BSides LV 2023 - Breaking Ground - Wednesday
Show transcript [en]
[Music] foreign [Music] [Applause]
[Music] foreign [Music] [Applause]
[Music] foreign
[Music]
[Music] you're giving me wind away some kind of butterfly baby
[Music]
[Music] don't wanna overthink it baby [Music]
[Music] don't leave me [Music] but I don't wanna jinx it baby [Music] my dad [Music] but I don't wanna miss you baby oh
[Music]
maybe you'll give me five years I'm gonna butterflies [Music]
[Music] some kind of butterfly baby
[Music]
[Music] oh [Music] oh [Music] [Music]
foreign [Music] foreign [Music]
[Music]
[Music]
[Music] foreign [Music]
[Music]
[Music] foreign [Music] [Music]
[Music]
[Music]
[Music]
[Music] foreign
[Music]
[Music] thank you [Music]
[Music] thank you [Music] thank you [Music]
[Music] thank you foreign [Music] thank you [Music] foreign [Music]
thank you [Music]
[Music]
foreign [Music]
[Music] foreign [Music]
thank you [Music] thank you [Music] foreign
[Music] thank you [Music] thank you [Music] foreign [Music] thank you [Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music] foreign [Music] thank you [Music] [Music] foreign [Music] thank you [Music]
[Music] thank you
[Music] foreign [Music] foreign [Music] foreign [Music]
[Music] thank you foreign [Music]
[Music] [Applause]
[Music] thank you [Music] thank you [Music]
[Music]
[Music] foreign [Music]
[Music]
[Music] don't leave me alone [Music]
[Music]
giving me Wind and Rain some kind of butterfly baby [Music] [Music] oh [Music]
[Music]
maybe you'll get you [Music] gently went away [Music] baby [Music] don't leave me alone baby
[Music] foreign
[Music]
[Music] tomorrow [Music]
[Music]
[Music] foreign [Music]
[Music] thank you [Music]
[Music] foreign [Music]
[Music] foreign [Music] thank you
[Music]
[Music]
[Music]
[Music]
thank you
[Music]
thank you [Music]
[Music] thank you [Music]
[Music] thank you [Music] thank you [Music]
[Music] all right [Music] oh yeah [Music] thank you [Music] foreign [Music] thank you [Music] foreign [Music]
[Music] foreign [Music] foreign [Music] foreign [Music] foreign [Music] foreign
[Music]
thank you [Music] thank you [Music] thank you [Music] thank you foreign [Music]
[Music]
[Music] foreign [Music]
[Music] thank you [Music] foreign [Music]
thank you [Music] foreign [Music]
[Music]
[Music] thank you [Music] foreign [Music] thank you [Music]
[Music] foreign [Music] thank you [Music] [Applause]
[Music] foreign [Music]
foreign [Music]
[Music] foreign [Music]
[Music] thank you [Music] thank you foreign [Music] foreign
[Music] thank you [Music] foreign [Music]
[Music]
[Music] thank you [Music]
[Music] foreign [Music] all right [Music]
[Music]
[Music] thank you [Music]
good morning besides Las Vegas everybody seems kind of sleepy today so I don't want to talk too loud I see a few still shuffling in in the back but uh we're also at time here so I don't want to take too long either um I have a couple of quick announcements for today uh we've had some schedule changes uh first off uh the honey pot training in uh over in Platinum today in the afternoon at 1500 hours has been canceled we had a unfortunate uh travel complication for one of the speakers there so we will back away from the microphone which keeps ringing um and uh so that one's going to be gone and then we also have in the ground
truth track uh two speakers who thankfully are not canceling but did swamp times it's updated correctly in the schedule but if you're going to the cognitive security and social engineering talk that uh with Matthew Cannon and Dr Ben Sawyer that's now at 1400 hours and Stephanie losi's System Dynamics and risk management talk is now at 1500 so that's the business out of the way uh hope everybody's been having a great time today we have the hardest or the the smartest working man in infosec uh [Laughter] so Neil you who's here to talk to us about how well this whole generative AI thing kind of plays into the broad field of what we're doing how we're thinking
about what we're doing and uh maybe you know some of our conceptions of uh what The Core Business of you know guarding and uh and utilizing our intellectual property when our organizations is and uh a whole bunch of fun stuff like that so we like to do some of these kind of broader think pieces here and I'm really excited to see what he has to say about it put your hands together for Mr Sunil you foreign yeah I don't know why I got that reputation as the smartest person I keep telling Bryson and the others uh they need to meet more people but that's it um I've had a chance to really um do some really interesting things in
my career uh currently I'm now actually I left the CSL role and it's kind of actually part of the story here too The Tale of Three csos but I'm now a security Ambassador at Jupiter one I used to be the Cesar there I used to be that Chief security scientist at Bank of America and while I was there I had a chance to create two things that hopefully you guys have heard about it in some respect or another if you're at uh the uh Chris Hoffs keynote last year he actually mentioned these two he mentioned the Cyber defense Matrix which I bought copies of and I'm more than happy to give them away please come and see me if you want to get a
copy as well as the die Triad and I'm going to talk a little bit about those in context but um those are just two things that I'm generally known for um oh and if I run out of books um there's a book signing that if you have one of those expensive uh business hall passes that you should really get for free um I'll do a book signing over there as well all right now as I mentioned um I I don't really consider myself the smartest person in cyber security and I certainly would not put myself in the category for uh anything associated with this newfound new found newfango technology by the way so I I hate
calling it I hate using buzzwords I prefer to just call it newfangled technology or nft and so if you hear me um just call it that just just make sure you understand why I'm calling it nft so okay so in this newfango technology I'm I think I've passed the peak of Mount stupid okay but I'm not that much further okay and so I'm sure there's people who are way way smarter than I am way more competent than I am in in this particular new space but I try to think more deeply about what are the ramifications what are the things that we can look at beyond the problem space that we might be facing and to kind of
go and look at what Josh talked about yesterday he kind of gave that tenure recap cap so I'm looking for 10 years and that was kind of my role at Bank of America as the chief security scientist I said what kind of things should I be looking for 18 months out three years out so that we can be prepared to tackle some of the challenges that we might face and so that's kind of the perspective I'm taking as well but I'm even though I said 10 years maybe it might take 10 years but I hope it's much sooner and for us to be prepared to be able to take on the opportunities that come from this is what I would like to
share here so as we look at what's coming it seems like we're in this dichotomous time where it seems like it's the best of times and the worst of times and if you're in security wow it seems like we're in the worst of times we have uh a lot of challenges with how employees use this technology how developers are building these Technologies and how attackers are weaponizing them okay and each of those poses a real challenge for us at three you know Three core problems that we run into but I think I'm not going to spend too much time on that because I'm sure um there's more than enough material on that okay and I'm not planning on
sharing that piece as much but I'll give you a little quick snapshot of that just so you understand the context of how I'm thinking about it but the real question is how do we make this the best of times how do we take the opportunities that are presented before us and really capitalize that uh for our careers for our industry and what we can do going forward okay so what are those opportunities and that's what I'm going to focus on primarily now as I talk about these best of time opportunities um you know it's it's somewhat prognosticating okay as I mentioned I hope that these will come to pass and I have I've looked at this for a while to
see the signs of it and I would say um I I well well you know I think one of the things I would look for is key indicators that this is actually trying to it's starting to happen and I've already started to see some of these things happen so um we'll see if it turns out but I hope it's not well as I as I predict a future for you I hope it's not the too highfaluting and high too Ivory Tower I think there's some real practical troops that we can take away from some of these things all right so first let's talk about the worst of times and how employees use this newfango technology
well first of all is that we have a lot of fear uncertainty in doubt and as we have folks using these Technologies we have people saying ah wait um it seems like it's spewing out the same intellectual property that we just put in okay and I would say no no you got to understand this is not that's not how it works okay that's not how album works and and the way I characterize it is that llms generate but they don't commemorate they generate new information they generate information but they don't commemorate uh information that's already in the system unless statistically it's it's highly prevalent uh Caleb Simon actually gave a great example if you type in what is my
Social Security number and you give it the first five characters it won't be able to figure out the remaining five even if it was trained on your associate on a whole bunch of social security information okay so the perspective that llms generate and not commemorate is one of the misconceptions or at least people thinking that we can um that will spend out spit out a whole bunch of information about our intellectual property and so we're seeing a bunch of things happen in the industry for this I was going to put a bunch of logos of companies but as you probably know the the curve for the number of companies being created on LMS is like vertical okay so it's it's
hard to keep up I said you know what it's not worth trying to capture that but there are tons of those Technologies and I was also part of a group that helped produce a policy around how should we look at these this as a concern okay however that said okay I'm not gonna hit that much because you guys can I'm sure you're already well versed on a lot of that where you can hear a lot of talks on it but I think there's an opportunity for us to again uh change the role so I'll change how we look at our role and the opportunities that we have so how can we Elevate the CSO role in this new
um new this new environment and so let me give you an analogy consider what a CFO does what is the CFO in charge of they are they govern the whys and appropriate use of money they allow businesses to essentially spend money to basically make more money right so that's the whole point of businesses right they don't actually make money too by the way they don't generate money I guess they can do fundraising but that's not really creating new money and if if a CFO said you can't spend any money you might as well fire them right they're not a really good CFO in that regard but what if the opportunity is for us to become the CFO for
intellectual property so we have a bunch of intellectual property going out and we have these concerns around them but it's sort of like what if what if again it's a form of currency and we spend currency to make better currency so what is what's the role then we govern the wise and appropriate use of intellectual property uh we allow them to spend this IP and this IP by the way has different uh you know I don't know if I want to put a dollar value to it I'm really deep well versed in the Cyber risk quantification space and you know there's a whole bunch of stuff around that but I don't want to get to that
let's just talk about it in the context of like are we talking about low denomination bills or high denomination bills okay are we talking like if I went to a CFO and asked hey I want to spend 25 on something they will come to me and say what what are you asking me for I'm like just go swipe your credit card and go on what what is a low denomination intellectual property for us might I suggest for example our source code is low value denomination bills okay do I really need to ask for permission to transmit Snippets of source code now a lot of those denomination bills may add up to a high denomination bill so to
speak and so we have to be you know figure out what what that sort of threshold is but the perspective is we have a lot of intellectual property and if I said as a CSO you cannot spend any of that intellectual property well guess what you should probably fire me right and so what what if we change our role and the opportunity is for us to consider what what it looks like to be a CFO for intellectual property now with that comes actually some other interesting applications or interesting uh Concepts and with Finance and Accounting it's a very mature practice as you as you well know and in that context there is um lots of different things that we can
borrow from that as well okay and we don't have those tools here but these practices are things that we can probably figure out how we can adapt them to security as well and so I I just pulled up a bunch of terms and generally accepted accounting practices I'm going to call them security practices and here's an example impairment impairment is a financial term okay and it did some slight tweaking just to remove some of the finance specific words but if you read it it sounds like what we can do in security what is impairment it's when some sort of resource is impaired okay it's it's designated as impaired when I can no longer have any
sort of assurance that it can be fixed within a certain time frame okay sound like something we deal with on a regular basis right should we call it maybe impaired okay versus you know vulnerable or whatever else is yeah maybe okay and guess what when you have the term impairment there's also all these calculations that come into how we think about um like how do you calculate impairment cost assets we call them assets right it just seems natural except assets on a balance sheet is on the positive side of The Ledger but most of the assets that we do on security are actually more liabilities okay do we actually have it on the right side of the Ledger and maybe if we start
representing it as a as a liability and not as a quote asset all of a sudden the business will see it as wait why are we carrying these liabilities not doing something about it maybe we should try to get rid of these liabilities okay so again just slight wording change but you can see how that helps as well survival metrics so if you're in a startup or if you um if you're any venture-funded company there's a whole bunch of metrics that we rely upon to see how much time we have before we die as a company so they're called survival metrics uh what's your burn rate what's your Runway what's your churn and in the context of assets and
how we look at sorry liabilities I should say uh and the way that we look at the resources that we have to be able to run a company um what how how does how does an impairment reduce our Runway how does an impairment increase churn and I'm not talking about turning customers I'm talking about churn and other ways that we think about how these digital assets work as well later on later today I have a talk on Double Entry accounting so what is double entry accounting it's a simple way to be able to have two ledgers two different systems provide a check against each other okay and I'll share some examples of that later today during
a talk specifically on that so I'm not going to spend too much more time on that and then um there's a whole bunch the industry the finance industry has been reshaped a lot because of the simple concept of ibita and we can think about like what does it mean to have income in the context of cyber security we know what the term technical debt means right but how do we translate that into how it offsets this notion of income and the value that's being created by these assets that are these assets slash liabilities that we have see even I still keep throwing myself off on these things but that's it the the the premise here is that we have
a set of practices that we can now try to codify within how we do cyber security and I think the reason why this is particularly important is because I've been fairly deeply concerned if you haven't been deeply concerned you should you should be concerned about how the government is deciding some of these things for us okay and whether you agree or disagree with the Joe Sullivan's verdict um I could put myself in his shoes and there are many times many cases where I would have probably done similar things as he would have done maybe a few things I wouldn't have done but nonetheless I can see how many of us can follow into the same traps that he did and then Tim
Brown with his Wells notice that he got served I mean there's there's a center of practice that they're assuming that we can't ever achieve okay so when we think about um when we think about for example some of these practices let's I'll talk about this in Double Entry accounting how precise is accounting okay or how accurate are the books how much variance do CFOs allow and guess what they do allow some variants okay it's not a perfect I mean the the ledgers don't always match and yet they don't get sued well if it's a huge various they might but within acceptable amounts they don't get sued they don't get fined they don't get these issues and it seems like
that's not the same for us in cyber security and so we have an opportunity to to to well we have a couple opportunities one is to redefine our role not as a as a person that tries to secure as a technical weenie that tries to secure all these little things but rather in the sort of governance role of how we manage and govern intellectual property and the institutional knowledge of the organization and we have these tools to help us well we need to come up with these tools and in doing so we'll end up with ways that we can potentially provide guidance for the government and for us as a practice so that we can not
deal with these in the future as well all right so that's the first um best of times opportunity how can we become the CFO for intellectual property the second challenge that we deal with the second problem is developers building and um I'm I'm sure pretty much every company out there is now and you know using these newfangled Technologies to try to do something with llms or generative AI here's a diagram that you can barely see because it's the wrong contrast that Andreessen Hurd sent out it's a reference architecture for how you build llm applications and don't worry about the detail at this point but I do want to point out a couple things that in the
context of uh what we've always learned in security there are a couple inviable rules right um one you know never get into a land war of Asia land war in Asia but the one that's probably more important or well you know just slightly well less known but nonetheless important is to never trust user input and fundamentally one of the issues with uh one of the fundamental flaws with llms potentially the fundamental flaws is that we can't separate out the control plane from the data plane all right so we know that I mean this is like a such a well-known uh principle in cyber security and yet when I go back to that chart that reference architecture
everywhere that I've highlighted in blue is user input unsanitized user input okay and it's pretty much everywhere right so okay um are we gonna it seems like it's gonna be a pretty bad thing if we build against this reference architecture that doesn't necessarily capture this core principle of um not trusting user input so uh how do we deal with this again there's there's tons of things out there I'm not going to spend too much time on them but just for reference you have things like bear reveal institutes Berryville Institute and machine learning their taxonomy attacks I love this particular one because it's the most straightforward structured way to think about attacks against machine learning of course many of y'all seen the OS top
10 and there's miter Atlas so again I'm not going to spend too much time on those things but the but the perspective is that there's a lot of work that we're trying to do to to address this problem which is all these places where we have um unsanitized user input and all these attack surfaces but I think there's there's uh let me let me talk about Safety and Security something that actually Josh talks about often as well and by the way there's a vendor out there integrity that's giving out this really big uh poster that says Safety First and I love that because they're using the word safety now if you're not sure why I think that matters
um here's the thing okay so if you if you notice um if you know Spanish then the workforce safety is security guard and the word for security is security dot so in Spanish we have one word for the same thing so for two different things in English we have two words and in cyber security we have the same word again so why don't we I mean in English why don't we call it something different because we have two different things that we do one that's called cyber safety and that one that's called cyber security and if you want to understand the difference if you want to get a sense of what the distinction is we can apply other contacts so let's
take food so when we talk about food safety what are we talking about we're talking about things like hygiene compliance inspections good practices uh bill of materials having a sense of personal responsibility and we talk about security we're talking about things like starvation or like where's the Ukrainian weed or the baby formula and when people talk about security or rather safe compliance doesn't equal security might it be because compliance is safety and safety doesn't equal security okay let me give you another example so airplanes if I'm an engineer at Boeing or at Airbus my job is to ensure that the airplane stays up in the air doesn't come crashing to the ground pretty simple right
my job is not to dodge Russian and Chinese missiles that is somebody else's job to make sure that the air space is free and or that we have airspace security okay which is to have the space free and clear of Chinese and Russian missiles it's not my job rather it's somebody else's job usually the private the public sector right but the perspective here is that there's a activity that we do that most of us actually do that's actually safety oriented most of us do safety work okay and there are still some of you all that do security work but just be clear that we do cyber safety more than we do cyber security okay uh by the way just real quick aside
um seven years ago Equifax got hit by a Chinese missile okay three years ago uh solarwinds got by hit by a Russian missile all right but that's event seven years ago as time passes on that Russian missile starts to look like a bird strike and that bird strike now is something that I'm responsible for okay if I'm designing an aircraft I need to make sure I can survive a bird strike um but I shouldn't be able to survive there should be no expectations that I can survive a missile strike at least most for most organizations if you're apple and you manufacture iPhones you're probably building the equivalent of f-16s and you better be able to survive
Russian missiles because guess what you're going to get those shot at you but nonetheless just the perspective of over time a Russian missile uh shot for a Chinese missile seven years ago is going to start looking like a bird's Rag and what does that bird strike look like now things like a software bill of materials okay um solarwinds got hit by a Russian missile three years ago what's that going to look like uh four or five years from now you better have your supply your software supply chain um really secure because that's going to be a bird track as well so now with this perspective of us focusing on safety the opportunity for the Cesar role
is to think about us as the chief AI safety officer so you think that cyber security is a problem today guess what there's going to be a much much bigger issue coming up okay and I think that it's going to cause all the things that we're dealing with in cyber security to pale in comparison and if you don't if you're not if you're not sure as to why I'm saying this then I would recommend two books for you all to read through and one is live 3.0 by Max touchmark and another one's called human compatible by Stuart Russell very well known researchers in the AI space but they give a perspective of what the future holds where
AI systems we're not the concern is not that AI systems are malevolent the concerns are that the AI systems are competent very confident so confident that we ask it to do something and it does it extreme extraordinarily well despite what may violate our own value system so for example I would say I'm running late take me to the airport as quickly as you can and the the thought of this car will take me to the airport as quickly as it possibly can I might not survive I might kill people on the way minimally I may be very nauseated okay which doesn't necessarily adhere to my value system so how do we design these systems so that
they're built safe safely and responsibly so if you've heard all the things around responsible AI or even the I think we heard earlier about the cognitive science aspect of things this is all centered around this notion of AI safety and who better to take on the role of a chief AI safety officer than somebody who's been doing digital safety for years and years so I think that the opportunity for us going forward is to say hey you guys need an AI safety officer that's us we've been doing this for a long long time now oh now what what does that mean to be an AI safety officer there's a lot of principles that do apply in cyber
security and we've learned some of these principles as well and I and I have a whole talk on this but I'm just going to hit the highlights on this but we've tried to do we've applied our um these different newfango Technologies in security as well the title of Automation and have resulted in us basically shooting ourselves on the foot many times over okay um and so we've taken we want to take those Lessons Learned where we've violated principles of safety in some of these systems and say okay how can we apply this to AI systems as well and so I offer like six principles that I put together that I used when I was at um
major financial institutions to figure out how do we set these sort of guardrails for ourselves as we built this ability systems how do we ensure for example that we know exactly what sort of inputs that we're putting into it how do we have ai bill of materials how do we have conditions that are not unbounded but very tightly bounded how do I know how can I ensure that ultimately we want to make the system as deterministic as possible and to make it as deterministic as possible we try to make things as bounded as possible we want to have thresholds when we know we need to either take action or not not take action and by the way these sort of
uh the examples I used in this when I came up with these were things like when do you block an IP address automatically when you have an orchestration system take action on your behalf these are questions that I'm sure some of you all are dealing with and these are the kind of conditions that I put forth when I said okay we will fully automate this activity once this this an analytic system figures out what's going on okay and so these are sort of the the guard rails that we came up with because we wanted to make sure that things didn't go out of control okay and so fundamentally these are AI safety sort of principles which you will learn just
by using these Technologies within within the context of security so anyway other things like just making sure that you have uh you understand the the the processes that are anticipated by The Operators having a kill switch uh and by the way on that kill switch piece let me mention uh the book human compatible has a really great thesis on how to build on a kill switch for these systems definitely worth taking a closer look at and then making sure that there's somebody who owns this um this system so that you have somebody who's accountable for making sure that it doesn't kill everybody all right okay so that's those are the guardrails and then lastly the third one is the
third uh challenge is attackers weaponizing so we're going to have a lot of different ways that attackers weaponize some of these are are pretty well known you're going to see presumably more convincing phishing attacks you'll see people perhaps generate or the novices generate more malware um but for the most part I think those are things that um you know we've already been tackling those problems and that's not too terribly new however I think in the context of what these Technologies are going to offer is ways that we can that attackers can potentially accelerate their ability to find vulnerabilities within our systems as well as novel ways to leverage things like deep fakes and so on so forth and
so for these two new types of uh attack factors that the attackers might use to when they weaponize these Technologies I think we should think about what those May imply and so let me talk about those two for a moment the first two again just keep doing what you're doing it's not going to make I don't know how much much more of a difference it's going to make but that's it I think the bottom tier ones that I would be a bit more concerned about so with the bottom two though there is uh some opportunities here and to be able to explain that opportunity let me explain um something called the DI KW pyramid so
dikw stands for data information knowledge wisdom and the premise here is that each layer provides more value than the layer below so um and I think for the most part we are now into what we call what I would call the knowledge economy we've been at the data economy we've been at the information economy now we're at the knowledge economy to give you a sense of how you can look at this like data might be let's say websites information would be Google chatgpt is at the knowledge layer okay and the the premise here is that llms is opening up this new economy the cognitive economy the knowledge economy and it will give us the ability to access institutional
knowledge like we haven't had before okay to give you another sense of how this to think about this we've been wanting Enterprise search for a long time and it's failed because what we get back is a bunch of data and information not actual institutional knowledge right we get back a bunch of documents that you're supposed to process no I want to get you to give me the answer I don't want you to just give me a whole bunch of documents that I have to go read through what uh llms have opened up is this knowledge economy and with that perspective I would offer a view that our understanding of how to build secure systems is already known
it's just not widely distributed it's not evenly distributed but what if there were a system that helped distribute this knowledge more uniformly what if there were a mechanism by which we could have an engineer who had a business problem ask this engine and it spews out this the instructions for how to build this system now the engineer will never or rarely ask how do I build the system securely right that's not really part of their equation but we built that in as a part of the answer okay and by the way the answer not may not may not necessarily to build it more securely but as I frame it down here to have fewer security concerns
okay fewer security concerns and the reason why I say that is because the die Triad if you're not familiar with that it's a concept that I came up with called um that stands for distributed immutable ephemeral and the idea is if I build systems to be distributed immutable and femoral it allows us to reduce the amount of security concerns I would have so even if the system were vulnerable even if the system were even compromised for that matter my security burden is lowered okay how do I build systems to either be secure by default or even better to not require security at all and that sort of design pattern is actually known some of it's not known and some some
very maybe narrow edge cases but across the industry we do know that and guess where we share it we share it in conferences like this okay we share it in um coupon and cncf and all these other places where where people are sharing these design patterns it's just not widely disseminated it's not easily accessible this knowledge sits in all these videos and I have to go and pick them out myself but what if there were a way to be able to tap that and pull that out and so at this point we have the mechanisms to build uh more secure or systems that don't require security at all this is a question of how do you assemble this together and so
this perspective of uh that we saw earlier in terms of the issue with vulnerabilities what if we're able to build systems that have fewer vulnerabilities to begin with OR systems for which even if it had a vulnerability I didn't care and then the second piece is around the Deep fakes and so let me for that I have to explain yet another concept um so again I mentioned the Cyber defense Matrix earlier I'm sorry for my folks are familiar with the uh or heard about the uh such as a zero trust maturity model um there's five pillars identity devices networks applications and workloads and data there's five functions there's five asset classes in the Cyber defense Matrix devices apps
networks data and users now if you wonder why there's five and why those asset classes align pretty closely there's a reason behind that but unfortunately some of it gets slightly misinterpreted so let me clarify some of the misinterpretation first of all identity is not just users okay how we people typically think of it they think of identity as being users and if you look at the logo that's a user right that's what system is conveying so users and identity as far as they're looking at it are kind of synonymous okay but they're not why because all these asset classes have an identity devices have identity applications have identity networks have identity data has an identity
okay and you're like okay well I think I understand the first three but what does it mean to have a data identity and by the way before I go to answer that question I should mention uh oh yes sir not all all these ascots classes have identity not just users I should mention I thought it was kind of funny back in 2016 I shared this briefing of like where does uh governance and analytics and um an automation orchestration go and they pretty much put it under the same same sort of view as well so um a lot of this posts I think it pretty much inspired by some of the work I did but there's some just slight variations
I wanted to correct but that's it okay let's go back to data identity what is data identity and why is that why is that a problem well let's go back to deep fakes think about deep fakes fundamentally the Deep fake issue is a data identity problem okay we have a situation where we have content data and I don't have a way to authenticate whether it's well I don't have a way to determine if it's authentic right now we've had this problem before okay and it's the source of all the issue issues that we saw earlier with this these lures right it's fishing emails right and we've had this trouble with email for a long long time because well
um we it's an ecosystem problem and we need an ecosystem we need the will of all these organizations to say we got to fix this problem but email doesn't seem like we got the will to get that done okay there's been a lot of efforts to try to get email to be more authenticated but it still sucks and that's why we still have all these phishing emails and so on that are effective but there's a bigger problem that's emerging a much bigger problem and it's one that is of societal concern meaning there are people who care about this Beyond this room okay people outside of the security community and because it's a bigger deeper concern I
believe that the will to fix it is going to be coming up okay so what does it look like perhaps it's a situation where the ecosystem says hey you know what if you take a picture with a device that has a certificate on it signed by a major manufacturer then I can validate that this picture was taken by this piece of hardware and it's been unadulterated okay and you've seen already uh where places where people have tagged it to say this is AI generated but what I'm looking for is something that says no this is authentic right and I'm looking for authentic video I'm looking for authentic uh photos I'm looking for authentic audio now if I solve that problem
what is email right I mean that's trivial email is Trivial compared to video audio images okay and if that can if we can find a way to solve that problem might we get rid of the bigger problem that we've had that we've had in security for such a long time and so that's I think that's the perspective to look for in the future which is with the bottom one you have fewer systems systems built if your security concerns and then the bottom one being where even email becomes a trivial uh we can solve the the authenticated email problem which really gets rid of some of the problems above as well all right so to wrap up
I think the best of times for number three is not elevating the rule but eliminating the role how do we eliminate the role of the CSO because I think if we have a way to build systems of fewer security concerns if we have a way to solve some of the erroneous problems that we've had in security well you know my job as a CSO may not necessarily be as important anymore and so I would love to have this role shrink and what's interesting is uh Ryan mcgahan he's a uh he's working on Netflix he's an advisor to a lot of startups and he states that there's a lot of security companies there's not a security company there's a lot of new
companies that don't even need a CSO because they've already built systems that don't require that have a much lower reduced risk profile and that's partly because they build against the die Triad that you saw before but I think it's also because again they're building against better design patterns and so I think the opportunity for us is to look at so as our drop goes away we have other opportunities and one is to become the cf4 for intellectual property and the other one is to be the chief AI safety officer so with that thank you very much [Applause]
hello okay great uh we have time for questions thank you for the talk I mustn't be very we're gonna move this back away from that projector because it's got a bad leg and if you touch it it's going to fall over and go through thank you for the talk I have a nuanced uh question in the spirit of deliberately feeding roko's basilisk and your presentation seem to focus primarily on the business user the engineer the technologist but my question is really for you on this room how how do you change or amend these principles with the dark Sweden brace from the security Enterprise professional deliberately using llm for the purposes of security and when we're making decisions around
informations that's coming out of llm for security purposes how do we need to be thinking about building our own tools and our own practices for infosec and not just thinking of that sort of Us and Them towards the user towards the business uh aspect and towards the developer and engineer sure great question so let me answer it in two ways first is the the business alignment you're our spot on in terms of the way I'm characterizing the future role is highly business aligned and that's been a flaw of how we thought about security for a long time that we didn't we weren't business aligned so the real goal as I see it in the future
is for us to be highly business online that said we are here today and we're dealing with um we're trying to leverage these Technologies to to deal with the present problems uh the problems they're present and so I did mention this as a way that we can think about how we leverage some of the Technologies and what sort of safeguards we can put in the other question that there was another facet to your question is how are security teams using LM today okay and I deliberately skipped that question because um I spend I spend times I spend time with startups talking to startups about what they do and I haven't run into a single one that isn't using llm in some
way to help address our security problem so um I I deliberately skipped that question because I we're just I'm inundated by that I don't know if you guys are but nearly every startup I talk to has something associated with that so uh if you want to get more specific details I'm happy to share that because I've been I have a lot of it in my head I just didn't think it was worth spending time on here because you really just go out to any vendor out there and they'll tell you good to see you again good seeing you um there's an industry effort um in the font industry monotype Adobe Microsoft Etc around authenticity and we're
building a standard around it because it's a problem that needs to be solved for the benefit not only of just the font industry but larger Industries I would encourage everybody in this room to research about standards emerging regarding authenticity and to start checking around the problem of how you validate authenticity independent of authentication they are separate problems that require independent Solutions and authentication is a path towards validating authenticity but not the only one and and it's I'm not just splitting hairs here the differences of Concepts matter and solving the problem of authenticity is one of the biggest problems we have to solve in order for our profession to thrive much like solving the issue of
control or utility remain unsolved problems and undiscussed problems in our industry yeah I don't know if I can understand the semantic difference I think I have some sense of the semantic difference between authenticity and authentication um so we can have a sideline discussion on that I think fundamentally what the premise I would still offer is that I I would I would push forward the notion that we know how to solve the problem we just haven't built up the will to solve the problem even if it's to say you know what we're just going to create a de facto standard to do this right and whether you're apple or Microsoft or Google they can they can do something
that will drive that that sort of adoption even if we end up with two or three different ways to do it yeah and it's it's in the works it is happening thanks for your talk um so I'm more worried about um veracity as instead of authenticity um so you know I'm sure you're aware of the case lately where um uh AI generated a legal brief had eight different eight different uh cases decided there were fake cases that made them out of whole cloth I've had conversations with it with where it tries to convince me of stuff that I know personally didn't happen um what kind of guardrails do you envision around those kinds of things
because I see us kind it's like it wants to appease us so it's going to give us the answers and the words that we want to hear yeah but there's not any real good way for us to authenticate the the rat veracity of it right now nobody's even thinking about that problem I don't think are they um so I have a model for that okay uh it's called the uh the ikw pyramid so llms are offered at the knowledge level and what sits above it wisdom right and so I think there's a and we don't have a machine that will go and apply that wisdom so um that's still up to us to apply that
wisdom on top of whatever anyone shares with us right so I'm I'm sharing to you knowledge I expect you to take your wisdom engine and discern whether or not what I'm telling you is um but uh has the veracity that you're looking for right so that's something to consider um by the way on the topic of hallucinations uh there's a wonderful case that you should read about uh with this girl who was undergoing uh open brain surgery and she was conscious at the time the neurosurgeon zapped her brain she started to laugh this neurosurgeon asked why'd you laugh we know the answer but she looked so based on the sensory input that she was getting her brain made a statistical
guess as to what was the cause and the cause was oh it's because of what you're wearing or zap it's because of the photo on the on the wall or zap or it's because of something in other words her brain was hallucinating statistically fascinating story but anyway all right how do you see organizations addressing data compliance with AI because not only are you dealing with the challenge uh now of users willingly giving up IP and information to public sources thinking that they're helping the company or not just fighting Rogue actors that may be exfiltrating data so how do you see companies thinking about this differently because currently it's still a fight to get people to maintain
compliance and think about data compliance even industries that fall under SEC finra you know FDA part 11 stuff those orgs really you know they they fight compliance on that as much as they can because they feel like it hinders operations in the business so I'm just curious how you see IA chain or AI changing that or whether or not that's something you think is actually going to change or if it's going to be the same fight with a new thing yeah it's fundamentally a different type of problem so let me explain why so data governance information governance knowledge governance okay let's look at access controls knowledge data access controls information access controls knowledge access controls
data access controls can be done at a very discrete level you have access to this document you have access to this database this row whatever yes or no very binary now information is more abstract it's confidential what what is what what do you mean by confidence like what's the specific thing that's confidential right uh or secret or toxic or whatever um this perspective of abstracted data is where information operates and what is information governance at that scale it's a little bit more intangible right then you have knowledge which is even more abstract and intangible um so and and we've seen this already happen with llms that seemingly uh take copyright reproduce copyrighted material right by the way we in our conversations
reproduce copyright material all the time and we don't cite the sources it's it's called education okay and so how do we know what the sources are and we can't actually because it's so from so many different pieces from so many pieces of data and information that gets assimilated into this notion of knowledge so it is a it's a whole different problem um and not sure I don't think it can give you the answer because I don't know the answer but I I can pose that the the entirely different nature of the problem in itself um separating the AI for a moment your vision of a Chief intellectual property like CFO alternative is nice for Trade Secrets and intellectual property
but a entire new branch of officers the chief product security officer for the things you put into the world or in OT and ICS environments it's availability in cyber physical safety roles for ciso so have you put some of these models to product security and operational cyber physical systems security their Futures and their evolutions or is this a fork in the tree of a ciso uh the view without I would have is Whatever You're Building um Whatever You're Building if they're if they're understanding of how to build for example a more either more secure or a system that doesn't require security at all I T system OT system ICS system whatever that is again I would
postulate and maybe you can tell me if I'm wrong but that is known it's a known quantity is that a fair is that a fair statement well I I don't disagree but somebody knows oh this is how you should build a system that is not just secure or doesn't require security at all but rather also works with the business it actually achieves the business goals okay how do we get that knowledge more widely disseminated write a book about it or have something that allow that Taps that understanding right and that's what I think the future holds now that understanding has to be properly verified that it's that is correct okay but nonetheless we have us
we have a leg up now and being able to say okay here's a design that may actually be the better design thank you sir for doing this huge fan you know one of the criticisms I've heard in both the professional world and the education world is that llms will give false answers and my response is always well I get told the wrong thing every day you know without llms going back to your dikw model I'm curious you know one of the things that I've seen is where there's a masking of ignorance where suddenly an analyst who wasn't super smart yesterday is suddenly an expert has filled where do you see organizations like what are some safeties or guard rails or ways to
expose where we might have these false flag experts who really don't truly understand the material but because of this introduction of new knowledge and being able to basically have a tutor on demand to which I'm all for by the way but you know this this kind of hiding of ignorance and subterfuge of expertism if that makes sense yeah and I don't know if there's I don't know where the solution is going to emerge sure perhaps it's sort of like uh if I if I want to if I want to teach um if I want to teach my kids well then am I going to fill them with a whole bunch well I give them access to the
internet and YouTube and say go learn from there or will I say well I have a curated set of content that I know to be true right that this is verified by scientists by um people who've actually like you know there's and there may be disagreement right not this I'm not saying that there's a disagreement certain things but the perspective of you know this foundational knowledge that everyone should have okay train up on that right and that's what we would try to that's what we kind of need to do it goes back to an earlier point I made around the uh the sources right so if we want to have like this AI Bill and materials is
something that we're actually trying to figure out like how do we establish that because I don't want that to include poison wonderful thank you so anyway hopefully that answers your question I don't know how we purge it yet but that's that's the premise I'm here to thank you for your talk and um say it's time to move on to the next one all right cool [Applause]
[Music] thank you [Music] foreign [Music] foreign [Music] thank you [Music] foreign
[Music]
[Music]
[Music] thank you [Music] foreign [Music] thank you [Music] foreign
[Music]
[Music] foreign [Music] foreign [Music]
[Music] thank you [Music] foreign [Music] [Applause]
[Music] foreign [Music] [Applause] no no no no no no no no no no no no no no no no no thank you [Music]
baby [Music]
for my appetite don't leave me alone [Music]
[Music]
thank you
all right
foreign
[Music] good morning and welcome to besides Las Vegas breaking ground this talk uh wolves in Windows clothing weaponizing trusted services for stealthy malware is being given by Michael a few announcements before we begin sponsors we'd like to thank our sponsors especially our Diamond sponsor Adobe and our gold sponsors Prisma Cloud sem grip blue cat and Toyota it's their support along with other sponsors donors and volunteers that make this event possible these talks are being streamed live and as a courtesy to our speakers and audience we ask that you check to make sure your cell phones are set to silent if you have a question use the audience microphone so that YouTube can hear you it's located right up here up front
as a reminder the b-sides Las Vegas photo policy prohibits taking pictures without the explicit permission of everyone in the frame these talks are being recorded and will be available on YouTube and in the future with that let's get started hi everyone my name is Michael boguri and I'm I'll be uh this talk is gonna be interesting because let me kind of share briefly what we're gonna do we're gonna show you how you can take trusted executables that are baked into Windows service accounts that are baked into windows and services that are part of the window of the office cloud to operate your own malware all right so that's the promise uh let's see how it
goes so briefly about me I've been kind of focused on this area of you'll see in a moment but no code low code and the kind of things that business users are building for a long time now uh and I've founded a company that's focused on this area if you're interested if you're looking for something interesting to do reach out to me afterwards there's plenty of research we put out there so please check us out all right so the what I'm going to do in this talk is to try and get from initial access to a full operational model up now one thing that's so so two things are important to note here from the get-go
one is that I assume initial access okay that's the that's the start point I have access I have the ability to run code on somebody's a Windows machine and then I want to operate I want to create a malware operation on top of it and let's just try to make sure we all understand we're on the same page of what what do I mean by that so you have initial access to a victim machine which is great not right you're like you won right um so actually no there are a few things in the real world that would that would stop you from actually doing anything with it right this uh this might be behind the firewall with an edl uh in in
a corporate environment things are are difficult so you have initial access you need to be able to actually run malware on that machine right you need to be able to come up to do command and controls through Network parameters you need to be able to explorate data back uh you need to to avoid defenses while you're doing all of that and you need to persist in case somebody tries to boot you off the machine that's so there are plenty of things that you still need to do after initial access and when you think about this this list of things these are mostly grunt work right this is not hacking this is mostly engineering there's a lot of operation
involved which is great but as hackers we want to focus on what we care about we care about hacking so all of this thing right now we want somebody else to take care of this for us now in today's world there's pretty much a susp of everything right so what if we had a SAS that would solve this thing for us that wouldn't be nice that would be probably pretty good so let me introduce you to uh RPA robotics robotic process automation I'm not sure how many of you have heard of this but this is a technology that's meant to help business users automate their processes or help people automate processes and the way it
works it has three separate components there's uh an agent running on people's machines laptops workstations as well there's a controller so something that can reach out through the network to your machine and run something there and there's a cloud endpoint that allows you to manage all of that now the crucial thing about RPA is that it's trusted all of these things are trusted what do I mean by it I said I mean that you already will already have include inclusion rules for all of these Services right so it would ignore everything here which is pretty great so RPA is is what we're going to use here because it seems like this is the service we want right it's like a
remote remote code execution as a service which is awesome this is what we're going to use and so one thing that's important to note is that RPA is really anywhere we I put here like the main RPA vendors that are out there but in any major Enterprise you'll find at least one of them and I'm gonna pick on Microsoft in this talk uh because I mean why not it's it's kind of the thing that we're doing but um but but this is actually a problem with RPA as a whole like with with this type of of thing you'll see in a moment why I focus specifically on Microsoft um and so RPA is going to take care of
everything for us so everything we we wanted earlier command and control exploitation uh avoiding defenses persistency cleanup but it's also going to do a whole bunch of more things because when you build a malware you need to think about the different os's that you want to support you want you need to be able to handle errors you need to be able to do retries updates all these things are taken care of for us which is nice right it's it's really like uh built for all purposes so this is what we're going to uh um how RPA is going to help us um and so just a kind of a quick understanding of what RPI is the idea is to replace the
copy paste compressed integration that business users are building are doing so like if you want to move a file from one place to another people have been doing that for ages we've been trying to tackle it with DLP and all sorts of solutions that didn't really kind of uh solve the problem this is an attempt to automate that process and the key feature about RPA is that it works as the user on the same session as the user so it impersonates the user by design it means that it can operate in Tangent with the user so the user is interacting with things on their computer and at the same time the bot is interacting with
those same things with those same same credential same permissions everything is is the same right so it's very difficult to distinguish what an RPA agent does on a user's behalf and what he has a user does all right and it can run on users machines it can also run on dedicated servers to do some more heavy lifting because people are also using RPA for like a heavy Enterprise processes and and use cases I mean there are there are many of them like cast onboarding and off-boarding uh Financial uh Financial financial management reporting there are plenty of use cases for automation uh this specific automation again is the the number one thing about it is because
it emulates the user it's able to uh integrate with things that don't have a proper API so if you have a legacy system that doesn't speak to anything else like I don't know a healthcare system that people are plugging in data from that system to some other systems of RPA could help you there but again it also means that you're operating as the user inside of the user context and so here's what we're going to do today we're going to start we just covered uh the motivation like what are we actually going to achieve him here uh we also talked about what are I'm gonna kind of briefly show you an example of what RPA is so we all make sure we're on
the same page and then we're going to do a technical Deep dive to understand how we can exploit this we're going to see how we can take RPA and turn it into our series I'm going to introduce you to a tool that will do all of that for you and of course we'll finish with defense and understanding how how do we protect ourselves from this thing hi because of course this is the this is the goal here um so just as a quick example to make sure we're all on the same page on what RPA is um when I was a teenager I used to play in a game called tibia I'm not sure if
any of you if there are any tibia fans here I I didn't get I'm not finding a lot of those but uh I spent like the majority of my teamhood playing this game and what you're doing there is actually um it's like a an early MMORPG right but the vast majority of the time you're not doing what you want to do which is kind of go in quest and play with your friends you need to do some uh you need to do Grant work in order to level up and in this particular case you do fishing so fishing mix you go to a pond and you click on a worm and then you click on on the sea and then you click
and you get some fish and you click and you get some fish and you click and you get some fish and it's terrible all right you spend hours doing this thing and so I really wanted to automate this thing because it was too much and so this is this is kind of the equation that you that you're going through so I wanted to do something better and then I came up with a with a very good idea um physical automation so and this is an illustration but I couldn't find the real uh the real uh picture this is really what I what I used to do I used to go to sleep with like heavy things uh
on my keyboard and mouse and when you wake up in the morning in the morning one of two things happened either you leveled up or somebody uh killed your character and and you're not in a good State um of course this doesn't hold because this this is very basic right you can only click things so the next level up after you do this thing is to use uh some sort of a program that records your screen your records what you're actually doing and then replace it and the cool thing about this thing is that you can also share it with other people so this kind of made me popular for a second Dell because I could share it with my
friends that could also fish automatically at night and then you can see what this thing is actually doing so I'm recording an entire session of me like uh uh fishing around and then this thing will replay it overnight okay so this is this is a fun example but this is actually what RPI is and now like I don't know 20 20 years later we are we are using this kind of technology to solve anthropod problems all right so now that we understand what RPA is and we have an example in mind which is very relevant to the Enterprise setting we are going to look into RPA and what and how RPA works because if you don't understand that then you won't
understand uh how am I achieving what what you're going to say in a moment so I'm going to focus on Microsoft and this is the reason every Windows 11 machine has an RPA agent built in to Windows right now so open up your laptop you'll find this agent look for Power automate it's already there and so this is the reason why Microsoft is definitely the thing to focus on and so let's try and look at how this looks like so when you open a brand new windows 11 machine you'll find this screen and then let me show you hopefully
all right yeah so we don't need the videos but basically um when you when you log into this let's stood here so when you find this Spa automate agent on your machine the next thing that this will uh this will pop up is like a sign-in screen and that sign-in screen allows you to it asks you for uh for an office user account whatever account you have this could be your personal account this could be your corporate account whatever you have right and once you do that this agent will start syncing with the relevant Azure tenant so it could be again your personal like a personal account and then it's the share tenant or it could be your co-pilot tenant it's
going to fetch all of the different automation that you've already set up on the cloud side and then you can just pick them up and use them and so sorry all right and so once you do that this is the screen that you that you're seeing after you log in and you can see a whole bunch of uh so in this case those are payloads because I've pre-prepared this but this could be just like regular automations and you can see on the upper side this goes to an environment that's something called puntoso contoso is actually just the malicious tenant that I've created all right and so this thing is synced with the cloud again this is my Windows machine talking
to to office and so we need to understand how this thing actually works because recall that Microsoft has put this inside of Windows 11 they didn't ask any network admin team in the world to open up different ports right so something is going on here that allows the Windows machine to communicate with office in whatever setting you might be in and so on the on the left side on the machine side power automate is actually comprised of multiple different executables the first executor that you saw that that you'll see for the sign up is is power automate it communicates with something called machine runtime which is actually a service that's going to go up to the cloud and pull uh pull
the payloads that it needs to to run and this is running on a on a zip on a service account you can see the service account there okay that is automatically being created on your machine um Power automate also allows you to run a bunch of automations on the browser so again by default you can uh you can install a a plugin on your browser that takes full control of over your browser in Edge this would be automatically deployed in some cases in other in other browsers you need to install it and then it would allow you to do like it would allow power automate to operate on your behalf on the browser so in order to do
this there are specific executables that that communicate with each one of those now if you're looking for a place to do some research I really recommend this this is a I've just described like three executables out of this entire thing all of this thing is is already in your Windows machine and the attack surface is huge and not a lot of people are looking at it so if you're looking for a easy pickings uh I really recommend this but all right this is the machine side now let's try to figure out how does the how does power automate how does the OPA agent walk with office how does this trans walk through this uh corporate
boundary so the way it works is actually with a with a neat piece of software that's called Azure service bus or Azure relay basically both sides are open are creating outbound connections and then there's no inbound connection to your network there's outbound connections from the Windows machine through your firewall or whatever uh to pull on on this queue now most people are not blocking uh outbound connections especially not to uh to Microsoft Services right and so this is the way that it operates so this is basically uh a message box where people can leave messages where office can leave messages for your machine to execute all right and so once you once you sign in then on
the office side this is what you see this is basically a way to so you're saying all of the machines that I've infected you can see their versions you can see the ones that are connected or disconnected you can see how many automations are running on those machines and you can actually go further and you can execute things from the cloud to the machine through this mechanism of queuing you can also look at each individual task that you've scheduled through the cloud and see what exactly happened like full logs and if something was failed you can rerun it so everything is is handled for you um and so this is pretty much what we needed right
and so now I'm going to show now now that you understand how this works I'm just going to show you how uh what we can do with it as hacker so from now on uh we are wearing the hacker hat and we are not describing the service anymore but we're describing how we're going to use it right so this is my wish list and uh let me go through the wish list one by one um so first of all deploying the manual to to start this thing what we need is a malicious Microsoft tenant this is pretty easy to get right so I've created a something here called pontoso which is kind of a I know a nice reference for Microsoft
um and you can create this tenant uh free no credit card needed then once you do that you go to Power automate it will tell you hey you need to introduce new machines and so in order to introduce new machines um use well you didn't see that because the video didn't work but what you're seeing right here is the sign-in screen that uh that people need to log into when they when they enter when they first go to Power automate and so what we really need is to use our account not like not this account here this needs to be our hacker account because this is the moment where we register a user's machine to our
tenant rather to their own home tenant once we do that the machine is uh is onboarded to our malicious tenant we're a global admin we can do whatever we want right so we can also run things on the machine and so this is the crucial piece now you can do this with UI but well as a hackery that that wouldn't be that would that wouldn't really help us and so we need a way to circumvent this thing this registration form and and so this the question is can we avoid that and the answer is that uh of course so Microsoft actually has a pretty like an existing executable there called machine registration dot silent which is awesome
and then you can use this uh this nice little script to register the machine to your own tenant and you can see that this this is the this is the command that I'm using here right here all right so it's it's like a one-liner very quick and this machine is now registered to my internet and by silent it means that this machine does nothing will pop up on the machine side right if you go to Power automate and you try to log in you you wouldn't see that it's already registered right you can you can check registry keys will will go into that uh later in this time all right now this is great but uh if your if your
eyesight is especially good then you have picked up you know what uh yeah you have picked up on on this little on this little thing right here which is that I'm running this as an admin which is like uh yeah I don't know it's not good right we I mean if this is only something that that requires admin machine admin access to the machine then this would be terrible and so we wanted we really wanted to find a way to circumvent this protection and to run this as a user so we did a very sophisticated thing we just tried uh and it actually worked haha so why not um I mean yeah so we so it works
um and and by the way once you do that of course the machine is now registered here uh to your malicious tenant so you can go to your monitor and you can view the machine specifically this is a Windows 11 which I just infected and it's connected and you can see the version of the agent and so on uh which is kind of nice so uh I just showed you how to infect a machine that's it that's what you need to do again when you run this command line right here no idea will will stop you because this is something that enterprises are already doing I mean it's it's something that they need to do and so
all right in order to trigger this thing from the cloud then I need to do a couple of things first of all I choose like uh that I'm going to run this automation on some on south of the machine I need to um to specify like the specific machine and credentials for that machine I can run this with any user any user on your local machine right not just a single user by the way this opens up another threat uh Vector because think about a machine that just gets a stream of payloads with with usernames and and passwords on top of them but that's a topic for another talk um and then I need to choose a payload
and these are the payloads that I already submitted to my cloud all right and now one thing that I need to figure out is what happens if a user is walking on the machine so if somebody's already working on the machine and I'm going to run some sort of payload is it going to conflict with them or not so how do I how do I manage that and if somebody is not logged into the machine will it still work so um the good thing about this is that RPA has already solved this problem for us that's why we're using SAS right so you have two versions of RPA attending and unintended which basically means whether
you are sharing a session with the user or not if the user already has a session that they're working on on their machine then you just join their session this is called attended LPA but if the user doesn't have a machine they're not logged in it doesn't have a session they're not logged in so you can just create a session do whatever you want and then discard that session all right so both of these things work out of the box and so we've seen like I didn't do anything until now really like this was just a creative reading of dogs but what you have already seen is that I can deploy malware the face of defensive
Asian is is kind of obvious right because well it's all signed by Microsoft and persistency is also obvious because Microsoft is treating this for us right Microsoft is creating this mechanism it needs to uh to be able to still be there once you boot and everything and so this is all taking care of us taking care for us by RPA and so now we're going to um have some fun because we've reached that point when we can start like uh looking at what we can do with this so let's start by a data exploration what you're seeing here on the left side is actually uh the way that the RPA uh like the way that you create tasks on RPI you
can see this is kind of a drag and drop interface there's a whole bunch of actions here and this is the thing that I'm actually doing and you can see that this data expectation payload is pretty simple I'm getting it as an input a specific file that I'd like to uh that I'd like that I'd like to that I'd like to get and then as an output I'll get the content of that file right and this is just like there's an error block here some some engineering but other than that it's it's pretty simple and on the cloud side so again the input is give me this specific file with the secrets and this file is now and and the uh the
content is being shared through the cloud so again just to make sure that we understand what's going on here because I've just did I just did the data exploration from a Windows machine to uh to my own malicious cloud and we need to figure out whether you would you would have found this on the network on any parameter that you have or any logs that you have so let me convince you that you would not remember that remember this this uh screen that we saw earlier this architecture the way that this works is that the instructions are being written to office again to my malicious office tenant and then the payload goes through distrusted Communication channel
and the exfiltration the output goes through that channel as well all right so you wouldn't find this uh you wouldn't find this machine going out to a random IP somewhere to dump data no this is all in trusted communication with Microsoft with an office account that would be pretty pretty difficult to uh to pin down all right so the next thing I wanna I wanna get to is code execution like full-on calls execution right and in order to do that again RPI treats this already for us so I'm not sure if you can actually see but there are but the RPA agent has built in a way for you to spin up scripts on the
machine then you can use whatever you like you can use Python JavaScript command line Powershell these are all available for you and so this is an RPA payload that takes as an input the type of command that you'd like to run so which interpreter am I using and then the actual script and it will run it for you and give you back the output and the and the errors and so this thing is actually pretty cool so let's try to run it but when I try to wire it I have a I I get this little pop-up that we really didn't want to uh to have happening and so this is and this is identify I've used
this to uh to run mini cats to a command line so of course this is finding us right this is that we are being flagged why we're being flagged because well that the RPI agent is trusted but when you run a command line that that is trying to run mimikats I mean you will get caught right and so we're in a kind of a pickle because we want to have full code execution but when we will if we start a script from the power automate agent then this script would definitely get caught would definitely be like the place where edrs are looking for so how do we circumvent that well notice that this thing is already already implements
some sort of some some some level of like programming right this haven't this has an if statement it and it handles errors there are some things that we can do with no code just with no code just inside of the RPA agent and so the next thing you're gonna you need to ask yourself is how sophisticated can we get only using no code like only using this drag and drop interface without using any scripts at all and so and so this is the next the next so this is what we're trying to find out right now and the answer is that we can do a whole bunch more a whole lot so this is the list of actions
that are available for you you can do things like uh you can uh you can change registry keys you can uh you can work with a Windows processes you can read and write files you can set up an HTTP call you can encrypt files with a handy encryption function right here which is kind of nice if you want to uh if you want to like play around with it so you can do basically everything and actually since I've created this slide Microsoft also introduced actions that do things on the cloud side so you can do things on Azure active directory Microsoft graph SharePoint all of those kind of the Microsoft 65 Suite which is kind of
awesome so actually we can do a whole bunch more a whole lot more with this thing and so we can stay with no code Primitives and we can achieve things that uh usually would take like a heavy scripting and so let me show you a couple of examples the first one no code ransomware um I mean it's it's it's very easy right I just I just I get I get it as an input like a file like a root file and then I'm iterating through all of the directories recursively and then for each file I'm going to use the encryption function for provided by Microsoft and then just encrypt it and uh dump dump the encrypted file uh on
top of the of the original file right and the short this this just works and this is all within the Microsoft executable right all right and and just as outputs here I'm taking a few things like uh how many files that I was able to encrypt and like statistics because well we need we need to know that um another example oh it's I think this will not work yeah this do not work but what I wanted to but this this is a like very brief demo where I basically showed that this thing you can you can run it from the cloud right but if you if you want to check it out like there's a link here
it's already up on you but basically the the thing here is that while you build this uh what this thing will run on somebody's machine you can very easily as a show as you've seen earlier in the slides you can uh run this through the cloud and you get all of the Telemetry back to your Cloud all right okay you what you can also do is clean up because like one thing that this agent does is generate a whole bunch of logs because this is again this is something that is supposed to be used by an Enterprise so if you go to to the relevant temp folders you'll find a whole bunch of logs on what this agent
actually does so how do we make sure that nobody Catches Us we just use the agent to delete all of those files why not I mean it's a documentation we know exactly where those are all right so no code cleanup again I'm just iterating through those fold those folders with with the logs that I know I know where they are because it's in the docs and then I'll just delete the logs all right so one other thing that we can do because we we talked about the browser side and and the the thing is that if you have this RPA agent that uh installed on your browser as well then I can basically steal any token that you have on your
cast on your on your browser right because again I'm impersonated they use them and so again I think I have this in a YouTube video so I don't think you'll be able to see it but what I actually have but what I've actually done here is just like created a very simple script that opens up the browser and then goes specifically to power automate like the office Cloud version and just steals the user's token because I mean why not it's very easy and the thing the The crucial thing here is that you can open the browser in a minimized version because again the RPA is is is built by Microsoft and by others as a way for you
to uh to run things on users machines on in the Enterprise you don't want to disturb those users right you don't want them to have a browser pop-up and something automatically happening so we can use the same mechanisms for our purposes as well right and so this is this is what you you'll see here if you go to this link all right and so as a quick recap what we've done so far we were able to go through the entire checklist of the things that we wanted to do so we deployed malware with the trusted service we like defensivision persistency were kind of obvious we did command and control exfiltration cleanup you also saw a
specific ransomware payload but you can actually play around with this and do a whole bunch more so I really encourage you to do that I'll show you how in a moment and we also saw credential access through the browser or whatever I talked about it and so if you want to play around with this yourself so here's the two this tool is allowing would allow you to do everything that we just saw in this talk uh like like the the all of the payloads are already included there the infection script is already there you'll also find links and more details that I'm going to share in a few moments on how to protect yourself so this is
all there this is actually a second version of this tool I gave an earlier version of this talk at Defcon last year and so this is the second version of this of this tool where we go through a whole bunch more than just uh run somewhere there's uh there's a back door there's fishing there's internal fishing uh there's a way to dump data with guest access I just gave a talk about this yesterday so check this out this is a whole tool set around the no code low code capabilities that Microsoft has built into office um what PowerPoint is going to do for you is automate everything that we've seen up until now but for us as security
folks so we can work with this without UI and like drag it and dropping right we we want command line and so uh the way that I'm generating a command line here is that I'm actually creating an automation on the cloud side that um is triggered by an HTTP request and then I have uh error handling uh all figured out for you and then it's gonna execute the payload on somebody's machine and there's one endpoint that controls a whole bunch of payloads so any payload that you saw here in the stock is available through the tool and then what you actually need to do is just post this just do a post request to the to the endpoint that's generated
here by Microsoft on your own tenant right this is also available through a nice little CLI with PowerPoint so check it out it's kind of it's kind of cool all right so we figure out how to use RPA we figured out uh we saw what we uh what API is and we saw what you can actually do with it what do with this the next thing I want to I think it's important to to discuss is like the communication with Microsoft about this thing and so let me yeah let me show you uh what has happened so far so this was actually first found in uh last year uh so when I talk I give a talk
about this phone and Microsoft pretty much said yeah this isn't a known issue like everything here is uh like it uh I think the the exact quote was that this requires uh social engineering in order to to work which is does not but all right um and so that's that's where we were last year uh since then Microsoft actually issued a fix and we're gonna discuss this fix in a moment um but the fix was issued for specific version so this is a this is something that is that is on your machines so you need to update in order to get that fix we don't have a cve for that they did acknowledge at the end like uh just a
couple of weeks ago that that this this is related to our research but there's still no cve for it right so what's what's the actual fix here what actually happens is that the The crucial piece is that I was able to register this RPA agent to my own tenant rather than the home tenant of the uh of the user right so in an Enterprise setting the user is already logged in the machine is probably ad joined or at least aad joined and so the machine needs to know that there's already a tenant for that machine right and so by default if you use a secure version of power to my desktop they have made it so that you cannot register the
agent to another tenant if you have if you already logged in with a tenant but there are a few crucial things that are missing here one is that there's no CV and earlier versions of power automate desktop are still vulnerable so you still probably have business users that have this older agent that could still be owned the other thing is that well the default is secured but you can definitely move to an insecure default and there are actually reasons to do it most Enterprises don't have one tenant ID they have lots of them and once you have lots of lots of talent ideas then you need to switch off one of these uh secure Flags which would allow an
attacker to use that as well and so any machine that's not aad joined is is still is still in a problem it's still still vulnerable and this is probably not an Enterprise setting but well who cares about consumers we have uh insecure configuration that would that would cut you and we have the older version of power to my desktop again no CV so you need to do you need to manually make sure that people are updating their uh their agents all right so this is the this is the work that we've done with Microsoft actually like I I'm joking about them but in the last few weeks they will they were kind of nicer so uh we're getting
along good now um and so let's let's like like a very quick recap of what we've seen so far we saw what RPA is we mentioned that it's available on every major Enterprise right now we did a technical Deep dive into RPA we saw how you can abuse RPA and basically turn it into what it is a remote code execution as a service we saw that you can distribute payloads we sell PowerPoint which would allow you to play around with this thing I really encourage you to do that because there's plenty more payloads that you can actually create and the last thing I need to give you uh is is something to do with it right so a way to protect
yourself and so let's go let's do that all right these are the best things that we've discovered so far to try and catch this attack or prevent it on your talent I mean the number one thing you need to do is Monitor any usage of these two executables one is for command line and the other is for Powershell if you see any weird things going on with these executables this is a giant red flag right especially if you see a tenant idea that doesn't belong to you I know that's a difficult task to always have like a an updated list of tenant ideas that that belong to you but it is what it is right this is the best thing that
we can do to protect from this because once somebody has already registered uh and one of those machines one of those agents then you're in a you're in a tough place right it's it's difficult to do something with it unless you actually get a hold of that machine um the second thing is that kind of so again the first two things are kind of similar the other thing is that you can actually apply there's a link there I'll answer the slides afterwards you can actually apply a bunch of best practice on the like there are configurations that you can that you can create to harden your environment even more but this requires changing registry keys on your user's laptop so if you
have a way to do that in a way like that's comprehensive go ahead um and the last thing that I'll mention is that this is like this has been uh focused on how an attacker could live off the land of this power automate thing but actually business users are using this and when you think about putting uh Power in the hands of business users for them to automate things connect anywhere uh with their own credentials then you can think about the kind of thing that will happen right we can't expect them to make consciously good security decisions so there's plenty of things that that can go wrong and if you're interested there's an owasp project that's dedicated to to
these things the things that business users are building it's called the OAS flow code no code top 10. um I think with that thank you very much [Applause]
yeah if we have any questions then feel free
are on those flags to unset them or change them back to what they were sure so the question because Mike didn't work at first the question was about the two flags that I've mentioned that Microsoft has introduced these are indeed set by default on the on the Newell power automate desktop agents and so by default you'll find if your machine is a the joined and you have an updated uh an updated agent however uh like you can just change those registered keys in order to do that you need to be an administrator on the machine it's admin to changing back yeah on new machines that have just been introduced you're fine in another person all right
any more questions
okay I'll be here afterwards thank you very much [Applause]
[Music] foreign [Music] [Music] thank you [Music] thank you [Music] thank you [Music]
[Music]
[Music] foreign [Music] foreign
[Music] foreign [Music]
[Music] thank you [Music]
[Music] foreign [Music] foreign [Music]
[Music] foreign foreign [Music] thank you [Music]
[Music] [Applause]
[Music] foreign [Music] [Applause]
foreign
[Music]
[Music] you're giving me wind away [Music]
[Music]
[Music] don't wanna overthink it baby [Music]
[Music] don't leave me [Music] but I don't wanna jinx it baby again
[Music] but I don't wanna miss you baby oh
[Music]
maybe you'll give me five years I'm gonna butterflies [Music] don't leave me alone baby
some kind of butterfly baby
[Music]
[Music] oh oh [Music]
[Music]
[Music] foreign [Music]
[Music] thank you [Music]
[Music]
[Music] foreign [Music] foreign [Music]
[Music] foreign [Music] foreign [Music] [Music]
[Music]
[Music]
[Music]
[Music]
thank you [Music]
[Music] foreign [Music] good morning and welcome to b-sides Las Vegas breaking ground this talk is Mainframe hacking for kicks and giggles and is given by Jay and John a few announcements before we begin we'd like to thank our sponsors especially our Diamond sponsor Adobe and our gold sponsors sem grep Toyota conductor one it's their support along with our other sponsors donors and volunteers that make this event possible these talks are being streamed live and as a courtesy to our speakers and audience we ask that you check to make sure that your cell phones are set to silent if you have a question use the audience microphone so YouTube can hear you the microphone is right up here up front
as a reminder the b-sides Las Vegas photo policy prohibits taking pictures without the explicit Express explicit I'm sorry permission of everyone in the frame these talks are all being recorded and will be available on YouTube in the future all right with that let's let's get started morning oh so thank you for being here this morning especially on a topic as esoteric as mainframes specifically Mainframe applications um so show hands how many people here have used a Mainframe as a developer assist prog or a user okay good amount how many of those in the last five years even less and then how many people have done a security assessment on a Mainframe okay a few there should be way more
people than that um and it turns out that it's really really hard to do this stuff for reasons that we're going to get into so a bit of housekeeping uh the first thing is that we have a lot to talk about and we only have a short amount of time to do it so by necessity we're going to have to move fast and it's going to feel like drinking out of a fire hose as I said this is on YouTube so you can always go back and look at it later the second thing is that we are not Mainframe experts we're security researchers who are asked to look at Mainframe applications and we kind of
had to figure this stuff out from the ground up so if you're a Mainframe expert whether that's a developer or cisprog or whatever you know we apologize in advance for anything we say wrong we're security researchers not Mainframe gurus and then the final thing is a disclaimer we are not here on behalf of representing our employer and anything that we say is our own views and not those of our employer so with all of that out of the way this is the research team my name is Jay Smith I've been doing it for about 25 years I've done everything from thank you for calling help desk systems and network engineering sock work not work development and now I'm a lead security
researcher at my company my name is John I got my career started in software development then I moved into information security compliance and eventually I got into application security I've worked mostly with HTTP based applications some native mobile apps and most recently mainframes which we're excited to talk to you all about today and then the third member of our research team is Garland he could not be here even though he should be his contributions were extremely valuable and we want to make sure that everyone knows he was a part of this this project hmm so uh when you talk about any other topic in security there's a basic amount of information that you can assume
people have they know how web applications work they know how Windows Works Linux works and so on we don't really have that foundation with mainframes so to really talk about this we have to talk about what mainframes are and how they work so when I talk to people about this kind of research and I say hey I do a lot of stuff with mainframes this is what they think of um they think it's this Legacy archaic system you know was built back in the 70s or 80s and has shoved in a back room of a closet somewhere all the time I get oh I worked at those things back in the 80s they're still around
or they think it's this giant monolithic machine that takes up an entire room and requires a team of people to operate like Joshua from war games well the reality is today they look like this uh this is a Z16 Mainframe top of the line costs High six low seven figures and it's one of the most powerful commercial computers you can buy it runs an architecture known as the Z architecture and an operating system known as zos and just to give you an example of how powerful they can be one of these can run over 200 server grade CPUs 40 terabytes of RAM and petabytes and petabytes of storage so these are there's nothing archaic or Legacy about
them they are extremely powerful in modern machines and whether you realize it or not you rely on them all the time probably every single person in here has relied on one just to get here if you've ever used a credit card withdrawn money from an ATM booked a plane scan to check for mobile deposits anything like that you have relied at some point on a Mainframe during that interaction they have been and continue to be the backbone of many modern Industries and diverse Industries such as finance and banking Healthcare utilities government insurance all of these industries rely on mainframes to do their day-to-day operations and you might be asking why I mean these things were in the 50s and 60s why are
people still using them and there's a lot of reasons but just to give a couple of examples these machines can have mean time between failures measured in decades you can take an application that was developed in the 70s and drop it on a brand new Z16 Mainframe that you just got and it's going to work right out of the box that's like taking a Dos application and running it on Windows 11 with no emulation or compatibility it just runs and for our purposes they are very very good at high speed transaction processing and this is one of the primary reasons they're used to give some context a modern Mainframe can process up to 100 billion transactions
per day so that's the equivalent of hundreds of cyber Mondays per day per machine so these are incredibly powerful machines given the power of them and given the criticality of them they are also incredibly high risk systems so if Twitter or Facebook or Instagram or something like that were to go offline today people would whine about it they'd moan about it but something else will pop their place in life pop up in their place in life would go on if mainframes were to stop working today it would be global economic pandemonium and that's not an exaggeration Finance would grind to a halt so you can't get money you can't spend money uh food shelves grocery stores would be empty because
the logistics would stop working Planes Trains all of it would stop they are that critical to our infrastructure unfortunately for reasons that we will get into they are not tested as frequently enough or as thoroughly enough as they need to be so now I'm gonna hand it over to John who's going to talk about the application side okay so the first thing we'll cover is how Mainframe applications differ from traditional distributed systems let's say you have a web application whether it's in the cloud or on premise you'll likely have an application server a database server an authentication server a logging server and all these distinct systems that support the same application on the Mainframe everything is
self-contained there are no distributed components so if you need a database well mainframes have subsystems rather that's do pretty much anything you need for an application so if you need a database there's a subsystem for db2 if you need to access control there's a subsystem for rack F if you need a facility for maintenance and development there's a subsystem for Tso and so on so now Mainframe applications generally fall into one of two categories depending on the type of processing they perform the first kind is batch processing so if these applications you'll typically submit a task work related to that task is completed and eventually you get some kind of result so for example a utility company with a
Mainframe will likely have a monthly batch process that calculates consumption data and generates billing statements for all of their customers so the time that these take to run is proportionate to the task that's being performed so we can have batch processes processes running for minutes hours or even days and because of this end users aren't typically interfacing with batch applications directly instead these are scheduled or just kicked off by some back-end process and they just run until they're done in contrast we have Mainframe applications that perform online transaction processing or oltp and these are more like the types of applications that we're all familiar with right so this is when a end user submits a task
and they'll get an immediate response or submit a request and gets an immediate response so you're at any you're at an ATM you tap to view your account balance and you're immediately presented with your account balance we're not waiting around for a batch process to finish because these applications are running online so the most common oltp system on the Mainframe is kicks or the customer information control system and Kix is just another subsystem that supports the running of Mainframe applications online and these are more like the types of applications we're all familiar with right so you're adding ATM you tap to view your combats you're immediately presented with your account balance um so we can think of kicks as a
proto-web server before the web and this is a rough analogy but it'll help us understand some of the terminology so when you're working with a kicks application the terminal can be thought of as your web browser and Kix does have other front ends but if you're interacting with kicks directly on the Mainframe you're going to be using a terminal emulator so once you're in the terminal emulator you need to know where to go on a web application you'll typically just enter a URL in your web browser and it kicks application this is your region so you need to know what region you're logging into so in this example dvca prod is a region that we're logging into from our
terminal so once you're logged into your region you need to know what page on that website you want to get to so in kicks this is a transaction it's a four character alphanumeric transaction ID so once you're logged into the region you enter the transaction ID for the screen that you want to access and you can access any transaction on that region provided your authorized to do so so as I mentioned earlier there are multiple ways to interface with kicks most of these are facilitated by apis that expose kx2 systems outside of the Mainframe so you can have web applications web services RPC clients desktop applications native mobile applications and all these various interfaces that interact with Kix as a
back-end system now you may not realize it but many of the applications we all use today utilize Kix as a back-end processing system so Kix is still one of IBM's Flagship Mainframe products in fact the latest version of Kix was released just last year however Kix suffers from this concept of a legacy code base running on Modern infrastructure so as Jay mentioned earlier you can take a Kix application that was developed 50 years ago drop it on a modern Mainframe and it's just going to run this is great for maintenance and compatibility but it's terrible for security because many of these applications were developed at a time when security just wasn't a priority in fact it's not uncommon for kicks
applications to go 10 plus years without a single code release and part of this problem is that the original developers retired 10 plus years ago and the ones left maintaining it have no idea how anything works so this is a problem that reinforces the need for ongoing security testing of these applications unfortunately that's easier said than done and Jay's going to tell us why so the reason that we're all here testing this stuff so management came to us and said we need people to test Mainframe applications and we're like cool that sounds awesome let's do that how do we do that and they were like we don't know figured out so we tried to figure it out and this
was us for the first year um to say that mainframes are difficult to work with is a drastic understatement um there's really no parallels you can draw to other kind of work whether it's systems engineering network engineering development whatever all of that goes out the window and working with mainframes you have to learn a completely new language completely new world everything so that's what we started to do but we ran into a number of problems so the first one and the biggest one is gatekeeping um to say that Mainframe developers and sysprogs are prickly is an understatement um whenever we try to talk to them if you don't know the terminology if you don't know how to say what they want you to
say or the way they want you to say it they'll flat out tell you to get out of their face they don't want you near their systems they don't want you touching their stuff they don't want anything to do with you and to be fair to them they have some reasons to do that because if you don't know what you're doing it's pretty easy to bring down an entire lpar ask me how I know that um when you get that that phone call from a pissed off Mainframe Dev like they're angry um so they they do have some legitimate reasons for not wanting people on their system but when you try to research this stuff if you think Reddit is like a
cesspool read Mainframe forums so trying to look at stuff so I just spent literally two minutes on one of the popular Mainframe forums just looking for examples of developers being um so here we have one where they said if it's so urgent why don't you read the manual well if it's urgent you don't have time to read the manual plus the manuals are almost impossible to read uh this dude and he has a lot of these posts he won't even touch your post if you don't make a colorful and pretty for him and then this is my favorite um I doubt it's throwing errors because errors are not thrown on the Mainframe so this is what you will come across all
the time when working with Mainframe developers so that was the the first hurdle that we ran into the second one is cost now thankfully we had the backing of our company and we had access to True Big Iron Mainframe so we could do this stuff but if you're just an Enthusiast or working with a smaller company and you want to emulate a zos system you're looking at about six thousand dollars per person per year just to have an emulated zos and that's well outside the range of an average researcher uh there are there is an open source solution which we'll get into later if you want to do any other kind of testing out there web applications thick
clients active directory whatever there is a wealth of tools out there there's tools for every single thing that you would want to do and it's easy to build your own tools because there's already so many tools out there well with mainframes almost none of that exists from an application perspective we found three tools that could kind of do what we wanted two of them hadn't been updated in five to eight years and one of them only kind of did surface stuff so in the end we had to build our own tool and then finally the gatekeeping combined with the difficulty of mainframes makes it an extremely steep learning curve so whatever it is that you want to learn there's a training
body out there and probably a certification but none of the training bodies out there Sans offset TCM security like nobody offers anything in the way of Mainframe offensive security work um I ended up so these are some of my personal library and I learned more digging through these books than I did on anything online on any course that I found so it's a difficult thing to get into so at this point we were tasked with looking at these applications we realized we had no idea what we were doing so we just kind of had to start digging and researching and I'm going to hand it over to John to talk about the research right so once we've figured out those
challenges we came across another problem we had no idea how to get started and little reference material so we continued our research and eventually came across the 3270 data stream programmers reference and this was the official reference manual for developing 3270 based applications which means it had everything we needed to build an attack model and start developing test cases so this is what we learned the 3270 terminal is a block mode terminal which means anything you change on the screen is only sent back to the Mainframe if you press one of about 35 attention identifier keys and these were all physical keys on the 370 on the terminal keyboard which we don't see on keyboards today and this will be
relevant once we get to the demo the screen buffer stores the data that represents the content you see on the screen so it stores all the field values and information on how the fields on how those fields should behave in the in the terminal notice how you can this might be might be hard to see but notice you can click anywhere on the screen and it doesn't matter if there's data if it's a field or if it's just some random empty spot this is because each character position in the screen corresponds to a location on the screen buffer so when you're performing a security assessment on pretty much any application an important consideration becomes how that application
communicates with upstream and downstream systems traffic between the Mainframe and the terminal emulator occurs over the tn3270 protocol and this is IBM's way of adapting to the prevalence of TCP and personal computers in the early 80s because before that mainframes are accessed using a dedicated terminal that was physically connected to the Mainframe over coax cable so IBM solution was to wrap their existing 3270 data stream in telnet and call it tn3270. so this allowed mainframes to be accessed over TCP using a terminal emulator on pretty much any device that supports it so you can analyze this traffic in Wireshark just like you would any other protocol in fact Wireshark has a dissector for tn3270 and you can even
begin to uncover sensitive information in Hidden Fields this way but in order to make some of the more interesting test cases possible we needed a deeper understanding of the protocol fortunately everything we needed was in chapter 4 of the reference manual so there were two characteristics that made the majority of our test cases possible start field orders and field attributes an order is just a byte and the 3270 data stream that tells the terminal how to render the screen so this is a field this is where I want you to position that field on the screen each order corresponds to a specific byte value so in this example the first byte is equal to the byte the hexa value
11. so we know it's a set buffer address order which sets a Field's location in the screen buffer the next two bytes are just parameters for column and row that indicate the exact position on the screen but the byte we're interested in is the start field order because not only does this indicate the start of a field it also indicates the start of a field attribute which is the byte right next to it so in order to illustrate why these bytes are important I'll continue the web analogy so whereas a web browser renders HTML that's transferred over HTTP a terminal emulator renders a 3270 data stream that's transferred over tn3270. and we like to think of the start field
order as an HTML input tag and the field attribute byte as HTML attributes for hiding and disabling and input Tech so let's focus in on the field attribute byte each highlighted bit in this byte has something to say about how that field is displayed on the screen so the bit in position two determines whether a field is protected or unprotected the bit in position three determines whether a field is numeric or alphanumeric and the bits and positions four and five work together to determine whether a field is hidden or displayed so we were especially interested in bits two four and five because if we could intercept this traffic and flip these bits so that protected
Fields become unprotected and hidden Fields become visible you would have viable test cases for hacking made from applications and we get to share this research with you today because it worked before we get into the demo just a quick word on encryption our tool sort of works like burp Suite so we're in between we're sitting in between the Mainframe and the emulator we're just traffic we're proximating traffic between the Mainframe and emulator so we negotiate TLS with the Mainframe but because the emulator emulator is listening or connecting via loopback we don't actually negotiate TLS with the emulator and it doesn't enforce the need for encrypted traffic this is why we can intercept this traffic or analyze this
traffic through Wireshark because it's plain text the connection between our tool and the and the emulator so yes while tn3270 does support encryption it doesn't actually prevent any of our test cases all right so we're just about ready for the demo um before we do uh we'll show disabling field protections we'll show uh revealing revealing sensitive information in Hidden fields and then we have some bonus attacks we'll iterate through all known transaction IDs and then we'll Brute Force some application level secrets so a little word about the demo as we mentioned if you wanted an emulated version of zos for your personal use you're going to pay about six thousand dollars a year I did mention that there
was an open source solution and that solution is mvs 3.8 due to historical legal reasons it is a perfectly legal open source version of an older Mainframe OS that you are able to run on your machine and it's used with an emulator known as Hercules there's a few ways to get it the two primary ones and I have the links there the first one is TK4 and what this is this is essentially a zip file that you just download on unpack and run a shell scripts and you have a Mainframe up and running the other one is Docker container from mvs Community Edition and this is the one I do recommend using because with it being
the Community Edition there have been numerous quality of life changes added to three point to MBS 3.8 to make it much easier to use there's tools that have been added libraries that have been added programs that have been added so it's just a much easier to use version of MBS and again it's wrapped in a Docker container so just docker and you're good to go now that gives you your your Mainframe that's like okay now I can log again and play with it I can learn with it but you can't do anything that we're going to demo with just this so we reached out to Soldier 4 trainer and we said hey we need a vulnerable kicks application but
we don't have the knowledge to do this ourselves uh can you help us out and he's like yeah I got you man and he created dvca which is damn vulnerable kicks application this is along the same lines as web application thick application it's just an intentionally vulnerable application for you to play with it comes also in a Docker container and that Docker container is the mvs CE with this application bundled in it so you just pull this start it and you have a vulnerable application ready to go but then you need to use something against that vulnerable application and today we're releasing the tool that we've been working on for the past year uh hack3270 so this is essentially burp
for 3270 traffic it allows you to intercept all the traffic and manipulate it in any number of ways so you can read the hidden Fields you can disable protected Fields you can change each individual attributes it has full logging capabilities including a CSV export so if you're on a penetration test and you need those artifacts for for the test you have all of that available for the client um it also has Brute Force capabilities so you can iterate through Aid Keys you can iterate through um passwords ticks transactions whatever so it's we think a fully featured tool that is available at the URL down below you can go download it today and start playing with it
uh so we're going to try and do a live demo 3270 is notoriously finicky especially over a Docker container and live demos you know we're always subject to the demo Gods which in fact they've already hit us because we can't do mirrored so we're going to have to look at this while we do our demo so wish us luck
the battery restart phone hold on there we go okay this is going to be fun so I'm going to start the docker container
so with our tool
s so with our tool so we start it and we give it the server and Port that we're connecting to and then the listening Port so in this case we're connecting to the docker container on Port 3270 and we're listening for connections on 32.71. all right so all right so now this is the equivalent of burp uh when you have intercept turned on it's waiting for you to send something through it and allow the traffic to go through so now I'm going to connect to that and I'll just change all right so it has detected the connection it says okay hey I see a connection on 3271 let's let's go ahead and do this so I click continue
and you can see that we are now on the docker container and again I apologize that we can't mirror this but that should be the last time I have to move anything over all right um do this there we go okay so the tools running we're processing all traffic through the tool I'm going to log on
and this is our vulnerable application and John's going to go ahead and walk through the next part
all right this is going to be a challenge but we'll get through it all right so dvca is a generic application for ordering office supplies this is the main menu we have three menu options the first option allows us to order those office supplies
okay so here we have printer paper we have a three-hole paper puncher we have some Rose we have a 24 karat gold MacBook Pro all right so I'll go back to the main menu and menu option two allows us to edit the shipping address that those items get sent to right but notice that in order for us to edit this shipping address we have a supervisor code that we need to get past all right so we'll get back to the main menu menu option three is just a an order history so I'll go in and notice that we haven't ordered anything right here yet right so let's order something but before we do that we have to get past that supervisor
code so I'll go back to the shipping address menu which is menu option two and I'll start to make some updates here I want to actually go through all this it's really hard and see from here um but let's just make a couple of updates here all right so instead of sending that to Jay we'll send it to me we'll just update this to the hotel okay let's change this to
okay
all right I'll just change this to last here let's leave that 'll be the last update I make here all right so we have made some updates to our shipping address but if I try to enter this and persist this transaction we'll get an error right so it says invalid supervisor code which appears to be a four digit code so in if you were using burp you would probably use something like Intruder right and burp in our tool we have um inject and we have inject into fields tab
it's on the other side all right okay so we have this inject into Fields tab so the first thing we would do is we would select our payload list so in this case we would typically have a list of 10 000 payloads right or injections one for each permutation of a four digit supervisor code we haven't Abridged uh payload list for the purpose of the demo so I'm just going to go ahead and select that
so the next thing you would do is select the injection field right so we would click setup we would select a mask character you can customize this we'll leave it at an asterisk for now so I'll go back into the app and I'll change the supervisor code to our mask character so we'll do four asterisks here so our tool is asking us to submit a sample transaction using the mask character right so I'll go ahead and do that and notice now the tool was able to identify the injection field and it indicates that it's now ready for injection so I'll go ahead and press inject and notice you can see here all the permutations that it's iterating through
So eventually it'll hit the correct supervisor code okay I can't quite does it say it it works all right cool all right so we were able to brute force that supervisor code and make updates that were not authorized to do so so that's our first test case we'll go back to the main menu now that we've updated our shipping address we can go in and order some office supplies so I'll get go back into menu option one and let's order that 24 karat gold MacBook Pro so it's 20 000 right it's a little uh bit past our budget so it'd be nice if we could edit that field right like in a web app you'd
probably use developer tools or just proxy through burp and make those updates and hopefully get some authorization bypass within our tool we can use the hack Fields tab track that back over again
okay so the hack field tabs we have a couple of options here the start field start field extended and modified field we're effectively telling the tool which start field order to parse currently we have all of them selected by default and then on the left side we have disable field protection enable hidden fields and remove numeric only restrictions so here that that's where we're flipping those bits in the field attribute byte and we have some other options here for the field intensity to highlight those fields that we're modifying so we can toggle this now enable hack fields and I'll go back to my tool and I'll try to make some updates here right so I'll change this field which is
a protected field and I'll update it from 20 grand to something a bit more reasonable right like a dollar so because we've enabled hack Fields we've disabled field protections so now if we hit enter okay right so I have to go down indicate that yes we want to purchase and then hit enter and I we we were able to purchase that MacBook Pro yeah okay let's update this again okay okay so now hopefully we were able to purchase that MacBook Pro for a dollar or not 20 grand so I'll disable hack Fields now and I'll go to the next item see what we have so we have an ancient Golden Idol right so if I try to purchase this
I would get an error indicating that it's denied right where we can't purchase this golden aisle so I'll enable hack Fields again and notice we have this hidden field right so if I toggle toggle it off we don't see that feel I talk right on we do see that field and it's a field that seems to indicate whether or not we can purchase this item so I'll change this from yes or from no to yes
purchase the item and now we're able to purchase an item that we were previously not authorized to do so I'm going to disable hack fields and go back to the main menu
okay and we'll go into the order history to see some of the work we've just done all right so it looks like we purchased the MacBook Pro we were able to purchase it for a dollar and then we were able to purchase the ancient golden idol despite it being um not purchasable so wouldn't it be nice if we could cover our tracks and delete this order history all right so we'll go back to the main menu
sorry again it's hard to see yeah we can't
all right okay so we're back at the main menu we'll enable hack fields and notice now that there's a hidden menu option for deleting our order history so we'll go in we'll select that menu option okay we'll hit enter and now we deleted all of our records from our order history so let's go back in and confirm that that's the case okay menu option three and there you have it we were able to cover our tracks we've deleted all of the order history okay so up until now we've demoed disabling field protections enabling hidden fields and brute forcing known application level secrets right so the next test case we'll be using the using the inject key presses tab let me
see if I could bring this back over again
okay so if we recall from earlier I mentioned that there are about 35 attention identifier keys that send data to the Mainframe right so we have the enter key the clear key 24 function keys and I think three program access keys so what we're doing here is we're iterating through all these known attention attention identifier keys in hopes of finding hidden or functionality so because these applications were potentially developed decades ago and because keyboards today don't necessarily have these physical Keys it's not a stretch of the imagination to think that Mainframe developers and operators could have hidden functionality behind some of these keys not necessarily out of malicious intent but just to facilitate systems maintenance so I'll go ahead and press
the send Keys button yeah yeah I'll do that I'll let that run we'll run it on this screen
okay and we'll go back to the main screen and we'll run that again notice some of these options are not selected that's because if some applications if you iterate through the clear button for instance it'll just log you out of the out of that application so we've unselected some of these but of course you can toggle those as needed so notice we found this hidden screen within the application Within dvca by iterating iterating through all known Eight Keys so we could use the logs tab if we do have some logging capabilities maybe the last time we have to do this
okay so we do have some logging capabilities here we have a column for just for that ID that traffic ID we have the timestamp we have an indicator on whether that traffic was sent from the server or the client we have a length that you can use to check for discrepancies in a response from the server and then we have some notes regarding that that traffic so all what sort by ID here you can sort by these columns and notice that we have the traffic that we set while we were iterating through all known transaction IDs so you can actually click through some of these entries here and if you clip all if you click on the server response it'll
actually update the screen on the terminal emulator so you can see what was sent during that specific entry um so in this case you would click through you can see what was going on during that attack so here is sending um the program access key one program access key two three and then you can click on these and you know see which one led to uh a successful attack see which one led to discovering hidden functionality in the application um you could also just check the length right and check for discrepancies in the length and that can be an indicator of some hidden functionality there you could also you can also scroll down you can see whenever you toggle the
hidden fields or hack fields you should be able to see that here okay so here hack Fields was toggled off here hack Fields was enabled you can see exactly which um start field orders we were parsing which field attributes got modified all right so we do have extensive logging here that can substantiate your security assessment on on a kicks application you could also use this if you're during your peer review process right if your peer reviewer wants to review what another tester did this would be a good place to do that so the last tab here will demo yes this this is the last screen um so we have a statistics tab that again you can use as a quick reference
to see what was tested during that engagement and you have some stats here regarding uh the number of attacks that were performed and the server IP address you connected to and so on and again this can be used as an artifact to substantiate your assessment so if that was our demo um we'll now we'll cover some closing thoughts before we wrap up all right uh so as you said some closing thoughts uh mitigations their IBM does have a 3270 IDs but we wouldn't recommend using it for reasons that we're about to get into what we would recommend using is rack F or some other authentication and authorization system those systems do have the ability to protect the
transactions at the individual transaction level do not rely on hidden Fields so don't hide anything in Hidden Fields you don't want people to see these are all things that we have seen on real world engagements and then secure your attention identifier keys so don't have any hidden functionality developer functionality back doors whatever in those keys thinking that people can't get to them uh a quick word about the IDS so there are two versions of the IDS there's the BMS intrusion detection service which is implemented at the kicks region level unfortunately it can only detect attacks that were done through applications developed using BMS maps and we have seen a number of kicks applications that were not and in those cases this is
completely useless the other one is the vtam 3270 IDs and this is set at the communication server level so it affects every region on that server but it is a massive resource hog so much so that when we tested it and worked with them they were like this we can't use this it takes up too much resources and on top of that they both have the same flaw of false positives because they can't determine malicious traffic from Just Junk traffic so they'll add in frequently or send a lot of false law false alerts so it's just not really a good uh IDs to use and even IBM doesn't recommend using it in the documentation the key takeaways we want you to have is
that Mainframe Computing is not a dinosaur it's alive and well it's a critical piece of our modern infrastructure and they're not necessarily as secure from exploits there are ways to do attacks and everything that we showed you on here we have done in real world kicks applications there are now open source solutions for you to learn this stuff and now an open source tool for you to do this testing on your own uh we do want to give a special thanks to Soldier Fortran not only did he develop the DVC application for us he was kind of a mentor to us for a lot of this stuff um so he has literally hours and hours
of Talks on YouTube just go search for him on YouTube and you can find so much information uh this is our contact information feel free to reach out to us for any questions that you may have and there's a link again to the GitHub repo with the tool and uh thank you very much together [Applause] it looks like we have like two or three minutes for questions if anyone has one
two two quick questions sure um how big a deal is Linux in the Mainframe world now I'm sorry how big a deal is Linux I've seen IBM saying hey we run Linux life is good yeah they have USS which is the Unix um uh interface and then they have Linux on Z and it is gaining prevalence um I mean we still see TSO a lot and that's still one of the main interfaces but Linux on Z is definitely gaining ground is it emulated or does it run natively it runs natively it's it's something you would install on the lpar like you would Z OS and and my second question is is epsidic still like the the everything is apps
today everything is absidic yeah so that was uh that was kind of our first clue when we were doing the Wireshark analysis and we were able to decode it using exidic and then that was kind of what led us down the rabbit hole but everything over 3270 is episodic yep lovely thanks a lot great sure thank you all right well thank you very much thanks everyone [Applause] [Music] thank you [Music] foreign [Music] thank you [Music]
foreign [Music]
[Music]
[Music] foreign [Music]
foreign [Music] all right [Music]
[Music] thank you
[Music] foreign [Music] foreign [Music] foreign
[Music] foreign [Music] [Applause]
[Music] thank you [Music] next time [Music] [Applause]
[Music] thank you [Music] thank you
baby [Music]
[Music] foreign
I don't wanna overthink it baby [Music]
[Music] yeah whip up my appetite [Music] but I don't wanna jinx it baby [Music]
[Music]
[Music] foreign [Music] don't leave me alone baby [Music]
[Music]
[Music]
oh oh oh [Music] oh [Music] my God [Music]
[Music]
[Music] thank you [Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music] [Music]
[Music] foreign
[Music]
[Music]
[Music] foreign [Music]
[Music]
[Music] thank you [Music] foreign [Music]
[Music] foreign [Music] thank you [Music]
[Music] foreign [Music] happy birthday [Music] thank you [Music] foreign [Music] foreign [Music] foreign [Music] foreign
[Music]
[Music] thank you [Music] foreign [Music]
thank you [Music] foreign [Music] foreign [Music] thank you [Music] foreign [Music] foreign [Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music] thank you laughs [Music]
[Music] thank you [Music] all right [Music] thank you [Music]
[Music]
[Music] thank you [Music] foreign [Music] foreign [Music]
[Music] foreign [Music] foreign [Music]
[Music] [Applause]
[Music] foreign [Music] thank you [Music] [Applause]
[Music]
[Music] thank you [Music]
baby [Music]
[Music] don't leave me alone [Music]
[Music]
giving me the rain some kind of butterfly baby [Music] [Music] oh but I don't wanna miss you baby [Music]
[Music]
maybe you'll give me five years I'm gonna butterflies [Music] don't leave me alone baby
[Music] foreign
[Music]
[Music] oh oh [Music] [Music]
[Music] foreign [Music]
thank you [Music]
[Music]
[Music] foreign [Music]
[Music] foreign [Music] foreign [Music] [Music]
[Music]
[Music]
[Music]
moving on
[Music]
thank you [Music]
[Music] foreign [Music] foreign [Music] foreign [Music]
[Music] foreign [Music]
[Music] all right [Music] oh yeah [Music] thank you [Music] foreign [Music] foreign [Music] foreign [Music]
foreign [Music]
[Music]
thank you [Music] foreign [Music]
all right [Music] foreign [Music]
foreign
[Music] foreign [Music] foreign [Music] thank you [Music] foreign [Music]
[Music]
[Music] foreign
[Music] all right [Music] thank you [Music] thank you [Music]
[Music] foreign [Music]
[Music] foreign [Music] foreign [Music] foreign [Music]
[Music] thank you foreign [Music] [Applause]
[Music] foreign [Music] [Applause]
[Music] thank you
foreign [Music]
[Music] appetite don't leave me alone [Music]
[Music]
giving me Wind and Rain some kind of butterfly baby [Music] [Music] but I don't wanna miss you baby [Music]
[Music]
maybe you'll give me [Music] away guess I'm gonna butterfly baby [Music] don't leave me alone baby [Music]
[Music]
[Music]
oh oh [Music] oh [Music] oh [Music] my God [Music]
guys
[Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music]
[Music] foreign [Music]
[Music] [Music]
[Music]
[Music] moving up
[Music]
[Music]
[Music]
[Music] foreign [Music] thank you [Music]
[Music] thank you [Music] foreign [Music] foreign [Music]
[Music] oh yeah [Music] thank you [Music] foreign [Music] foreign [Music] thank you [Music] foreign [Music] foreign [Music] thank you [Music] thank you [Music] [Music] foreign [Music]
foreign
[Music] foreign [Music] [Music] thank you [Music] foreign [Music]
hello b-sides thanks for making us a part of your lunch break I know we're all excited to be here but do not forget to feed the body as well as the mind out there and definitely don't forget to hydrate this is Vegas uh for those of you who are ready to fill up your brain however if you still have a little room uh left after the last day and a half of conversations uh we uh would like to ask you to join us in welcoming uh security besides own Karen elizarry a senior researcher at Tel Aviv University and a founder of b-sides Tel Aviv in a conversation with Jen easterly the director of the United States cyber
security and infrastructure Security Agency put your hands together [Applause] you ready to do this all right all right all right so thank you so much for joining us here at besides Las Vegas Jen and hello to our friends watching from overseas we are coming to you direct from besides Las Vegas here in beautiful sunny peaceful but not so innocent Las Vegas so we have we have here with us I believe for the first time at besides Las Vegas director Jen easterly from the sisa agency Jen has been with the agency for two years she was appointed by President Biden and then unanimously confirmed by Senate to the position just about two years ago so a happy work
anniversary and we are I am personally Beyond thrilled to have an opportunity for a conversation with Jen or director easterly but I like to call her Jen if that's okay please call me again and I am Circa 200 or 300 of my best hacker friends that I just haven't met before so for me coming to hacker summer camp coming to these events and definitely besides Las Vegas is the opportunity for the conversations that we don't get to have anywhere else so I appreciate the opportunity thank you for being with us and I know we're going to have fun I'm not sure we're going to take questions from the room depends on timing and if we can accommodate for that but I just
want to get started by asking you Jen if you can tell us in your own words why are you in Las Vegas this week I know it's not for the Fantastic weather or great food so why are you in Vegas this week I heard yeah I heard it well actually the b-sides but there's Katy Perry I heard about that yeah you got the cat ears so you're ready coming in the Katy Perry concert and I figure there was other stuff going on um well first of all it's great to be with you my friend we were supposed to do this at besides in Tel Aviv and then the weather was again flights and the weather got against us so I'm so glad we
could reprise it here in Vegas so uh why am I here because like this is our community right at the end of the day I think Roger somewhere just came up to me and said you know I love that you come to these things because it's hard necessarily to get time with government officials and so you know I really see the hacker Community as our community We are the champions for the cisos we are the folks that need your help your creativity your Ingenuity you know I have to say I just love that thing I don't know if one dark one is out there but I love the design one dark one is the designer Melanie she's been doing
the designs for besides Las Vegas and many other security and hacker events for more than a decade so we're going to give her uh let's give her a round of applause making sure she's been making sure that hacker events and our community events get the color the passion the recognition that we want so it really helps I I don't know if she wrote this but it's but the themes are the solar Punk themes solar Punk demand Utopia fight dystopia you resonate with that message I do resonate with that fight dystopia in particular but it represents the hacker mindset self-taught curiosity do-it-yourself resourcefulness right to repair autonomy and moral conscientiousness amen yeah is that I I
agree with those values and I think uh it's fantastic that you know that's what I'm here I I believe you're uh quite definitely one of the first uh sisa direct one of the first government officials to come out to embrace the hacker community in such a way I remember vividly about a decade ago when General Keith Alexander was the head of the NSA and the Cyber command and he came out to engage uh with the community and he said in this room right here is the talent our nation needs and people responded then stop arresting us please so a lot has changed in the past decade and I think that the role of friendly hackers of security researchers of
community initiatives has been it's never been as important as it is right now so Jen would you like to share with the with the room some of your thoughts about what sisa is doing to help prepare the nation and corporates from the ever-evolving threat landscape hold on it's a drinking game every time I say ever evolving threat landscape I must drink it's just water don't worry it's just water mostly water okay but then again a lot of beverages are mostly right somewhere yeah um so cesa does everybody know what this is pretty much yeah okay so we're the newest agency in the federal government but uh we're coming up on our fifth birthday uh as Karen said I've been in the job
for a little over two years but you know we were created to be America's civilian cyber Defense Agency and the mission is to understand and manage and reduce risk to the Cyber and physical infrastructure that Americans rely on every hour of every day and you know when you say critical infrastructure people think it's kind of a technical term but at the end of the day it's the water we drink it's our health care it's our education our transportation our communication how we get money from the bank and and gas from the uh the uh gas station and so this really is about protecting the networks and the systems and the businesses that we rely on every day and
you know frankly the vast majority of it is owned and operated by the private sector and sisa is not a regulator we're not an Intel collector we're not a law enforcement agency we're not military we are a voluntary partnership agency and we know that the current sea of partnership is trust and so every day it's about creating trusted Partnerships across the federal government but more importantly with all of the owners and operators critical infrastructure the research Community the hacker Community the threat the threat Intel Community State and local and so that's what we do every single day to help protect the nation and you know frankly one of the things that we are very focused on
during our time at black hat and Defcon is resilience so when you think about the evolving threat landscape well you want some of my drink maybe I'll drink are you better off with that trust me you think about the evolving threat landscape it is my belief given the interdependence given the vulnerability given the connectiveness everything is digitized now frankly it becomes more and more difficult to prevent bad things from happening to prevent disruption from happening and so we're doing a couple things on this first we are really trying to catalyze a revolution to go Upstream so we're not bolting on Security Solutions but actually creating technology that is secure by Design so that is the only way I think we can get
ahead of threats that are becoming more and more sophisticated well-resourced and criminals where the bar to entry is getting lowered and lowered but I also think we need to recognize even as we catalyze the secure by Design Revolution bad things are going to happen disruption is going to happen so the most important thing we can do is to be resilient to it what does that mean it means that we expect and anticipate that bad things are going to happen we build our plans to expect and anticipate bad things are going to happen so that we can respond effectively and recover to mitigate risk to our businesses to our networks and frankly to our country just knowing some
of the threats that are out there and I'm very excited in a couple hours I'm going to be doing a keynote at black hat with my Ukraine counterpart Victor Zora and I hope he talks a lot more than me because he has so many Fantastic things to say about what the ukrainians have been doing to build their resilience and not just cyber resilience but their operational resilience as they're dealing with an onslaught of cyber attacks but frankly barbaric Connecticut tax from the Russians and they're able to continue to keep going and frankly societal resilience right I mean this is a people that have stayed unified incredible courage incredible focus on beating the adversary absolutely and I
do hope you have a chance to catch this keynote later this afternoon speaking about out Ukraine we can learn so much from what's Happening so of course we should help or do what we can to help but some of the phenomena that I've been tracking is or are things like the Ukrainian cyber Army which is basically a partisan group of hackers and volunteers helping defend Ukraine from Russian attacks helping spread the helping fight this information and spread accurate information online and through a variety of other ways supporting what's happening there so this is very important now Jen I'd like to come back uh to the conversation here can you tell us a little bit more about
secure by Design because I think this is it's not just a slogan this is a very important initiative that you're driving and I believe Security Professionals need to be aware of that yeah thanks for asking let me just set this up a little bit because I think everybody in this audience and can people hear me I don't know if this thing's working yeah in the back all the way the cheap seats in the back right I'm kidding there are no cheap seats it's a sold out event so I mean in these very sophisticated audience so look we know go back 40 years sort of the short history of the internet and let's pick 1983 when tcpip was implemented so
computers could talk to each other right since that time security was never ever ever thought about for the internet right it wasn't created it wasn't designed to be secure as Dan Kaminsky said the the internet was designed to move pictures of cats and it's very good at moving pictures of cats so from the early days security was not thought of and then you had the explosion of software and that was all about speed to Market and driving down cost and cool features it wasn't about security right so you now have an internet full of malware you have software full of vulnerabilities and we had the age of social media where everybody thought it was cool to move fast and break things
I'm okay with breaking things but frankly we also have to fix things so we have to build things right and that's what I love about hackers is they're not just about breaking they want to break into things so that we can also fix things right it's where you talked about in your Ted talk about the internet's immune system absolutely right you break things with that mindset to get things better and better but we had social media which was never supposed to be secure right and so now we have a lot of misinformation disinformation and quite frankly and I say this as a mom we have a lot of mental health issues for our kids from some of the issues around
social media and here we are going into the world of artificial intelligence and there's a lot being talked about this week on artificial intelligence but it's the same thing you know everyone's rushing now that we've got this incredible capabilities coming the explosion of large language models three times the speed of Moore's Law so moving incredibly quickly but how can they project secure it down to that thing to think about building Security in on the front end this is about Innovation but it's about responsible Innovation so to sort of set that up we were talking at the end of last year with some of my teammates jack cable well-known security researchers some of you might know him
Bob Lord on my team was the ciso for Twitter and the DNC Grant Dasher joined us from Google Lauren zebieric joined us from Harvard so basically we're building the Justice League yes we are the Justice League you're missing Wonderful by the way I think you're a Wonder Woman by the way I am also here to do some recruiting so definitely come see us at our boots
even tattooed myself because I love systems so look at this commitment to recruiting hackers exactly a QR tattoo that's never been I don't think that's ever been done so it's fantastic so you have these amazing talented individuals they came they really catalyze this so they came up with this principles and approaches to secure by Design secure by default we rolled it out in April I gave a big speech just before we rolled it out at Carnegie Mellon which is fantastic and I have to tell you the response that we've gotten from the community to include industry has been incredible and so we've done a lot of listening sessions for all you out there we're doing a red pen session at Defcon
so please please please stop by we really want feedback hold on Jim what is a red pen session it's not a red team session it's not a pen testing session okay so those are the terms our hackers and security researchers are familiar with what is a red pen session are you Red teaming and Pen testing a document
you don't like and maybe check mark what you do like right so this sounds like a very interactive opportunity to actually influence your team and transactions you're testing a pen you're testing the pen so that's a literal Joe but this is an actual opportunity an interactive opportunity for you to influence exactly what what sisa and what Jen and her team are pushing so what time is this happening again it's out there I don't know okay I will now post somewhere in the Galaxy there's somewhere in the Galaxy exactly so let's talk about more opportunities for hackers feedback right like it's security I mean it goes back to you like your whole thing about immunity right
the more crowdsourcing we can have of smart people who are you know intellectually curious who are resourceful who want to solve problems we can be better together right at the end of the day and so I mean one of my operating principles in life is to treat feedback as a gift now like I don't really like if you're going to be an about feedback I don't love that but if it's like legit and constructive then I'm good with that as well so we really do continuously want feedback on our advisories on the products we do you know there's some stuff that's been done with our work that I think has made it better and better and it's been sort of
pivoted around in ways that I think can be more useful to the community so please give us feed back even if you're not in the red pen session please take a look at the principles on the website and give us um your thoughts she has what time for you all right what time is it Saturday at 11 where and at blackhead and Defcon at Defcon it's a Defcon I think you had like truth and lending I think you had to sign up for it ahead of time okay so I'll be there if you can come we'll like get more people in there so let's talk about ways that hackers thank you very much so let's talk about
ways that hackers can interact not just with the recommendations and guidelines but with the actual vulnerabilities that are out there in the world by finding vulnerabilities you know there's a um a law is it Linus's law given enough eyeballs or bugs are shallow have you heard this one before I hope I got the quote correct Linus from yes no it's Linus from Linux so okay yeah the originator of the Linux operating system so uh uh but Linus and Lucy is like a Snoopy thing or a peanuts okay different okay different different American cartoon that I did not grow up on uh but we grew by the way we grew up in Israel on American cartoons but like 10 years
later so we we got stuff like in delay which is why I'm a junior Schoolhouse Rock yes I went to a Schoolhouse Full House Rock yeah awesome it's my passion cyber Schoolhouse Rock cyber Schoolhouse Rock All Right School session rockers so how can hackers report vulnerabilities directly interact with what the agency is doing what vendors and companies are doing when we still have so many of the Fortune 500 companies that don't have a vulnerability disclosure program or they don't have a security.text document somewhere on their website that gives out the details on who to communicate with I know that as part of secure by Design you have some of the language or that originated with my sister's work on
legalizing bug research and decriminalizing the work of hackers so can you tell us a little bit more about that because by the way Jen mentioned earlier jack cable for those of you unfamiliar with Jack cable he started his path as a security researcher with the hack the Pentagon program where he won all three of their challenge coins before he was a senior at high school so it literally changed his life protected his Nation created a trajectory for him to become a security researcher a fellow with the defense Security Agency a team member at Cesar you know so these types of programs I believe these types of interactions each person here in this room can be that next hero that you need
to recruit into the Justice League or to just use their talent to identify vulnerabilities so what can you do what can we do to help them help everybody yeah first of all is Jack out there I know he's in Vegas well he might be uh watching us a discrete locations and then so on the CBD stuff Ian decent is my teammate out there somewhere so he just gave all the way back so he just got you know one of the things I love about b-sides is this Proving Ground um thing you can do a new stage you just became his like first Proving Ground talk on our coordinated vulnerability disclosure so we run that for the
government and essentially we work between researchers and vendors certainly if they can't come together and that happens a lot to essentially work through that whole process to make sure that the vulnerability is disclosed responsibly that there's a patch we look at timing obviously because we want to make sure that there's not excessive exploitation once the vulnerability is disclosed one of the other really cool things that we did that I think is one of the most important things that the team did is what we call binding operational directive 2201 which is oh that's a catchy name this is the government so what we did was instead we called it the Kev the Kev known exploited vulnerabilities catalogs
anyone heard of that known exploitable vulnerabilities catalog that sounds like a person I'd like to meet the guy exactly Kev right and so the Innovation here was we all know that there's a ton of vulnerability and frankly that's what we're trying to do with secure by Design we should stop accepting that technology products come off the line full of vulnerabilities like we've normalized that in some crazy way and it is unacceptable so we want to make sure that actually we're lessening that but as we catalyze that Revolution the thing that we're focused on here is ensuring that people know in a prioritized way how they patch the most severe vulnerabilities so the Kev is essentially vulnerabilities that we know
whether it's through Intel or other sources that are being exploited in the Wild by threat actors and so it really helps with prioritization now it's only binding on the dot gov that where the operational lead for but a lot of private sector have taken that and looked at it and used it for prioritization so I think it's really important so it's becoming uh I think a lot of people yeah I'm chatting with Patrick Garrity from nuclear security another security researcher who did this cool thing I posted on social media he took the Kev and he did it in terms of like anyone know Piet Mondrian he's a Dutch painter yeah I put like a whole
like painter thing and I'm a frustrated art historian So Okay cool so it's like the Art and Science it's got cubes and stuff thing yeah the biggest ones or did he use any AI to create that I don't know he might have so that's why I brought up AI because I want to talk about it okay yeah so it was a very elegant segue so uh it's kind of impossible to not talk about the AI and um I'm really I'm Keen to hear your perspective and Cesar's perspective I know you're also tasked with election security which is an area you have a new member of your team focused on that with your senior advisor Kate Conley yes so
can you tell us a little bit more about Ai and generative Ai and how can we trust the information how can we trust the devices the technologies that we interact with and what sysa is doing in that front yeah so I don't think we can trust it okay that's part of the issue frankly this is all happening so fast these are powerful tools it's another form of technology which is why you think about the internet software social media AI it's another technology that we need to focus on building in a secure way so a lot of work going on to try and ensure we can trust it but frankly I think this is early days and that's why so much work
is happening both in the U.S but around the world in terms of getting our arms around trust and Safety and Security from a Sissa perspective we're very focused on three things for first of all how do we responsibly use these capabilities for cyber defense okay how do we assure AI systems I think that's very important to have an understanding about how to audit how to test some of these new capabilities wherever they're implemented and instantiated particularly as people start putting this in everything and then you know finally we're looking at the full range of threats to critical infrastructure because that's obviously our Focus but both physical threats and cyber threats and again stipulate that these
capabilities can do amazing things but they can also do amazing things for very bad people who I think will be able to use them for cyber attacks for chemical attacks for biological attacks so we have to cost that into what we're doing now my concern is incredible capabilities but they can also be used as incredible weapons indeed and it's not governments that are building these things and securing them it's Private Industry who at the end of the day are fiducially responsible for making money yeah to their shareholders to their investors so this is why the White House is looking to bring together the big companies and they've made voluntary commitments but voluntary will only take
us so far and frankly even if the big seven companies are responsibly innovating a lot of this is already out there in open source so I think we have to assume that there are going to be risks that end up happening which goes back to my earlier resilience Point resilience exactly right so what I want to go to now is we are almost at the end of our session and I regret that we may not have time to take everybody's questions but I do want to tell you that Jen and her team they're going to answer your questions online at least I'm not I'm not promising for Jen but you can certainly reach out and interact with
sisa in more than just in person right here but what I wanted to talk about is with regards to Ai and Trust one of the mechanisms to establish trust is to demand accountability and transparency right so we can trust but we can see what we can look at we can trust and one of the problems with the untrustworthiness if that's a word untrustworthiness of existing AI is that a lot of it is OPEC it's a black box you don't know how it works you don't know how it reaches the conclusions so transparency can be a tool and I know that one of the things you've been working on is radical transparency in technology do you want to say a few
words on that and then principles so there's three principles if you look at the document and we we didn't what do you mean the document the document that is principles and approaches for secure by Design it's on our website sisa.gov forward slash secure by Design so the principles that Jack and others created they're not technical principles right what we wanted to do was put this in the language of business because at the end of the day that the imperative has to come from the senior level to Resource the engineers and the technical people to ensure that they're creating safe Tech so it's all about business owners owning the outcomes for security so not placing the burden of
security on small businesses on individuals on app developers really at the end of the day you have to think about the Frameworks that are being put in place so that the big technology manufacturers who are creating these Frameworks in the big Tech that they understand that they own that responsibility for security outcomes too to your point Karen radical transparency you know it's my great friend Jeff Moss always says transparency creates trust and I'm a huge believer in that right always shining the light on what you're doing ensuring that people understanding that's part of the problem with some of these AI models is they're not transparent they are a black box and that's why it's incredibly important
that we as a community very loudly call for that radical transparency and we're starting to see that from some of the big companies who are saying this is where we're at in terms of implementing Enterprise MFA this is where we're at in terms of a road map for memory safety so we are calling for specific things please do look at that document because I would love love love your feedback um and so all all of these business outcomes the last one is that these outcomes need to be owned by senior Business Leaders again that is where the decisions get made and the resource decisions uh get done so we really need this to be taken on by the business
community so they can support the Tech Community to ensure that we're building Security in from the beginning absolutely so uh just about this AI topic there is going to be a Defcon a generative AI versus hackers hacking event or challenge I believe that's happening on Friday or Saturday Amit knows the details but check out the AI Village at Defcon if you are interested to become an AI security researcher and you don't know where to start I think that's a good place to start because that's not a job that's going to go away unless AI makes all of us redundant in which case we have other problems to uh to contend with so just to close this
off before they throw us off the stage thank you spam and thank you DT for hosting us kindly last you know last two minutes I want to talk about Workforce and I want to talk about how we can multiply uh we're definitely going to need all the humans that we can get whether it's to work alongside the AI systems or help defend the humanity that's left in us so b-sides I think is a big Community for bringing new people in there's the hiring ground there's The Proving Ground in Israel and besides we do a lot of recruitment efforts we recently did the hacker Riot event to bring 300 women into cyber security roles into their first cyber security
job can you tell us a little bit about how you and the agency are looking at the workforce issue if there's anything that you want people to know and maybe you want to remind them about your tattoo again yeah so look we hired 1330 people I think over the last what not 1337. oh you already had seven maybe it was 1337 yeah that would be a good idea that's going to be a good number so how did we do it because it's hard to hire technical talent in the government we don't want to be like the government right at the end of the day we want to have the kind of culture that attracts people who are
intellectually curious who are problem solvers the hackers right and we do that go to our website and look at our culture it's all about flexibility it's about creativity it's about inclusiveness because we believe everybody can contribute to solving the hardest problems for our nation so we've got multiple ways to join sisa you can join through our cyber Innovation fellow program you can live anywhere in the country and join us you can work on really hard problems so please come to our recruiting booths yes you can check out our QR code and takes you to very specific jobs that we've got open this week we're hiring I think 200 more and we'll do 100 more are we closing out our
hiring so please do join us um and if you have any questions at all in all seriousness I'm happy to stay after and answer I have one final question for you Jen yeah do the people work for you get to wear cat ears and have like fun colors in their hair and their nails like like props to DT because I saw somebody walking around with cat ears and I almost stole them from him and you like found me something thank you for preventing federal crime by yourself exactly all right all right so thank you everybody thank you Jen thank you so much please cargo b-sides oh sorry there we go cat ears are actually from our Chicago
b-sides uh uh organizer so thank you so much all right [Music] foreign [Music] thank you [Music] thank you foreign [Music]
[Music]
[Music] foreign [Music]
[Music] foreign [Music] laughs [Music]
[Music] thank you [Music] thank you [Music]
[Music]
[Music] thank you [Music] foreign [Music] foreign [Music] foreign
[Music] thank you foreign [Music] [Applause]
[Music] foreign [Music]
thank you [Music] foreign [Music]
[Music]
for my appetite don't leave me alone [Music]
[Music] giving me Wind and Rain some kind of butterfly baby [Music] [Music] oh but I don't wanna miss you baby [Music]
[Music]
maybe you'll give me five years I'm gonna butterflies [Music] don't leave me alone [Music]
[Music] foreign
hello everyone welcome back I hope you had a good time at Jen's talk or the Fireside um this next section is breaking Business as Usual by priyank but before we get started I want to do a couple reminders first of all is that um if you have a cell phone please silence it even the vibration can kind of be picked up by the mics if you have a question there's going to be a mic in the middle that's you can use that one that way it's recorded the people on the stream will see it and we'd also like to you know thank our sponsors we have our Diamond sponsor of the Adobe our gold sponsors our
prismacloud and Toyota and freetax a press attack um they're supporting the sport of all of our others and the donors who help us do this so with no further Ado and because we're running a little behind Priya Mike is working awesome welcome everyone uh welcome to my talk making business as usual we're going to talk about attacking Android Enterprise Solutions uh show of hands how many of you access work data on your personal devices pretty much everyone I believe uh how many of you know the policies which are being applied to your device all right let's find out so a little bit of background about me uh I'm currently a red team here at Microsoft uh previously I was in
Consulting and doing did some application security as uh sorry application development as well I mean spoke at various industry conferences I am interested in application security iot as well as English user at home I'm the blue teamer because my toddler is always trying to break things so I have I have the I'm the one who's preventing those so what is Android Enterprise it's basically a set of apis which are provided by Google for developers to build and Enterprise Management Solutions for Android devices and there are two two primary ways of doing this so there was like a company owned device which is also known as core pliable device uh and this device basically operates in a device admin mode where
your Administration administrator push pushes up some policies on your whole device that also applies to your personal uh profile uh personal apps as well as personal data uh and then this this is also known as the fully managed device and the and the newer uh thing is like the personally owned uh devices which is also known as a BYOD wherein you set up a separate profile on your work device and your company pushes the policies but that's only applicable to the profile of that device of the uh the work profile but not on your personal profile so the trend is towards the latter because it's usually cheaper for the organization to do this also they
don't have to deal with you know lost Insurance devices and stuff like that and the whole responsibilities now on the employee or the user of this device who's now going to manage certain things device admin is here to stay because some countries like China they still require uh they don't support that kind of a solution where wherein the the emm provider has to have root on the device as well so let's talk we are going to we're going to talk uh about the the personally owned work profile in this talk so all of those talks will be about that so this is how you set up when when you when you enroll your device you're gonna see that the company is
going to create a work profile on your device so this is Android specific uh what happens is the the application which initiates this is going to start the setup and then activate the work profile and then push the profile uh push the device settings on onto this profile so as you can see after this setup uh it's going to look like a basically like this right the the image on the right right so you can see there's like a walk tray and you can see all these work devices work apps and then on the personal tray you have all your personal investors so this is the and you can kind of pause your work profile and what happens is like
basically it turns off the work profile the work apps doesn't actually run when you when you turn it on uh turn it off and then you can toggle It on Back Again so let's get some terminology here so emm is basically the Enterprise Mobility management uh it's an application which allows it administrators to push the policies onto your device and also during the setup this is the first application which you download onto your app on your phone so and then so basically under the hood it's the device policy controller this is the class which Android Enterprise exports and then it communicates with the emm software so think like uh Microsoft intuned right or Samsung Knox
manage or uh you know mobile iron so you're going to have a device which you're going to have an application which is going to help you enroll the device and then on the server side it's going to communicate with the emm software where is your where your it admin is going to see all the policies on your phone as well as manage uh manage the policies as Suited so with that let's look at the threat model what could go wrong uh so we're going to talk about you know what would happen from you know uh the the threat model on a mobile device like so for example via system Communications like what if you install
a work app on a personal profile or personal personal app on your work profile you're going to look at network communications what are these connected apps how how to take care of the emm app security how to take care of the work application security as well as the final thread is about the root kits where if uh if your device is compromised which is like a big part of the threat model and why we are doing this but that is going to happen so look at look at this thing so you use a regular Play Store to side load a work app now what happens is like if you if the employee owns the device you can
pretty much sideload any application if you have ADB or something like that installed uh any any sign of debugger right some apps allow allow them to be installed as a personal profile so here's the thing like it's difficult to run compliance check on a personal app and only server side conditional access checks can prevent this so as an IT admin you need to ensure that work apps cannot be authenticated against your SSO endpoint to access Corp data if they are in the personal profile so that's like the biggest check you need to do and do not onboard Rogue work apps onto the system even there even if they are just accessing employee you know data like
email or name or stuff like that so that was like pretty straightforward but this is more interesting so the whole concept of separation of work profile and version profile is to give a separation between the data right there's a data boundary there however if you can just install uh as I said so basically what happens is like a a separate user is creating an Android profile so uh I'm rendered as a multi-user system right so uh for for your regular user your uid 0 and when you have like a work profile installed it's typically uid10 or in this case I I'm running it as 11 because I uninstall and reinstalled it so for example if I
install an application for that particular user that that application will be uh you know uh visible under the work tray as you can see I just installed Reddit under my work profile right so what happens is like the trust boundary the whole premise is now broken because uh I can now interact with work applications using the IPC like inter-process Communications I can access using uh accessor content providers their logs their even their storage uh Public Storage like documents and downloads and stuff like that so the trust bound is basically broken like in this case the work profile is pretty much useless so the things which ID administrators should be aware of is to whitelist the
work applications and run compilations checks periodically uh uh to have like whether non-approved apps are installed within the work profile and then depends on the emm provider uh whether you know so all emm providers are going to give you a list of work apps being already installed so you just have to run the checks and boot any any application which is not you know label so so as I was saying because the trust boundary is broken uh you can actually interact with any work uh you know work app there so by design for example most in most intents do not cross from one profile to another any personal app whether malicious or not cannot fire an intent to invoke
application because uh the the system doesn't even know that so and secondly like file URI so if you have like absolute path hardcoded in your application that's not going to work inside the work profile uh and then as I said the download and data directory as you can see it's basically another path so so I'm here logged in as root just to demonstrate but basically it's inside MNT user emulated uh user ID 11 and set download folder you can see that some work profile some work app has downloaded this file uh but if I installed a personal app inside a work profile that app can actually access this so basically the trust fund is broken
uh with regards to network communications uh they they basically have a shared networks network certificate store so uh people who are have been testing here for a while as you know you have to install a root certificate on Android to intercept any kind of network communications https and SSL enabled Communications as you can see a few install a system cert in and under this path which is like system ADC security C asserts uh and you can look at it it's trusted credentials you can see that this is the personal uh set of https certificate and you can see the work one and both of them are actually visible or active right because just because I installed it in the one
location so there is no actual separation between the certificate store which is like huge because if a malware is able to install a root certificate which is how typically malware install works rootkit is probably going to you know install a root certificate to intercept all the network communications and that's going to work for work profile as well so an emm provider may or may not detect this this like pretty pretty much uh you know very difficult to detect so we should be aware of this issue as well and this is by Design there's nothing can be done about it uh same about device logs device logs are basically a stream of logs via you can access a
locket work apps personal apps they all output to the same thing so if your work work application security is pretty weak uh a huge amount of data is being leaked in in the device logs as well so again this is inherited from Linux and this is by Design except that Android apps are like more chat here in their logs because you can see all the activities all the you know Network calls all this stuff depending on the work work apps you can pretty much see everything there and then there's like this special class of applications called connected work apps so as an end user you're going to see if you if you just navigate to
Settings app and special app access you're going to see connected work and work and personal apps so basically this is designed to break the boundary between these two profiles so for example in this current configuration you can see Google and gboard are basically connected so the keyboard which which you are using to access uh work applications and your personal applications are sharing data so again there is no separation at all so as an end user uh you you would want to disable them if you're not comfortable with data steering because this is going to be by default so at least Google ones are and and and an admin has to ensure that whether you're you guys are comfortable with these
defaults at all so as you can see those they they basically run under a different user so for example the co0 is running as a user ID 0 as I told you and this is like the user 11 which is the work profile it's the same uh app where it's run under a different context however they are still sharing data between each other so let's move on to the emm applications security itself uh so as I explained the basic concept of work profile is is the concept of a profile admin earlier there was device admin but there's a this is a profile admin which is actually if you think about it it's more like a super route
why because even profile profile admin enforces work profiles which cannot be bypassed even with root access so for example a very basic uh device policy which is enforced by EMF providers is the enforcement of a password password complexity right so on your device you're required to have like six digit numeric characters or alphanumeric or whatever whatever your all requires right as you can see even with root uh you cannot basically uh reset that so you see I'm root here and then if I just clear the uh you know the the lock screen settings that's not going to work uh if I try to set it disable disable the lock screen for that particular User it's it says that it's it's true but it
doesn't actually disable the lock screen so you see that even root access the profile admin settings cannot be bypassed and that is the reason why the emm application is very powerful here and so a runtime application self protection becomes very important here why because you could use Dynamic instrumentation tools like Frida to to hook into this emm application itself and if they are not doing any runtime prediction so you can basically change all of these settings from basically from them from the accessing all the methods of this DPC which sorry emm app from within memory and do and do stuff whatever you want so for example in this case uh I have hooked into the process so
this name of the application is changed to you know to protect the innocent but basically what I did was uh I I just instantiated a Java object with Native settings and you can see that the default password complexity is set as three uh I would just change it to two and you can see that it actually has worked there and then you can pretty much pretty much enumerate all the methods of an emm app and you can pretty much access any any method which a device policy controller uh exports so that's like the set of Android Enterprise apis and you can pretty much bypass anything there and then there are some other emm uh application features which we should be
aware of so for example sending logs uh via troubleshooting via email it breaks out of the work profile confinement because these apps have these design built you know built in and then one of the classic ones is authentication before device enrollment so when you start the device enrollment you have to authenticate to your org right and that kind of leaks your token because the device isn't trusted yet but you still have the token on the device so if the device is compromised in some way then that basically you know defeats the purpose and that's a chicken and egg problem right and then obviously you should check for device Integrity first because that's that's the you know solution there
and then there are like General application security config considerations for work applications now these are like you know General overs level security guidelines sensitive data storage network communications platform level stuff you know and again the runtime application protection as well uh you should also be it administrators should also be aware of alternate forms of authentication so for example uh uh so this is like his growing Trend that if work applications provide a different uh way of authenticating to your Enterprise uh for example linked devices right so you go to your an application which uh provides a web interface and you have a you can add authorized devices you can just enter the security code like six digit PIN onto your phone
and you're simply authenticated as that person so think of like WhatsApp web you know and stuff like that there was just one example but uh that basically bypasses your MDM restrictions why because you're not supposed to be authenticated before your device is enrolled right so ID Administration administrator should be aware of uh you know such applications and such applications should be booted off all right let's move on to the final threat uh which is like root kits so rootkits or users with root access which you should assume your users will eventually gain root access they can almost always await detection but can they access work data so it actually depends if the work profile is locked or
not so let's uh let's have a crash course on file based encryption on Android so the way this works is like because Android is a multi-user system they had to introduce this file based encryption earlier it was like device encryption where uh either the whole device is encrypted or not nothing is encrypted right and there used to be a key and there was like this whole thing about where to store the key and all that stuff but now with Hardware security modules it's becoming much easier to manage the keys and stuff like that so and and there's also this new feature called direct boot in Android where even when they're when they are when the
device boots up you can see certain applications are on by default right your alarm clock your calendar your stuff like that right anything which appears on the lock screen and until you enter your passcode none of the underlying file system is actually decrypted so so that's the de storage there's a device encrypted storage it's accessible that is accessible once the device is boot as after the user unlocks the device now credential storage is uh uh is like specific to the profile so you can you can unlock the device but your work applications might still not be accessible because those are being run under a separate user so that's the reason like a CE storage was created uh
and because the work profile is running under separate user you see uh id10 uh CE storage is only available after after the the work profile lock is unlocked so that gives us to brings us to an interesting uh you know default thing where basically once you enroll by default a one lock is enabled for work profile as you can see in the settings what what happens is like when the user unlocks the device the work profile is unlocked as well right so when you you just have to enter your passcode once and as you can see in the logs you can see the installed CE key for user 10 right and then so basically we're going
to trace these calls and see how this works but uh this one lock setting is basically makes it easier for attackers right and so remember there was like this functionality to pause your work apps basically what it does is it just throws away the CE key the credential encrypted key and it deletes it so what happens is like uh the directories the directory structure for all the work applications look like this which is basically it's locked and encrypted and until you set uh you know key in the passcode again it's not going to work however as you as I said because if it's just one lock the CE key even though it's uninstalled is you don't actually need any passcode
here so as we see uh you can you can still get access with root but not by directly accessing the keys as you as we're gonna see so I started tracing the calls like where is the dekey if the dekey is already installed that means the device has been unlocked at least once in its lifetime after being powered on but the CE key for that particular user is not so here's how it works it the lock setting service for Android these are all Android system calls it calls the storage manager service which calls volt which is like a volume volume demon and then it installs the CE key but I found there was like an easier path
which caused the request quite mode enabled method and basically when when you hit the pause or unpause work profile button this is the method being called basically so I'm looking at the documentation and seeing that the scholar must be either be if a foreground default launcher or have one of these permissions which is like manage users or modify quite mode now these are very powerful permissions so I don't think launcher has this so I'm going to attack the elite weakest link here right so so I just got hold of the launcher so by default on Pixel you have like the Nexus launcher right so uh I just hooked this process uh hooked this launcher uh and then initiate a a
call to the uh the request quite mod enabled method with the following parameters uh passing in the user Handler instance and the parameter which is the Boolean false and this works even in a backgrounded stage and even when the device is locked so I just reported to Google because that that's basically a lock screen bypass where you can access a work data even though the work profile was locked and the device was also locked uh they rejected it they're like oh this is not an issue why because foreground default launcher does not mean the launcher has to be programmed so I don't know what this means but if an attacker has a full full chain exploit
this is pretty much game like your work profile data is pretty much posted at this point
so and then talking about more threats from root crates which can actually prevent actual locking as well so if you hit pause on the work profile uh so consider the scenario like a device is reported as compromised or stolen right and then an admin initiates like a lock of the of the device so that you know any anyone cannot try to access the work data what what a root could do is like basically get a handle on the work profiles data directory as I showed you before like the directory which was encrypted and they could just like open random handles on the whole device uh what was going to happen is when you hit pause fscript is trying to lock and
encrypt all the device directories and that's just not going to work because there are open handles there so even though the UI is going to show that the work profile is locked the it admin is going to get a notification that the work profile is locked but it's actually not and anyone a rootkit or malware or a use of its root access can actually access this I reported this to Google as well again and then the answer is like they give me a pretty good decent answer about FS script how it works but basically uh this is how it is it's again inherited from Linux there uh moving on so if there are like separate locks so so these were the
scenarios where just is uh one lock is enabled by default for for the parent and work profile right uh so I just observed that the c key is installed on the first first unlock as we discussed right and the work apps are still running in background but uh so if if a device with a weak or no passcode remember that the device admin can only enforce Pro policies on uh work profiles right so there could be a you know a scenario where an administrator says that okay your personal personal device password could be a little bit weaker but your work profile has to be very very strong this this could still be an issue the
conclusion is that do not enforce only uh worked profile password because this can be bypassed there is a disclosure in process and it's pretty simple I can I can't discuss the whole exploit here but basically you you will be able to bypass it even even as a rootkit or as a user end user with uh root access there so uh so yeah for for uh like for it administrator do not unfortunately work profile password uh and of course know the difference so as I said that you set the password complexity on parent profile versus just on the work profile uh so this is under the hood this basically like the action Set uh uh action set new password prompts in
user for uh to set a workproof work challenge but actions set new parent profile password transfer user to set the device lock so you need to make sure that then this is also applicable to the emm work applications developer to ensure that which which API you're actually calling to enforce those all right so moving on if worklock is enabled can you interact with the work applications so can you like get simply call the activity manager and start any any of the work application service so the answer is like no because when when the phone is locked you're going to get errors like this where you know background start is not allowed service instant and then you know stuff like
that so basically the intent is not honored and so this is what I was expecting when uh when I was trying to initiate a pause or resume work profile from from the earlier exploit which did not work and they said that oh this foreground doesn't really work but there are uh they have mechanisms to block background apps especially when uh the device is locked and this is like a very powerful feature actually but probably we don't need to interact with these work applications uh interactively by using activity manager because if the device is logged and the credential encryption CE key is already installed it's pretty much decrypted on file system and what you can do is like
you could probably just uh you know enumerate the file system get hold of the tokens or anything like that and then simply interact interactively interact with the API endpoints itself right so you could still get access of work to work data over there
all right so moving on to the next threat how do what if an end user uh disables your work applications so imagine scenario where device policies compel you to install antivirus software or VPN software like you know stuff like that right defender or any anti-malware software and by design your end user shouldn't be able to uninstall those right because that's like bypassing a policy and also you're kind of risking the corporate data there on the device so the device policy manager DPM can enforce this via this method set uninstalled blocked however uh I found out a way to actually disable it so you can see that when I when I actually tried your disabilities in
package manager for that particular user using uh so I said read it as a mandatory application and you can see that you cannot disable the protected app but if you there is like a separate method it's like kind of undocumented but this is like pretty much known in the XDA community community that you can kind of use this instead of disable you use disable user and that would just work so that mandatory app was now effectively disabled I reported to Google and they were like uh they you know the it administrator should expect to you know block USB debugging by default and this isn't documented on their on their method so I'm like that's just stupid so whatever
so USB debugging is like really important and it Administration should enforce this at in all cases because a lot of settings are dependent on that so as you see this this works
all right and so from a privacy point of view you might want to make sure if Android ID is queried so Android ID is basically a 64-bit number unique to each combination of an application signing key a user and the device and this device may change into factory reset is performed or if an APK signing can get changes but post android uh 8.0 apps with different signing keys are running on the same device can no longer see that same user ID so so this is like one of the methods I was evaluating one of the emm application as I can say that you can see safety net is basically used to attest device Integrity on Android
and they can kind of query the Android ID for that application and this is like pretty much unique for between the installs all the other applications cannot use this but this is this is something to be aware of especially because in certain cases work profiles are supported from Android 5.0 until today but if if your devices are like 8.0 and 0 because there are like certain devices on the field which are like pretty much never updated right and they're using they're running Android so this is something to be aware of all right so mitigations and takeaways moving on to the last slide uh so developers of emm solutions so these as we discussed this is like the Achilles heel off you know
enforcing management policies and as we can see that even if by some measure we can debug the applications or perform runtime Dynamic instrumentation on the emm app it's pretty much by possible even with with or without Root right id administ id admins of these policies should be aware of certain policies where you know uh you can kind of fine tune the available options as I said like for example certain settings have to be enabled in order for other settings to be uh actually effective and the work applications developer has to follow the zero trust approach of developing secure applications so that's like the basic like the OAS security stuff right and the end user has to recognize and
accept the Privacy implications of installing a management profile on on your device so last but not least these are like the default settings uh you have to set all of these settings but there are like a few of them which are critical enforcement of other settings and the key point is like none of these are set by default right so for example I have like these major emm providers intunes or Knox manage and mobile iron uh the ones which we really want to care about is the the first three of them the USB debugging is disabled uh as you can see in in map in Knox manage it's allowed uh anyone anyone Team Mobile RN is also enabled
and you have to detect rooted devices so this is important for for malware and uh you know users who are able to act get root on the on the device right so you want to block those devices actively manage them Google Play Integrity product which is now the play uh play API safety net is now kind of deprecated is basically not configured on any of them so it's up to us to basically do this and then require antivirus anti-malware or antis fiber again none of this is Set uh microphone this was like one interesting setting but it was enabled for work applications by default on mobile iron so that was like very interesting to me
the other ones have not said and then minimum security patch level is like not configured so in a nutshell uh none of the security settings are set if you just click next next and deploy a policy you're like pretty much toast because none of those policies are actually going to have any effect there so with that uh I think we are end any questions
hard working
uh
concerns which is a shared and provides he recommend
yeah that's a great question uh for network security so they're like two things you can do I believe uh if you have I think at Microsoft we we enforce the root certificate requirement using Windows Defender and then that installs its own word certificate so you are only concerned about work applications right uh but I think if the device if the user already or a rootkit already has root access there's nothing you can do that's that's like you know what I'm sorry to say but because what is going to happen is because it is shared uh the key thread here was like the user installs a csart thinking that it's only going to work for personal
apps which actually is all your work work data is also going through there so that's like the keys right there but yeah if they they really want to do it they can do it I mean the the way to override is probably tunnel everything through BPM because I think then the local device settings are not honored yeah that's that's true for everything actually it's irrespective of our profile go ahead yeah um so same question but how would administrators block uh people trying to attack with Frida yeah so so you have to harden the emm application like anything so so for example we are homegrown application I think it's called company portal that's like really good at detecting whether
you are being runtime debugged so there are like a few ways you can do so you can enumerate the the loaded libraries within the application so you can see free.lib dot so like shared object right you could uh you could have like Canary checks within the memory of the application which is going to just uh you know change the the hashes of the library which which is which is being used they're like two or three of them I don't I don't recall all of them but basically you have to harden your application before before being uh you know shipped over to your users I hope that answers it yeah it's a difficult problem see that's
the thing right I mean uh the user actually owns the runtime so given persistent efforts they're gonna remember awesome thank you so much for coming to my talk [Applause]
[Music]
foreign [Music] foreign [Music] foreign
[Music] foreign [Music]
[Music]
[Music] thank you [Music]
[Music] foreign [Music]
foreign [Music] foreign
all right [Music]
[Music]
[Music]
thank you [Music] foreign [Music] thank you [Music]
[Music] foreign [Music] thank you [Music] [Applause]
[Music] foreign [Music] [Applause]
[Music] thank you [Music] foreign
[Music]
[Music] myself
[Music]
[Music] everything don't leave me [Music] but I don't wanna jinx it baby [Music] so stand up that's because [Music] thank you [Music] baby [Music] foreign [Music] this talk is beyond the perimeter uncovering the hidden threat of data exfiltration in Google Cloud platform this talk is given by or asphier and I just have a few announcements before we begin I'd like to thank our sponsors especially our Diamond sponsor Adobe thank you our gold sponsor prism cloud bluecat and Plex track it's their support along with the support of other sponsors donors and volunteers that make the event possible these talks are being streamed live so I'm trying my best we're trying our best and as a courtesy to our speakers
in the audience we ask that you check to make sure your cell phones are set to silent with that please begin thank you Greg
okay so hello everyone I'm so happy to be here at these sides and thank you for your time that you're coming here and listen and want to hear about gcpx filtration so my name is Orr by the way or means light in Hebrew not or in that and this is the longest title that you will ever see in besides so let's read it together beyond the perimeter uncovering the hidden threat of data exfiltration in Google Cloud platform or in short exfiltration in gcp so let's start so a little bit about myself my name is over spear I am the head of research at mitiga which focusing on incident response and cloud and SAS I have over
10 years of experti
Related talks
51:51
32:48
33:48
54:33
31:06
20:51