Presented at
DeepSec 2015 „DeepSec No. 9“,
Nov. 19, 2015, 4 p.m.
(50 minutes).
Chroot syscall is part of POSIX. All Unix systems have this syscall, so it is possible to create separated environments. Until this presentation there was no documentation/tutorial about the techniques how to create a reasonably "secure" chroot environment or how to breakout from a misconfigured one. Now, with this presentation, I attempt to create a knowledge base for this topic. I've managed to collect 6 different techniques that are working fully on Linuxes (not all of them requires root privs). Furthermore I wrote a tool that automates the breakouts and helps the user to get a shell outside of the chrooted environment. This tool is an opensource tool, already released. The tool supports only Linux at the moment, but will be improved until the conference.
Additionally I tested 7 Unix systems overall and compared my findings there.
I'm going to explain all of the techniques that are implemented in the tool, how they work and why and about the difference between operating systems.
Presenters:
-
Balazs Bucsay
- IT-Security Expert / Freelancer
Balazs Bucsay is an IT-Security expert and techie geek, mainly focusing on penetration testing. He held multiple talks around the globe (Atlanta, London, Moscow, Budapest) on various advanced topics (mimikatz, PayPass, XSS worms, distributed password cracking) and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP, GIAC GPEN) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares his experience and knowledge with his colleagues and friends. Because of his passion for technology he starts the second shift right after work to do some research to find new vulnerabilities.
Links:
Similar Presentations: