Antonio de Mello & Amine Abed

The attacker's footprint

Chaining low-severity bugs can lead to a full system compromise. We'll show you how to trace the attacker's every step.

The attacker's footprint
#1about 10 minutes

Defining key cybersecurity tools and terminology

An overview of essential information security concepts and tools is provided, including nmap, Burp Suite, IDOR, LFI, and SIEM platforms.

#2about 16 minutes

Performing reconnaissance with an nmap port scan

The initial attack phase begins with an nmap scan to discover open ports and services, identifying potential web applications and an Apache server.

#3about 11 minutes

Gaining initial access with default credentials

After failed SQL injection attempts, access is gained by logging in with common default credentials and a path disclosure vulnerability is found via a malformed JSON.

#4about 13 minutes

Exploiting broken access control with cookie tampering

A base64-encoded cookie is manipulated to access another organization's data, and fuzzing reveals a hidden admin parameter to view sensitive information.

#5about 10 minutes

Reading sensitive files with a path traversal exploit

A known path traversal vulnerability in the Apache server is exploited to read the `/etc/passwd` file and a sensitive configuration file containing credentials.

#6about 1 minute

Achieving remote access via SSH with guessed credentials

Using the leaked username, the password from the configuration file is modified by incrementing the year to successfully log into the server via SSH.

#7about 21 minutes

Analyzing API logs to trace the attacker's steps

The defender analyzes API logs to identify failed SQL injection attempts, a successful login, parameter fuzzing, and cookie manipulation by observing response codes and body sizes.

#8about 15 minutes

Correlating web server and authentication logs

Apache and authentication logs are examined to find evidence of the nmap scan, the path traversal exploit, and the final successful SSH login after several failed attempts.

#9about 13 minutes

Demonstrating a SIEM for automated threat detection

A Security Information and Event Management (SIEM) tool is shown to automatically detect and flag suspicious activity, such as the nmap user agent, in real-time.

#10about 18 minutes

Summarizing vulnerabilities and key security recommendations

The workshop concludes with a summary of the attack chain and provides key recommendations for developers and defenders, such as patch management and maintaining high-quality logs.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Videos

See all videos
Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR40:38

How to Cause (or Prevent) a Massive Data Breach- Secure Coding and IDOR

Anna Bacher

You can’t hack what you can’t see29:34

You can’t hack what you can’t see

Reto Kaeser

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Cyber Security: Small, and Large!37:32

Cyber Security: Small, and Large!

Martin Schmiedecker

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

Maturity assessment for technicians or how I learned to love OWASP SAMM1:41:05

Maturity assessment for technicians or how I learned to love OWASP SAMM

Mathias Tausig

Cracking the Code: Decoding Anti-Bot Systems!57:47

Cracking the Code: Decoding Anti-Bot Systems!

Fabien Vauchelles

From learning to earning

Jobs that call for the skills explored in this talk.