Stealth servers need Stealth Packets

Presented at DerbyCon 3.0 All in the Family (2013), Unknown date/time (Unknown duration)

Sun Tzu once said “Know your enemy and know yourself, and in a hundred battles you will never be defeated.” Cyberwar is upon us, and APT is too common nowadays and we need to think about new tricks to avoid it, being one step ahead to keep your systems secure. You can give that step in order defend your servers against the first phase in all APT operations: Fingerprinting. This is done by intercepting all traffic that your box is sending in order to camouflage and modify in real time the flags in TCP/IP packets that discover your system. This presentation will discuss the current techniques used for OS fingerprinting and how to frustrate them: - Active remote OS fingerprinting: like Nmap or Xprobe (with Live Demo: Laptop and Mobile) - Passive remote OS fingeprinting: like p0f or pfsense (with Live Demo: Mobile) - Commercial engines like Sourcefire’s FireSiGHT OS fingerprinting (with Live Demo: Laptop) There will be a many live demos, and will release OSfoller, that have some interesting features: - No need for kernel modification or patches - Highly portable and configurable - Will emulate any OS - Capable of handling nmap and p0f fingerprint database (beta phase) - Transparent for the user - Undetectable for the attacker - Available for your Linux laptop, server and mobile device Sorry guys, remote OS fingerprinting is over…

Presenters:

• Jaime Sánchez
  Jaime is a security reseacher specialized in network protocols and technologies, with over ten years of experience in positions of consulting, risk management, secure network architectures and ethical hacking. He works in the Security Operations Center (SOC) of a multinational telecommunications company, offering managed security services for IBEX35 companies. He has been a common speaker in several national and international conferences, like Rootedcon, Nuit Du Hack or Blackhat, and holds several security certifications, like CISM or CISA, and an Executive MBA. Frequent contributor on several technical magazines in Spain, involved with state-of-the-art attack and defense mechanisms, network security and general ethical hacking techniques.

Similar Presentations:

• The Fifth HOPE (2004) / Frustrating OS Fingerprinting with Morph
• Notacon 1 (2004) / Frustrating OS Fingerprinting with Morph
• DEF CON 10 (2002) / Operating System Fingerprinting Library