Top Banner
Motivation Environment Labs Future Work Summary A Simple Laboratory Environment for Real-World Offensive Security Education Maxim Timchenko David Starobinski Electrical and Computer Engineering Department Boston University SIGCSE’15, March 7, 2015 A Simple Laboratory Environment for Real-World Offensive Security Education 1 / 23
30

A Simple Laboratory Environment for Real World Offensive Security Education

Jul 16, 2015

Download

Education

chunkybacon

laboratory environmentmust

motivation goals2

offensive practice topics

delay example

premises setup

actual exploits

tools common

internet gatewayfile

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

A Simple Laboratory Environmentfor Real-World Offensive Security Education

Maxim Timchenko David Starobinski

Electrical and Computer Engineering DepartmentBoston University

SIGCSE’15, March 7, 2015

A Simple Laboratory Environment for Real-World Offensive Security Education 1 / 23

Page 2: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Outline

1. Motivation / Goals

2. Environment

3. Labs

4. Future Work

A Simple Laboratory Environment for Real-World Offensive Security Education 2 / 23

Page 3: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Goals for a Laboratory Environment

Must Have• Security

• Separation

Stretch Goals

• Redundancy

• Persistence

Simple

• Simple to install and use

• Reuse available parts

• This is an introductory course

A Simple Laboratory Environment for Real-World Offensive Security Education 3 / 23

Page 4: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

“Real-world” and “Offensive”

• Practice topics using tools common within the industry

• Discuss actual exploits, demonstrate issues vividly• Metasploit modules• Social engineering

• Cover current events (e.g. 2014: Shellshock, Heartbleed)

• Attacker mindset vs. developer mindset

A Simple Laboratory Environment for Real-World Offensive Security Education 4 / 23

Page 5: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Environments

Local isolated network containing actual hardware

• Expensive

• Limited flexibility

• Limited sharing

Photo: Leonardo Rizzi, Flickr, Creative Commons

A Simple Laboratory Environment for Real-World Offensive Security Education 5 / 23

Page 6: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Environment Virtualization

Centralized On Premises

• Set-up and maintenance

• Limited scaling

• Example: Tele-Lab [10]

A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23

Page 7: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Environment Virtualization

Cloud

• More complex architecture

• Expensive scaling

• Potentially, worst responsiveness(traffic and delay)

• Example: Salah [6] on AWS

• Yesterday: Weiss et al. - EDUrange

A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23

Page 8: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Environment Virtualization

Local

• Easy set-up

• No scaling issues

• Best responsiveness

• Example: SEED [2] onVMWare/VirtualBox

A Simple Laboratory Environment for Real-World Offensive Security Education 6 / 23

Page 9: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Detailed Environment Architecture

Lab Workstation

“Attacker”Kali Linux VM

“Target”Metasploitable VM

“Zombie”FreeBSD 6 VM

BU Intranet, Internet gateway

File Server for VM Images

A Simple Laboratory Environment for Real-World Offensive Security Education 7 / 23

Page 10: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

VM Image Sets

Lab Workstation

File Server for VM Images

Carol

Bob

Alice

Local non-persistent environmentReference Image

Persistent Student Environments

A Simple Laboratory Environment for Real-World Offensive Security Education 8 / 23

Page 11: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

The Attacker - Kali Linux

• Pentesting and Auditing

• Based on Debian Wheezy

• Hundreds of tools

• Top 10: Aircrack, Burp Suite,Hydra, John, Maltego,Metasploit, NMAP, ZAP,SQLmap, Wireshark

• Maintained by OffensiveSecurity

A Simple Laboratory Environment for Real-World Offensive Security Education 9 / 23

Page 12: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

The Target - Metasploitable 2

• Intentionally Vulnerable VM

• Based on Ubuntu

• Many vulnerabilities of variousobviousness

• Two intentionally vulnerableweb applications (DWVA,Mutillidae)

• No GUI

A Simple Laboratory Environment for Real-World Offensive Security Education 10 / 23

Page 13: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Resource Requirements

OS Memory Use, MB (4GB RAM)

Kali

Metasploitable

FreeBSD 6

Host OS

0

2

4

6

8

10

12

14

16

Disk Use,GB

A Simple Laboratory Environment for Real-World Offensive Security Education 11 / 23

Page 14: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Studying Cybersecurity Anywhere

Photo: Alper Cugun, Flickr, CC-BY 2.0 — Whitehat Icon: Open Security Architecture, CC-BY-SA

A Simple Laboratory Environment for Real-World Offensive Security Education 12 / 23

Page 15: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Audience

• A mix of undergraduate and graduate students

• A variety of skill levels

• Requirements: a programming language, basics of Linux

A Simple Laboratory Environment for Real-World Offensive Security Education 13 / 23

Page 16: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Existing Lab Sets

The SEED Project [2]

OWASP Hackademic [5]

Many papers containingone or two labs each

Internet tutorials, e.g. “How to useMetasploit to hack X”

A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23

Page 17: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Existing Lab Sets

The SEED Project [2] OWASP Hackademic [5]

Many papers containingone or two labs each

Internet tutorials, e.g. “How to useMetasploit to hack X”

A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23

Page 18: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Existing Lab Sets

The SEED Project [2] OWASP Hackademic [5]

Many papers containingone or two labs each

Internet tutorials, e.g. “How to useMetasploit to hack X”

A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23

Page 19: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Existing Lab Sets

The SEED Project [2] OWASP Hackademic [5]

Many papers containingone or two labs each

Internet tutorials, e.g. “How to useMetasploit to hack X”

A Simple Laboratory Environment for Real-World Offensive Security Education 14 / 23

Page 20: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Lab Topics and Dependencies

Introduction

Law and Ethics Search Engine Hacking

Network Utilities Network Attacks

Password Hacking

Intrusion Detection

Metasploit

A Simple Laboratory Environment for Real-World Offensive Security Education 15 / 23

Page 21: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Network Attacks Lab

• Zombie scan with nmap

• ARP Poisoning

• DNS resolving and caching

• DNS Poisoning

• Example: poisonMetasploitable’s DNS andreplace one website with another

A Simple Laboratory Environment for Real-World Offensive Security Education 16 / 23

Page 22: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Sample Lab Page

A Simple Laboratory Environment for Real-World Offensive Security Education 17 / 23

Page 23: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Sample Solution Page

A Simple Laboratory Environment for Real-World Offensive Security Education 18 / 23

Page 24: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Production Workflow (PDF)

HTML Source

Common Stylesheet

Lab Stylesheet

Solution Stylesheet

Print Stylesheet

Print JavaScript

Prince Prince

Lab PDFSolution

PDF

A Simple Laboratory Environment for Real-World Offensive Security Education 19 / 23

Page 25: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Production Workflow (HTML)

HTML Source

Common Stylesheet

Lab Stylesheet

Solution Stylesheet

HTMLProc.

Lab HTMLSolution

HTML

ProcessingRules

A Simple Laboratory Environment for Real-World Offensive Security Education 20 / 23

Page 26: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Directons for Future Work

• Updates to Metasploitable

• Easier modifications to Metasploitable

• Adding other OS images and platforms

• Adding network device simulation(routers, peripherals)

• Automated grading

A Simple Laboratory Environment for Real-World Offensive Security Education 21 / 23

Page 27: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Summary

• A virtual-machine based environment for teaching practicalcybersecurity

• A set of structured labs based on the environment

• Directions for future work

A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23

Page 28: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Summary

• A virtual-machine based environment for teaching practicalcybersecurity

• A set of structured labs based on the environment

• Directions for future work

A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23

Page 29: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Summary

• A virtual-machine based environment for teaching practicalcybersecurity

• A set of structured labs based on the environment

• Directions for future work

A Simple Laboratory Environment for Real-World Offensive Security Education 22 / 23

Page 30: A Simple Laboratory Environment for Real World Offensive Security Education

Motivation Environment Labs Future Work Summary

Thank you for your attention!

The sources for this talk and several of the labs can be found in ourGitHub repository:

https://github.com/maxvt/cyberlabs

Contact the authors at:

[email protected]

[email protected], @maxvt

• http://nislab.bu.edu/

A Simple Laboratory Environment for Real-World Offensive Security Education 23 / 23

https://github.com/maxvt/cyberlabs
http://nislab.bu.edu/

Related Documents
Simple Statistics Using Excel LABORATORY SKILLS TRAINING SCI 110.

Simple Statistics Using Excel LABORATORY SKILLS TRAINING SCI...

Category: Documents
Laboratory Studies of Simple Dust Analogs in Astrophysical ...vigarano.ep.sci.hokudai.ac.jp/shogo/adv_geochemistry2015/Week 8... · 5 Laboratory Studies of Simple Dust Analogs in

Laboratory Studies of Simple Dust Analogs in Astrophysical.....

Category: Documents
Simple, comprehensive solutions for the Hemostasis Laboratory

Simple, comprehensive solutions for the Hemostasis...

Category: Documents
Finneytown Wildcats 2005 Offensive Playbook. Finneytown Offensive Playbook.

Finneytown Wildcats 2005 Offensive Playbook. Finneytown...

Category: Documents
Offensive Play

Offensive Play

Category: Documents
Defending the Best Offensive Minds - Georgia Offensive Coordinator Mike Bobo

Defending the Best Offensive Minds - Georgia Offensive...

Category: Documents
Simple laboratory techniques improve the operation of RO pre-treatment ...€¦ · Simple laboratory techniques improve the operation of RO pre-treatment systems. Authors: Mr. Edward

Simple laboratory techniques improve the operation of RO...

Category: Documents
China Offensive

China Offensive

Category: Documents
Spring Offensive

Spring Offensive

Category: Documents
Offensive Operations

Offensive Operations

Category: Documents
I l ls I - Weebly · Part ll: Offensive and Defensive Systems Varsity Offensive System : The offensive system I would use is the 5-1 Offensive system.I believe that 5-1 offensive

I l ls I - Weebly · Part ll: Offensive and Defensive...

Category: Documents
Bayern offensive

Bayern offensive

Category: Documents