Dates
Conferences
Tags
Sort by:
Most recent
Conference: Defcon 31
Authors: Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners
2023-08-01
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
Conference: Global AppSec Dublin 2023
Authors: Sam Stepanyan
2023-02-16
tldr - powered by Generative AI
Nettacker: An Automated Penetration Testing Framework
- Nettacker is a free and open-source automated reconnaissance and penetration testing tool
- It can scan networks for vulnerabilities, discover expired SSL certificates, and find subdomains hosting vulnerable versions of content management systems
- Nettacker can be used by both attackers and defenders, and has been helpful for bug bounty research
- The tool uses YAML modules and is written in Python
- Nettacker can be automated using GitHub actions and Docker containers
- Automated scans can be scheduled to run regularly and generate reports as artifacts
Conference: Cloud Native SecurityCon North America 2022
Authors: Stefano Chierici, Lorenzo Susini
2022-10-25
tldr - powered by Generative AI
The presentation discusses how Falco, an open-source project for runtime security, can be extended to monitor capabilities and detect potential malicious behavior in Kubernetes clusters.
- Falco is an open-source project for runtime security that has become the de facto standard for Kubernetes security.
- Capabilities in Kubernetes can create a gray area in security monitoring, and Falco can be extended to monitor capabilities and detect potential malicious behavior.
- The presenters created two rules using Falco to detect excessive capabilities in new containers and modifications to the release agent file.
- Falco only monitors runtime security and does not consider configuration changes in the YAML files.
- Falco can be deployed on Kubernetes using official charts and packages.
Conference: Linux Security Summit Europe 2022
Authors: Casey Schaufler
2022-09-16
The Simplified Mandatory Access Control Kernel (Smack) Linux security module was introduced in 2008 and is currently used in millions of devices. Unlike SELinux and AppArmor, Smack has never been supported by a major Linux distribution. The greatest barriers to distribution support have been that only one "major" security module can be used at a time and that there has been no example of a Smack rule set to use as a basis for a distribution's policy. In this talk Casey Schaufler, the author of Smack, will describe a new effort to create a reference set of Smack rules and apply it to a major Linux distribution. The talk starts with a description of how Smack rules work and how they differ from SELinux and AppArmor policy. It moves on to cover the threats being addressed and how a "three domain" approach provides the required protection. How a distribution to target was chosen is revealed and what steps are taken to keep the scheme flexible enough to be useful elsewhere. The current state of the effort and the identified challenges are presented. Finally, there will be an invitation for additional participation in the project.