How to find Zero day vulnerabilities
-
Upload
mohammed-a-imran -
Category
Technology
-
view
1.489 -
download
0
description
Transcript of How to find Zero day vulnerabilities
Day
How to
Vulnerabilities
Meet ...
Imran Raghu&
They work as ...
Web application security engineers
They train people in ...
They also contribute to...
Null Open Security Community
And to ...
Open Web Application Security Project
OK, Lets start
Before we do that ..
The following presentation can cause severe exposure to high octane gyan
(knowledge) and could leave participants exhausted with wild ideas
Also You may end up in ...
With lots of ...
and
And of course, Knowledge ...
Ok, Lets begin
What is Zero day ? Zero-day attacks occur during the
vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop a counter to that threat
Source : wikipedia
Vulnerabilities in famous applications
Vulns in Drupal
Vulns in Wordpress
Vulns in Joomla
How its generally done ?
Source code AuditingFuzzing
Target : 0 day vulnerability
Methodology
Know your enemy
Set up the Attacking environment
Study the architecture
Source Code Auditing
Requirements
Lots and lots of patience
Attitude of
Notebook and Pen ;)
Source code Auditing
Analyze the entry points Identify vulnerable Functions Analyze Input Validations. Cross check the findings
The entry points
More ...
Few more ...
Exec call
RIPS output
What is Fuzzing ?
Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems.
What exactly it is ?
1. No Rules for fuzzing
2. No guarantee for fuzzing
Fuzzing Methods
1. Sending random data
2. Manual protocol mutation
3. Bruteforce testing
4. Automatic protocol generation testing
Fuzzing life cycle
1. To find bug
2. To find 0 day/write exploit
3. Fuzzer death
Fuzzing process
1. Identify target
2. Identify inputs
3. Generate fuzz data
4. Execute fuzz data
5. Monitor for exceptions
6. Determine exploitability
Fuzzing Payloads Find the entry points SQL Injection XSS CSRF Command Injection Click Jacking with Drag and drop
JBroFuzz
Tools for Source code auditing
The mighty grepRIPSRATS
Tools for Fuzzing
JBroFuzz
Burp Suite
WebScarab
Further Reading
[1]. OWASP Testing Guide
[2]. OWASP Development Guide
[3]. OWASP.org
So you know now* what is a zero day ?
* what is the methodology used ?
* Information gathering of the application or product
* Discovered or previous vulnerabilities of product
* Study the architecture of product
* Identify the input points
* Source code review
* Source code review (one demo) demo of RIPS and grep
* Fuzzing
* Fuzzing (one demo) demo of JBroFuzz
* Tools used for code review and Fuzzing
Questions ?
हकैर हकै्या ? हकैर