As part of maintaining my certifications I gave a talk on Exploits, Trojans and Rootkits to the Hertfordshire Branch of the BCS last night in Hemel Hempstead st the offices of Steria. The talk was aimed at the non security professional and as the event was open to the members of the public I tried not to assume a high technical knowledge within the audience.
The presentation's aim was to explain what the terms mentioned in the press both specialist and general sectors actually meant. Covered what is a vulnerability is and that it is not necessarily a technical problem, often the vulnerability is between the keyboard and the chair. Discussed how threats made use of vulnerabilities by exploiting them. Covered different types of attacks from network problems to social engineering via phishing, explained that a trojan is a seemingly innocent object whether a programme, game, or picture etc. and that these objects allow a malicious payload to be installed. Discussed the term backdoor and how this can be used to allow a remote command and control centre to take control and gather information from the attacker. The last point was the term rootkit and how this can hide details of the malware from the operating system.
The final part of the evening was a demonstration using virtual machines, showing how an attack can probe a machine, identify a possible vulnerability and then attack it by trying to exploit the vulnerability, in this case I used a buffer overflow on the RPC port. The exploit opened a backdoor allowing a telnet connection to the compromised machine where I created a user, elevated their privilege to allow full control of the machine, used the tftp client to download additional malware onto the compromised machine and then run a toolkit, showing the audience how folders, processes and services can be hidden a user on the compromised machine. Finished with a discussion on techniques to reduce the possibility of vulnerabilities been found and exploited.
The question and session was lively and measure that the talk was successful, a range of questions from both security practitioners and everyday computer uses where asked and occasionally had to reign in the discussions back to the topic in question. In all a good evening and a couple more CPD points earned towards the continual certification.
Will back in Hemel in June for a talk looking at the Hollywood portrayal of digital forensics and a discussion on the realities.
No comments:
Post a Comment