to give you something [Music] w [Music] w
[Music]
[Music] [Music]
[Music]
a [Music]
[Music] [Applause]
oh [Music]
[Music] [Music]
[Applause]
[Music]
a [Music]
n [Music]
you're going to
show great
a [Music] [Music] [Music]
n [Music] [Applause] [Music]
[Music]
[Music]
[Music] he a [Music] [Music] [Applause] [Music] n [Music]
[Music]
[Music]
[Applause] [Music] he hey hey hey [Music] [Applause] [Music] he [Music] he
[Music]
[Music]
[Music]
[Music] track [Music] hey hey [Applause] [Music] hey hey hey hey hey [Applause] [Music] he [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] [Applause] [Music] server uh on different on different distributions had between five dependencies or dependent libraries and 47 so if you have different things linked into your executable different things will happen right so strive for thinness if your if your distribution vendor is not linking in all the things your behavior will be they'll be fewer unknown behaviors do you have environment variables set that might guide bash in this case to behave in different ways there's many different environment variables that you can set that bash will look at and do different things based on what you've got these things set to perhaps opening different files or whatnot so things like this are are the what can result in potentially a lot
of things happening in your application that you probably don't know about okay speaking of environment variables how many environment variables do you think are read by the system or any process when bash is executed it depends how many are changed it depends now we're going to actually look at it in a moment again the answer is it depends based on how your environment was configured um the more options you have LinkedIn the more things are going to be looked at building software with every possible thing LinkedIn as features is very risky case in point what I just talked about if distribution vendors that choose to link in every possible thing into their environment and you end
up with well you end up with the kitchen sink for just for fun on your own machine sometime go run ldd against some of the systems services that are running what you want to see is a really short little list you don't want to see the universe like for example why do why does why do the audio apis need to be linked into SSH right doesn't make any sense because it's a dependency of a dependency of a dependency and something needed it so we already talked about this but process behavior is is affected by the environment in which it runs so for example uh you might have LD uncore options set LD audit LD preload to to to
influence the the ld.so to do different things when the application is started but uh um yeah I think we've talked about most of that already so let's go back to bash for a second so just a second can you guys see that I just want to make sure that I'm okay good all right um so this is just a WSL VM that's running this machine um it's the ubun 222 um if I just do bash d c Echo hello it's fundamentally the same thing as what you just saw so anybody have an idea how we can determine which files are opened because that was the question right what files are opened when I run that anyone have an
idea s Trace perfect example there's lots of different ways srace is super easy for the purpose of of today's demonstration so we can do EST trce B- c e go hello yeah I'll come back to that okay so it shows you all the things that happen right and we can do some quick grepping for opens and whatnot and you get oops actually have to do slightly differently here okay let's look for open in temp log so it opens a bunch of stuff right and if you word counted that it's I think I checked it before it opens something like about 40 or 50 files most of those are just local definitions being parsed and whatnot but depending on how your
environment was built here's the answer I mean I asked how many files get opened and it's at least now 32 okay now U somebody in the front said s-f to to of course you want to GA you want to make sure that you take in consideration any child processes and whatnot the the number would just grow right okay that's files now we'll talk about why that's interesting or not in a moment but what about environment variables I just use srace to figure out what environment variables get set get EnV and set EnV are not system calls so they end up just reading the environment block out of the process's address bace so there's no get EnV that
you can search for here but what can we do to see what G EnV is actually how many times it's been called make an LD preload library that overrides get EnV and set that and then print out some information that's too much work for a 45 minute talk we can just do this just GDB it
right so we'll put a breakpoint on Getty and V and we'll just run it so how many do you how many environment variables do you think will be will be queried we didn't ask that it depends let's take a look well down at the bottom you see Lo path that's the first thing that gets queried I'm not quite sure what's querying that but you can keep continuing this LC all blah blah blah blah blah blah blah blah blah blah blah lots of things lots of local related stuff but eventually you get to a point where you're out of the library initialization part and you're here now this looks like some kind kind of built in G andv uh how
do you print the argument arguments in the red which register holds first argument ah I got you the answer is what's my favorite answer depends I didn't give you enough information depends on the architecture RDI is correct on amd64 x86 64 this is an arm laptop what is it on arm r0x x0 whatever it is I think it's x0 term info home home again why would you read it twice because maybe it changed in half a millisecond okay you get the idea right lots of them we could sit here all day watching this it goes on for hundreds and hundreds of things the more important thing is not hey here's what what here's when environment variables
are being read the more important thing is what's going on in the application when they're being read does anyone remember actually it's coming up here on a couple more slides uh does anyone remember Looney tunables Looney tunables was a cve from late last year and it had to do with improper parsing of an environment variable GBC tunables so the fact that your application is reading this and using code to parse it that you've never written yourself is an indication that something is something possibly could be bad okay would you guys agree with the first statement any any dissenters good most development organizations don't have the time to vet every piece of code that they that they
bring in right it's not possible it just simply Isn't So this leads to these kind of behaviors that we're talking about now I've kind of given you for the past 15 minutes or so just an overview of application behavior in general and how you can monitor stuff now we'll actually look at some of the things crazy things we've seen applications do sound good all right how many Java developers do we have out in the room how many Java developers that don't want to admit to being Java developers I like it how people then raise their hand um yeah I'm a recovering Java developer done Java development in the past um anyone know what J I is the Java native interface
it's how you call C basically C and C++ code from java um it's allows you to call and pass parameters back and forth to different functions there is a common redacted names protected uh names chained to protect the guilty uh jni based tracing framework out there real super popular it writes doso files which are again you know shared Library code to sltm it then loads them with DL the jvm then loads them with DL open which is what you do to get an so into memory uh when you call the Java side of the framework sounds okay right until you have this now can anybody see the problem with this you're creating executable code in
temp with mode 777 with a predictable name what could go wrong right well if you can simply guess the next name it's 777 you can surreptitiously place a malicious piece of code in front of the thing that's creating the legitimate code and Tada you've now commandeered potentially commandeered control flow of the application so oops you'll see a lot of 777 today seems to be everyone's favorite number and again it's not a Vegas thing okay so I again I hope it's obvious why that's bad um the more important thing again Tason and this is what I was talking about earlier I hope everyone takes away from this that the developer probably had no idea this is
happening right it it's just hey I Ed this framework and it created a library and invoked some code in it okay example two speaking of creating files with mode 777 again it seems to be a popular mode we see log files being created with mode 777 all the time because everybody loves executable logs right right now again as a developer I'm probably not even aware this is happening as a developer I'm probably saying you know log. message something something something um I I don't pay attention to these kinds of things making this even more risky is the propensity that many logging Frameworks don't do proper parsing log with a parameter they just simply write whatever parameter you
specified into the logs so what could you do with something like this so a kind of a contrived example is something like this um consider an application that logs some you know user provided input you know user Fu logged in so you get a log message that looks like this now what what would what could happen if username was not or if the string in here was not properly parsed by the logging framework I mean in theory I could do like something like that's my name my username is that now granted you probably have to find a way to somehow execute that but the there's a lot of different things things you could do with this right I
mean now you have an now you have an opportunity for somebody who's controlling one part of an application writing data into a log file that could then possibly be executed by something else that was commandeered from some other from some other Vector okay so executable logs I mean those are great right everyone loves executable logs bet you guys have never heard of executable Json or executable markdown this is actually a screen capture from uh from our product when it found some things that were being added now again I don't want to pick on permissions here because it's we've already talked about it but the permissions errors they're they might be innocuous but it indicates one of a
couple things it's either lazy coding or maybe a wrong um mask setting or something similar now these are usually created again with mode 777 so back to rewinding one slide if I have a piece of an application that's writing like ajacent configuration file with mode 777 what is it mean for something else on the machine if I Commander a different component I can now affect the configuration of a different thing on the system right so just I don't understand why I don't understand why this happens but it does so why tempt fate fix it so back to environment variables again for just just a moment um we've already seen that environment variables are queried more
often than you might think um some could be dangerous again GBC tunables is one example anyone ever use less open and less close anyone even know that such environment variables exist yeah Less open and less close I don't know if they're in all versions of less but older versions of less used to look at this environment variable and if it was set when you did Less on a file it would actually run the command and less open first so if you could drop that in somebody's environment then you have control over anytime they run less they get to run another thing of your choice um even if you don't use these environment variables and you probably don't make
direct reference to these um code that you imported might do this or system level things uh one thing we see often in in looking at applications that are out there with our product is uh lots of debug environment variables set and lots of Secrets and keys and passwords in environment variables how many people have ever been guilty of putting a password in an environment variable and don't want to admit it yeah we see it a lot I mean this is why vaults exist right now you may say well you know if I set it in an environment variable it's only readable by that process right anyone know the answer to that last question what is the security
boundary for an environment variable on a
machine oops get out of that one oops
sorry you guys see that okay okay I'm right now uh PID 366 and that is my show right here you guys know that you can read environment variables cross processes as long as you're the same user right a lot of nods some shaking their heads so yes you can the fact that I own process I don't know 401 here I can go into proc 401 Environ and I can read its environment now that's not that's not a a new revelation that's been like that forever but people tend to think that oh if I put something in an environment variable it's secret it's not you can generally read cross cross things right
okay talk about that here's a good one what do we
think all right I'll give you some Hint it shouldn't but can it the answer to this one is not really it depends I mean I suppose it kind of is it depends but it it definitely can happen how well we did see an environment where we've had auditing libraries that were left enabled and they were set with you know LD audit or LD preload set to pointing to some particular library that had Library initialization code in it Library initialization code that actually did a network connection um so when you have that set bcat effectively made an outbound network connection every single time it ran it's worse than that because it was set systemwide every process made an
outbound network connection to do phone home sounds bad right it gets worse what is this phone home phone home operation doing well the way this thing was built is that it did an https connection and then used uh like a a Json parser with rest to post a request to some update server to see whether or not there was a new version of the software available so what does this mean this means you have a library that's now injected into every process in the system which contains open SSL ad Json parser and an htps and a TLS um mechanism and that's really good right because we know that none of those things ever have bugs
right yeah so again case in point developer had no idea this was this was happening so you have code that just simply gets injected and does random stuff speaking of phone home Connections in our internal testing we found a popular dashboarding product that makes phone home connections probably again to do update checks again once a second because you really need to know within one second if there's a new version of the framework available right um it also does this check to every single IP address returned from the DNS query so it does DNS lookup on my updat server. f.com it gets back 20 things including half of them ipv4 half of them IPv6 and it tries every single one once every
second now typically like a WAFF or something can help stop that but that's just bad behavior right um the other problem with this particular framework is that if you looked inside the Cod because it's open source looked to see what it was doing it basically just blindly trusted a URL that was given to it and says Go download this and install it can anyone think of I guess very recently some code that got automatically installed and caused a lot of problems yeah so yeah this is uh no not good stuff um speaking of network connections um our product lets us correlate uh different network events over time so basically we can say like um I saw your
product I saw your code make an outbound network connection to IP address you know 1.2.3.4 but it previously had not obtained that through a DNS lookup so basically what does that mean it's it's a hardcoded IP address somewhere um this helped us uncover an environment in some uh a customer environment where there was a connection and code to a a fixed IP address um coming from a dependency in the application of course developer did not do this does connecting to a hard-coded IP indicate a security issue I don't know maybe it could be command and control from some hijacked Library um it could just be a lazy developer either way it should be investigated the
point is how do you even know it's happening right about this one anyone ever guilty of doing srand one or srand zero or srand time come on um yeah we see this being called all the time now there's nothing inherently wrong with these apis except if they're called in certain contexts so the question at the bottom of the slide is is asking when is this kind of okay and when is this really bad anyone know the the characteristics of the apis that are listed on the top there was that uh they're Global yeah um but they're deterministic right so it's a deterministic random number API so when is that okay maybe test programs or something it's probably fine when is it
bad any cryptography context and we we see this on occasion um it's not good um but yeah it's like where did you come up with this code right so you either were reading a textbook from the 1970s or ' 80s when this was like the only way to do it uh or or it was we went to stack Overflow and said how do I generate a random number right cut and paste it into your code um ancient functions like this uh that have better versions are um are still being used so we talked about Rand and srand um no bounds check string manipulation operations we see these all the time a lot of this is in Legacy code
it's getting better um but why there are better versions of all these things available so you should use them and I'm not saying you should use them I'm saying the people writing the dependencies that you're bringing in should use them so why not spend a few hours and clean up this code okay almost done so what are some of the reasons why this happens and this is just kind of you know my own personal opinion here I think we see these issues for several reasons um increasing use of third party libraries I mean nobody writes every single line of code in their in their app and the like it or not the the rate the the velocity at which software is
developed today lends itself very well to going to GitHub and finding the library that you need um there's nothing you can do to change that um lack of time for developers and security teams to properly do proper vetting another issue is when when you if let's say you had infinite time and your security team and your development team said uh your development manager said I want you to go and personally inspect all 50,000 lines of code you're importing you going to always have that same 50,000 lines what happens when version two of that library is released next week right you're going to have to go do the same thing again so there's just a lack of time time is money and
you can't even conclusively do this so you you transitive dependencies dependencies that bring in other dependencies and so on um it's just it's really difficult and then lack of knowledge by some developers just even about security risks I mean that's kind of why we're all here right um Junior developers sometimes aren't trained in this mindset um so it's it's it's tough now I have some ideas on how to fix these but again they're just my own personal ideas here's some suggestions um strive for thinness whenever you can um choose distributions that if you're on a if you're building software for Linux choose distributions that have uh thinness as a mindset um Alpine's a really good one right they they strive
for very very thin software um don't Link in all the things just because you can um don't don't say I might need smart card logins in my apps today so I'm going to link this markard library in don't do it until you absolutely need it uh use tools to periodically audit process behavior and apis that are being used um the only way to know what's happening is to actually look and see so we just touched on some ideas today I mean there's commercial tools like what we offer but there's other open source tools out there as well to help you check these things um compare behaviors compare current behaviors to previous behaviors look for drift make sure
things aren't changing without your knowledge and uh coach you know coach Junior developers about the importance of this um you know there's no shame in in in saying you know we shouldn't be doing it this way we should be doing it that way and I guess you know try as best as you can to vet imported code and then short of that it think you have to write everything yourself which is not really going to work all right so that's what I had um we've got some time um I can give everyone back their 15 minutes and if you have some questions come on up at the end uh otherwise uh we're right outside at our at our booth if you have
any questions about what we do or want to talk about this more hope this was entertaining and interesting um I find it I found it writing these things down over time helped me understand what apps are doing a little bit better so hope it did for you as well thanks thank you if you have a question please raise your hand so I can bring the mic over so everyone can
hear he sound check all right this is really good stuff thank you so in in my position I we have like an EDR application that we use that Flags a lot of this stuff for us right like unpacking a encrypted binary or a weird network connection or stuff like that right but sometimes it's a five- minute fix like I can ask somebody and they say oh that's not supposed to happen or oh that's this thing right but sometimes it's just a a legacy development team in another part of the country that has no idea what they've inherited from 5 years ago 10 years ago whatever and they just say I don't know but I don't want to
worry about that I don't have time so we have to make call of do I really care enough to do like a deep dive investigation into 30,000 lines of code to find where this is coming from or do I just block it or ignore it right because probably not from 10 years ago exactly right so I guess what words of wisdom do you have about when do you make the call about when something is worth looking into and when do you just slap the firewall turn it off and say all right we're going to forget about it you're going to love my answer it depends yeah I I don't think there's a I don't think there's a I don't think
there's a a One-Stop shop answer for that um it it really does depend on the application depends on the criticalness of is it a critical line of business piece of functionality in your line of business or is it just this you know tool that's off on the side somewhere um I I I don't want to kind of Dodge around the question but they're really it's it's tough and as you've already seen I I wish I did have an answer um no it's it's it's a case-by casee basis unfortunately I wish I got paid to look at this stuff right like that's the fun part of the job right is finding this stuff but yeah it's it's interesting
when you when you bring up an application a lot of this stuff we find just like testing Open Source Products it's just like what are they doing right it's like what is going on here so great question yeah cool looks like that's it I I'm happy to hang around up here in the front if you want to ask a personal question or something that's off camera no worries thanks [Applause] everyone I'm not a general developer but uh you say you aren't that not that example that you show about 777 [Music]
[Music]
oh
[Music] h a [Music] w [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] I'm just try to get okay after br I'm just trying to give you [Music] something I'm just trying to give you something I do I'm just to something [Music] w
[Music]
[Music] [Music] I'm just tring give you something okay I do for you I'm just trying to give you [Music] something I'm just trying to give something I do I'm just trying to give you something [Music] m [Music] w
[Music]
[Music]
[Music] [Music]
he [Music]
[Music]
[Music] [Applause]
oh [Music]
[Music] [Music]
[Applause]
[Music]
[Music] it's
[Music]
[Music]
[Music]
[Music] n [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music] the [Music]
[Music]
[Applause] [Music] heyy hey hey [Music] [Applause] [Music] [Applause] [Music]
[Music] he [Music]
a he [Music]
[Music] track [Music] hey hey [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music]
oh [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music]
[Music] [Applause] [Music] he oh [Music]
[Music]
why
he
[Music] h [Music] good morning everyone and welcome to bides Las Vegas we're here at Common Ground we're about to hear from Emma Fong speaking about securing your Cloud native devops a zero trust approach before we begin we want to thank our sponsors especially our Diamond sponsors prism cloud and vanta our gold sponsor sem group Drop Zone AI Adobe it's their support along with our other sponsors donors and volunteers that make this event possible a note about your cell phones these talks are being live streamed and recorded so please make sure that your phones are silent at the end of the talk um there's going to be some time for Q&A please raise your hand I'll walk around
with a mic there's also a strict photo policy so if you're taking pictures please make sure you're not including anybody else in them and with that I will hand it over to Emma all right thank you I think I'm going to okay um let's get started I think it's actually good that we don't have that many people here um so my talk is about Cloud native de Ops um you might have already heard about this term before um but you know but something that I'm going to explain later
um first of all um a bit of introduction about myself my name is Emma Fang and I'm based in London um so as you can picked up from a little bit of my accents I'm not from the US I came all the all the way from London and I'm A Cloud security architect at Ean as a consultant I love design and architect everything in the cloud for my client um so epam just a little bit introduction about epam is a technology consultancy uh specialized in software engineering and uh product designs and we help our clients to accelerate and integrate security into their Cloud transformation programs so um alongside my work I also in uh volunteered in uh a
few UK based uh committees such as the women in cyber security withes uh UK affiliate and um and I'm also one of the industry Advisory Board um committee for the computer science faculty at uh University of uh Buckingham so that's that's me okay um this is the agenda for today I would like to give you a you know a definition of what is cloud native de Ops you know when Cloud native how Cloud native affects the de Ops practice this and then we will dive into the current thre landscape looking at attack vectors that and share some examples of um some famous attacks um happening the four to five years ago um I mean the last four five
years not ago but um yeah and finally I will wrap the session up with some um strategies and best practices to help you secure your Cloud native de Ops environments um so okay without further Ado uh let's dive into our first topic so what is cloud native plus de ofs there's no official definition of that but in general it's a principle that describe how people work together and to build and deploy application that could Leverage The scalability flexibility of the cloud environment um so it's often using Technologies like microservices uh pattern uh containers Service First Serv list functions and each of those microservices are implementing a business capability communicating via a API something like that between
different layers right as you can imagine if you work in Cloud native you know devop space you kind of know about this and it requires a lot of a lot of um automations and continuous improvements and close collaborations between team and as a result we want to make sure that the product is faster time to Market and we can experience uh things like you know benefits like uh reduce infrastructure overheat and uh we can allow our devop people to innovate the product so as a security person um have you ever encountered uh the challenge where that which uh makes you actually panicking so recent ly I've got a cloud native project so I task I've been task asked to um to um to to
secure the cloud native project and two weeks into the project I've been told Emma our application is actually being built I was like hang on I don't know about the security requirement for that for that uh application yet and then as an architect my first reaction is I need to gather all the requirements uh for this environment I need to gather everything I need to gather all the component then I panic so if you experience something similar to that that's because you also experien the problem of security challenges security challenges in the cloud native de of space so let me tell you a bit what is that um so the it is the speed of development
and and deployment so we want to the this environment needs speed which means that we want to push the Cod much much faster into production sometimes in a matter of minutes and it also makes it harder to have security gauge to be implemented into the CSD pipelines and we want to keep up keep up with that speed so sometimes we think okay um you know the microservices environment is already kind of isolated and you know highly we we uh resilient and we have enough security but actually it's not how about the underlying infrastructure and the you know and the and the S sdlc process so yeah think about those things and this environment is often targeted
by uh threat actors so on this page is a little messy but um I'm going to talk you through this page um the sh landscape uh and the trend for the cloud native environment is evolving the supply chain attacks Remain the uh the the major the major um concerns in the past few years as we know that everything is in the you know headlines for example you know the log for J has been around for two years but after two years it's still a problem why so that means that we are not patching faster enough right so beyond the Supply train risk AI assisted codes has also gained popularity because our developers love AI we want to generate Cod from the
AI and faster and productivity all kind of you know benefits right um so um but the the thing is the question is are we trusting the Integrity of those system that providing us the the the you know the machine the the machine learning model that's providing us those uh generating those uh codes for us so these all those questions raised and another thing I would like to mention is the misconfigurations you just don't know you're just so surprised how much misun uh miscommunication uh sorry misconfiguration RIS that we have experienced a tiny little errors could lead to a to a massive Bridge so we have seen so much in the headline so I'm going to work work through those attack
in a minute and we have professionals and Security Professionals looking into um the cloud native security risk so oaps top 10 good job oaps because you are na nailing it however it's under development so I'm I'm doing some research into you know to into cognitive risk and then I I found this document in oops however I mean after a few years is still under development I know that this space is you know is constantly changing like you can't just def find a risk for the clown native uh security and just and just call a job down because it's evolving that is the fact and uh you also need to constantly you know increase your improve your
visibility of all everything all the infrastructure the component of your services but um yeah is is very challenging in this space okay um I know this AR uh this architecture diagram is a little bit overwhelming for you some of you maybe um but as an architect I like diagrams so that's why I put this diagram here so on this page I've broken down the cloud native environment into three key areas the developers environment death Ops platform environment and the application slash infrastructure environment so let's start from the left button which is the developers environment so as a developers we all love IDE plugins right uh we we use we use IDE plugins to you know to improve our code efficiency
productivity and everything like that and even security so um we want to use those tools we want to integrate those two as much as possible then it comes into the problem of you know are we ch those extensions and then we move on to the devop plat platform where the build processes and the CSD pipelines are happening GS repos and public container Registries are vulnerable to supply train attack we already know that um and then wor thing about this is you know the CD pipeline those risk that's happening in the supply chain go down to the CSD Pipeline and get executed is resulted in the remote command execution and then the the attack Sur extended to your application environment
first of all if you move your eyes to the to the top left hand side you can see that I've labeled it as an external attack surface because I just don't know what is the better word for that because that is external attack surface and all a lot of things like injection attack application security attack exploiting everything on that application Level and then you have uh apis API Mis configuration that's so common and you know um you some someone is is handling the API keys in proper proper in properly and also you know the authentification tokens if you are not storing it in a secure place maybe it can it can get um you know
exploited and then I want to talk about issue of unmanaged um environment right so that is that I what I meant is um something that's in Legacy that hasn't been you know that hasn't been on on your system that's kind of off record it could be someone that's stupid enough to use their personal credentials to create a a random cloud workl in your environment you just don't know that right yeah is it's difficult to have visibility on everything when your uh environment is so complicated there are so so much moving parts so much uh you know apis cloud cloud storage and also um you know the the microservices architecture so in this table I've gotten attack
technique that often used to exploit uh that we uh we can we seen that often used to exploit the cloud native environment in the wild so I would like to point out two uh a couple of things um the first thing is the misconfiguration is often overlooked um because it's often the um entry point for an attack and the second thing is the supply chain so supply chain has a large attack surface um open source dependencies and uh and the container images but um we also haven't forget the you know the propriety uh soft as well so in both cases those threats are not only affecting the service provider itself but also extended to its
customers which LEDs to uh a much greater impact I also want to remind you about the mitor attack tactics I I trust every one of you have heard about it at some point so um so basically after the initial attack attacker the initial access attacker could look for ways to maximize their benefit within this environment they can spread across the network and they and they can use the uh techniques to hide their tracks uh through using the the rookies and maintain a persistence by leaving a back door something like that okay the first thing I would want to talk about is the cloud misconfigurations so there is a statistics that I got somewhere um um it's it was reported uh 45%
there's a 45% increase in instance caused by misconfigurations in 2023 and misconfiguration could be anything that relevant to human errors and and they are normally H low hanging fruits for the attackers so um so we just experien a a global outage um the the blue the blue screen of death which is caused by a software update by a cloud strike the um and also this one is an example of not a malicious attack but is a good example of um how a small operation error could cause impact on the global level and um and now on my board here I would like to talk about a couple of um instance in deta well not in detail but
a little bit um so the first one is the midnight blezer instance so midnight B is a Russian national national state thre actors so they use the password spread attack to compromise a nonproduction legacy tenants in Microsoft environment then leverage and owe of application to access to the corporate environment such as the uh The Exchange Server so this attack has taught us how vulnerable our system is if without things basic uh security controls like mfas another uh instance that I would like to uh reference to is the is the AI uh G uh GitHub repo data exposure that's happening in the 2023 um so as you know this AI project becomes so a valuable Target for
attackers now so in this incidence the the Microsoft AI research team um instantly published a bucket of private data such as secret and team messages to a public G repo so the worth thing of this one is that the um some insecure token was used to share the data from the storage account and the access was overly permissive as a result this makes the this attack possible and there are um you know a few a few uh instance that relevant to the um the S3 buket and the cloud storage I don't need to mention them too much um I will include the link in the resource at the end of the talk you can look into
them but it's very uh basic so those attacks are all exploiting very basic simple mistake in the environment okay supply chain attacks um solar winds is a very um popular one uh I don't need to go into too much details about it I think what U makes it um the second one is the most interesting one um is the Travis API vabes so in this instance the public API C was used to fetch clear Tex logs and these logs contains sensitive information like uh user tokens then those user tokens were um Can potentially use for access to um services like GitHub and doah hub and the and the other one that is um Casia ransomware attack so this is
another quite famous uh ransomware that's ex exploiting the cicd pipeline and injecting on way into the and that can be spread Downstream um into the those business and they also cause downtime for over a thousand um Downstream business I would like to talk about the um open source um supply chain attack separately to the you know the normal supply chain attack because it is it is um a very very popular attack surface so log for J um is a open source loging um is a loging package and then you you probably most of you already know about this attack I don't need to go into too much detail about it but you know this enables tacket to gain remote access to
the application that used the Lo for J and XD you's back door is another example um is where the open source vulnerability campaign that went on for three years without being discovered and the the worst thing about this is because the malicious code has been injected into each each of those versions of that of of the package which means it's difficult to track and to you know to to mitigate those risk so on the left uh on the right here I've uh I I included a diagram that I draw myself um so it kind of explains the you know the tactic and the um and the the attack path of rare actors how they exploit this environment
um and then is the cicd pipeline attacks so um for the for every stage of the pipeline um from Cod to commit to uh to production um they can be a target for example attackers can exploit how dependencies are put into downloading um into to execute those malicious p and also um one thing I'd like to mention is the the tools like Jenkins and gab gab um are often used to um being exploited um to launch um attacks on the C pipelines so for example a CI server uh the runners the insecure of credentials and secrets that happening in the C Pipeline and there is a there is a um a block that um created by
that's reported by the NCC group that had published something like analyze 10 attack path through the security assessment of the cic pipelines and this blog have highlighted a few techniques such as the share Runner can be a compromised to deploy malware and extract credentials which used to deploy into the uh production systems um another interesting uh observation here is the uh visual student stud so visual studio is a very popular IDE I I would use it 75% of developers are using them so a research have shown that um in the experimental attack that's the research the researcher have uh created a something that's very similar to the the genuine um vs code uh we and the the visual
studio and uh they uploaded this version onto the marketplace and a lot of people just downloading them they don't they don't know because they're using a typos scope um typos um techniques um so they they make it look like the real one but so that that is the consequences okay um so I included a um a very nice another very nice table here um to explain um what is the threat L the threat landscape of the devops basically the cic pipeline security from um using a might attack framework um so it's just for your reference only but I high I highly recommend it you to check out if you're interested and then uh finally is the
clown Cloud identity attack in this one I am going to talk about the famous OCTA attack so what happens in the OCTA apprach it was in um October 2023 so a service account was extracted with because it was stored in a compromised Google account of an Octor employee and the account was then used by threat actors to gain access to the um the Octor customer support systems which resulted in a file that contains Sensi information such as uh session tokens to be compromised so these session tokens then leverage further to be penetration in penetrated into the internal system of the the customer of OCTA so this is a another example of supply chain attack but using
cloud cloud cloud identity um attack um and this and although this initial compromise wasn't was wasn't successful but in 2023 sorry what but in 2024 in the cloud flare data dat bridge I don't know whether how many of you know about this um the so theare actors was able to establish a persistent access to the source code management system big big bucket using the token that's stolen from the OCTA instance so on the left I've used a a attack path diagram to demonstrate this uh this attack so as you can see that's um so the what I want to emphasize here is an attack could be the start of another another data Bridge so you know things
uh Mis configurations um Cloud identity attack and everything like um and also supply chain attack are all interconnected and then um there is a cow there's a cow here so so I just want to highlight here that as this report shows that only 1% of the permissions are actively being used um by um the and the amount of workload um identities and permissions permission SCS contributing to the rise of the accidental and malicious inside the inside the threats so these are all um exploits to allow those reactors to access to the cloud infrastructure so what are the Lessons Learned okay so so how long do we have um so the volum of attack against the cloud native enironment is
increasing and attackers are adapting their techniques to move faster and City and workflow and depos environment are being targeted because of the amount of attack surface and the lack of detection and um the trust in the supply chain and the uh open source software are rooted in uh several factors for example um you know faster to time to Market and cost efficiency and collaboration these are all the benefits that our developers like about but the chance can be exploited by those threat actors to launch M massive campaign affecting hundreds of business okay now we finally go down to the Zer trans security principles how many of you knows about Z trust please raise your hand I think that's everybody probably
yeah so it sounds Savvy it's a Savvy words yes I agree with that and it's a term that has been used by a lot of Wenders to Market their product you know we've got Zer trust uh features we've got the all you know the like the the entire Zer trust package please buy our product yeah so you probably some people probably Hy about this term because of that and a lot a lot of people associated with the commercial product that does XY XYZ features however later do you know it's only a concept and a principle it's not a technology it's not it's a collection of things that can um can achieve a Pacific goal right so so in
the de trust model nothing is trusted no applic data databases uh services or infrastructure is trusted by default and everything including identities network uh infrastructure and applications must be audited monitored and verified for example when one piece of the infrastructure or application want to speak to another then it must be authenticated AC according to a uh access policy that is constantly changing it's constantly assessing the the Authentication and then according to the access policy it will grant the will grant the the access Accord according to the least privileg uh principle so that's the zero trust principle so how does the zero trust principle translate into Cloud native de devops controls so the ncsc defin Z
trust principle into further seven principles so how does those principles translate into these controls so let's start with identify buying the cloud native not Cloud native asset the architecture identifying firstly the you know the the the the way that you use to innovate things so what you want to know where your your developers are getting this this third party packages the open sources um you want to be able to understand you know what is in your dat what is in your uh environment your data your codes your images where they they stored and then know your user and service and device um identities so in in this case you want to assess your user and devices
um and services behaviors so you want to detect the anomalies um and you want to secure the workload identities and you want to project the the secret in the CSD pipelines and then you want to yeah you want to assess your your your your users Behavior so in order to do that you need to understand what your devops workflow look like what is your CSD process and behavior and can you put can you do a t check into your workload and also uh you want to audit Your Privilege account and then you use the policies to authorize your access access to all kind of environments you use just in time access and you can enforce a branch uh
security I'll talk about that in a minute and and then even for the apis you want to enable access policies for the apis um you want to yeah we want to control which way API is talking to which Services right and there's a tool that uh I put on the top here it's called cloud cloud infrastructure entitle management so this tool is often used to manage the um the cloud identities within the infrastructure environment and then you authenticate and authorize all the connections how how do you achieve that first of all so you have so much devop tools and then how do you know that the developers are uh access to those devop tools and to to
whatever they are they need to access to to whatever the resource and environment they need to access to is difficult to to do that unless you integrate your uh your Dev of tools with your DP with your identity providers with your Enterprise identity providers and also enforce MFA on top of that and enforce conditional access policy for the workload identities I know that MFA might be difficult to uh Implement for your um for for your uh worklow identities and then you want to enforce the service to service authentication now we focus and then we we talk talk about you know the the the monitoring of the users devices and services you could be using something
like AI powers and automatic detection and realtime observability um is often provided by the ebpf and security testing you know I don't need to mention about that but um it's something there and Funtime scanning um don't forget about those tools those Savvy you know commercial tools like cspn k kspn and cwpp something like that yeah so those tools are all enabled all monitoring and getting visibility into your environment at some points and finally don't trust any network so talking about network security you probably Mt MTS comes to the top of my head and then you probably think about micro segmentations what does that mean that means segmenting your uh environments into uh you know staging production and testing
environments and then another thing is you also want to segment you want to also use different Runner C Runner to run the protective workload uh workload uh sorry to run the protective um job you don't want to mix them together you need to set you need to configure the the different segregation uh policies okay um now I'm going down to the very heavy um you know detail content for the next probably next six seven minutes I'm going to be quick about it um fast about it okay so how how do you secure your application environment you first starts with establish your uh security Baseline to that you can use to harden your infrastructure environment use things
like CIS Benchmark or you can use the cloud when the Pacific ones for example Microsoft cloud security Benchmark if you're using a it's a free uh it's a free version of that then you want to um monitor your Cloud work workloads and and use that to use tools like cspn um cnpp things like the cloud native uh application uh platform to um to detect your upnormal and the abnormal behavior within your environment and your Cloud workload and you want to adopt uh runtime security for your container workflows uh workloads and also you want to detect your uh to monitor your uh infrastructure including the Legacy systems so you know that you don't have the shadow
it and then um you want to implement uh the just in time policy and also the zero PR privileg standing admin accounts so so Developers no the the Ops the Ops people often use the admin access into your platform so you want to enforce the Jus in time policy for that and and of course MFA I don't need to mention that too much uh everybody knows about the benefit of MFA um although they are not they are not attack proof but they are good and then you want to enforce the um role based Access Control policies are back and um enable session reauthentication and time out and you want block unauthorized and un um noncompliance deployment using
things like policy as code um and you can regularly scan your um infrastructur codes files to project to uh to detect any misconfiguration and configuration drift and finally it's the uh network security and and segmentation so there are a lot of things about it firstly you want to ensure that you segmenting your um your um the infrastructure that they used to host your application where your workload are running and then is to enable the um the protection for your the the traffic to prevent to protect your traffic going into application Al or and you can use the uh ebpf to improve your network observability and enforce your run security so yeah that is something you
can look into as well and don't forget network policy for the container and control um and to control your traffic flows within the cluster between ports and external traffic in the container um then um okay um then I want to talk about the securing how to secure your devop platform environments so first of all you want to regularly scan your base for Vol abilities adopt the esbal yesterday we had a very nice talk about esom in the proing ground if you don't know what eson is go to check that out and then um you want to um restrict access to your Cod repository and your container image registry and in terms of in terms of
your climate native dep of two two chain there's a couple thing I would want I would like to say about this so you want to ensure that you uh that you only deploy or only adopt the verify uh SE party Dev of two uh two Integrations and you want to work with your search party team to work on that to to provide assessment on on those tools don't just adopt everything I know that's a lot of application you know a lot of project teams they like to do their own stuff one them adopting you know dren Kings one adopting g g something like that yeah it's it's really complicated in in the in the massive environment but the
bottom line is you probably want to uh make that make that uh consistent use the same tools across your organization not to use different tools and then to secure your C pipeline how do you do that audit and monitor your CI cicd Runners so there's two um there's I think there's there are two that you can use which is based on the ebpf again and that can use to um improve your visibility on your cicd Runners and and secrets and secrets within cicd pipeline is particularly vulnerable because they can be everywhere there are so many secrets and don't hard code your secrets and that is and that is very basic security best practices um but unfortunately a lot of
people do that still nowadays um and also you want to manage your secrets uh properly finally securing your developers environment some some sometimes everybody just not um you know just not care about developers environment because they they wants them to innovate they wants them to to do the job that they need to but the thing is there are risk associated with that with that environment for example um you know the developers can use their own personal um access codes access tokens access to your to your go code repository and your development environment and yeah all those things like that so my recommendation would be you want to enable single sign on and integrate your devop tools with your organization's
identity provider using the identity uh Federation so that's the probably the first step you want to do then again you want to ensure the you enable the just in time access then um I'd like to talk a bit more about the extensions and integration security again thirdparty security risk needs to be done needs to ensure that you are integrating the right tool and um and when you are getting something from the marketplace think twice or maybe third times before you actually you know integrate your your things you want to verify this is actually the gening tool that you want to integrate and then finally uh is to implement Branch security so you want to protect your branch you want to
establish Branch uh production uh policies um including approval workflows for the code changes so that comes down to the change management entire topic on the change management as well you want to secure access to your polc uh repository and the PIP Lines by applying different kind of permissions um yeah so that's it for securing your developers environment so what are the key takeaways in this session we have uh explored uh the complex for landcap of cloud native environment thank you very much for staying with me until now um so basically to you want to shift left uh shifting left is not is not enough you want to shift everywhere including every stage from the Cod to
the uh to the deployment in your CS dep in your sdlc and also you want to harden everything not just the application itself but including everything around it the identity providers the CSD Pipeline and the cloud platform and verify every single uh connections it's not just the application the services between the services but also verify your users access to the environment your developer access to the you know the the the def the the CI environment something like that and uh always AUM breach which means that you want to exercising um want to exercise uh defense in depth so security controls on just one level is not going to be enough and um so Cloud native environment is not a sted state
which means that you want to protect your um you want to ensure that your runtime is the ensure the running application are monitor for the malicious activities or attacks and finally automate security um you can use tools and Technologies to streamline the um to streamline the securing and to secure your supply chain ATT uh supply chain supply chain um environment and also to enforce your security policies um by automating everything I think that's everything for my talk thank you very much um and so I have included my um you know my LinkedIn profile here so you can connect with me and there's a link here you can get all the resources that I use when I'm
researching this talk um so I hope that you learn something from this but if you don't that's okay because I learned something from okay oh any questions sorry Emma thank you so much and I hope you're surviving our temperatures are a little bit different from here in London so um you mentioned at the beginning of your presentation the what the fact that developers value speed how as a security Cloud architect how do you articulate that you can achieve that value you with all the things that you just described I I find that that's normally a point of contention is that this is a lot of stuff for us to do or for somebody to do how does that align with
being able to meet speed to Market demands for a certain development products make sense that question yeah that makes sense yeah thank you um so I think I so I think uh speed is is crucial as well as security I wouldn't say that you don't want speed but you want but the thing is you want to have a framework you want to have a baseline that is already implementing to enable that speed so which means security is integrating within all the stages of your sdlc and within your environment uh you have you know you have things that can monitor for misconfigurations such as policies codes things things like that if you have implementing those um those those
foundations in your environment you will be able to enable speed so that unfortunately this is not something that that can be done fast it requires a very careful you know architecturing in and refactoring your application something like that um yeah so that that is that's how I communicate uh you know how I um ask my my my developers to inforce security I know it's hard and um yeah because i' I've been there before and the thing is but luckily my my my developers are very buyant to my Approach when it comes to esom are there any automated tools we can use for scanning oh sorry I didn't know that as fun I think would you like to answer that
question I have a friend I sorry I to put you on the spot but she delivered a talk yesterday I think it's very good for her because she's expert in that so I think it's better for her to explain this would you mind maybe we can talk after this but uh there are some open source tools which is by Anor trivy oasp oasp is the very well known the cyclon DX and uh trivy has like it is also integrated with Docker desktop so it becomes easy for you to use it and Anor has sift that is available open source you can just use it for free or if you use Anor as a whole it comes like with everything that
integrates W bom So yeah thank you thank you Emma is that a good answer yeah okay great next one sorry I think mine is also an as bomb question I work for Allan Friedman at sisa on thebomb team um and so you I love that you mentioned sbom as a tool for like getting to know your architecture and what's in your Cloud environment so um we uh have these Community groups that talk talk about sbom and one of the groups uh published a paper on how sbom applies to cloud and they Identify some ways in where sbom falls short so are you using esom for your Cloud environments and if you are how are you using
it yeah I think esbon um so I think espon can be used in a way that it can also monitor not just the application packages but also the infrastructure environment as well as I think this is what I understand so for example infrastructure code template this can also be in the esbon um you know you can put I think esbon talking about espon I mean if we fix our mindset into the espon is just about you know the the packages the third party libraries then I don't think that that's the right approach to use that my my thoughts about the s bonus in the future the SB should be a repository that that's um that is a collection of what is the
right uh templates what is the right infrastructure templates and that is what we want to use to enable uh compliance within the cloud environment I mean I might be wrong but that that's that's what I think about how how we can use espon to achieve this it does that hand answer your question or no sorry I don't have anything sorry I'm I'm not that you know I'm not uh specialize in you know application security but more towards the cloud but I think espon is a very good tool so I think it can be extended to to to do Cloud as well to ensure the Cloud's environment is compliance any more questions we are unfortunately out of time so we can
definitely if you have some time to stay afterwards we can do that but thank you [Applause]
[Music] [Applause] [Music] [Applause] [Music] a oh
[Music] [Applause] [Music] I'm just I'm just TR to give [Music] something I'm just dring give you something I do brok I'm just TR to give you something [Music] oh
[Music] h
[Music]
[Music] [Applause] w [Music] [Applause] [Music] I'm just to give something I I'm just TR to give [Music] something I'm just I do I'm just tring to give you something [Music] a [Music] w [Music] [Applause] [Music] [Music]
[Music] [Music] I'm just I'm just trying to give you [Music] something I'm just trying to give you something I do I'm just trying to give you something he [Music] oh [Music]
[Music] a
[Music]
[Music] [Music]
[Music]
[Music]
[Music] be [Applause]
[Music]
[Music] [Music] yeah a [Applause]
he
[Music]
[Music] oh [Music] la
[Music]
a [Music]
[Music]
a [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music] he
[Applause] [Music] hey hey hey hey hey
[Music] [Applause] [Music] [Applause] [Music] he [Music]
he
[Music]
[Music]
[Music] track [Music] hey hey hey hey [Applause] [Music]
hey hey hey hey hey [Applause] [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music] he
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music]
[Music] he [Applause] [Music]
[Music]
[Music]
he
[Music] h
[Music]
[Music] w oh [Applause] [Music] [Applause] [Music] [Applause] [Music] I'm just I'm just TR to give you something [Music] I'm just try to give you something I do I'm just tring to give you something [Music] oh [Music] [Applause] [Music] [Music]
[Music] [Music] I'm just TR to okay I to you I'm just TR to give you something [Music] I'm just I I'm just trying to give you something [Music] w
[Music]
[Music]
[Music] [Music]
[Music]
[Music]
[Music] [Applause]
[Music]
[Music] [Music]
[Applause]
[Music]
a
[Music]
[Music]
[Music]
the [Music] a [Music] oh [Music]
[Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music] a
[Music] the [Music]
[Applause] [Music] hey hey hey [Music] [Applause] [Music] [Applause] [Music]
he [Music] a [Music]
[Music]
[Music]
[Music] TR oh [Music] hey hey hey [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
he [Music] [Music] [Music]
[Music] [Applause] [Music] he
[Music] w [Music]
he oh
[Music] oh
[Music] a [Music] [Applause] [Music] [Applause] [Music] oh [Music] [Applause] [Music] I'm just TR to something I I'm just TR to give [Music] something I'm just TR I I'm just TR to give you something [Music] he [Music] w
[Music]
[Music] [Music] I'm just I I'm just TR to [Music] something I'm just TR to [Music] something I'm just trying to give you something [Music] oh [Music] w
[Music]
[Music]
[Music] [Music]
[Music]
he [Music]
[Music] [Applause]
oh [Music]
[Music] [Music]
[Applause] [Music]
[Music]
[Music]
[Music] oh [Music] h a [Music] a [Music]
[Music]
[Music] n [Music] [Music] a [Music]
[Music]
[Music]
a
[Music] [Music] [Music] [Applause] [Music]
[Music]
[Music]
[Music] o [Music]
[Applause] [Music] he [Applause] he [Music] [Applause] [Music] [Applause] [Music]
a [Music]
he [Music]
[Music]
[Music]
[Music] TR [Music] hey hey hey [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music] he
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
he
[Music] h [Music] h [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] I'm [Music] just I'm just TR to give you [Music] something I'm just TR to give you something I do I'm just TR to give you something hey [Music] w
[Music]
[Music] [Music] I'm just I'm just TR to [Music] something I'm just I do just trying to give you something [Music] m [Music]
[Music]
[Music]
[Music] a [Music]
[Music]
[Music]
[Music] [Applause] oh yeah
[Music]
[Music] [Music]
[Applause]
[Music]
[Music]
[Music]
[Music] a [Music]
[Music] a [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music] a [Music]
[Music]
[Music] [Music] [Music] [Applause] [Music] oh [Music]
[Music]
[Music]
[Applause] [Music] hey hey hey [Music] [Applause] [Music] [Applause] [Music]
[Music] he [Music] he
[Music]
[Music]
[Music]
[Music] track [Music] hey hey hey hey [Applause] [Music] hey hey hey hey hey [Applause] [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] yeah he [Music] [Applause] [Music]
[Music]
[Music] w
[Music] oh
oh [Music]
[Music] oh [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] I'm just okay I to you I'm just trying to give you something [Music] I'm just tring something I BR I'm just to give you something [Music] right [Music] [Applause]
[Music]
[Music] [Music] I'm just TR to this have to I'm just TR to give you [Music] something I'm just TR to give you something do you I'm just trying to give you something [Music] m [Music]
[Music]
[Music]
[Music] [Music]
[Music]
[Music]
[Music] [Applause]
[Music] oh
[Music] [Music]
[Applause]
hi everyone welome [Music] e [Music] h
[Music] 2030 uh or sorry 2035 right I think their countdown timer as of yesterday was 5 years that we should have a capable a Quantum uh relevant uh quantum computer a cryptographically relevant quantum computer uh when I looked at their research it was interesting uh they they've kind of just put it out there as a marketing right they they put it out there as this is the date we expect it to happen based on what we've seen uh in industry and when we look at you know what it really takes to do Quantum cryptography and crypt analysis uh we're we're really needing at this point about 2 million or so stable cubits anyone know how many we have today in the
largest quantum computer not physical cubits yeah but it's it's on the yep 56 so if you think we need to get to two million right to get to the required error correction which is 10 to Theus 6 um right and and that's really what we're looking at it's that that error correction rate um that we need and today in in the yellow you know quanum announced uh July 13th that you know they have the most powerful quantum computer and it has 56 bits so we're we're a little ways from from from 2 million um in my estimation I'm not quite sure but 56 to 2 million is a lot that's a big that's a big jump um it has to be so we have to
find some exponential um capabilities there which we are doing there there's uh some companies working on silicone based um uh silicone based quantum computers and things like that so uh it's it's coming when we look at how many cubits is it going to take to break uh uh encryption that we have today the existing RSA and and Diffy Helman key exchange algorithms and when we look at you know the models that we've run uh we're still in the 1 to 10 million cubits right um it's multiple cubits it's it's multiple millions of cubits in order to be able to um and this uh this uh research here was done uh by the Microsoft Quantum team uh and and
they've run these simulations multiple times and they continue to run the simulations the interesting thing I found is when we look at uh how long it would take a quantum computer to attack AES which is the red document or the red triangles here um you'll notice it's uh exponentially longer right I believe the dotted line there reads age of the universe so we've got a little bit to go before before AES seems to be susceptible um but that's right um it's it's something that we look at again the yellow line at the bottom July 13th uh 56 Cubit system and we're we're a little bit I think that's 0.0056 million for anyone who wanted to
um to look at that so we've got a little bit of ways to go the challenge we really have though is cryptography is everywhere right we spread it like peanut butter on everything and if you're allergic to peanuts then you know cocoa butter or you know something else um but it's it's everything it's in iot it's in your watch it's in your phone it's probably in the thermostat for this room right we've embedded this encryption in almost everything but we're not really good at maintaining it are we like think of how many systems we have on the planet that are running just TLS and how many still have uh you know TLS versions that are
deprecated uh I think the last last statistic from uh qualis SSL Labs uh was there's like 7,300 uh systems on the uh that they've scanned in May that are susceptible to these vulnerabilities or or vulnerabilities that are publicly known uh again how hard is it going to be to change the root certificate authorities across the planet and to migrate them and replace all the certificates right this is the effort that we have to prepare for in the industry it's not going to be easy but it's coming when we think about you know the the history of SSL and TLS this is the timeline that we're racing against right when we look at how long is it going to
take for us to get to 2 to 8 million cubits it's really more of a of a timeline of how long is it going to take to replace all of the cryptography um and and that's really the the racing and why the move to postquantum cryptography is uh is urgent um because most of us aren't planning that quite yet
takeaways what can you do today in to to prepare for Quantum cerography well since nist has not certified uh uh fips 203 four and five as of today there's really not a lot you can do in production um you can leverage those algorithms in a you know in a non-production environment you can certainly look at those candidates and if you want to implement them uh in in certain ways you you certainly can um you know we are certainly in a place that we have to prepare for something that we can't do yet uh but you can still try and you can still uh Implement uh in in test and start cutting your teeth in there anyone have
questions so the one you came yeah go ahead
uh so the question was you know is there uh is there a recommendation around you know increasing key lengths and key sizes and things like that um so for RSA yes uh for RS or not for RSA sorry for AES yes um increasing key sizes again you're still at age of the universe but right we we want to be age of the universe plus you know plus 10 maybe um but for uh RSA and uh Diffy Helman uh not against Quantum attacks because we're um attacking the algorithms directly we're not attacking the implementations um and so it's it's just uh it's not it's not going to make a difference it might make it incrementally take longer but you're
measuring it in you know in uh minutes and days not in weeks and and years so the real question is what do we what do we think right um what is the projection right uh we we've heard you know uh a d a number of places that that uh are are making advancements in Quantum Computing and and advancements in Quantum uh and they are moving as fast as possible right uh moving from uh superconducting down to silicone-based Quantum Computing uh will change that math and we'll Advance things uh quite exped exp expeditiously uh but until then um right it's it's a it's a race best estimates is we've got about 10 years right um but if we go back to
that SSL timeline it's going to take us 10 years to change TLS and SSL across the planet so it's not that we're racing against it it's it's we're racing against ourselves uh attacks everyone loves to talk about Quantum attacks um right the Harvest now de grip later what are we doing about Harvest now de grip later uh the biggest one is do some attack modeling understand where your network traffic goes um Harvest now and decrypt later only works if I can capture your network traffic if I can't capture your network traffic then it's not going to work uh what's not susceptible databases if I steal your database it's not susceptible to a Quantum attack assuming
it's uh encrypted with uh AES um if if it's a encrypted you know in some other way it it might be but uh for the most part we're using TLS uh to transmit data not to do bulk encryption blockchain's the other one um blockchain will require some changes um that's going to be an interesting uh change over uh a lot of uh a lot of uh companies are saying once we uh sign that first packet it upgrades the whole chain we're not quite sure if that's going to work the way we think it will because if I upgrade that chain do everyone does everyone else have to be upgraded that's in that chain so it's
again a timing thing things that we have to work on you got a question um so in most of this proposals that they Bas on l math I think it's a mistake to B all your Solutions off the same mathematics what's your feeling on that so the question was you know the the NY Bas is is doing lattice the three algorithms that are up are Lattis based math uh ma lce math based um algorithms uh are there you know what's what's my opinion well um again I haven't done the Deep Crypt analysis I haven't done the deep math um so uh if you think about everything we've done in cryptography is based on math right is math the real
solution um I'm not sure there are other things we can do that we're working on in the future that maybe isn't math-based maybe it's it's uh uh you know um Photon or light based doing other things but yeah I don't I don't see um I don't see that I was just being I assume that we would use other mathematics I was curious
right contest is not correct yeah the the the NIS contest uh their their rules um you know were where they are and the agencies and the public comments were what they were um but yeah there there are going to be other ways to solve that problem that we make in the future that we find in the future
yeah sure so the the question is you know right now Quantum is uh is very expensive you know the the attack paths that we're using here are really we're talking about States um and and that is the you know you can you can do modeling and and things like that in AWS and and Google and IBM and and Microsoft's Quantum uh Labs today and you can leverage that power and run simulations but again they're not large enough uh to do that at scale and they are fairly expensive um I would expect we're talking about a a five-year life cycle for some of that to become more common yeah it seems like hyach
yep yeah uh the comment was in relation to using classic computers to error correct for Quantum comp computers um that is showing a lot of Promise it's showing a lot of uh a lot of insight um whether or not they can be used in the same method to run Shores algorithm is still a question I haven't seen anyone run those tests yet yes y yeah and and that's the the biggest challenge with Quantum is finding the airfree cubits and and getting them to to be able to run the algorithms the way that you expect the results to run
yeah uh so Quantum energy uh consumption again um the better the better we know uh what these supercomputers um can do and and uh you know the better we use new materials again silicone based uh cubits are going to be a big um a big advancement uh the faster we will reach that Cubit number does that doesn't adjust mine but I don't know enough about those advancements to yep
yeah sure so um the the question is you know uh what's the implication to bitcoin and and other uh um you know other um challenges with blockchain um and and it becomes the the question of uh again uh if we if if quantum computers are able to to calculate uh those keys then yes there will be major implications to blockchain again the race condition is how fast can we convert the existing blockchain to a new algorithm once those algorithms are
available yeah so the the with a blockchain um the attack Vector is going to be being able to calculate the keys for wallets right and being able to then add and remove things into um that chain um based on being you know having that certificate or having those access to be able to calculate those keys so it's really more of the I would expect the uh the authentication components to be at more risk there than the data I mean blockchain data is an open uh it's an open ledger so there's really no data data encryption there at all right you're you're really talking about the transactions and and who can authorize those transactions and the same thing would be
for you know any other authentication that you do that's using certificates right think smart cards or or uh credit card right ship and pin right all of those algorithms will potentially uh need to be evaluated for uh updates as well right last
question so uh yeah embedded systems and and older Hardware will um so the question was you know anything around embedded systems and and things that can't take larger key sizes and and that's going to be the challenge right uh the history of our technology and the Legacy the uh the challenge of not being able to upgrade and and uplift are going to require us to do things that we aren't prepared to do right you're talking about Network isolations and things like that and I mean if you think about it if protecting that network communication is probably your best bet all right uh thank you for an interactive session I I hope you enjoyed it uh if you have any questions you can
find me on LinkedIn or I'll be walking around [Applause] [Music] oh [Music]
[Music]
[Music] the [Music] [Music] [Applause] [Music]
[Music]
[Music]
[Music]
a [Music] [Music] [Music] [Applause] [Music]
[Music]
[Music] St
[Music] he
[Applause] [Music] he [Applause] [Music] [Applause] [Music] he [Music] a [Music]
[Music]
[Music]
[Music]
by track [Music] hey hey hey [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music]
[Music] e
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] [Applause] [Music]
good afternoon and welcome to bides Las Vegas this is common ground and the talk is one port to serve them all Google gcp Cloud shell abuse given by Hubert Lynn uh we have a few announcements before we begin first we would like to thank our sponsors especially our Diamond sponsors prism cloud and vanta our gold sponsors uh DropZone AI it's their support along with other sponsors donors and volunteers that make this event possible um these talks are being streamed live and as a courtesy to our speakers and audience we ask that you check to make sure that your cell phones are set to silent all right good afternoon everyone my name is hbert from Nesco
thbs uh today we're going to going to uh talk about in abuse methodology regarding the Google gcp Cloud shell so let's get started uh today's agenda is like this first we're going to talk about what's the have a quick glimpse of the what's the cloud shell and once we have the cloud shell initiated we have a quick MF scan about what we found during our the discovery process and finally we'll talk about how we abuse the findings we found to the open port we found and what the impact as well as the medication uh that could be counter measured in the future so what is a cloud shell Cloud shell is basically a web based interface
a command line interface that can be used by the end users to manage their Cloud resources or even develop their small apps to to to the Comm line interface from their webshell and the clure is also preloaded with a lot of utilities especially those Cloud specific utilities from different uh cloud share providers such as for for Google we have uh gcloud or GSU pre-installed so you don't have to worry about those uh Tools installation and also uh they also have uh programming language PR install so you can have your preferred programming language pre uh ready to have some development to to test things out and one of the best thing is there are a few gigabytes of persistent this
drives in your home directory so once you have some development or some stuff you need to C it there you'll be persistance forever for gcp I think we have about 5 gigabyte of storage and maybe 1 gigabyte for AWS so once we have the clal instance initiated uh we have a quick scan again this inre public IP as well as this private IP and we found that there are two open ports public to to the internet the 22 and the 6,000 and the result is quite inconsistent compared to what we found against the private IP from the I private IP we found that the only consistence from public or private is the open SSH version
8.9 the that's the only consistent we found and by observing The Nest stat as well as the TCP T dump from the S pack same from our external unmap scanner we can have a flow diagram like like this with the uh 46,000 exposed to the internet and it will map to our internal contain Cal containers Port 982 which will further redirect to the port 92 that that's listening by the SSH demon before we move on we uh let's take a look at another feature called the web preview a web preview is another features from the cloud shell uh which is actually an htvs layer of found end that points to your HTV back end and
without uh the Haz of uh applying SSO certificate from the developer the developer can just focus on his own app development on or running on the internal HTTP backend and the other thing to be noticed is that the cl uh the web preview is not public accessible so if you share the link above that end with closure. to someone else they're not able to access this and the Google authenticated prompt will be displayed uh basically it's only accessible to the user that runs the clure just or or
yourself so by add adding what we found to the we web web preview the diagram now could look like this on the left hand side the authenticated user can access the internal HTTP service rning on the CL sh container through the identity aware proxy or the I over the uh https
Channel and let's take a look at how we can abuse it uh from the diagram something we can control is the blue area that that's in in container so the the traffic that comes in from external 6,000 and then through po 99 we can further control the packet flow through the firew RS to abuse this feature
so on the right hand side is the diagram of the Linux net filter and we can control how packet flow through internal service through the pre routing chain in the n tables so with one thing in mind that uh in IP tables the priority of the rules is the uh first match wins so we keep in this mind that we will insert different rules that have the most wider blocks first and then the narrow this one first uh in the last so we could Define three different CER blocks here with uh the first one with the narrowest block and the last one measuring all the ip4 address baces so after we inserting these three rules we could have a
different uh package flow path like this so after applying the firewall users Cent connecting from different CER blocks could have different service access but they all through the external 6,000
ports and from the last the uh the bottom line path here we could find that by uh going through this path we could uh by pass the iip proxy which uh is some kind of AB the the impact that can be abused so by dumping the original official URL paths that require Google authentication we could now use the a different URL that's public accessible over 6,000 and if we have DNS managed we can also make this schem and https as well if we can apply for uh TL certificate in the future and also know that since the UR the fqdn that ends with Google user content.com it somehow give us uh extra immunity over some uh someone security
controls
regarding the impacts and medications the first impact is the web o uh web preview o bypass we earlier mentioned so by doing so we can expose or deliver stuff we want for example we could deliver malous malicious stuff as well as uh confidential stuff that's been accessible through the cloud share instance to further access your organizational data to the public or to the claure instance and the second one is by adding extra s par key to the folder here we can can control to the cloud shell to again to the P 6,000 without the access of the web shell to the to the web web user
interface and through the Su server we created earlier we can also pivoting the traffic through the cloud Network either to bypass certain restrictions or either create an indir C2 channel to some kind of C2 service to further mitigate those find things uh the first thing is the MF Harding from Google's uh best practice uh time based onetime password is fishable and from my previous rating exercises uh I confirmed that the tltp is true visable so uh the best practice will be using the hardware based security key and second is we could review our access control of the cloud shell to see if certain group of user is really need that access or not and from the Google
admin console not the CL console we can find or control this access for example we could uh configure certain ous like this one and then further disable their access to the C
shell and the third one is the public Force we discovered from my standpoint is pretty up uh unusual to discover two open ports to to the public so from my understanding uh the Cure on AWS or Azure don't have open ports discovered so Google's been working on
that last final is the principle of this privilege so it's always a good practice to further review if the IM rules is overly granted or not and Google also provides several tools such as policy analyzer or the recommander in recommender it will analyze your permission usage in the past 90 days and it will give you insights about if certain permissions hasn't been used in the past 90 days so you can revoke it or even use a lower privileged IM IM rule this is the closure timeline that I've been disclosed this abuse method to Google around April late April and they should have around more than 100 days but uh current status is that they will decide
if a fix is needed or not and regarding Financial award not me not meeting the bar yeah it's not my point and at the first uh in the first place I disclose this as a
[Music] h
[Music]
a
[Music] [Applause] [Music] [Applause] [Music] h
[Music] I'm just TR to something I I'm just TR to [Music] something I'm just TR to something I'm just trying to give you something [Music] a [Music] w
[Music]
[Music] [Music] I'm just I'm just TR to give you [Music] something I'm just tring [Music] something I'm just trying to give you [Music] something o [Music] oh [Music]
[Music]
[Music]
[Music] [Music]
[Music]
[Music]
[Music] is
oh [Music]
[Music] [Music]
[Applause]
[Music]
[Music] oh [Music]
n oh [Music] oh [Music] is it her birthday it's not don't worry and I'm not telling you my birthday don't even try don't even try to social welcome to besides Las Vegas common ground this talk is security B uh for AI Basics given by uh Chloe mess doggy um before we begin uh we'd like to thank our sponsors especially our Diamond sponsors Prisma cloud and vanta and our gold sponsors Adobe and project circuit it's their support along with the other sponsors donors and volunteers that make this event possible these talks are being live streamed and as a courtesy to our speakers and our audience we ask that you check to make sure that your cell
phones are set to silence well thank you for the intro how's everyone let's do a a thumbs up if you're doing well I know it's warm but we're doing well okay awesome well thank you so much for attending this talk and I just want to say a big thank you to bides Las Vegas for accepting this talk it is always an honor to be here back in 2018 I actually volunteered here and I didn't know anyone in this industry it was pretty daunting and scary as you could possibly imagine but I made a bunch of friends and they open the doors for me I got a job in bug crowd and I end up getting into the
hacker space all because of this conference so I'm always so grateful and thank you to the Vault and you know next year if you want to think of something to do volunteer it's amazing experience so we're going to go into an a little adventure and I'm going to try to make a security for AI talk that is a 101 a little bit more exciting I know content can be kind of drying so we're going to have a little bit fun to start us off you can win a prize at the very beginning of this talk if someone can tell me what do they see in the tree and with that I'll give you a beautiful
threat report that has basically it's like a miniature textbook about everything that you need to know about security for AI does anyone see what's in the tree this Buddha was taken in Oakland California in a little Park called Lake Meritt does anyone see it all right hummingbird no not a hummingbird any shout out if you know it it's okay you're correct congratulations you won a report let's give him a hand of Applause yes good job all right so yes this is actually squirrel and they evolve they gotten a jar of GIF peanut butter I looked in the chair I was like what is that is that a squirrel what is it holding it's not peanut what it's a gif peanut butter
it's learned and it knows it can't get the top off so it went from the bottom which is easier ah so intelligent anyway I bring this up because you're going to hear some really really bad jokes and by bad jokes I am not a comedian but I will try today um so here is a corny joke you guys ready for this why did the will bring peanut butter jar to the AI lab because I heard the algorithms were nuts about data yeah okay um so a little bit about myself my name is Chloe m and I'm the head of threat intelligence over at Hidden layer also one of the founding members of disclosed. and a board member
for Diana initiative who went to Diana initiative two days ago yeah I'm also The Advisory Board member for the election security research form those are my links if you want to do me a favor uh marketing from hidden layer would love if you could take a photo of me while I'm giving a presentation and send it to me because I don't have someone here to do that for me so if you can DM me I will I will figure out what to give you all right so we're going to do some true and false questions throughout the talk and I wanted to make sure that no matter what your background is that I think you
would feel comfortable enough to be able to answer if it's true or false using what already know you know you should be able to try to figure out what could be the right response so first one white box testing methods are unnecessary for assessing the security vulnerabilities of AI models because blackbox testing suffices if you believe this is false raise your hand congrats you got one right so far there's 10 of them by the way not in order though one more implementing differential privacy can mitigate risk associated with data leakage in AI systems without significantly compromising model performance if you believe this is false raise your hand if you believe this is true raise your
hand it is true you got to point keep track of your points just for the heck of it for yourself all right so when we think about AI or how the world sees AI it tends to be a little bit of this which is basically like Terminator world or end of the world situation and yeah I can understand the doom and the Gloom here but I also believe there's a lot of misinformation and disinformation about Ai and especially when it comes to security for AI so one of the things that we did come out with was the threat report which our wonderful person in the front one the physical copy but it is also you can
find it online right but it really helps to paint the picture so after this talk if you need a refresher feel free to go and get the report it has a lot of this in there so we're going to talk a little bit about AI so the thing is AI is here it's not going anywhere it's like no one can use chat GPT we've all used chat GPT now we're not going to stop using it the thing is it's already out there and you know you know it's going to get even more so ingrained in our everyday life is when our smart fridge starts judging us on our midnight snacks like another slice of anchovy pizza Bob but to be
honest let's be fair with one another it's not really the pizza slice for me it's the anchovies on the pizza that just doesn't seem right anyway when we think about how do we secure things are we going to be okay we've been here before we've been here before when it came to the cloud when it came from PC so we are we're we are all learning together and we're maybe playing a little bit of a game of catchup we did do a survey to find out you know what do people think when it comes to some of the serious issues about 77% of companies report that they did identify an incident with their AI within the past year and that
1.7 th000 models are in use at organization and one of the trends that we did see in the past two years was when you ask aiso how many AI models do you have they didn't have an answer or their answer would be we don't use AI we have no Ai and then they come back like okay yeah we actually do I found out I was never told because let's be honest it's always that we're in stylos with one each other then you have the 98% of it leaders believe that this is so incredibly important when it comes to their organization success I don't understand that 2% though like doesn't make any sense so I'm going to just say that it's
probably robots in Disguise I'm just putting it out there because this doesn't make sense um anyway so let's go talk about the risk related to the use of AI but true or false let's do it so AI models can be protected against model stealing attacks by limiting the number of curies allowed to the model and by using techniques like query opusc I should learn how to pronounce that for pretty well raise your hand if you think this is true raise your hand if you think this is false raise your hand again if you think this is true wow you guys the true ones are correct don't worry we're going to cover it later on we'll all be on the same
page all right next one water marking AI models can help in identifying and proving ownership which can prevent unauthorized usage and intellectual property theft if you think this is false raise your hand if you think this is true raise your hand you are correct it is true so when we think about AI of course one of the concerns is harmful content creation we're going to be afraid of what could be out there because we also don't know what is it trained on as well so try to think about as AI is like giving a toddler a paintbrush and expecting it to do the Mona Lisa for us it's just not going to happen it's going
to be messy and sometimes it will feel like at times this is why we can't have nice things we also have to worry about deep fakes because I mean has anyone do you guys remember the Joe Biden rooc call that happened earlier this year yeah that that to me is kind of election interference in my opinion and then you have this case of Hong Kong raise your hand if you read about this case in Hong Kong all right so this is a fun one to read about so there was this guy at a company it was late at night and he thought his Chief Financial Officer needed to jump on a call with him on Zoom to try to get 25 million
paid out so he jumps on this call and it's a deep fake it is so like his boss that he does not think that this could could be a deep fake and to be honest I don't blame him in the New York Times a few months ago they actually came out with a quiz to test your skills out if you could tell the difference between something that is AIA generated or not and it was very common that people did not get 100% correct I mean dpix are starting to look so good that I'm actually starting to be in doubt of really if those are my Sheba Enos and my Instagram photos because I mean look at them they're so cute
that's Sherlock by the way and that's Luna anyway they're amazing and they don't usually do that by the way they do this thing called the side eyed where they judge you on every little point now data privacy this is a good case with Samsung so one of the things is that they found that there was meia notes and source code that was actually leaked in chat GPT I know about a year ago or two years ago let's just say some company for Banning employees from using chat GPT during this time what employees would do is like well it makes my life easier and I don't want to do that well I guess I'll just do on my personal
devices so what do they do they take whatever that they need to create reports or anything they send it to them via email to their personal email address to use their personal computer to do chat GPT on it and then get the results and then plug it back at work and what this happens to do is that it leaks sensitive information out and this is why you shouldn't ban chat GPT because then you have these things so the one way how I always think about like data privacy with AI just think about that there is always going to be a possibility that a secret will come out just like on reality TV shows someone's going to spill something of
course and then you have copyright violations where artists are like hey how did you train your model I'm out a curiosity because I believe you're using my stuff so this has been an ongoing issue because we don't know what models are trained on it's a very much like as a consumer you don't know and so that is still a rising problem that still needs to be addressed to this day then you have biases I always say and even before AI let's be honest with one another if you don't have diverse folks working on a product it's not going to work for everyone that also means that you're not going to capture all the bias out there this is
why it matters on all these fronts but also where did you get your data from that's so important because that can really cause so much harm to populations if we don't check these things and just think about AI bias is like an AI deciding that anies belong on Pizza which is so fundamentally Wrong by the way I'm so sorry if you like anchovies on pizza I just no it I could say pinea belongs on pizza but I don't want to create a debate or a situation in this room by saying that so yeah anyway and then you also have to worry about ethical Ai and this was one of those cases of an AI chatbot that encourage
someone a plot to kill the queen and the way how I always think about ethical AI it's like trying to train your dog not to bark at the UPS delivery person it seems impossible but it is possible to do so so with sheas I don't know it's a little bit hard they're kind of a hard ones to figure so let's go down now the risk faced by AI based systems now I just want to say that this is where we go down a rabbit hole of some stuff so bear with me I'm going to try to make this as entertaining as possible but before I do here's some true or false questions so the first one
we got here is securing the communication channels between distributed AI components is less important than securing the AI model itself if you believe this is false raise your hand congratulations you are correct next one the use of AI generated synthetic data in training models can eliminate the need for data security and privacy measures if you believe this is true raise your hand ah if you believe this is false raise your hand nice I was trying to trick you there for a quick sec okay so I think one of the things is that we tend to get a lot confused between what is an AI model from an AI system so let's kind of talk about that really
briefly so an AI model is a mathematical or a computational construct designed to learn from data and make predictions or decisions based on that learning it is the core component that processes input data extracts patterns and generates outputs now ai systems are different so an AI system is a complete setup that encompasses the AI model along with the necessary infrastructure and processes required to deploy operate and maintain the AI functionality it includes the AI model and additional components such as data pipelines user interfaces and deployment mechanisms monitoring tools and security measures so just for you to know the difference between these two groups functionality the AI model handles data processing and decision making whereas the AI system ensures the
model can be effectively used in the real world and that means like the data management the user interaction and the system maintenance now when you think about components between the two an AI model consists of algorithms and learn parameters while an AI system includes the model plus additional components like data pipelines deployment environments and user interfaces so when we think about well who are these people that are trying to go after AI well it's the usual three right it's the nation states the competive s and the Cyber criminals and on the side you can see all the reasons why they all are incredibly valid so think about it as like your annoying neighbors that are trying to
steal your Wi-Fi you know they're out there they want what you got especially your cat memes you know anyway so we're going to go into some of the risks faced by AI systems and that includes prompt injections of course we're going to talk about prompt injections um but data poisoning and more and it can really do feel like a Bad episode Black Mirror but in real life but like I said I'm going to try to make this entertaining as possible but I'm also going to try to do it like as if you're in a college session now so let's go first down to data poisoning attacks so model training is a critical phase in developing AI Solutions where
the model learns from the training data set so malicious interference such as data poisoning can severely impact the model's reliability data poisoning attacks aim to manipulate the model's Behavior by altering existing data or injecting doctor data now ai systems using continuous learning are particularly vulnerable as they do continually retrain on new user Supply data which may not be properly validated let's be honest so consequently aders can actually introduce specific inputs to the bias the model even a small amount of poison data can lead to bias or incorrect predictions if Amplified by public manipulation or botn Nets so think about it as you your chef and you add too much salt to your dish it makes
it terrible but one of my favorite examples is Tay which launched on Twitter well now known as X um in March 2016 Tay was this really innocent being on on X and it was it was so excited to meet the world but you know within 16 hours users manipulated it to produce the most rude racist harmful content imaginable although this was not a coordinate attack it still impacted Microsoft and also had threats of legal action as well and there are definitely more data poison attacks my favorite one is the artist trying to get back at gen by using a tool which would allow them to do some data poisoning themselves up on the top right right
there all right now we get to go mod evasion attacks so evasion attacks is like trying to trick your teacher into thinking that you did your homework and your dog ate it okay they knew you were lying but you're trying whatever you can to try to get them to be convinced so inference attack targets AI models after deployment and this is either on endpoints or in the cloud and these attacks extract sensitive information about the model or its trained data by curing the model and analyzing it its outputs attackers only need to access to the model's predictors usually through the UI or the API by repetitively sending slightly vared curies attackers can understand and potentially
reconstruct the model leading into a b model Bypass or even theft itself evasion attacks is a type of model bypass that uses adversarial examples which is basically like input Sly altered to classify something with a misclassification these modifications are often not noticeable to humans to be honest um such techniques um are like adding invisible noise to an image for example and these techniques have been used to bypass spam filters as we know of malware detection biometric authentication as well and it has been used for a good number of years now by the way now I want you to imagine you're in a self-driving car all right you get to the stop sign and your car instead of
just going to a compl complete halt what it does it steps one foot over taking back three steps y'all one hop this time if you know what I'm doing is the chaa slide and heels which is a little bit harder to do on this carpet but imagine if your car could do the chaa slide by because they saw a stop sign that looked like this which has a little stickers on it true story there was an instant where this did happen granted the car didn't do a Cha Cha Slide and I don't even know what a car would look like when it did ch ch slide but we can use all our imaginations right but what happened in
the self-driving car was that when it saw this sign which had these stickers on it it decided to bypass the rules and went straight through the stop sign another good model evasion attack situation is the one that you see up here so basically these type of attacks can also Target facial recognition with modified sunglasses but also military systems through deceptive imagery as that you see on this slide right here and this compose really significant risks such as just painting fake bomber Jets on the ground apparently so model theft attacks so adversaries May Target AI models not just to mislead them but also to steal the models themselves IP theft in AI involves replicating or extracting sensitive data
from Advanced AI Solutions developed by companies even without public access to model details adversary can use inference attacks through user interfaces or apis to replicate the model or extract valuable information Oracle attacks involve understand the model's architecture and the parameters to create surrogate models or steel sensitive data now according to nist raise your hand if you know about nist good I'm I'm glad you all know about nist um so n defines Oracle track attacks in three different categories one you have extraction attacks this is when you're trying to extract the model structure you have your inversion attacks and this is when you're reconstructing the training data and then you have your membership inference attacks which is trying to determine a
specific sample as part of a training data one of my favorite ones to study is the model theft attack when it came to Tik Tock and chat GPT raise your hand if you have Tik Tok on your phone good what no why okay all right you have it on a separate device without your personal stuff hopefully we'll just say you did okay okay it's all right it's okay you're you'll you'll get so nervous and paranoid after this week don't worry it's gonna happen but yeah so you all are aware of Tik Tok it's owned by bite dance well bite dance got caught last year trying to make a replica of chat gpt's model and they actually called it
the code name was Pro seed believe it or not so when we think about model theft attacks think about it as like you're stealing someone's Netflix account you like you get the service but without the guilt of pain all right let's put in some true and false in here so AI models that use transfer learning are less susceptible to security risk because they leverage pre-trained models if you believe this is true raise your hand if you believe this is false raise your hand congrat you are correct next one it is unnecessary to apply the principle of least privilege to an AI system components since they're all part of the same application and need full access if you believe this is false
raise your hand congratulations you are correct once again so yeah we're going to have to talk about prompt objections I know it's like the one thing that everyone talks about when it comes to security for AI but we'll have to talk about it but now one way to understand it is imagine you have a roommate and they have a parrot and you think it would be funny to teach that parrot to swear without your roommate knowing now let's also pretend that your roommate is hosting a Thanksgiving dinner and he's bringing all of his friends over his family as well the grandma the grandpa everyone and they might be going around the circle saying grace or maybe about what
they're grateful for for the year but then out of nowhere this per screeches like God damn it really really loud you know how embarrassing that would be in the middle of that really nice dinner that's prompt injection you're trying to teach it to do something that it wasn't meant to do in the first place but I'll give you a more descriptive thing around it so to prevent misuse gen providers Implement security restrictions to filter such harmful content to block access to illegal information and to prevent aiding and illegal activities these are also known as anyone know guard rails so these filters also ensure compliance with policies and laws however these restrictions can be bypassed using a technique called prompt
injection where specially crafted prompts trick an AI bot into performing a restricted actions and this can lead to chat Bots executing actions originally blocked by their developers with methods varying by model type vers and tuning multimodal prompt injection is a technique used to manipulate not just text but also images audio and video and by crafting specific prompts across these different modalities attackers can actually alter the AI model's Behavior leading to unattended or harmful outputs and this method exploits the AI ability to integrate diverse information making it sophisticated form of attack that poses significant challenges for ensuring the security and the Integrity of AI systems and then you have indirect prompt injections now these work to
manipulate an AI systems Behavior by suddenly altering the context or the environment rather than directly feeding it manipulated props this can actually involve changing surround text modifying the data sources or influencing the system's inputs indirectly and this technique is so so subtle and incredibly hard to detect which is making things incredibly challenging when it comes to securing Ai and then you got code injection which is basically like you know trying to teach the to prank call your boss just because you can doesn't mean you should um but basically code injection think about it as this way so gen models are typically limited to generating text images or sound and cannot execute actions like running shell commands or
scanning networks however they might generate fake output suggesting such actions were performed hidden layer themselves discovered that some of the amls can execute user provided code for an an instance streamlit math GPT application actually converts the prompts into python code this is then what happens is the model executes the answer those math questions of course but the approach does allow for arbitrary code execution through prompt injection which is one of those things that is incredibly dangerous when we're running on user suppli code and of course we have to talk about supply chain attacks because this wouldn't be a security talk without mentioning supply chain attacks so think of it as the Trojan Horse um but instead
of soldiers it's full of corrupted data so supply chain attacks occur when a trusted vendor is compromised leading to products with malicious components notable examples include solar winds which cause a wide spread security breaches in ransomware anyone where was in that room during that time the solar winds yeah well it's okay if you don't want to raise your hand that was scary um but anyway these are attacks exploit trust and have extensive reach making them particularly dangerous as you're all probably aware of now the ml supply chain does involve various tools and services that do increase these type of risk and 75% of it leaders viewing thirdparty AI integration as especially risky organizations must adapt to sec controls
to address these new vulnerabilities so think about like a supply chain attack situation is like you're you're expecting a very high-end Music Festival maybe a Taylor Swift concert or something but instead you end up at the fire Festival you know FY re e Festival anyone see that documentary either on Hulu or Netflix raise your hand yeah no that that was empty promises and Chaos all over so thing to know is that there are these specialized repos like hugging face which hosts over 500,000 models that are pre-trained which make it incredibly easy for developers to integrate these models into their applications however if an attacker reaches this repo they can actually replace the models with hijack or
backdoor models versions and this does lead to significant Downstream consequences so think about a m backd door models like a pizza with hidden anchovies you take goodbye and then you realize oh my God I have so much regrets with this pizza so a skilled adversary can't tamper with an AI model algorithm to Alters predictions by injecting a specially crafted neural payload into a pre-train model this introduces a secret unwanted Behavior known as the model back door which can then be triggered by specific inputs defined by the attacker to produce a desired output skillfully backd door model appears accurate with regular data misbehaves with inputs manipulate in a specific way known only to the adversary and this knowledge can
be sold or used to ensure favorable outcomes for customers such as loan approvals or insurance policies so the thing to know about machine learning model is that when it's stored it has to be sterilized into a binary form because it's so large um but many widely used sterilization formats such as torch script used by pytorch hdf5 which is used by ciras and then save M which is used by tensor flow are all incredibly vulnerable to arbitrary code execution and these vulnerabilities allow aders to create malicious models or to hijack legitimate ones to execute malicious payloads hijack models can then serve as initial access points for attackers or spread ma to down and customers in supply chain
attacks now the thing to know about machine learning development it does rely on so many tools and Frameworks many of which lack adequate security controls which includes basic authentication and this poses a real risk for data breaches and supply chain attacks security has often been an afterthought unfortunately let's be honest it is very much true we are always reactive not proactive which has led to vulnerabilities in so many popular ml Frameworks and recently there was a malicious Pi torch nightly build that was compromised via the torch Triton package which did allow data exfiltration from affected hosts so when you're thinking about ml tooling security is like locking your doors but keeping the windows open where
do you think the burglar is going to come in from anyway so very very cool cool cool cool cool cool cool cool cool if anyone has seen any Brooklyn 99 raise your hand yeah I love that show that's how I feel almost on a daily basis when I look at the stuff that's happening and I know that this might be scary too as all of us in the security space only having to learn this skills like really fast it is scary because there's not a lot out there right now when it comes to training folks so let's go talk a little bit about the advancements of where we are and where we need toe but I have two true false questions
for you so the first one is aersale robustness is the only security concern that needs to be addressed for deploying Ai and critical applications if you think this is false raise your hand congratulations you are correct next one Federated learning improves the security of AI systems by allowing models to be trained or on decentralized data without exposing the raw data to Central servers if you think this is false raise your hand if you think this is true raise your hand you are correct it is true now offensive tilling is tools designed to be good but are often used for Mischief it's like you know giving a teenager keys to your Ferrari it's exciting um but a little potential for
chaos so there AR a lot of offensive security tools that are originally for red teamers and pentesters out there but are also being used by malicious actors as you see on here these are some of the ones that um really stand out most of the time but there's a lot more that are missing on this slide but these basically help to test and improve AI security but also could be misused to facilitate attacks making AI vulnerabilities more access I to adversaries and of course if you have your offensive tooling and your and Frameworks and all that now you need your defensive Frameworks so think about it as like putting your AI in a protective bubble it's safe but don't
forget that bubble can pop so as new AI attack tools and techniques emerge now you have to have a defensive approach to crucial to protect the technology in the past two years actually a lot of cyber security organizations and companies have developed comprehensive Frameworks with security practices strategies and recommendations for AI which is a great initial steps for safeguarding AI systems but there's still we're playing a game of catchup and what I mean by that there's still gaps unfortunately in these but don't worry everyone's kind of working together and trying to keep it ongoing and updating it as best as possible now policies and regulations they're kind of like the rules of Monopoly like no one reads them but
everyone are like agrees about them or maybe argues about them I could say more so AI does have a potential for harm so it is critical for us to work together and and create policies that's good and as we know around the world that's what is happening right now with the EU act which has been a little bit controversial in some ways because it is very restricted and what has happened is that it has starting to create some limitations on Innovation but also in a sense of not creating a healthy competition so if you are a startup or small company it is incredibly hard to follow along and try to innovate something new so the US has taken a
different take on this which is like you know it's all about free markets right so it's like we want a healthy competition we want people to innovate so that's why you haven't seen anything like the EU AI act happening in the US instead you have the executive order which is about hey you know what would be good red teaming however there's still work to be made such as what is red teaming in AI Define it what should be the scope of it and these things are kind of missing still but they are in conversations at this time on trying to do so now let's go down some predictions and recommendations and unfortunately I only have these are the last two true or
false questions so give it all you got now right so securing the trained data of an AI system is not as critical as securing the AI model itself if you believe this is false raise your hand excellent good job all right the last one model inversion attacks can extract sensitive information from the outputs of AI models by exploring the relationships learned during training if you believe this is true raise your hand congratulations you either knew this knowledge or you paid ATT attention in this heat and by the way congrats it is hot in here I feel for you so thank you for staying in this room with me so questions to always ask at the end
of the day is when it comes to AI security what are you doing to manage your AI cyber risks is it enough you're like yeah yeah I think I think we're good how do you know that now becomes a conversation where you actually have to talk to other departments and teams and hope that they will talk back not at you but with you and that's where we are right now the only way that we're going to fix this situation is to actually know how bad is our situation how B is our silos at our organization at this time and know you know trying to turn it off and on again is not going to count
so don't even try it crab fans representing them here hopefully yeah I love IT Crowd I go watch that every single day okay so here are some predictions for 202 for I think you all can read this it's a beautiful nice slide but basically in general more AI attacks more supply chain issues and I'm really really really hoping that Us in this room in the hacker space that we start learning these skill sets and I know it's also kind of a fault on organizations for not helping you either because right now we're all playing a game of catchup you know there aren't really any SS out there that could help bring you to where you need to be at
this time so I know that they're working on it so do keep your eyes open I know by beginning of next year you'll have a lot more content to learn um but if you really want to learn more about this space um hidden layer does have a research portal so you can actually learn the latest case studies that we've done in the research we've done as well and you can actually learn the techniques of how we went about it but I do have one more prediction which is possibly robot cats taking over Instagram I really wish that that would happen CU that would make Instagram a little bit more exciting for me so so these are the last recommendations here
and it's by each group of the process that we have when it comes to AI so in the design phase is simply to do your data source evaluation where did it come from right that's what we need to know we need to know where did our data come from but also to know the model robustness evaluation also where did we get our model from has there been any cases with this model and in predeployment is to do model Integrity checks of course and also doing security scanning um to look for any vulnerabilities already in existence but also one of the things that's not in here is we should also be doing AI red teaming and I know that's
still being developed of what that scope should look like and that and hopefully we'll have more of a definate thing for everyone standards so we can all agree on but last but not least in the post- deployment is to you know monitor your input and output but also to ensure you have a good overall security hygiene which shouldn't be too hard if we become more proactive and a lot of this talk is about us becoming more proactive now because being reactive is not going to help the situation as we've all learned so regular update and monitor AI systems is one of the top ones the other ones use aale testing and then last but not least educate your users and your
employees of all the AI rates that exist out there and these are the last key takeaways which is ai's powerful but vulnerable don't forget I think we all kind of knew that though um security requires constant vigilance and stay informed and be proactive please now I know I work in security and you work in security but we trust each other right there's a beautiful QR scan code right here if you want to do it um but this is where you could get a copy of the report it is free so feel free to uh to get the report it is great if you ever need a summary of what this conversation was about it goes into
everything that I talked about last but not least I know almost at time and this is not relevant whatsoever but Stanford is doing a study right now about figuring out what is going on in the workforce and are you safe this is an incredibly important study and I really hope that you all can take a picture of this and share it with friends or colleagues because the more information the more we speak up about our cases and our situations we actually have data to do something about it if we don't speak up who will your data it will be completely private like no one will ever know your name or anything like that will ever get out there so I really do
recommend please pass this forward we need this information more than ever before I know I don't really have a lot of time for Q&A but I just wanted to put that out there um but thank you so much much for existing thank you for being here thank you for dealing with this heat thank you for being in Vegas for this wonderful hacker summer week and thank you for be nights once again for having me and thank you to the volunteers for being in this room and making this such an amazing event so thank you all for being [Applause] here all right we're going to open it up for questions now I also can take questions privately
if that's more comfortable I'm more than happy to do it outside the room or right up here whatever works best for yall all right uh thank you very much Chloe thank you um common ground is going to be on break for about the next hour [Music]
[Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
n [Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music]
[Applause] [Music] hey hey hey hey [Music] n [Music] [Applause] [Music] [Applause] [Music]
[Music]
heyy he [Music]
[Music]
[Music]
[Music] track [Music] hey [Music] [Applause] [Music]
hey hey hey hey hey hey [Music]
[Music]
[Music] [Applause] [Music] he [Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] [Applause] [Music] he
[Music] h
he
[Music] h
[Music]
[Music] [Applause] w w [Music] [Applause] [Music]
you I'm just trying to give you [Music] something I'm just TR I'm just tring get something [Music] w
[Music]
[Music] [Music] I'm just TR to give you something I do I'm just TR to give you [Music] something I'm just dring in okay I do broken I'm just trying to give you something [Music] w
[Music]
[Music] a
[Music]
[Music]
he
[Music]
[Music] [Applause] oh
[Music] [Applause]
[Music] [Music]
[Applause]
[Music]
all [Music] h [Music] I
[Music] oh [Music]
[Music]
[Music] [Music]
[Music] a [Music] [Applause] [Music]
[Music]
[Music]
[Music]
[Music] a [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
[Music] oh [Music]
[Music] [Applause] [Music] he [Applause] [Music] [Applause] [Music] [Applause] [Music] he [Music] he
[Music]
[Music]
[Music] track [Music] hey hey hey hey [Applause] [Music] hey hey hey [Music] a [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music]
[Music] he [Music] [Applause] [Music]
[Music]
[Music]
he
[Music] a
oh [Music]
w [Music] [Applause] [Music] [Applause] [Music] [Applause] [Music] I'm just I you I'm just TR to give you [Music] something I'm just trying to give you something I do I'm just tring to give you something [Music] o [Music] [Applause]
[Music]
[Music] [Music] I'm just tring sming to I'm just TR to [Music] something I'm just tring to give you something I do you I'm just trying to give you something [Music] w w
[Music]
[Music]
[Music] [Music]
[Music]
[Music]
[Music] be [Applause]
[Music]
[Music] [Music]
[Applause]
[Music]
[Music]
[Music]
[Music] a [Music] the [Music] oh [Music] n
[Music]
[Music] [Music] [Music]
oh
[Music] oh
[Music]
[Music] [Applause] [Music] [Applause] [Music] yeah w [Music] [Applause] [Music] I'm just TR something I'm just trying to give you [Music] something I'm just trying to give you something do I'm just tring to give you something [Music] m [Music] a [Applause] [Music] [Music]
[Music] [Music] I'm just TR to give something I do I'm just trying to give you something I'm just trying to give [Music] something I'm just trying to give you something [Music] a [Music] w
[Music]
[Music]
[Music] [Music]
[Music] is
St
[Music]
[Music] [Applause]
[Music]
[Music] [Music]
he yeah
[Music]
[Music]
n [Music] a [Music] the [Music]
[Music]
[Music] a [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music] n [Music]
[Music] [Music]
[Music] [Applause] [Music]
[Music] oh [Music]
[Music]
[Applause] [Music] he he hey [Music] [Applause] [Music] [Applause] [Music]
he [Music]
he
[Music]
[Music]
[Music] TR [Music] hey hey hey [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music] he [Music] [Applause] [Music]
[Music] [Music] [Music]
[Music] [Applause] [Music]
[Music]
[Music]
he
[Music] h
[Music]
[Music] [Applause] w [Music] [Applause] [Music] I'm just TR to give you something I'm just tring to give you [Music] something I'm just TR I'm just tring to give you something [Music] w
[Music] [Music] I'm just trying to I do I'm just trying to give you [Music] something I'm just trying to give you something okay I do I'm just trying to give you something [Music] w
[Music]
[Music]
oh [Music] [Music]
[Music] he
[Music]
[Music] he
[Music]
[Music]
good afternoon and welcome to bides Las Vegas common ground this talk is beyond whack-a-mole scaling vulnerability management by embracing automation given by Yim per perai told you uh but first a few announcements uh first we would like to thank our sponsors especially Diamond sponsor Adobe and our gold sponsors prism cloud and blue cat it's their support along with other sponsors donors and volunteers that make this event possible these talks are being live streamed and as a courtesy to our speakers and audience we ask that you check to make sure that your cell phones are set to silence if you have a question please use the microphone so that the internets can hear you uh and uh yep uh with that uh here is
Yum now it's working yeah okay now we're good okay cool uh so hi everyone thanks for coming uh great to be here again um yeah today we're basically going to talk about um automating the vulnerability management process um before we dive in a little bit about myself so in the last um 5 years I've been at resilient and my last role I led the research team uh before that I worked at PayPal doing various security roles uh I've been in and out vulnerability management from various kind of uh uh perspective from a practitioner side doing automation for vulnerability management at PayPal and then from the research side at Brazilian uh in the last couple of years uh currently I'm uh working on
uh uh hopefully starting a new Venture um so that's kind of in a nutshell so because uh we're kind of in a spooky motive uh at B sides I thought it will be appropriate to talk about that uh from the three ghosts of Christmas kind of perspective so we have the uh we're going to have a visit from the ghost of vulnerability management past the ghost of vulnerability management uh present and the Ghost of vulnerability management future um yeah and in cyber security we usually uh fight kind of invisible enemies So today we're going to SU on these gos to help us understand um kind of where we're at with vulnerability management and where we can hopefully get
um so let's uh dive in let's travel back in time a bit if you will to the early 2000s this is a good time um so the vulnerability landscape back then we had very limited visibility the scope was mainly focused around uh work and Os vulnerabilities um we lived in a much simpler time where most of the code that we had was code that we were we have written or knew uh uh intimately and obviously it was the pre devops day so um we had a lot of uh of fears and uh repercussions to uh change management processes and uh remediation was a struggle um so I actually took a time to um um use the Wayback machine to to look
at some screenshots from uh 20 years ago how like the top players of today uh looked at the time so this is quales from 2002 um as you see not much has changed basically uh and unfortunately uh this is the same one so uh they had uh uh 1,926 different vulnerabilities in their database which is nice today we're at 260,000 um and uh yeah as you can see I I highlighted so we had an average of 25 vulnerabilities each week so we'll we'll see where we're at today but that was uh back then uh rapid 7 uh if you dare to install it with this uh scary looking guy then you'll be uh this is the the ey
that you would have seen uh as you can see again uh or not really see but um a lot of the vulnerabilities are kind of network Ori Network base oriented and they say they test for over 980 vulnerabilities different vulnerabilities which is nice um and this is tenable uh from 2003 um so that's how we looked 20 years ago let's discuss snap back into the present and discuss how how are things looking today so first a lot has changed uh we dress better that's one but uh software is embedded in every aspect of Our Lives now uh code is released much faster we have devops we have Dev SEC Ops uh our software is not just ours it's mainly
not ours actually they have a lot of third party whether it's commercial or open- Source uh dependencies that we use uh obviously the move to the cloud has expanded the attack surface and it is also changed kind of the Paradigm where things at in the past were very static and today uh things are constantly changing machines are going up going down changing IPS everything is much more D Dynamic and obviously attackers uh have not stayed put and they are uh quicker at identifying an explo the the gaps um in terms of numbers so if we were at uh 25 new vulnerabilities each week so today we're almost at 110 daily um so uh a lot has changed in that
perspective um in terms of the volumes um and I don't think it's worth me like I need to mention but security teams haven't uh aren't growing 40% year-over-year uh like the operation team so that's kind of where we're at and this is a good uh uh visualization that that demonstrated so uh if we said uh we had less than 200 uh 2,000 vulnerabilities in uh two in the early 2000 now we're at 260,000 uh with over almost 800 vulnerabilities uh each week uh being added obviously we saw that uh even nvd uh in the last uh almost a year now can't really keep up with the space there are a lot of problems with managing these volumes and
the thing is that um as you can see in the like the lower kind of uh part of the graph only a fraction of the vulnerabilities are ever exploited so we're talking roughly 5% um so this is where we're at and this trend this the the gap between the blue line and the red line isn't something that is going to stop so it's not this is this is safe to expect that this is the same Trend if not worse that we'll see in 2030 2035 so the gaps will only grow wider so the landscape has changed but the way we we do vulnerability management unfortunately has not we're still very reactive uh the majority of
organization are still prioritizing based on CVSs scores by the way in uh raise of hands um I don't know how many of you are uh actually practicing vulnerability management for or for the best of your knowled how many of the companies that you work with rely solely or mostly on CVSs for uh prioritization vulnerabilities yeah quite a few hands okay um so we did went to from fix everything which was what was common at the time to fix the highs in the crits the highs in the criticals which is progress you could say uh but unfortunately it's not uh it's not really because uh as you can see about 60% of the vulnerabilities are high in
critical vulnerabilities so it's not really a reduction in terms of the scale it's not really scalable um it isn't effective because as we saw only a fraction of vulnerabilities will ever be exploited so we're wasting our limited resources attending triaging fixing remediating vulnerabilities uh that have little to no impact on your actual risk posture um and obviously attackers are not relying on CVSs to choose which vulnerabilities to Target um for example so 12% of the cisa are medium and low vulnerabilities so um so there's that um and as I said it's not scalable as well so um um the average organization uh from CIA Institute research gets to about 10% of the vulnerability backlog in a given
month so if we have 57% of vulnerabilities that are higher than criticals and and you get to only 10% of those then you're not really uh closing the Gap and uh I think the most important aspect is that while the still the like the go-to for prioritization is CVSs the way that we use CVSs is basically CVSs based the CVSs base core and it's not really a reflection of risk because a risk is multifaceted so it has um I guess you know this formula but um it's kind of a combination of the uh threat the vulnerability and the impact um so and CVSs is a measure of the vulnerability so it's not uh like you can't assume
that it's a good refle CH of risk because it's it only gives you a a very specific perspective um so clearly this isn't working um and I think um as we saw nothing dramatic has changed in the way that we do vulnerability management while a lot has changed and is keep changing in the envir in our environments so we need to think differently we need we need a paradigm shift we can continue to doing the continue doing the same things and expect things to change because they won't um and this is I think a good kind of reflection of where we're at when it comes to vulnerability management where we're heads down you know drowning in vones uh but
we're not thinking about maybe there is a more efficient way um of doing things differently um so which brings us to our last visit today uh from the the ghost of VM future so if if we try to look into the future of how kind of uh what's the the optimistic VM scenario of the future would look like um yeah uh no I I'm not sure that I can't see you know all the specifics so I'm not sure this is what you know at least uh Leonardo and uh Del that's that that's its view this is after I don't know how many text there were a lot creepier images of of the of the vulnerability Management in the future
I'm giving you just a glimpse of the of the nice one uh anyway so we have a scale issue right um we have limited resources we can't get to everything um and in order to tackle scale issues we have basically two ways we need we can either prioritize uh which is what we're trying to do today but that's one aspect the other aspect is automation uh because if we're still uh uh if we still have manual processes the uh and a lot of them it's not really scalable so I'll try to focus today on the uh on the automation aspect um and obviously we need to move from a reactive stance that we're um we're in today into a more
proactive stance um and from gut feelings uh to more kind of data driven decisions so how does a kind of complete vulnerability management process looks like so basically these are the phases so we have Discovery we have assessment then we prioritize we have reporting and then we hopefully remediate verify and then rinse and repeat right um so in a perfect world each one of these aspects would be automated uh in reality some pieces are more uh complex to automate uh than others today I'll mostly explore the the first three parts of the discovery the assessment and the prioritization um remediation is also a big challenge but that's a topic for a complete different kind of talk
conversation uh so in the interest of time I won't discuss all of the aspects uh so just that to give to give some context so first even before that cycle that we saw earlier in my perspective vulnerability management starts even before you do the discovery so vulnerability management starts should start with the basics so Asset Management hardening uh Cod de bloat getting rid of code that's not being used which is just redundant ATT attack surface um removing unused components or packages from your OS from your images from your applications uh obviously regular upgrades and patches even regardless of vulnerabilities of end of life software end of support software um and obviously all of the like the the pen testing red teaming
breach and attack simulation aspect of of and tabletop exercises of actually validating your controls um so that's also an important aspect of a kind of a complete vulnerability management because if you would have if you do all these things you'll be in a much better place uh much better off and a lot less noise to start with so that's one thing that I wanted to kind of highlight um and I think um in terms of the discovery aspect so I gave a talk last year about um uh the second bullet which is kind of the security tool coverage and the variance we have uh between the performance and the the results of the different tools
the false positives the false negatives so I won't go too much into that but if you want there's again a talk from last year at breaking gar that I gave that kind of Dives deep into that subject obviously we have the software identification problem which is a problem it's unsolved uh we know the state of CPE there are initiatives with pearl SED uh but this still kind of requires Community effort um um that kind of tries to address that that problem so just as a as an anecdote so you have a FTP so it can be an FTP node package or it can be the FTP Linux um uh binary so um if you're based on CP it's
uh for a lot of the vulnerability management tools it's hard to make that differentiation then you get things that are not really there um so that's kind of that it has it's again it's it's a topic of its own uh feel free to um take a look at the talk from last year and I think as bomb um is kind of an opportunity to address some of the issues that we discussed so for example all the attack surface reduction how do I know which software um I don't use um end of life end of support drift detection so let's say I have Chrome in my environment and I have 100,000 hosts so even if I plot I have an as bomb I
can plot all of the different versions of chrome then I will get outliers of chrome versions that are not updated that I have probably a problem with the auto update process so this the these are things that that an esum can Surface and uh the parto principle is also something important because again we have limited resources basically we're talking about um uh risk management uh so we need to focus on the risks that are most or the the vulnerabilities the gaps that are most impactful in terms of risk reduction so if we for example plot the the different packages in our enir and there is one package that if we fix that it will solve a huge chunk of our
vulnerabilities we probably better off starting with that or and you can take the same kind of perspective into hosts so we have a host that if we deal with that it will uh reduce a lot of our attack surface a package a container image a OS image whatever but it's a really strong principle and I think it's it's not really being utilized today in the normal kind of VM space um obviously surfacing uh um tool and data coverage graphs so if I if I see uh once I connect data from various sources that look at the same kind of data points so I have uh an sbom that is being generated in my uh uh in my CI from
GitHub gitlab sneak whatever from source code and then I have the same sbone from my SCA and then I have the same sbone from my uh binary analysis tool just the differences between all these different stages in the sdlc can provide a lot of Val valuable Insight so maybe I have things that my vendor provided an sbom but I don't see them or I see different things uh or I see things that are in my Dev environment that don't make it to production because they're Dev dependency so a lot of insight can Surface from that and obviously the main advantage is that it's machine readable so it allows for the automation aspect that we'll discuss um so that's about
the discovery let's kind of move on and this is kind of the big bulk uh we have the assess and prioritize kind of phases that I basically it's the three triage aspect of vulnerability management um and vulnerability triage is by far one of the most cific painstaking processes in cyber security anyone who has done it for a while uh has the scars to to show it um and I think the reason that that's the the that's kind of uh the state the situation is because a vulnerability is only relevant in context right so a cve is not you can have a thousand uh instances of the same cve in your environment and in each place they can
mean completely different things uh because you need context you know so you need asset context is this asset exposed to the network or not uh did it have past incidents uh what's the asset criticality what's the criticality of the information that is on that asset we need business context so who's the owner what's the ownership information am I dated to uh slas or certain uh policies or regulations um the threat context so as as we discussed earlier only a fraction of vulnerabilities will ever be exploited so exploitability is a very strong signal so is this vulnerability likely to be exploited is it already exploited in the wild um does it have an exploit PC or not obviously the
vulnerability context so all of the metadata from the vulnerability uh the description the the cwe the CPE um and where did that vulnerability surface from is it from a a generic scan is it from my pen testing is it from a um uh bug Bounty program so all these things matter differently uh runtime context so is this thing even loaded is it actually being used so this comes to the the reachability analysis aspect and do I have compensating control do I have an EDR in place don't I have an EDR in place do I have a firew war rule don't I have a firew war rule um and we have the remediation context so what's theer
ation risk um do I have a fix available is it code that it's in my control or is it a third party that I'm reliant on someone else to fix it and then I need to have some kind of mitigation in place um and how much effort would it cost me to remediate do I need to restart the machine uh or not so so that's all the all the pieces of information that you need to have in order to make a kind of educated decision about what's important and what's less important and again in this under this playing field where we have limited resources and we can't get to anything this is this is a must and the
problem is that currently all these data points are very dispersed um in various sources various security tooling so which leads us to um uh basically uh doing it manually so these are the challenges again the data is very fragmented we have data quality issues we have completeness issues we need to communicate because often times we need different teams have different perspective into these kind of pieces of context um a lot of noise a lot of false positive false negatives again this is a entire topic of its own and our environments are constantly changing so it's not like in 2002 where we had a rack and a server which was there unless you updated the firmware it stayed like
that like we're living in a much more Dynamic environment and vulnerability management hasn't really kept up with that uh Pace um and ultimately we need context again vulnerability isn't relevant without you know out of context um so okay so these are kind of the problems but we're optimistic here right we're talking about utopian future so I'll try to um touch upon various points that I think are are uh potential for changing kind of the current status quo so the transparency exchange API CAF Vex um and kind of attestations that go with it ssbc and the word that is uh spoken too much in this uh in our conferences lately but I want that's anyway I won't
go too much into that because I think even like without AI we can still do much better than we do today so uh let's start transparency exchange API or t so basically it's a a standard format agnostic API for exchanging kind of supply chain uh transfarency artifacts between systems uh it's a cyclone DX kind of a community project and it aims to kind of standardize uh that API as a standard as an E standard so it's very um fairly early days uh in the work you're welcome to by the way check out the the working group I I posted a link U like I have references in the end with a link to the to the G page um the
elements that it currently under scope is xbomb so not only s bomb but only Hardware bomb cryptography bomb AI bomb bomb Etc uh Cyclone DX attestations uh vdrs so vulnerability disclosure reports Vex that will uh dive deeper into and common life cycle numeration so all of the aspects of the evolvement of the product lifetime so end of life end of support um mergers and Acquisitions all that kind of information is also kind of in scope um and this is again once you have a way to exchange these kind of artifacts between different tools in a machine readable way that has a lot of potential and and I'll um I'll I'll show how how it becomes more practical in a
minute um so that's one um next we have uh seaf which is the common security advisory framework how many are familiar with the with seaf just in raise of hands so we have a few but not enough okay great so basically CF is a a machine readable security advisory that that's the the aim so if today uh it's an OAS standard that's uh who's driving the project uh so if today a security advisory can be a PDF it can be a text file it can be an HTML file it can be an XML format basically depends on the vendor uh CF aims to automate it uh in a way that is AIS discoverable so you know where you can find that
resources and and uh and um uh ingest it and two machine readable um so basically uh and and it has also a Vex profile again I'll explain Vex shortly in more detail so basically we want to go from this into this which you don't see very clearly so I'll try to zoom in but basically it's a Json so uh it allows you to communicate changes or updates in The Advisory over time in a way that is again machine readable and can be consumed by machines or tools uh which is a huge it's huge okay so uh so here you can see an example I'm not sure how how well you can see the the text
but um uh for example um you have uh a a snippet that said okay fixed software Cisco has released uh free update server uh uh software updates that address the vulnerability described in this advisory and then you have a couple of other uh updates about the vulnerability um that for example this vulnerability affects Cisco devices that are running a vulnerable release of Cisco iOS or IDs XT software blah blah blah and install a specific client feature um and then the last one uh it's a kind of exploitation uh update that that Cisco is aware that this thing is actually being exploited in the wild um and there are a lot of uh vendors big vendors that
are already utilizing and generating uh CAF so Cisco red at seens Oracle um and more um but it's still not enough obviously but it's a good start um but I think that this is something that again if we want to get to a point where we automate this process SEF or a cesf like thing is a must um so now you have we software that you can potentially automate the consumption aspect of security advisories um so that's yeah which is what is written here okay nice uh but why stop here so let's dive into the next kind of aspect which is Vex the exploitability exchange hopefully more people know that one can I get kind of
raise of hand just to get a feeling of the not many more okay uh or not okay but okay so what's Vex uh basically it lets you know a a way to communicate whether a product is or isn't affected by a vulnerability X in a machine readable way again we're all about machine readability and automation um so is a vulnerability exploitable and it has several flavors which isn't good good this kind of um it's not a lot of different standards but that's kind of the the r and I'll try to explain the differences between the uh each one so we have the cisf Vex profile as as I discussed we have Cyclone DX Vex we have
spdx Vex we have open Vex which is kind of a lightweight version uh and we have cfx which tries to be a more kind of encompassing kind of General kind of guidance into the format um but basically it allows you to handle false positives from a vend perspective it lets you save money on support because you can say okay I'm Cisco I'm Intel I'll let you know whether a specific vulnerability is relevant for my router inversion whatever so you don't have to send me an email or open a ticket or call my phone center so um it it reduces a lot of that burden uh but personally again this is kind of my perspective I
think the strength of Vex isn't from the vendor side it's important from the vendor side but the the real potential is actually from the consumer side and that's I'll try to explain why um also uh it can be either embedded within an sbom but it can also be detached it's not a must um so um it's also something that I think uh uh is worth mentioning and there there are several flavors but the principle is the same so um I'll try to kind of uh touch on the different uh aspects so Vex basically lets you set a status for vulnerability so whether it's affected not affected this is for cisa spdx and open Vex I I'll I'll anyway I I'll show
what the difference in the different formats but is it's uh affected not affected fixed or under investigation um and then you can uh if it's not um if it's not affected then you need to provide a justification so why is not affected um so and in uh in cisf it's a bit different cisf tries to um look at it from a kind of product perspective so not a specific uh cve so then you can specify which are the version the first version that was affected uh when it was first fixed uh it's kind of an inam right like a list so what are the non affected versions or not affected version when it was last
affected what's the recommended fix Etc um so that's kind of in the cisa format of a Vex and then um in Cyclone DX it's called States so uh you can say whether something is resolved resolved with pedigree which basically means that is remediated and you have evidence provided uh that you can verify about the fix so a commit uh commit hash or or a diff between the unfixed version and the fixed version so that's kind of it is it exploitable or not uh in triage so it's kind of like the under investigation that we saw earlier false positive or not affected um and if it's not affected again you have to provide a justification for why it's not not
affected so again it's not very different uh the concept is the same uh and the justification in the kind of cisa spdx open Vex and cesf world are these five uh which is component not present um in uh inline mitigations already exists vulnerable code cannot be controlled by an adversary or vulnerable code is not in execute path so this comes down to the reachability aspect um and vulnerable code not present so I have uh vulnerability in a specific uh uh library and in a given product that Library doesn't exist or a specific function or whatever um and then just the deification for cycl DX are a bit more um um they're they're nine not five
so you but again pretty similar but you have like required by the environment protected by compiler uh protected at Perimeter or protected by mitigating control so it's again a bit different but I think we should look at the bigger picture that that the specifics are less important so much as the fact that now you have a way that you can communicate exploitability status and filter out noise and again if we look at it from the the consumer side the security tooling side it allows you to have a machine readable way to communicate the exploitability status um and and I'll show why why I think the the uh the consumer side is the right like the
kicker here um but I will say that you might ask okay how do we trust this thing and like who issues the Vex this also kind of topic for discussion we can talk about it later if we have uh time but then I'll just say briefly that this is where kind of attestations kick in so you can have attestations you can have uh just like to the justification you can have metad data that says okay who determined it whether it's a a human analyst or it's a security tool or Etc so but uh again that's kind of technicalities so how does does this help how does a process like this look like so let's say we have a new uh V RC
vulnerability in a library let's call it fog 2K I don't know um um and then um it's exploitable only via the network and under a specific configuration okay that's kind of that's the vulnerability it's very common everyone has it um so this is kind of in the world with CF and Vex this is how kind of the triage process looks like so first you can query your s bomb and then you then you see that you have maybe I'll do it here can you can see hear me fine good so your query your ask Mom you say okay I have 80 uh uh instances of that vulnerability present in proprietary third party open source code okay so we
know now we have a seaf so I can query and see the security advisory and let's say the oh you don't see because of the full screen but it says um so I can issue a Vex like in the seaf we have a Vex profile that says the vulnerable code is not present so okay vulnerable code not present not exploitable I have a Vex it's machine readable great so what about the other uh 16 instances which are not I I couldn't find uh uh seaf because again it's not uh I don't know the vendor didn't provide it whatever so now we go to the next phase let's say I have a reability analysis tool that can tell me whether something
is reachable or not is it being used um and then we see okay let's say we have eight of the instances out of the 16 are reachable uh but eight are not so okay if they're not let's issue a Vex statement and say vulnerable code is not an execute path so we got rid of that as well um and then okay for the other rate maybe I have a network tool that can tell me that the the vulnerability is only exploited via the network right we know that so if it's protected it's not exposed to the internet then it's not relevant as well so then we issue a Vex statement with the justification that the vulnerable code cannot be controlled
by an adversary um so that's that okay fixed 80 to Zer nice what about the other 20 in our proprietary code so again we have the reachability analysis let's query that okay we have 15 that are not reachable not in use great again vulnerable not code not in execute pth we are only left with five again we have our Network tool that can tell us whether it's reachable or not let's query that we know that uh uh there's one instance that is not Network facing great again vulnerable code cannot be controlled by an adversary so we're left with out of 100 with four and we take that for and maybe we have an application configuration again this is
only exploitable under a specific condition so whether this is a human analyst that that H only has to three four instances instead of 100 that's good but if if you have a security tool with visibility into the configuration that you can query then you can automate that aspect as well and let's say that three are not exploitable because they don't use that specific configuration so again you issue a Vex statement vone code cannot be controlled by an adversary so you're left with one this is the only one you need to address and all of this is automatic like the entire treash process so all the false positives of the world again it's not all of a wish but but again you can
filter out a lot of the noise so this is kind of the strength the way I see it with CAF and Vex uh hopefully in the future hopefully not too far away um and then okay what about um so this is a one example maybe a bit of optimistic but uh we have another layer which is uh also something that I really strongly believe in ssvc which the stakeholder specific vulnerability categorization again kind of raise of hands so I know the where we're at okay none okay good or not good but uh uh basically it's a method methodology for prioritization vulnerability prioriti vulnerability based on the needs of a specific stakeholders because different stakeholders have different uh
perspective different needs um and different uh um risk capita different way that they make decisions in terms of risk it's a transparent way basically it's a decision tree I'll show it in a bit it's explainable it's model or you can change it like the anyway we'll see it um and most importantly it can take into account multiple facets of risk so if we go back to the early uh part of the talk so how does that look like so this is again like a a specific example so we have again it's a decision tree um so let's say that uh the first kind of layer in the tree is the exploitation like the threat context so in this case
I take into account uh cisak epss threat intelligence to know okay How likely is this vulnerability to be exploited so if I have active exploitation that's one thing maybe it's highly likely to be exploited maybe it's not likely and again like the decision notes are less relevant than the than like the concept so okay let's say that if if I have active exploitation obviously then it's it's one thing okay so the next kind of phase in the tree let's take the vulnerability context that we know so let's say we want to see if the vulnerability is automatable what is automatable um it's uh the attack Vector is from the network it doesn't require any privileges or no
authentication um so that's obviously if it is that's something that is more important than for me again let's it's it's a metaphoric discussion but I decide that for me it's more important than if it's not then okay we get here and now what's the impact so now I can take into account um uh various aspects like uh my asset criticality data exposure um uh would I need downtime what's the financial loss etc etc so I make this decision and now if the impact is high I act now if it's medium I act now if it's low maybe I I keep track um and and get to it after I finish all the act right so this is kind of the the
tree and and you can see as you go right basically you get to to things that you're you're tracking um but they are far less important so if exploitation is not likely and it's not automatable and the impact is low or even if it's high but again it the exploitation is not likely because you have no indication low epss score hard to exploit vulnerability um um basically all of the decision points that we took in the past then maybe I don't need to treat it now so if I have unlimited resources sure I'll get to it but um but but uh I need to start somewhere again it's the same kind of the playing field is this I have
limited resources and I need to uh decide where do I put those uh in action um and um so let let's try kind of to put it all together so this is how I kind of Envision it so you have the scan results and then you have CAF and Vex that can that can kind of take away all of the things that are not relevant deterministically because you have context and again I will caveat and say that is it's not exploitable in a single point in time because our our environments are Dynamic it has to be something continuous so maybe something isn't loaded today it will be loaded tomorrow something is not in news today
it will be in ed tomorrow a configuration isn't there today it will be there tomorrow so but again this this is where I like the security tooling have the capability hopefully if they're applied correctly uh again we come back to the basics and and we have the coverage and we have all these aspects that we talking initially to to provide as insight and then okay all of the things that I'm not sure about then I can again we come back to the risk management aspect and I can take uh the ssvc model which is basically again a decision treat the same logic that you apply to decide whether to treat something or not let's formulate it
let's communicate internally externally this is how we manage risk here um and then um I'm left with the most impactful vulnerabilities and then you start here and work your way up um so that's uh the way that I see the future of uh vulnerability management and how I think we can move away from this kind of wacka all reactive stance that we're in now uh so I'll say uh the future is already here a lot of the things aren't science fiction there are uh obviously in work still a lot to go but some of the things are already here um so the future is already here it's just not evenly distributed this paradigm shift is
inevitable like if if you don't feel the pain today you'll feel it tomorrow if you don't feel it tomorrow you feel it in air nvd is certainly feeling it today uh or for a few months now um so something has to change um and I will say start thinking about how do how do you define risk in your organizm ation uh this is this process alone is is super valuable and you can start simple it doesn't have to be all the things if you know a decision TW with two nodes is is even it's something um and again this is something that I can't stress enough in order to do to effectively manage uh the risk you have to take into account
all uh a lot of sources of context but Bas basically various aspects of uh of uh of risk um so yeah we've traveled through time we saw the ghost of the past the promise of the future um so hopefully we'll get to a future where we're not afraid of ghosts or vulnerabilities um and uh I will say again people often expect kind of want like a single number tell me how to prioritize I want the CVSs score is it a nine is it a five it's nice it's not realistic um uh risk is much more complex than that and I think the key is how do we model that complexity into our automatic processes um and how do we
integrate these different sources of context which we have uh into a decision um so uh yeah that's it for me uh if you have any questions I would love to take them if anyone's interested in this topic this is the topic I'm very passionate about I love talking about so feel free to reach out whether it's on LinkedIn Twitter or in person uh would like to discuss this further um yeah thank you all
uh we do have a few minutes for uh so a couple of questions question yeah and sure these are references also if you want to take a picture of for some of the things that I talked about so just go ahead and uh raise your hand and I'll pass you the
mic I yeah go ahead okay so this is cool and you know I agree this is the inevitable future I can't talk but today when I have vulnerabilities I have an auditor that tells me what I have to fix M how do we convince the Auditors that this is something we need to do that that's a that's a great question I think that is that is key because I can have a crystal ball I have it actually now but I'm not using it because even if I tell you what are the three vulnerabilities out of the 100,000 that will be exploited in your environment by adversary tomorrow then your auditor will tell you okay but you
still need to patch everything CVS says four and above so that disconnect is something that has to change so I'm this is something that I'm very passionate about I think we talked about it uh I think what gives me a slier of Hope is that most Auditors don't say fix everything anymore that that used to be the case so things can change it will take time I think the D data driven approach the explainability the evidence that is something that is crucial in order to to uh convince the auditor uh and I think this is something that as a community we must work together to change because otherwise we can have yeah I can talk you know my my breath
out about it and nothing will ever change so yeah it goes beyond Auditors it's uh compliance for government regulations that you have to comply with uh yeah government regulations so hopefully like again the trend won't change eventually the the chips will fall like it's inevitable I think we need to make sure that it happens sooner rather than later and we need to drive that change uh because again this is the only way I I see to get on top of this thing um so thanks for bringing us the awareness yeah sure my pleasure cool thanks guys thank you very much [Applause] [Music]
[Applause] [Music]
[Music]
[Music] oh [Music] n [Music]
[Music] a [Music] [Music] [Applause] [Music]
[Music]
[Music]
n [Music] [Music] [Music] a [Music] [Applause] [Music]
[Music]
[Music] a [Music]
[Music]
[Applause] [Music] hey [Applause] [Music] [Applause] [Music] he a [Music]
[Music]
[Music]
[Music] n [Music] track [Music] hey [Music] [Applause] [Music]
hey hey hey hey hey hey [Applause] [Music]
[Music]
[Music]
[Music] [Applause] [Music]
[Music] [Applause] [Music]
[Music] [Music] [Music]
[Music]
good afternoon and welcome to bsides Las Vegas common ground this talk is uh introduction to softwar defined radio for offensive and de offensive operations given by gray fox a few announcements before we begin first we'd like to thank our sponsors especially especially our Diamond sponsor Adobe and our gold sponsors Toyota and Plex track it's with their support along with other sponsors donors and volunteers that make this event possible these talks are being streamed live and as a courtesy to our speakers and audience we ask that you check to make sure that your cell phones are set to silence and now gray fox all right thank you everybody thanks for the introduction I appreciate that it is 6:00 on a Wednesday before Defcon
I'm surprised anybody is here you all should be taking your naps while you have it you all should be hydrating while you can so thank you for sitting through this um who here is familiar with software defined radio even to a basic degree show a hands all right good good stuff if I mess something up or if there's something better I could do please come find me after and let me know a lot of the stuff that I'm doing here I'm trying to recreate with commercial off the shelf equipment that I would have used very expensive military equipment to do so it's not going to be perfect it's not going to be one to one but we're going to do our
best so what we're going to talk about essentially is just a very foundational introduction to SDR for those who didn't raise your hand this this is more for you than anyone else but for those who did raise your hands this this is going to be something where maybe I give you a slightly different idea about what you can use your sdrs for um and we're going to focus on tactical things which you know Everyone likes tactical stuff you know but the reality is anything that's tactical in the world you could translate to more mundane things just listening to the radio if it's an FM broadcast listening to your favorite song or whatever well you can mess with
your SDR to listen to the local Chick-fil-A which my local Chick-fil-A operates on FRS Channel 20 if they get my order wrong I know before they do but it's going to be more application than theory if you're looking for Theory you know I can Google that for you you know but the fact is I'd rather show you how to do stuff I don't know very many other talks that do live demos but I'm going to try these live demos here and hopefully the live demo Gods which today is posidon is going to favor me on this one this is not going to be comprehensive and I think we've already covered that I have about 40 minutes
worth of stuff if I had an hour two hours maybe even 3 hours we can get into some really heavy nasty stuff you know but for now we're just going to deal with some of the basics I don't want it to be complicated either I want this to be something you can go home and do yourself if things get a little bit too complicated I apologize again I only have 40 minutes but feel free to find me and I will walk you through it we can spend as much time as you like and also and I mentioned this before radio is Radio is not an exact science it's fantastic and I love it but it's going
to mess with you when it can Murphy's Law definitely applies here so if my demos fail I'm sorry the demo failed it happens but hey you know it's a live demo things things aren't always going to go right little bit about me former Air Force I just retired a few months ago the stick up my butt is still taking its time to dissolve but you know eventually I will reach civilian life I started to grow my hair out that's cool right I'm still not embracing beard life I don't know if I could do that yet we'll see what happens um but I was basically an intelligence analyst for a very long time and when you're an Intel
analyst you get into signals intelligence human intelligence um instrumentation intelligence all these things well all of it is defined by signals so it was inevitable that I was going to get into radio both for defensive and offensive purposes even if I wasn't specifically a radio guy um The Last 5 Years of my career I did special operations with offensive and defensive cyber and many of our enemies would converge their radio technology with cyber technology so we were looking at a lot of digital Mobile Radio we were looking at a lot of uh digital modes for HF we were looking at Wi-Fi Bluetooth all kinds of other iot protocols that were sort of hijacked and used for Tactical purpos is and
that's where a lot of this is coming from um also yeah I um I don't like long walks on a beach I never have just not a beach guy I've had enough sand in my life not going to do it so software defined radio and I put here in a very very small nutshell but it's kind of impossible to do that it's impossible to really Define you know SDR in just a few sentences but essentially what you're looking at is if I pick up a radio like this you'll know what this is it's something that has a speaker it has a bunch of numbers on it it has a liquid crystal display you can talk into it you
can hear other people talking back to you A softwar Defined radio is all of this without the buttons without the display without the speakers without the antenna without anything that you would look at and think of as a radio it's just a radio on a chip your computer is what's going to become all the buttons all the displays and all the speakers so that's what's cool about a software defined radio it's versatile you have one little thing one little chipset that's going to take sounds and it's going to modulate it demodulate it from you know whatever Airwaves electrons at Whatever frequency and then it's completely up to you and the applications that you're using on your
computer to do something with that and that makes it way more versatile than this this is a onetick pony transmit and receive that's it softwar defined radio I can do all kinds of stuff and we're just going to scratch the surface we are going to use an RTL SDR this is probably something like a $30 software defined radio dongle you can get it off Amazon be careful there are imitations out there but if you go to rtlsdr they will show you pictures of what a legit one looks like and then you can pick it up and you can do all kinds of really neat stuff with it they're receive only but they have a pretty wide
range that they can receive in um obviously it requires a computer interface because that's what we're doing it's software defined radio but it's just a lot of fun and the barrier to entry to be able to use this and do all the cool things that we can do is really really low next we're going to use a hack RF the hack RF obviously is way more expensive but that's because it has a lot more features it can send and receive not just receive and we're going to demonstrate that when when I do some of my you know neat sending techniques but you can do a whole lot of really great stuff with the hack RF it's just a
matter of making sure you update the firmware and also making sure where you buy it from you can get it off of a whole bunch of different sites where it's going to be drop Shi shipped from wherever fine as soon as you get it make sure you flash the firmware get the latest Mayhem firmware or something to make sure that it's legit uh but if you get it from something like Great Scott gadgets or you get it from hack five or something it's already going to have everything flashed for you but you're paying a premium for that and then we're going to use the flipper zero I bet none of you guys have ever heard of this no
it's a brand new thing I mean I just kind of found it somewhere yeah only I really know about it it's nuts some it's amazing I got through the airport with this stuff like all of these things The Flipper zero was the least of my worries I was afraid somebody at TSA was going to recognize a hack RF and be like sir you can't bring that on the plane no nothing they stared at my shoes more than they did at my bag so I was lucky so for software what we're going to use is Windows 10 Windows is perfectly fine it's a perfectly good platform for using applications we want to use some people prefer Linux I prefer
Linux but for those of you that are just getting into this I would probably venture to Guess that you may be Windows users if you're a Linux user great good on you continue to be who you are if you're a Windows user you don't have to change you don't have to become a Linux snob you can do all this with Windows most of the stuff you can use on Linux you can also use on a Mac because it's a NYX kind of system so all the software that I'm going to be demonstrating today you're probably going to be able to use on whatever kind of operating system that you like we'll use SDR Angel SDR
Angel is freeware it's open source you can download it and you can install it I'm going to show you how to set it up dump 1090 is another one that I like this is how you pick up adsb signals this is not the same as aircraft transponder frequencies but it's similar to it and they call it dump 1090 because you're picking up packets at 1090 MHz and you're dumping it into an interface virtual radar server is the user interface that's going to manifest everything I collect from dump 1090 and we're going to demonstrate that hopefully I use momentum firmware on my flipper zero I used to use extreme but they had some politics and extreme
firmware is now defun so I use momentum other people might use something else that's fine everything we're doing will even work with the stock firmware so don't worry about trying to copy what I got if you don't want to go through that pain and for the hack RF what I'm using is version 20231 Mayhem firmware you can get later versions if you want to everything that I've done I've done with this version and I feel like if I flash it and upgrade it it would break everything so for now I'm sticking with this it doesn't mean follow my lead and downgrade everything yes definitely patch use the latest firmware but this is what works for me
now so the first thing I want to demo is how to set up SDR angel I would do it live but instead I made this recording and I'm just going to follow the recording so when you open it you get this blank interface but the first thing you do is you go to these icons that are up in the upper left and you pick your receiver my receiver is an rtlsdr as soon as you have that manifested you go to your add-ons if you want to listen to regular FM broadcast you can pick a wideband fmd modulator if you want to listen to things in the iot space or sub gigahertz you pick a narrow band FM
demodulator you want to listen to pagers you can pick the poag demodulator you want to listen to telegraphy you can pick a demodulator for that it's pretty cool you have a whole lot of different options next thing you do is pick a transmitter if you have a transmitter I'm picking the hack RF and now that I have the hack RF I need to know well what am I going to transmit in this case I'm transmitting narrow band FM because I'm going to be transmitting in the 400 MHz space so that's what I'm picking so I went from a blank screen to this really pretty cool looking thing it took me I'm not going to lie probably a good
month and a half to learn how to use this program because it is not intuitive there are more intuitive applications out there for software Define radio but this one I like because I can have a receiver and a transmitter at the same time and a lot of the stuff we're going to do is going to require that and so this is the finished product this is what it's going to look like and if you can follow my mouse up here you're going to see what the frequencies look like you're going to see like the histogram down here you're going to see something called a waterfall it's going to be a bunch of blue color that's going to be
coming down and then you'll see some red some orange some yellow maybe some green the brighter and hotter the color then the higher the uh amplitude of the frequency that you're seeing or the power of the frequency and and so if you record that stuff and this is something that we used to do we used to send an SDR out on a plane into the middle of nowhere where we thought the adversaries were operating we would set it up and we would have it run and we would have it record something exactly like this playing with the waterfall and then when we were finished we'd retrieve those data and then somebody would take that waterfall that you're going to see and
they would put it on like 50 times play speed 100 times play speed and they would identify those hotpots those changes in color and they would correlate that with the frequency and then we'd be able to analyze the frequency to see what is going on in that space we call that electronic preparation of the battle space ipb when those data come to me then I take a look at the frequencies and I try to check all the reporting to see who's operating or what's operating now I'm doing it continuously they will triangulate you they will find you they will report you and it may not be the FCC if you're interfering with government federal or state level
equipment it may be the FBI so just be careful when you're dealing with these things let's talk about signal analysis there's a way that you do this if you pick up a key fob or a remote control anything that's supposed to have some kind of capability to transmit it'll have an FCC ID you can look this up on the fcc's website when you look up that ID you'll find the operating frequency you'll find a whole bunch of different engineering and Technical information about it um you can do a lot of this stuff yourself if the FCC ID isn't giving you what you need you can use some equipment like what I showed you to demodulate a
signal and you can figure it out well what is this is this digital Mobile Radio is this a satellite signal is this encrypted or is it just you know coded encoded into something you know is it video is it audio is it Morse code it's demodulation is it's a crapshoot but eventually you learn to look at that waterfall and you can identify what the signal is just by what it looks like visually sometimes it's a lot simpler than that you look at something it's a big fat red and yellow bit inside of your uh inside of your waterfall you go and you point to it and you start hearing people talking okay I know what
that is it's audio you know sometimes it is that simple other times it could be some weird protocol that no one's ever heard of that's proprietary and then you got your work cut out for you I decided to start with these alarms they're available on Amazon they're very cheap I bought a bunch of them because I like to install them on cabin or doors or whatever if I'm traveling somewhere and I'm going to be away but I want to have some kind of like an audio deterrent for robbers I'll put this on a door like a hotel door whatever if the magnets of this unit get more than a centimeter apart it'll be loud it'll be as loud as
this I had this inside of a Pelican case if I took it out it would be so loud that everybody would hear it it's pretty good deterrent I like it um I got this and I'm like you know what let's play with it let's try to figure out what's going on it has no encryption it's got no rolling codes it's nothing I can play around with this and I can do all kinds of really neat demos right now as soon as I opened it up all I found was what I expected to find from something that is mass-produced and drop shipped no FCC ID nothing I had nothing to go on so I had to go and I had to
manually get a spectrum analyzer something like this and I had a keep on pushing this button keep on pushing it keep on pushing it and keep on looking at my waterfall to see when the heat map was going to change and so I eventually did that and I used a flipper zero to do it so now we're going to demo a signal replay signal replays are pretty good normally I would do this live I still actually might do this live I don't know but essentially what you're doing is this is Q flipper Q flipper is a graphic user interface that you can use for your zero I'm using the stock sub gigahertz or actually in this case it's momentum
but it's the same as a stock you can go to read raw and if you program in the frequencies correctly you can play that frequency and you could record it so that's what I'm doing over here now I'm going to stop it there because now you know what the basics are but I would rather demo it for you because I think that's way better so here we go this is me live going at the start going going into sub gz and now I'm going to read a raw signal this is that signal this is going to be the unlock code for that alarm everybody hears that I'm going to read
it wi and there it goes there you go there it is picking it up I'm going to move it a little bit closer it's picking it up even better I'm going to move it far away and it's picking it up about the same but that's basically it now I'm replaying it flipper zero was able to record it no sweat and then replay it that's how much no encryption and no encoding this thing has so it's a whole lot of fun to play with now moving right along some of you are probably already thinking this but if you can record a signal and play it back then can you possibly dos a signal like that and the answer is yes I'll let
your mind run wild with the Tactical implications of something like this but while it's running wild we're going to do a demo so I'm going to go back to SDR angel I'm going to turn it on now I am going to use my hack RF The Flipper zero and the SR Angel and my target device is going to be the same alarm arm so as soon as I get this started I'm going to play the rtlsdr here sometimes it's got to be refreshed so I'm going to do that all right refresh all right here you go play that signal it resets to 435 that's why you didn't see anything let's get that back 4339 to There It Is God that's an ugly signal
but anyway now I'm going to generate that same signal with my hack RF I'm going to show you just how little power it takes to disable an alarm like this why would you want to disable an alarm like this I I don't know I'm not going to say it don't make me say it there you go now you see the signal you see that it's a little bit off that's because radio is not an exact science but we're still going to work with it anyway now I am generating that signal so if I play this the signal is not strong enough to interfere so you still hear it but what if I Amplified it a little
bit that's not working either what if I gave it a little bit more horsepower uhoh let's dial that down just a little bit you can still see the signal from the key fob or the alarm fob but it's just not reaching the unit dumb it down a little more a little more there we go so we kind of found our power threshold I can sit here and like have you guys give me wild guesses on how this could be useful to an adversary you know let's say that I wanted to disable transmission capabilities for key fobs for a parking lot for a US Embassy somewhere or maybe the US does that to a foreign adversary Embassy maybe there's
critical infrastructure somewhere that we want to disable maybe there's a Communications Network we want to disable this is jamming this is denial of service and this is how we do it I was just able to disable an alarm it took a little bit of work but I did it not every alarm is that unsophisticated but with the right knowhow you can do the same exact thing all right let's stop these because somebody somewhere is having trouble with their Pacemaker and I don't want to I don't want any of that shade on me so I'm going to demonstrate this now with a car modern cars maybe not because some of them are uh some of them use
frequency hopping but old cars most definitely so this is me doing the same exact thing and I'm disabling the capability of me being able to unlock this Tacoma so you see the lights are going and you see the waterfall is registering you can see the signal over there now as soon as I turn that signal up so I generate the uh the Dos signal from the hack RF and then you can see that um uh turning up the power just a little bit and now I'm pushing the button and you see no lights nothing nothing is happening I just dosed the car I dosed that key fob really unsophisticated kind of attack but it's something that you
can do in somebody's driveway to mess with them yeah haha funny don't do it to a cop don't do it to the local sheriff ask me how I know but yeah that's basically it so now that we've now that we've seen what a flipper zero with an rtls R can do what a hack RF can do there are a lot more possibilities if I wanted to have wideband Spectrum analysis because I was doing some EPB or I was doing some ipb I can get something like a tiny sa Ultra which gives me a much wider field a much wider waterfall than any of this software would be able to do then I would be able to like take from like say
300 MHz up to 800 MHz and just look at that and see where the spikes are and then I'd be able to drill down if I want to do Direction finding I there's an SDR for that the Kraken SDR has anywhere between depending on the model anywhere between five and six different antenna ports and if you position these antennas all along a line and you receive a signal then you can basically Direction find VIA you know for your eyes it'd be Parallax but via antennas it's triangulation where the signal source is coming from professionals use this to to find signals it's right there you can buy one if if I wanted to simulate a cell phone station somewhere
who would want to do that I can use blade RF you can go to GitHub and you can get the software it's it's as easy as that it takes a couple hundred if I wanted to smooth GPS signals let's say that Grandma's plane finally landed she rented a car and now she's driving to your house let's say you're not happy about that you can set up a lime SDR or a hack RF on the side of the highway with the right software and the right amount of power spoof GPS to make Grandma think she's in Thailand and you've just bought yourself another hour so what I consider Wi-Fi to be one of those cool softwar defined radio targets that
everyone overlooks because there are much better things you can do to mess with Wi-Fi but what I have on the desk over here you can definitely mess with Wi-Fi who here has ever messed with Wi-Fi with a flipper zero oh a few people okay this is what we're going to do with a flipper zero that has a Wi-Fi Dev board and couldn't live demo this because then I'd interfere with the facility's Wi-Fi but you can set this up with a gpio board that contains you know the right kind of software to Dem modulate 2.4 GHz you can set up your own little test router and if you have a mobile phone that you can use to be the victim then you can do
your own deauthentication attack this is how I did that in video form with a flipper zero you go to your gpio settings and you go to your esp32 board I'm using Wi-Fi Marauder so I'm picking that and then the first thing you do is you scan for the access points you collect all those access points you stop the collection then the next thing you want to do is go and list which access points you collected give it a couple of seconds you'll soak up however many happen to be in your area so here I found one that I want to mess with I'm going down to list AP and which one is oh it's a trap that looks good
that's selection number one so maybe I'll pick that one so I go back and I select my AP I am selecting number one then I hit save and then I go back so now I have my target access point next thing that I want to do is send Deo packets but before you can send a de off packet you have to start collecting those packets or you'll send deth and you're just not collecting anything if you're not collecting anything then a dooth packet's not to give you um any of the encrypted credentials that you're looking to crack so first you have to go to sniff and then I go to sniff raw this this allows me to get everything not
just a dooth packet because it's a little bit finicky if you try to go a little bit too specific now that I'm sniffing I send my de off packets stop the do off and now that I'm collecting I'm getting the do off packets and then if the uh endpoints on this router have a setting to reconnect to the access point then as soon as I it then it's going to want to come back when it comes back I can collect my four-way handshake now I've done that there's my file so I'm going to take my file I'm going to download it onto my desktop and then bam I can do whatever I want with it I can analyze it with wire
shark I can possibly open up Cali Linux and do whatever I want with it but this is what it looks like right here this is this is what I did this is what I did with this flipper zero that the airport just kind of let me through with so it's pretty badass I like it so what can you do with something like that well now that you have that packet you can analyze it to see if you got those four-way handshakes they're called EA pole packets so extensible Authentication Protocol over land these packets are what's going to contain your encrypted password and whenever you're trying to crack Wi-Fi this is what you're looking for I would crack it I
would say that's beyond our scope but I feel like we have a few minutes to do that so let's do it so again couldn't do it live but this is just me demonstrating how to do it on Cali Linux this is how I'm using that um that pcap file that I just got I'm going to use all the stock stuff that you would find on Cali I'm going to use a modified Rock you. text file that has all these passwords on it we're going to do the crack you're going to see it happen and while it's happening um I can explain some other cool things you can do with SDR actually I'll explain one other cool
thing you could do with SDR with the right kind of antenna and in this case it would be like a helix antenna you could pick up satellite signals I was able to pick up the International Space Station while there were sending down recorded video and with with an rtlsdr and an antenna that looked kind of like a double helix I picked up that signal and I was able to use the right kind of software to demodulate it and then I got that full motion video and I was able to show it to a group of high school kids they were like wow this is awesome I was afraid that they were going to say n if
you can do that what else can you do because then they would come to this talk they would see all this other crap you don't want high schoolers running around with a hack RF it's it's just not advised you know and here we cracked the password there it is so it's a trap is veratos one now I got to go change my password on everything so that's it we did a little bit of passive capture using a radio we did a little bit of active capture for offense you know and that's you know listening into Chick-fil-A or recording signals and replaying it because because Electronics equals intelligence in my book we did some active emission for defense in this case
you are looking at um jamming signals that might be offensive in in nature like say you have an adversary team that's moving in you jam their radio their coms are down if they depend on their radio they don't know how to use hand signals they're do
Related talks
51:51
32:48
33:48
54:33
31:06
20:51