Developing Trust and Gitting Betrayed

Presented at Black Hat USA 2017, July 26, 2017, 4 p.m. (50 minutes).

Trust is an implicit requirement of doing business - at some point, we must trust employees, peers, and technology to a degree. The lack of proper management or understanding of these various trust relationships is a leading cause of security exposure. This talk will cover the analysis and exploitation of the trust relationships between code, platforms, developers, and their parent organization. We will look at the software development life cycle and how it can be actively exploited to attack, evade defenses, and ultimately own a target organization.

To support our discussion of attacking trust relationships, we will also be releasing and presenting GitPwnd, a tool to aid network penetration testers in compromising machines and spreading control within development-heavy environments. These environments tend to have heavily segmented networks and extensive logging and monitoring. Defensive tools often look for process activity and timing that differs from normal user behavior. GitPwnd evades these defenses by inserting itself into common development workflows. We'll describe GitPwnd's architecture, implementation choices to evade detection, and we'll conclude with a live demo of GitPwnd worming through a segmented network.


Presenters:

  • Clint Gibler - Security Consultant, NCC Group
    Dr. Clint Gibler is a security consultant with NCC Group, a global information assurance specialist providing organizations with security consulting services. Clint has performed security research in the following areas: surveying cross-industry security trends across 100 companies, using static analysis to find privacy leaks in Android applications, examining how prevalent mobile ad libraries treat user data, building tools to automatically detect Android application piracy, and Android emulator detection. Clint has spoken at several conferences, including Nullcon, Virus Bulletin, NBT2, MobiSys, and TRUST. Clint holds a Ph.D. in Computer Science from the University of California, Davis where his research focused on mobile security.
  • Noah Beddome - Practice Director: Infrastructure Security, NCC Group
    Noah Beddome is a career offensive security researcher, former Marine, and currently leads the Strategic Infrastructure Security practice at NCC Group. His current theme of research is the attack and defense on non windows / non traditional infrastructure.

Links:

Similar Presentations: