Beyond Vulnerability Scanning - Extrusion and Exploitability Scanning

Presented at DEF CON 15 (2007), Aug. 5, 2007, noon (50 minutes).

With this presentation we will demonstrate a new tool called eescan that automates extrusion and exploitability scanning using a client/server approach. Eescan will be released under the GPL and utilizes python to create an extensible framework for testing extrusion and exploit defenses. All network security systems have gaps. Layered security tries to cover the gaps with overlapping protections like firewalls, intrusion prevention, proxies and other mechanisms. How do you really know where the gaps are before the weeds grow through? Vulnerability assessment tools scan for vulnerable systems from an attackers perspective. This technique has value but fails to represent the risk posed by client application usage and attacks. They also fail to assess extrusions - the traffic content allowed to leave a network. Extrusion and exploitability scanning attempts to find these gaps using an automated scanning framework. The scanning techniques simulate user and attacker behavior from the client perspective to holistically measure the amount of risk in a given security system.

Presenters:

  • Matt Richard - Rapid Response Team, iDefense
    Matt Richard works on the Rapid Response team at iDefense, a Verisign company. At iDefense he is responsible for analyzing and reporting on samples of unknown malicious code and other suspicious activity. For 7 years prior to iDefense Matt created and ran a managed security service used by 130 banks and credit unions. In addition he has done independent forensic and security consulting for a number of national and global companies. Matt has written a number of tools including a web application testing tool, log management and intrusion detection application and an automated Windows forensics package. Matt currently holds the CISSP, GCIA, GCFA and GREM certifications.
  • Fred Doyle - Labs Director, iDefense

Links:

Similar Presentations: