BSides Warsaw 2017 Sunday
Show transcript [en]
...against the security of the server, whether there is air conditioning. We can only either file an audit, which I assume in the case of smaller suppliers is to be done. I assume that if a small company said that it would like to audit Amazon, they would rather be laughed at. and that would be it. But at this point we have to believe that external companies have already done it and we are able to obtain such documents from them. But in fact, at the level of hypervisor, i.e. the virtualization layer, that's where the responsibility of Amazon ends. If we put here some operating system, whether it's Linux, Windows, whatever, then in fact its security is our duty.
- to another model, i.e. platform as a service, then the operating system does not care about us anymore. Here it is also provided by the cloud provider. Depending on the platform we buy, whether it's a database or an application server, this is all security. We can demand from the cloud provider and as we will see, they are more likely to get out of it. Our duty is to ensure the security of the application itself, so that it is well written. to ensure that the access is safe, so that data for logging and other things do not leak. And if we have a software as a service model, that is, we rent only a specific application, CRM, or any other, for
example, Gmail mail, or Microsoft Office 365, we don't care where the server is, whether it's Linux or Windows, and who patches the latest bugs, it's just a delivery man's duty. In fact, what is our duty, the safety of the last layer. And understanding this model is quite important if someone, first of all, plans to implement, because if he wants to buy a platform, infrastructure, he must have specialists from all these lower levels. So he must do it, he must take care of it, if he buys more, detailed services, it doesn't have to have Windows administrator, Linux administrator, because the provider will do it for him and usually does it quite well. Is this concept clear now?
Now, specific cases of what happened. In the last months, this topic was widely used in the security media, but here, going to specific cases. The first story is from December 2013. Sunday morning, hot because it's happening in Australia. Luke is a hobby developer, who also throws various open source projects. He wakes up and receives an email from Amazon that his account has been compromised. He logs in and gets such a bill. Luke is a young programmer, so it's impressive. He checks what's going on there, discovers that at night someone created 20 of the largest, most powerful virtual machines on Linux, and they've been working like this for two days. It immediately stops them, deletes them, leaves one snapshot to check what's going on there.
It turns out that someone who got into his account has been digging Litecoins for two days. It's not written with any great success, because it seems to me that it even gives the address of a specific pool in which it was bought, it probably no longer works. changes log data, writes to support. Here I must admit that support is quite easy to approach these failures, at least from what I found on the Internet, in most cases such payments for the unconditional use of this cloud, at least Amazon cancelled in most cases, at least in the cases they wrote about. What turned out later, that two days earlier, Luke decided to open one of his projects on GitHub,
which he decided was not and it can be useful for the community. He didn't look around what was there. It turned out that a few years ago, maybe not a few, but a few months ago, he just sent the keys to his Amazon account in the code of the application and they just stayed there. As for GitHub or other places, they have been scanned quite intensively for some time, who are looking for such things, as well as suppliers who are trying to do something with it. So, in a few steps, what could be done better? Maybe it's not about this particular case, but something that I assume is quite obvious for most people in this room, is to enable multi-factor authentication.
And in the case of most suppliers, it's very simple. We get an SMS or use a virtual token like Google Authenticator. One click in the console which is already done. Interestingly, as far as I know, one of the big IBM's developers doesn't yet have it available. What's next? It's obvious to change the password to something more advanced. Regardless of whether it's a super corporate account or whether we just created an account because we wanted to click and see what this cloud is all about. It is also important that in most large clouds, to create a test account, we must submit a credit card. And they check whether this card actually exists. If it's not a virtual card, I know I've
had quite a few failures to set up a test account on Microsoft Azure, because they checked if the card is not only current, but also test-tested, they withdraw one dollar or one euro to check if this account exists, so it must actually be a card that works. Mimo, że ktoś może wcale nie chcieć używać jakichś bardziej zaawansowanych usług, a ograniczyć się na przykład do części, które są dostępne za darmo. Większość dostawców ma albo jakiś okres, czy to jest rok, czy pół roku, kiedy z tych najmniejszych instance, for example, operating systems, we can use for free. We can not worry about it, because it is a test account, there is nothing big there. But if someone logs in, the bill grows, regardless of whether it
is our test account or not. What is interesting, these are requirements for the Amazon password. A few days ago I wanted to change the password and Amazon was very willing to accept the password 123456. I have a multi-factor authentication, so it won't work. I hope that the login won't appear somewhere on the presentation. What is still important is the route account. In case of cloud services, the route account is the main account that was used for the purpose. And in fact, just like in operating systems, maybe everything is uncontrolled. And just like in operating systems, it is a bad idea to use it on a daily basis. First, it should be well secured, and secondly, it should not be used.
Create accounts with more limited permissions, which will serve for the more everyday administration, and secondly, if we have a dedicated application, it would be good to use it. We also get log-in keys. Log-in keys are mainly used to log applications or scripts. We do not use password and user, We use the username and password, but the username is a long random string, and the password is an even longer random string. Therefore, we use such keys not in the code, but in additional files that we do not put on GitHub. And then, about users, if we don't use a root, we create an account. Here, for example, Amazon immediately, when we log in, says basic things like: remove root keys and don't use it,
create a multi-factor authentication account for the account, create users. And when we create these users, we can very precisely If we create an app or use an external app for backup, it should not have the right to create virtual machines. Why? Or it should not have the right to read logs from our account. Why? So here we can manage these users very nicely. It actually works similarly in every larger cloud. It is also worth changing these login data, for example. If they appear somewhere, there is a chance that they will not be used. And when it comes to these access policies that we can define, we can define them at the level of IP addresses. Script będzie działał na jednym określonym hoście
z jednym określonym adresie IP to dlaczego cały internet jakby miałby być dozwolony skoro można ograniczyć powierzchnię nawet jeżeli due to some breakage or other compromise of data to log in, these data will leak out. We can also, well, certain services, this is quite obvious, but a certain time, if we create a test account or for the need of some project, If we give them to someone, not necessarily 100% trusted, we can limit the time they can use the account for a certain time. Next thing is monitoring. Monitoring is managed by attackers, because they scan the Internet in search of this kind of keys. You can say that this is bad, but that's life. Amazon that your login data has leaked, as it happened in this case. I
didn't manage to get such an effect. I've put test keys on GitHub, on Pastebin and nothing. They're still there. Even in the deleted Pastebin, they're still on Google. Nothing happens to them, I didn't get any... um to log in. If we share a repository on GitHub, yes. I would suggest even if it is not a public repository, because it is easy to mistake the buttons and share something that should not be shared, and really quickly collected such data. If we work in a large corporation, we can also monitor users with some solution such as DLP, so that such keys do not - I have an example email from Amazon that someone got a finger stuck and
his keys leaked. As I said, many people write that something like that happened to them. I didn't manage to get such an email, although I tried. What is also quite important is that some people write on the Internet "haha" and I have posted on my Amazon account I have a prepaid credit card and it's only 1$. They can't do anything to me. And unfortunately it doesn't work like that. - to launch an account, so there is potentially some card there and they are able to identify the user who actually founded this account. Another story, definitely fresher, because from April this year, and definitely similar to the one from 3-4 years ago, really. The company All In Data from Amsterdam, probably. Its boss,
Walter, He is also a programmer, he recruits people who should know about cloud technologies. As part of the recruitment process, he gives candidates tasks in the Amazon cloud. They have to do something and send results to him. Other engineers check the quality, whether the candidate is sensible. It looks like a pretty cool idea for recruitment. Wolters created a separate account for this, so that nothing would happen to their main corporate account. What turns out, during one of the cases of reviewing the project sent by the candidate, it turns out that he placed it on public GitHub. What a surprise. And he forgot to remove the keys. The engineer who checked the app, tells Walter: "Be
careful, something like this has happened", but Walter ignores it completely. It's Friday, he still has a lot of things to do, it's a weekend with his wife, why bother with such stupid things? After the weekend he logs into Amazon account, or even longer than after the weekend, after a few nice days. And I get such a bill, almost 100,000 dollars, which is already a lot compared to the last three thousands. It makes a much bigger impression. If he checks further, he will change the data for logging, which reveals that in each region, the supplier created 20 of the largest machines and something is happening there. He did not write in his blog what was happening there, he probably did
not create any copy to reach but with a high probability, you can say that someone also dug bitcoins, litecoins or other virtual currency. It is a very simple business and over this short time it was possible to do something. He also writes to Amazon, he had a lot of different transfers, because he set up a separate account, but he started writing to Amazon from the main account, so It took a while before he removed the instances and received an Amazon promise. Later there was no follow-up whether the debt was forgiven or not. But I think that most companies would have seen such a bill and would have had an impression of our IT boss if something like this happened
in a few days. There are also a few simple things that could be done and in fact everyone who uses it should do something like that. The first are alarms. Alarms that can also be set in any cloud. If we are used to the fact that we will not use any paid services, we can set such an alarm for $ 1 or even for 0. And if it turns out that someone is using our infrastructure, or we made a mistake, because even among experienced engineers, sometimes it happens that in such a test project some instance is forgotten, or some VPN, which at this moment no one uses, but there is one or another one of 100 services offered by the supplier, which
theoretically does not use, is not expensive, but if it will be unused for a month, it will be a bit of a waste. In this respect, it is enough to set an alarm that if we paid 10 dollars, If it turns out that we have to pay 20, it means that something is wrong, some error or breakage. We can expect it. And it really is about the fact that the estimates for the nearest, for example, 6 hours are counted. If it turns out that if the infrastructure that is currently there will be running for the nearest few hours, such an account will be generated. So what for? Why pay for something we wouldn't want to do? What
is not included in the default CloudTrader, it is called in Amazon, Google Cloud Platform or Azure, it is called quite similarly, these are such audit and administrative logs. Who logged in, which channel, whether it was a console, whether it was API, what did my experiments with So it's important It is also good that users we use daily should not have the possibility to modify something like that. A very simple scenario: if we get, for example, the main route account, then the first thing the attacker does is log in and delete these logs. That's it. We can then go and look for the wind in the field, who entered there and what he did. So this part of these accounts
is quite important. What can we do with it? First, we can put these logs somewhere else, whether it's on some storage, some analysis or some other solution. We can also generate alarms if a user exists for some reason, but, for example, should not log in, then set an alarm that an email will come if he ever logs in. Another case. And recently it was widely discussed in the media, because it makes an impression, but from the point of view of security, as I will show you in a moment, it is very stupid. One of the researchers, in fact, the topic has been known since, let's say, 2013, and in fact, not much is happening in this topic. But I will
tell you why it is not happening, because it is not possible. One of the researchers who deals with the topic of storage in the cloud, i.e. in the case of Amazon, one of the flagship and probably the second service that was created in 2007 is Simple Storage Service, in short Amazon S3. It is a kind of, you can't say that it is a virtual disk, but something like that. You can put various objects there, files, you can also put a simple website on it, or backups, for example, which is quite popular. And one of the researchers from UpGuard, Chris Vickery, looking for various available resources on the Internet, found a resource that interested him, where there were data that he
thought should not be publicly available, Data related to the National Geospatial Organization, or something like that, an organization that supports the US intelligence in the analysis of satellite and air photos, so generally Pentagon, Department of Defense and these climates. In addition to such data, The strange ones he was unable to assess were, for example, SSH login keys, data for logging to other Amazon accounts, which he did not log into and did not check what was there. At the beginning, he identified that one of the cooperating companies, which already has security issues on its account, was probably the source of the leak, Booz Allen Hamilton. and he wrote to them a message that something is wrong, that the data
that should be available only for people with access to the Top Secret clause are lying on the Internet and everyone can watch them. He didn't get any answers. He wrote to the government agency And it turned out that after 9 minutes it was fixed. And he got some kind of response. But the next day, however, this company called him, Buzz Allen Hamilton, and said: "But according to them, everything is OK, nothing is available anymore." So it can also be seen that it does not work as it should. Later they explained that it was some kind of sketch for the test system, there was no data there. But in fact, nobody checked it. Chris is probably a US citizen and he was afraid to
dig this data, because he could get into some uninteresting places. It's a simple matter, but there have been a lot of leaks lately. Alliance Direct company has given credit capabilities to US citizens. Deep Root Analytics has given the data to US voters. Quite a big leak. World Wrestling Entertainment So, this organization dealing with guys who fight in the ring and have a lot of fun. Personal clients who made purchases there, also from Europe. Doe Jones, the subscribers were also on a public storage resource. The subscribers of, for example, Wall Street Journal, Wall Street Journal, Verizon, at least two of them are related to logs and data from call center system, and also data for logging and
logging from some production systems. Tigers One, a company also associated with the US Department of Security, personal data of people who have access to Top Secret clauses. This is just a case from outside the US. Credit Sua, data of the ability of people from India, is several million records. - In September, but announced 2-3 days ago, Accenture, a consulting firm, gave us the client's data, certificates, everything that someone would like to use. There is a page at the bottom where you can browse this type of falls. And in fact, You may wonder how such big companies, because they are not small companies or companies that do not have money for IT, have such embarrassing losses, because the security of this service has not changed for years.
It is because of the fact that such a store container, No, ma new dostęp na żadnych praw na zewnątrz możemy tam sobie wrzucać lokalnie czyli jakby z innych aplikacji smury dane jeżeli chcemy udostępnić go na zewnątrz musimy ustawić takie opcje wobec tego ktoś faktycznie specjalnie wyklikał tak te dane mają być dostępne na zewnątrz w tym momencie jedynym jedyną jedyną metodą jakby na na znalezienie tych danych to jest wymyślenie adresu do HTTP address to this bucket, or bucket, as you can say in Polish, which can be random, but it can also be the name of the company or the company name - thinker, test. There are scripts for a long time that brute force something and look for such available resources, so someone
actually had to and someone would guess the name of the container sooner or later and started to look it up. Why could this happen? First of all, the interface was changed a bit in Amazon in the last few days, but a few months ago there was an option to make this resource available for Authenticated User Group, of the verified user groups. The first thing that comes to mind is that these are users from my organization. I click and they will be able to view it from their own perspective. It turns out that Amazon understands it a little differently. The verified users are all users who use this cloud. All corporations, but also all students who yesterday set up a free account and
are checking what the public cloud is based on. I don't know why such a legalization was supposed to be available, but something like that happened. And this is one of the most common reasons why these resources leak. Someone decided that the most reliable users are my users, and they are all the users of the cloud in the world. So, in fact, it is public access. Public access in such a common sense is all user group, they are just everyone. And here the change in the interface was that it was not so easy to choose the group, you had to write down what it was supposed to be called or choose a resource reference. So it's like that, and in fact you could practically
end the security AWS, S3, or storage services on it, because the whole secret is hidden here. If you don't want the data to be publicly visible, then simply do not share it. As you can see, many companies have not done this. This is a message from Amazon, which, as if in the wave of these next falls and thick fish, also sends a message that something is wrong with your account, you share some resources, or check for sure if it is this. This concerns my account, because I had a website on it for some time. It's very easy to do, it's one of the supported features, so everything was fine in this case. But you can see that in the wave of new
big organizations Amazon scans and sends to users "Hey, hey, did you want to share this?" What can be done more, if someone works in his organization, because if someone plays hobby, he will just look around, or he did not do any stupid things, it was created quite a lot of tools that help the user in this. These are the tools: Detective, CloudSploit, Some of them are also used by the breaches to search for such things. But let's say that they can also be used for good purposes. For auditing such a bucket, which will check whether it is available or not and whether it is suspicious. Amazon itself currently provides up to three different tools that approach the subject a
little differently, check whether whether it is not publicly available, but the last hit of Amazon is of course artificial intelligence, which goes through our storage resources and checks whether the data is sensitive or not based on some analysis I mean, it's not that cheap, but it is. I guess the organizations mentioned on the previous slides could afford it. Another case, now for a Microsoft Azure replacement. One of the researchers discovered, scanning the Shodan screen, because such resources are also very elegant, Shodan also indexes resources elegantly. It turned out that the organization that organizes NFL players of the American Football League I put logs from my available application in Microsoft Azure in an instance called Elasticsearch,
where you can put your logs and analyze them later. Interestingly, I don't consider them useful, I will protect this instance. Here you can see "Please read this", it's an evident sign that someone has already found this resource. And it's probably a demand for a purchase, that someone will reveal or delete this data. It's one of the quite popular, There is also malware, which scans public resources and can encrypt them, delete them, or buy them to do nothing. In this case, it is an obvious fall. Among this data, if someone is interested in American football league, then apparently is very well-known player Colin Kaepernick. And his data, and the private phone, apparently since the announcement of this, he got a few phones with fakes. Because there
were probably some political issues in this league. Definitely a large amount of money involved. If someone thinks that in the NBA or in the American hockey league they earn a lot of money, they earn money compared to the league's players. So, here is a big drop. Another similar case, also available in Elasticsearch, was found by Chris Vickery, who mentioned it earlier. He found data of voters from Mexico, located on Amazon. The number of records is 90-something million. As I checked, the population of Mexico is around 120-something million, so probably all voters who could vote were there. Interestingly, he tried to contact the Mexican embassy in Washington, but was completely ignored. He tried to contact some government agency, but was also ignored. He
held a conference and decided to talk about it. Then someone became more interested in it. Apparently, it turned out that each party has access to a database of all voters, and to make it easier for them to analyze the voters, they put them into the cloud. And they put them into the cloud so that everyone could analyze the voters' data. And here, too, not much can be done, because if someone has made resources available, it means that he did it with some kind of a mind. The simplest things that are available in infrastructure are very simple firewall, static, setting rules for ports, it is quite supported, you don't need to have any amazing knowledge. where the connection comes from and where. Here, the rule is that
if we don't want to display something for everyone, then, for example, why give a public IP address to someone? You have to pay for it, so if someone wanted to display something outside, they had to do it with a mind. It's not a good idea either. In case of services like Elasticsearch, it's not a good idea. It's not a service that is intended to be displayed on the Internet. Especially without a password. In many cases, it would be enough to connect with such infrastructure via VPN and in each service it can be done, or a more hopeful method, simply set up a small-power virtual server that will display the OpenVPN service or buy the ready-made service from
the supplier. And here, something like this will make things easier for us, so if we really need to expose something outside, let's not do it. Another way to help is to use one of the dozen tools for scanning the network. Anyone who deals with security certainly knows them. And those who do not deal with it, these are really not difficult tools and such basic things can be done in a few minutes. Simply scan this address or these addresses that we bought from the service provider and will be public. Are there definitely things that should be there? And the last case, I think the most spectacular, certainly here murder in Amazon sounds terrible, but probably in 2012 or 2013 among
developers is popular service like Codespaces. It can be said that it is competition for GitHub, generally it is a company that helps developers to host repositories, whether they are GIT or SVN repositories. They boast, I don't have it on the slide, they boast that they are super resistant and have a cloud infrastructure that is not afraid of anything. What happened? One day they were attacked by a fairly large DDoS movement, but they could survive it, It wasn't that important, but at the same time an unknown person wrote to them with a demand for a purchase, that if they don't pay some amount, probably in this period, because bitcoins may not be so popular yet when it
comes to forcing a purchase, they will have problems. They thought that it was some amateur and they will cope with it and they decided that they will not go back to any other company for help in solving the problem. They arranged it their way, they logged in to their machines that they had in Amazon. . They changed the password, they started to secure it more, but the attacker left some back door and observed what they were doing. He said they were not talking about it, there was supposed to be a bribe, there was supposed to be a cash register, they wanted to make some sort of order here, and he marked all the instances one by one. and just deleted them. First he deleted virtual
machines, then backups on Amazon S3. From what I remember, there was very little left. So within a dozen hours, the company realized that there was no infrastructure. It was impossible to reverse it. The cloud works automatically, if someone wants to delete a machine, he deletes it. Backups were only in the S3 cloud. And within one day the company collapsed. They decided that, first of all, they don't have any resources to restore it, they don't have backups anywhere else. They closed because of that. I guess that currently few developers are dealing with it. I remember that there was a company called Spaces, which had a good reputation back then, that it sells cool services. Now even this domain is unsold
and the company has been completely forgotten. There is absolutely no trace of it, apart from the history of this breakdown, that someone came in and when they thought they would manage, they were completely wiped out. What conclusions from this? Well, that we don't keep eggs in one basket, this is a rule that applies to many different areas. And in this case, what about the fact that it was a great resource and they definitely had many servers that were resistant to everything, when it was enough to log into their account and just delete it all. So the solution would be to keep backups on a local disk or in a competitive cloud. There would be no need for it. I mean, nothing complicated. Just a
backup somewhere else. And in fact, this is the rule that backup administrators have known for decades. That a backup that is on the same server is not a backup. It also helps to understand how these types of services work. And here we have cases from the last few months when some services that were hosted in Amazon didn't work. It turned out that they were simply designed or implemented in accordance with the rules. In most suppliers, this is just the case of Amazon, it looks like this, Services are sold in so-called regions. For example, in Amazon, Frankfurt or Dublin, or there are regions in the USA. It works the same in Azure or Google. And in each region there is
something called availability zone. And you can compare it more or less to a separate server. And if we buy services in the region, so if we want to have services fast for Europe, then we choose Frankfurt, we choose Dublin or some Nordic countries, in the case of Azure. - Availability zones are independent, one of them should not spoil another. Good practices say that if you want to host a service, do it simultaneously in at least two availability zones. It is quite easy to click out in the interface. As I said, there were cases when someone made a mistake and the whole storage service in one region was lost, but these are much rarer cases. Or in the case of Azure, several regions were lost because
they decided that they would implement corrections for Hurra all over the world. Later they changed these rules. If someone wants to have quite resistant infrastructure, he should have virtual machines in two availability zones in one region, so let's say in two server rooms. This is quite obvious in the IT world. If we want to have more resistant, we should use two regions. It is more complicated, because you need to have more advanced replications, but above all you need to know about it. You also need to know that, for example, Amazon, because in some other clouds it is a little bit different, counts the availability if in a given region, availability, i.e. if they can return us money, we can demand from them that they
did something wrong, if in a given region there is more than one server, more than one availability zone, if there is one availability, then according to Amazon is fine, it can work like that. It can work that one server is burning and everything is fine for them. If we have requirements for high availability, two zones are a minimum. And here, going towards the end, - So, can I make a conclusion, if I have a team of super administrators and I also engage some security teams, which will help me to get security on these higher layers, such as penetration test applications or such stories, am I super safe and this is really the end of my participation? It turns out that not entirely.
Also, losses or debt occur in the infrastructure itself. This is a new issue. Suppliers are quickly patching such things. This is the story with the virtualization bug in the software a few years ago. But for example, Amazon forced people to restart their servers. They just had to restart them to make the patching. They just restarted them. Apparently, they told bigger clients that "Haha, be careful, we have such a hole and you would definitely want to have some fixes." But I suppose that smaller clients didn't take it into account and just restarted. And that's the end of my presentation. And I would like to finish it in a way that is not typical, because usually you ask questions and Prelegent answers. And here I
would like to ask a question, because preparing for this presentation and following generally various safety issues related to the wall, I was looking for such incidents when the supplier was guilty, who did something wrong. Something like these cases, but it was actually used and I couldn't find something like that. Maybe I was looking for something wrong, or maybe I don't have any data that is not publicly available. And if someone would like to tell such a story, I would be very interested. Thank you. Would you like to take the floor? I have a question. Unfortunately, I don't know such case, I would like to know. And the question is, do you have any experience with Lambda functions
and any problems with them in the context of security? No, to be honest, no. It's quite high in this whole stack. Exactly. It's not something I know about. Anyone else? Okay, so thank you. Thank you. Is Mr. Jarosław Górny ready? We'll ask him. One more thing, be careful with the device you're using, because a welder just went off and I burned my charger. I hope you won't have the same problem as me. But don't be surprised. I remind you that there's a spare part at the back, you can use it. If any of you doesn't have an ID, but would like to get one, we have a few empty ones, we can just send you one on the spot, without paying, there's no need.
- Once again? - Yes just a reminder from the bottom. There are people who opened the account yesterday and didn't pay for it. So I would ask you to regulate the accounts that's the instruction from the bottom. Okay. Five minutes of technical break connected with Podpink. I hope it will work this time. No signal still. OK, so I think we can start. Hello, hello, can you hear me? Good morning. I'm sorry, maybe it's not a nice way to start, but I'm sorry for my voice, I'm still a bit sick, it's better anyway, because two days ago I didn't speak at all, so forgive me for some vocal misgivings that may come out. I work with replacement equipment, because my Mac, which I connect
to everywhere, is working. Today it has reached the limit of external devices, to which I can connect it. I restarted, restarted, I was peering, I was just googling everything that was possible, nothing worked. So forgive me if I do something stupid during some connection, because it's not my computer, not my system, etc. My first question is: who was at Pawel's presentation about Radar yesterday? Great, most of them were. I will try to do it in a way that I don't repeat what Paweł said. I will have to do two things there, because I also want this presentation to be a whole. First, I will tell you what made me to talk about radar and reverse engineering. Then I will
briefly tell you how to start this adventure. Basic use of radar for binary analysis, static, dynamic analysis, etc. Two words about me. I work at Trustwave Spider Labs. If any of you can associate Trustwave, it is probably because of the security mod. It is the most well-known product related to web. Almost all of the prelegents here said that their companies are recruiting. I don't know what exactly is going on with us, but they probably recruit something from time to time. Generally, I invite you. We do different cool things. The whole spider lab, which works as a Trustwave, also has two legs, let's say. One leg is the research, in which I also work, and the other is the service pen-testing. So if someone would like to pen-test, it is
also possible. In addition, we have some manage services, SOCs, etc. So for people who know the network and who like to monitor various things, some thread analysis, etc. There are many things, so I recommend it. And besides work, I would like to recommend Warsaw Hackerspace. Great. Generally, if you came here, there is a good chance that you have a lot of common topics and interests with people who work there. Recently, Hackerspace moved to a new, extra headquarters, which is not far from here, on the other end of Muranów, near the Wola Ratesz. It's just a great place, a great location. And apart from that, you can do what you normally do at home in the evening, i.e. you sit at the laptop, you can sit
at the laptop with boys and girls in the hackerspace, but you can also loot something there, there are oscilloscopes, printers, electronics, 3D printers, laser cutters and there is also a bit of heavy equipment, to the president Remigiusz, it's just super cool, big milling machine, it's a lathe, it's now industrial, robotic arm, etc., so it's just extra and I really recommend it. On IRC, on the free node, hackerspace.pl or the website hackerspace.pl. Check it out, on Thursdays there are open days, you can come and see what's going on there. And I play CTFs. Does anyone else play CTFs here? A few people? Not really. Ok, then it's great. I'll tell you why it's worth playing CTFs. I play with a very well-trained Dragon
Sector team, which Mac had a presentation on Friday and generally I catch some complexes, because when there is CTF and we play and talk on ILC, sometimes I don't even know what they are doing there. I'm just thin, but it's motivating, so it's cool. So, why this talk? I was interested in this kind of issues for a long time. The first thing I did with Assembler was to make a living on Commodore 64 in games. There was a nice newspaper, Commodore Yamiga, and there were Assembler's basics, various things were described. So I had a Commodore with a cassette tape recorder, Then I did it. Then, of course, there were some obligatory subjects in the studies, such as programming microcontrollers, but then I
somehow abandoned it. And at some point, the idea appeared that maybe I should study what is going on there, not treat it as just some binary is being triggered and that's it. just to see what's going on there. And these CTFs are a good option, because I think that many of you can share such a story. Today we have a little overload of information, indicators and everything, and you probably also have a million tabs in the browser opened with things that you need to read or learn, or some kind of magic file, you want to learn this and that, check this and that. And this list is growing, usually much faster than anything else. And CTF is the best option to do something and learn something. CTF
is a competition called Capture the Flag, where we have to hack various things. And it happens here and now. It usually takes place on weekends, from one hour to another, or from one day to another. And there are no excuses, that later, when we play, we play, sit down and do it. And of course, sometimes it takes a lot of time to solve a task, sometimes a little less, but looking from the perspective of playing for over a year and a half, I must say that I learned a lot of things on CTFs from different fields, not only reversing, because there are some cryptography, different forensics, analyzing some network traffic, etc. It's great, so I really recommend it. And that's when
this radar appeared to me. Because, as Paweł said yesterday, there is a problem that if you are not an stage reverse engineer, then you probably do not have a professional ID, and you will not buy it, because it is such a government of magnitude that it does not justify the purchase for home, hobby or even semi-professional purposes. Free IDE, 64-bit binaries can't do it, even on CTFs there are more and more 64-bit ones, not to mention that in reality, in the real world as well. There are also options, for example, Binary Ninja, which is much cheaper, I think it costs 80 or 90 euros, so it's already being done, let's say, such an option that you can afford it, possibly, as part of some fanabery.
But I liked this radar because it is free, free, developed so quickly and in such a wonderful and friendly community. People were afraid that it was terrible there, because you had to use the command line there, and I always liked it and generally prefer it, so I decided why not. that it is difficult, then it can also be treated as a challenge. And in fact, Paweł said, and I agree with him, that the philosophy of moving around the radar and its various commands is very similar to WIMA. This is a language where some single letters mean something and from it such a language is built. But in general, conceptually, I think that it is a very similar
radar to Emacs, because it is one tool in which you can do everything and you can not get out of it at all. For example, there is also a 2048 game in Emacs, and many other games. Pancake, which Radar wrote, I remember, once on some presentation he had a slide that people use and he was changing id, binary walk, this, that, just some 100 tools, and I use Radar here. And that's how it looks more or less. It is also worth mentioning that from the very beginning, as far as I know, Radar was created as a set of fast tools that are supposed to help in such works as Forensics. So what we associate with
opening binaries is clear, it is the main area of activity at the moment. But some things related to file analysis, system files, unpacking, searching, checking entropy, pulling pieces, etc. are in this radar. It is not that it was so strongly attached, but this is how this radar started. I'm not a weird person, I like Emacs, so I thought maybe Radar would work. As I said, it starts with Ere, because when I'm working, I often analyze network traffic in Wireshark, not binaries in Radar or anything else. But I'm having fun there. I'm sorry, but I like to have everything defined, so Wikipedia generally says that reverse engineering is a process of some kind of research and drawing knowledge about
various things done by man. Because let's face it, research, how it happens that trees grow, it's not reverse engineering, because we assume that it wasn't engineering, so there is no reverse engineering. So it has to be done by a human. And then you can narrow it down, narrow down the definition. In our case, we are talking about extracting this knowledge and information about the way of binary programming, i.e. some binaries or libraries. So what do we want to do? You can see some bytes on the top, and this is how the file looks like. The computer analyzes the bytes, but it's hard to read, so on the bottom left we have disassembly. If you pay
attention, in the middle column these numbers that are there, they are covered with what we have there above, for example, 55, it turns out that it is PushRBP, 48, 89, E5, it is there MoveRBP, RSP, etc. So, as if, the disassembly itself is not something terribly complicated, because it is only about arranging this, This bytecode is just a mnemonic instruction. But Disassembler does some additional things there. For example, you can see a little higher that there is a cross-reference to this place in the code from some other place. Or that it is a function and it is called add and that it has two local It has two local variables, so these are the things that Disassembler quickly
disassembles and displays, so that we don't have to do it ourselves. And the decompilation is a little arrow from the top and from the side, because generally it is like this: You can try to decompile it right away, and for example there is a hex-raise in id, which is paid mainly and which does it somehow, and can immediately report from these bytes how this code looked in C at the beginning. And the goal of our reverse engineering is to produce this image based on the analysis of this deassembled code, whether in your head or how, that this is exactly what this function does, that it takes two ints, adds them to itself and then returns them. Here, it's not really clear
what I'm talking about. As long as the compilation is - If we compile the GCC program, we have what's inside. In the first function, it figured out that we are returning zero, because XOR, AX, AX gives us zero. And in the second case, the assumption produces some terrible operations. . disassembly, to produce a code that makes sense, especially in more complicated cases. So even if someone has access to Hex Race, Unfortunately, it will not replace the knowledge and experience of looking at binaries by itself. I wanted to say that Radar also has some kind of experimental decompiler, but I will admit that I have not tried it, From what I read, I understood that it was
an early phase of development experiment, it was not known what would happen with it. I decided that I wanted to learn reverse engineering, so it was not worth to make it easier. What is Radar? Paweł said a lot. There is a list on the website, I have summarized a few of the most important things. What we are interested in is that it can deassemble and assemble for many different architectures. And it is really, as Paweł said, it can also assemble for my beloved Commodore 64. I was even doing a CTF for one task in spring from reverse engineering for Commodore 64. It also came out quite well. It can debug. It can also connect to remote debuggers, using their protocols, for example GDB,
or WineDBG, which works, you can run Windows webinars via Wine, but I don't know, I don't use Windows, so I won't tell you, but it works. And another great option is that it works on almost everything you might want, the most popular ones, even less popular ones like Haiku, but on Android, iOS, PCs, Macs it works the best. What I said, that there are different things for forensics, so it works too. And another great thing is that it's scriptable. I have met with such opinions of people who use IDY so intensively professionally, I do not use it, so I can only rely on these opinions. that while IDA is great and so on, in fact scripting of radar in Python is much easier,
more comfortable, faster, etc. than scripting that can be done in IDA. So I know people who use IDA like this every day, but when they want to script something, they just run the radars and write scripts for the radars. And a great option is also that you can quickly patch binarka, for example, to improve something in it or add some functionality, and I will also show it. Some advanced analysis options and so on. I'll try to see if I can let it go. Will it work? Oh, no, it won't work, sorry. Ok, it won't work. These slides will be available later, you will click and see. Anyway, I also recommend a profile on Twitter, r2gifmemes. It is funny for people who use radars and for
people who don't use and don't like radars, it's funny too. The story started with the fact that radars develop very quickly. That's why using distribution packages is such a weak idea. And Debian, as you probably know, whether you use it or not, especially in the stable version, it's just some kind of total antique. And on the network channel, the radar, now it's less, but there was a wave at some point, people who appeared and complained that this radar didn't work at all, because they were using some kind of antique, from many years ago, version, - So there are weeks when there are more than 100 commits, even at the end of August there was a big rebase, and there are more
than 150 commits a week. Now you understand that using something from some packages from 3 months is pointless. But fortunately, it is super fast and easy to install radars, which I did on this guest laptop I used. You just need to clone the repository, go inside and run script install, radar everything it needs, so it uses capstone, disassembler, but there are no big dependencies, you just need to have a compiler and that's it. And then R2 is an alias for RADAR2, commands to write faster, -V displays the version and this is generally the first thing that we are asked on IRC if we have any problem, we say that something is not working, in the documentation it is that it works and does not work.
And if someone can't really compile, or for example on iOS or Android claims that it's too difficult, then on the home radar's website there is a section called Download and there are some really fresh things, so for example now the perfect moment, we got to the presentation because there was a 2.0 version of the radar 3 days ago, so tagged, and now there is even 2.0.1. And you can download it, so they will be much fresher than what you will find in most of the distribution in the packages, so it's an option too. Paweł mentioned something, so I will just quickly. There is a package manager, there are 115 packages at the moment and there are a lot of different things there. There are some plugins
for Yara, additional architectures that are not in the core, additional debuggers, just a lot of things. There is a rabbi who serves to extract various information from binaries. Generally, it is also such a note that most of the things that these tools provide, You can also do radars in the console itself, but sometimes to avoid starting the whole thing, or scripting something, it's faster to use a ready-made binary. Radiff is for diffing, Mac said on Friday that something was faulting him, I even did some tests. I was doing a diff on binaries of a dozen or so MB and it didn't follow me. But it's fine, Mac warned me that it was a few years ago. So it's possible that
there is such good news that it is already fixed. It is quite useful. You can find various things with raffaind. in binary files, you can count hashes, this rarun2 is extra, apart from what Paweł said, that you can set start-up arguments, change env, i.e. environmental process change, etc., etc., I also warn you that I didn't do it, From what I've read, you can run processes on other architectures in a QEMU flight. When we have QEMU with emulations of various processors, you can make a Rarun script and run something on another architecture. RASM, so if we want to deassemble something quickly, Irax, a simple calculator, I don't know, from three examples. So, on the top, architecture, Spark, I recently did such
a task on CTF, -e changes to Bigendian, because normally x86 is Little Endian architecture, so it's about turning those bytes, and -d, that we want to deassemble, and there we got some save SP, something like that. On the other hand, if we don't give -d, it thinks we need to assemble, so -a arm, so to arm, and some bytes were produced there, -ax86, and produced to x86. Rax, apart from adding something and presenting it on the right side in any system, 16, 2, whatever we want, you can change bytes to strings, or string to bytes, so quite useful. And what I said about rafind, that apart from looking for strings, also based on regular expressions, which is sometimes very useful, here is a screenshot, I don't
know how much you can see it, but there was also a task recently, where there was a file that is jpg, and you could also binary walk to find out that he still has a zip at the end, but rafind also went there, went there, of course, along the way he also detects some stupidity, because somewhere there he agrees a few bytes and he decides that there is some flash or something that is not necessarily like that, but binwalk does the same, if we tell him to search so aggressively and stick to everything, then of course he will find us a million things, but at the end he found this zip and you can also unpack it there So, in fact, you can do most
things. Rabin, as I said, various information. Maybe I'll show you one cool thing quickly. I'll sit down for a moment. Can you still hear me? Well, if we have, for example, such a bin, we'll do it right away, so that it's on the top of the screen. These letters are a little small. Control +. Now it will be better. If we do something like this.
strings, it will display some strings that it found in the bin. And we have here some hello, can you find me, something like that. But if we do the same with Rabin, it turns out that after can you find me there was still such a funny little guy. Because Rabin, for example, unlike strings, can also do multibytes. and display them, which can be useful when we have binaries. I think it's a cool option. And now, again, a great picture. with this learning curve, because in fact most tutorials, and also funny, when Pancake does some presentations, he always wants to show something from the features of the radar itself, so he just opens in this radar binls, the first bin,
which comes to mind, so generally everyone laughs at this binls, And it looks like we're doing git clone, we're doing R2 bin ls, but we still can't do anything. But to be able to do something, it's just so hard. I don't know, maybe it's a bit like that, maybe not exactly. It turned out that it wasn't just me who had such a strange thing, that talking about the fact that foreign I couldn't find the tweet, but I think it's a great statement about this learning curve. Some people say that Radar 2 has a very steep and difficult learning curve, but it's not like that at all. You just go to IRC, ask how to do something and Pancake will just send you ready-made Radar commands. And that's how it
really works. This is an example. The project is constantly changing, and as I will show you in a moment, some things can be done in four different ways, and they also try to simplify it, for example, throw out some things so that it is not complicated later. There was a configuration option, cfg-write, which made it possible to modify the binary. I was preparing this presentation and it was like: "there is nothing". I ask where is the next minute, right? I knew there was OO+, but it's fine, I can do it like that, but it can be super helpful. Okay, now maybe I'll show you a few things that you can do at the beginning. Let's take, for example,
I don't know, everything is... - And so, the first thing, we don't know what to do completely, because in general, when I read some first tutorial about radars, it was, for example, that you have to press AA, as Paweł said, or these A4, or A5, but I'll tell you about it in a moment, so let's do it, and then do PDF at mine. PDF, okay, PDF is Acrobat Reader and so on, what's the point? So the idea is that we can always enter a question mark, which, if we just enter the question mark itself, will show us the main categories of comments. And there we have, for example, from A, commands for analysis begin, from D, for bug error,
from P, for displaying various things, and so on, and so on. And, for example, we know that we would like to display something, but what, okay, so P, wait, I have to, right, it will not be visible here, sorry, maybe I will try this window somehow, so that it is not so, wow, I minimized it quite a bit, it was not wise, sorry, sorry. - What can we display there? PDE is for example disassemble and something else. Aha, closer, then PDE and again, aha, okay, PDE, disassemble function, cool. PDB, disassemble basic block, etc. So, this is the idea of moving around. You can imagine it like this.
. Temporary seek, it's called, so it's a temporary search, that in fact we are in the file where we are, we are at this address 00400400 and we don't want to move anywhere, but we want to display what this whole main indicates. We can do it like this, because if we do it like this, it will display us, but we can also do S, I'm already advancing a bit, but S is seek, we can go to this main, and then it's enough to make a PDF and it will display exactly the same thing, we are in this function, we don't have to give anything. What else can be shown here? For example, there is such a built-in grep that
is made with a tilde. For example, if we make this PDF and make something like this: Sorry, I wanted to help to PD. PD help. OK, so it would like to over-grep this whole output, which would normally display for all these commands related to PD only because of this. And this is, for example, very useful when configuring, because there is also auto-completion. For example, if we want to edit something there, some variable, then when we press Tab, there is a lot of it. And, for example, we know that something was there, with some UTF, we make a UTF, right? Cool. We have two options that have this UTF. And just like with each of these, I don't
know, we have there, for example, and these are the information, we have information about the binary, they are all displayed. If we just want to check Canary Islands, we can do this and it displays whether there is this Canary or not. Yes, we have a pipe. We can run commands from Shell, without leaving the radar. So all the basic things that you can imagine on a command line, we have. And we have this beautiful graphic mode. So, if we type one V, we have a slightly worse graphic mode. With the help of small and large P we can change the view modes. There are several of them here. I will show you some. You can see how this binar looks like. We
have something like this. And it's pretty cool. But we can do it better. There is something like VV and it draws blocks. By the way, we can do it, for example, I will show it when it comes to configuration options. So yes, there was something with this UTF, so we have something like screen UTF-8 true. Let's do it. And this option with rounded corners has just arrived, so let's turn it on, why not. And now it looks like this. I think it's quite cool. And recently, for example, the option was added that these various lines, when they cross, they cross so nicely that you can see what is happening here. So it's really cool and it's still developing, so
seriously, it's worth using this radar from GIT. And now, well, it will be a bit hard to see here, because it has to be big so that anything can be seen, but okay, I'll reduce it. You can reduce it with minus and plus, for example, if we have a very complicated code, well, here it is not complicated, then you can reduce these blocks, enlarge them, so that somehow there ... I reduced it so that nothing can be seen anymore. And generally, we walk like in Vim, there is hjl, We change the active block using tab, for example, yes. I don't know if you can see it, but now I jumped over such a blue circle on this little one. When we do it with shift, we can move
it, so if we don't like how he put these blocks there, we can somehow change it here. Yes. Also, from such basic things of movement, there are t and f, they kind of jump to these true/false branches, so if we press ... Something didn't work, alright, demo effect, but it worked normally. What else about this graphic mode? I think that's it for now. I'll see what else I have. These things that can be called from the command line can be added to the RadarRC file. Oh, I forgot to show the most important thing. Shift+R changes the graphic scheme, so you can adjust it as you like, there are predefined colors, just "sha" . You can also turn it off, everything is black and white, if someone prefers,
but yes, there is such an option. So, let's say a few basic things. And maybe I'll show you this asm.pseudo. It does something like this, I don't know if it will be visible in this binar. Well, let's say, it's not good. It shows that we assign content from R15 to RDX, so it produces a pseudo-C, so that you don't have to think sometimes if someone is not sure, maybe later he will show it in some binar that does anything, it will be better visible. Two words. If we don't have a radar and we want to display something quickly, then we can use object dump. I recommend Intel components. If someone doesn't know, I'll show you in the
next picture how it looks. Of course, it must be different on Mac, so I was surprised that -m doesn't work, so you have to give it like that. And then we get a disassembled code in the Intel notation, not AT&T. Or if we want to check if something is being assembled, we can write a code in C and instead of compiling it to exec, we can give -S and also give if we want Intel and we will get a text file with deassembly. The difference is that here it may not be so visible, But the main difference is that in Intel component, maybe it is a bit strange, but the source argument is at the end, so this move rbp rsp means that
we move the content from RSP to RBP, or as it says here, eax2, so we put 2 into the eax register, you have to read it from the other side, and in AT&T it is more like that, normally, that we enter 2 into eax, but I think they do a little mixing, these are various additional marks, - and in fact, Intel pays for it, because 90% of books, even though by default on Unix, when we show something, we are shown AT&T, most of the books are shown by Intel. Now, yes, I had to show it, I think it is important to keep in mind that when we look at something, how something works, how some function works, to remember that at least in 32-bit binaries
there are several conventions, in general there is not one and correct, technically it is possible to translate arguments of functions in any way. but there are certain conventions, how compilers work, how they compile it. The difference is that in FastCall the first two parameters are transmitted by ECX and EDX registers, and if there are more parameters, they are transmitted by STOS, and in CD/ECL and STD/COL everything is on STOS, and in CD/ECL, for example, calling after the function "sprzątastos" and in the other two this function is called at the end of its action "sprzątastos". It is simpler at 64 bits, I gave it a question mark because I don't know how to call it, but in general we have up to
6 registers in Linux, at least in Windows, I think on 4. If we have 6 parameters or less, they go through the registers, if we have more, it goes through the stack and also the function "sprząta" is called. Sorry, but I decided that I shouldn't draw it on a piece of paper. Does everyone know how Stoos works and you don't need to explain it or say: "Okay, I'll say two words"? So this is the memory area. I drew it a bit strangely, but it reflects the idea of a stack, i.e. putting it on top. But in fact, addresses in memory grow in the opposite direction, unfortunately. It's a bit silly that the stack, when we look at the memory,
starts at the bottom, in the sense that it grows in the higher addresses and grows towards lower addresses. So, you have to be careful. Generally, if a code is working, it has its own available piece of the stack, if it generates another function, then the parameters on the stack as I said before, parameters passed by STOS, if there are any, of course, they will be there. Then the return address is saved, because when the function we will call out ends, the processor must know from which place to resume the execution. And a base pointer is saved, i.e. the basic indicator of the frame of the previous process. and then there is a place for local variables that
create our function. Now we can see how it looks in practice and learn some radars. Okay, sorry. Okay, maybe arcpassing, why not. Let's analyze it, display the functions. Okay. And we see here that, wait, maybe first it will make no sense, first maybe I will show the binary. Okay, there is no great philosophy, I just call functions with seven arguments to show that one there will actually be over 100 on 64 bits, and not on 32. Okay, and at the beginning there is this fragment that corresponds to what I showed. So we put back address and base pointer on the stack. These are the first two instructions: push ebp and move esp. Then we put it on the stack, because we
are on 32 bits, so all these variables are put on the stack and they are put in reverse order, from 7 to 1, and then we call the function. And then, as you can see, when this function returns, we do something on this stack and this is cleaning. So if we clean up and all arguments are through STOS, then it is CDECL. If we do it this way now, then you can see that the seventh argument, as we said, 6 is in the registers, so the seventh is no longer in the registers, so the seventh goes to STOS. and these ones go as they were supposed to be: EDI, ESI, EDX, etc. 6 registers, and then the function calls
again. So it works. We can now see... Sorry, how much time do I have left? I didn't look at the clock when I started. Oh, okay. I won't show it all by myself, although... Okay, it will be quick. Let's do it like this. OOD opens in debug mode, because I would like to see what's going on there. I set a breakpoint on the main function. Now DC, so we can check what it is. DC is continue execution. And now he has hit this breakpoint. Sorry. OK. Yes, it had to be exactly, if you don't know what, then you have to do AA. Yes, OK. And there is now a super magic mode that is useful in debugging. When we press
the exclamation mark, we get additional windows on the sides, in which you can see, for example, the stash, the registers, and other great things. And now, look, but a little smaller, so that anything here would have a chance to fit. Let's do something like this. I will draw it, now I will move it like this, it also moves all these windows with these different "J" and so on, the tab moves between them, so if we want to scroll through something later, we scroll through here. Okay, now we can do this. The letter "S" just goes there for another step, and now there is something like this, that we throw in, And I don't know if you can see it, in this
window where it says stack, this three has been put back on the stack, which will be passed. If we do S again, this one will also be transferred to us. Now we call our strange function and here, in fact, this address, we also have to remember that we are on Little Andian, so in fact it is 08048451. When we scroll through 8.4.5.1, we will see that I was not lying and this is the instruction that is after the return, the call is higher and here is what is happening next. So it is true, you go to the place where you were with this calling.
Yes, and now we are in this function and it puts aside the old content of the register of this EBP, i.e. the base pointer of the previous function. Now the stack pointer, i.e. the current stop pointer, is entered into the EBP, i.e. now we set the base address of our function. And we make a place on the stop, 20 bytes. 16 and 4, 20. No, 16, I'm sorry. And this function continues to work. And when it ends, it's all taken away. If someone at this point, looking at it, thought, "Ah, aha, it was given some function, - - You will probably notice at various conferences that often this "for fun and profit" is used in the titles of presentations, because it is simply a cult thing, so people
make a bit of a fuss about it. And last year, when it was 20 years ago, Avi Koder wrote a slightly newer version, a bit modernized version. But if you want to exploit something, there are now many different added security, so I recommend starting with articles on Wikipedia, from Stack Buffer Overflow, because there are also references to various articles about various technologies that make life difficult. There is static and dynamic analysis. Static means we analyze the program without running it, so to say. It is safer, because we don't run it, so we don't spoil the computer, we don't modify files, it can be a program that modifies itself, so when we run it, it will modify itself and that's it. And the plus is
that you can analyze things for architecture that we do not have physical access to and we cannot just run the program. In dynamic we run, in some respects it is easier, as I just showed, you can browse there in order what is happening there on the table, what is happening in the registers, it allows you to understand it better. It can give bad results, because when we analyze some malicious code or not only malicious, programs sometimes have some debug detection or being in a virtual machine and change their behavior and show something else, so it's a weak point of dynamic analysis. And such automated dynamic analysis allows, for example, to detect bugs, - I saw a binar from a product
that costs well over 1000 PLN and it was a program that secured encrypted PDFs and that's how it was written, as I will show you in a moment. Let's do AA, let's jump to the main. And now, what can we say quickly, that we have this main here. something works here, if something does not match, it comes out immediately. I have little time left, so I will make a preview. This is checking if any argument has been passed. When the argument has been passed, there is a strlen here, so we know that the length is checked there. And if it fits here, then this part is made, and if it fails, then this part is made. And it
turns out that the first thing you can do is check if there are any strings in this program. - Let's jump to this function, let's see what it does, because it is not a system strlen, because as you can see here under the cursor, when there are such sym_imp_puts, imp means import, so it is a system put, normally from Glip. And here is some substrlen, so it is not a normal strlen, so let's jump, and here it tells us the radar that it is ge, so let's jump there, so ge. Okay, and it's already doing normal strlen, checking if it's 5. Okay, so we already know that if not equal, we jump here and exit. Okay, so
it must be 5 liters, we already know that it's 5 liters, so theoretically it could be brute-forced. Sorry, because it's not very visible in this code.
Yes, it is made in StringComper, so it is like this, that two arguments are passed to StringComper and we can now show what we have in these registers. I think it should work like this. Sorry, of course, something is not working for me. Let's do it like this. I obviously mixed something up. Okay, sorry. Sorry.
And yes, it is a success. Now I will quickly show what we can do with it. We are not interested in what the password is, we just want this program to always go on. We can do something like this. Open it. And here is this jump equal. and we can patch it exactly. Just say that no matter what our substrlen returns, we just want to jump there. Does it work for me? I hope it works for me. Thanks, sorry, it's just a little slower because it's not on my computer. Okay, now we have to do OO+ just. Sorry. We want to display 2 bytes there. And this is our 741B, so this is the jump equal. And we can now
change it to NOPs. So we have to jump to this place. 613. Let's check again. Okay, we're in the right place. We change it to NOPs. And now PX2. And instead of that we have 2 90s. GITES. And now...
- It's not fair to say what it is, but my friend tells me: "Listen, it's a thing, something like that, and it's like: "Hahaha, let's see what it is." And it turned out that the whole serious analysis was enough to fly over with strings. That's how it looked. It's not like everyone is doing it, you know, it's like with breaks. Everyone thinks that hackers have zero-day and so on, and then it turns out that the password is adminpassword, RDEB is enabled, Samba 1 is available from the network, and so on. Something like that. It often happens with these binaries. Now, okay, I can quickly show Radiff from disassembly that our PDF decryptor, now it's not,
sorry, because it doesn't differ anymore, because cracked is cracked, sorry, I could just copy it earlier. Maybe I will be able to quickly show one thing, so expressly, if we have, for example, such a program, which Let's do it. He's doing something, there's a password check, hands again, etc. Let's jump to this password check. And we see that he is very confused here. He's doing something here, a lot of things, he has a lot of variables, bytes, he's operating on it, etc. And then he has some big decisions, just terrible. We don't have time to do a big analysis, but generally analyzing this code, we can conclude that there are recorded in turn from the
address on the STO: rbp-20, because that's it. Local 20h means that from our base indicator rbp it is minus 20 bytes, because it grows towards these adjacent addresses. So you can see that it is 20, 1f, 1e, so some magic bytes are written here under the next bytes. Yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes
yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes, yes, yes, yes, yes, yes, yes, yes, yes, yes, yes, yes, So we can guess that we have to give a password, which every byte, when it will be xored with 1, will give us the bytes that came out at the exit. Of course, you can somehow sculpt it manually, but you can script it yourself. And here I will make such a simple Adam Słodowy, because I will not write it now, but in general we have two options. We can do something like this, we have such a solver, such a little with the use of R2 pipe, which Paweł mentioned yesterday,
i.e. the possibility of scripting the radar. We open the pipe and the commands are just commands that we would normally enter from the finger into the radar. We do analysis, we jump to the appropriate place where the fragment that inserted the bytes started. And the function aoj, maybe I will open it, let's go to this one, here are the addresses, and what does this function do to us? And it tells us that we have a move here. And we can use this grep cleverly. Sorry, I did it with JSON. You can also deal with grep, because you can, for example, grep this output, because we are interested in this opcode. We are better, because we already have one line and then it is possible to
do something like this to display a column. So we can hack it like this and we can do something like this,
that we want to make 16 of them, because we know that there are 16 of them, from the next addresses and we will spit something out. And this first exploit of mine, it worked on the basis that I did something like that, but I redirected it to the file, I can do something like that. And it will be just in the file now. And I have these bytes and I can read them in some program and do something with them. Almost every command has the ability to release JSON. It looks a bit weird, but you can do such a magic trick. And this JSON looks so nice now. So I use this JSON output in this program, I split it, I could make it nice and clear.
I add these next bytes to such a list and then I just insert them. And now, let's keep our fingers crossed that it will work, as I have already said. So we do this: we run R2, we want to run a script called Serial Protected Solver R2-pipe and we run the serial protected binary. And it worked. So you can do it like this, you display bytes one by one and then there is this flag. So I think it's super simple, pleasant, efficient, if we want to automate some analysis, for example, how many binaries, and so on, then somehow diff them with radif, etc., you can do it all super easy. - Of course, you can show a million things, but I just wanted to, it doesn't
make sense anymore. You can do it in such a way that you can run this binary dynamically and set a breakpoint in a place where these bytes are entered into memory, right? And then do it in a slightly different way, i.e. instead of analyzing these opcodes and taking this byte from this opcode, you can just take this table from memory. So it would be the same. But in general, the topic is very broad. I was planning to show some poening, more advanced things, but it was just hard to fit into it. I wanted to show things that I hope will encourage you. I hope I've shown you that it's not a black magic. And there's nothing to be ashamed of,
because security itself is so divided into some industries that someone can be a great pen tester, for example, pen testing web applications, I think it's not a bad idea, but it's worth to follow. And the radar itself is not terrible. Yesterday Paweł mentioned that there is a graphic interface to it, cutter, Maybe you understand, it can't contain everything, because you can graphically click out some basic things, but it can't be in a graphically developed list of commands: "disassemble me from here to there", I don't know, 16 bytes forward, or something there, and the result is something there, etc. But in this graphic there is also a window at the bottom of a regular radar console,
so you can use it in this way, that what is more convenient to click and what needs to be entered, then enter. Use the version from GIT always. - and Telegram, it's called R2TG Irc, so don't be surprised and don't answer to R2TG Irc, there is always someone who really writes, so it always comes out funny. If you get lost, then the question mark or the channel on Irc. And with the AAA, I will show it in the bibliography, it is not always the case that the more the better. There are several articles on this topic written by Mr. Kejka, because it is a matter of being quite overbearing. Sometimes it is not always good to do a lot of AAA and such a
great analysis, it pays off, especially for some large and complicated binaries. And what? You have to learn. These three books will be in the bibliography in a moment. So yes, that's it. There is also "Reverse Engineering in practice" in Polish. A great book, really. The second one is a collection work under the GINWL editorial office. Just chapter 1 and 2 are a must. If you want to do anything, I can't recommend anything better than the first two chapters of this book, which show the basic things about how the assembler works on x86, and the second chapter is about ELF files, about their loading, all the sections, what is happening there, etc. It is just super-precise.
- and Intel manuals, which describe commands, assemblers etc. etc. you want exactly. On CTF time you will always find information about what CTFs will be in the near future and I really recommend it, much better than some CrackMe etc. because I say with CrackMe it's like "ah, I'll do it tomorrow, I'll do it in a week". And what about the radar and bibliography? Well, there is documentation on the home page, among others, there is a book, except that, as I showed you, this piece from IELTS, some things are not up to date, there was some CFG, but it is no longer there. No one is going to keep updating this documentation on a regular basis. So
yes, documentation is fine, read, radar, book, okay, but not everything will work there and you will have to ask on IELTS, because no one can do that. This analysis by default is what I was talking about, a nice article that explains exactly how much A does what and when to use it and when to stop using it. This page with CMP, Paweł showed a comparison of features of various deassemblers. And I recommend the profile r2gif. I don't know if there will be time for questions. I'm still here. Thank you. I'm sorry for the time shift, problems with the equipment, etc. But I think I've encouraged you a little. Thank you very much. Literally a minute
for a plug. I invite Mr. Zaborski. Please take your seats.
Ok, so let's start. Hi everyone, can you hear me? You are probably a bit hungry, so I won't prolong it too much, because the whole conference is a bit late. So I would like to tell you about the best file system we have on the market, not only when it comes to open source, but also commercial solutions. In my personal opinion, there is nothing better and we can actually use it at home on any platform, which we will talk about later. My name is Mariusz Zaborski, I work in the company Wheel Systems. We generally produce nice network appliances for analysis of traffic, for administrators. If you are interested, please visit our website. I am also a project manager for FreeBSD. This means
that I have direct access to the source code, I can modify it and so on. So if you would like to change something, you can also contact me in this matter. The main issue we should address is whether the disks are indestructible. We never have problems with them, disk exchange is always smooth, we always save what we want, these disks can live and live and live. Unfortunately, it is not. One of the main problems is, for example, disk replacement. If we want to replace a disk in a large memory or even in our computer, it may take days. Because we have to copy all the blocks from this disk to another disk, because in fact our current file systems do not know which blocks are
used in a given disk. Therefore, we have to make a precise copy of one disk to another. If we want to change the size of such a disk, It's a disaster. If we want to change it to smaller disk, it's impossible to do, because files systems will start to go crazy, we will lose data, they will stop working. Another problem is, for example, microcontrollers on the disk. The processor can tell us: "Hey, I'd like to save this and that and that". The controller on the disk can say: "Ok, but I made a mistake and I won't save it". And the disk will say: "Ok, I saved what the controller on the disk wanted". It's also interesting that in fact, at this moment, controllers on the disk are so powerful
that they can run an operating system. I don't know if you've heard, Someone managed to run Linux on a disk. The Linux kernel itself on a microcontroller on a disk. For me it's crazy that we have a computer in a computer. Controllers are one thing, but due to all the changes in the magnetic field in our computer, it can happen, of course it rarely happens, once in a billion times. computers or situations, it may also happen that we have a cable error. Something will go wrong, we have a bit flip on the cable and the bad data will be saved on the disk again. Do you know what this man is doing here? Screaming, exactly. This
man is screaming on the disk. Does it matter? It turns out that yes. Even small vibrations like a scream can slow down the disc, or even cause the data on the disc to be saved differently. And again, here it may happen that one bit will be changed and our data will not be saved as we would like. And the question is whether it matters. One of my favourite examples is that one bit also has a meaning. There is a mistake presented in OpenSSH. This mistake is almost 15 years old. It was based on the fact that we made a bad comparison. The programmer made a bad comparison, instead of checking channels to compare that they are equal, he compared them to smaller ones, and it happens.
Due to the fact that he compared them like that, the user could get a root on the machine. Let's go down. We have an assembler here. It turns out that it was one assembly instruction. Okay, nothing big, one instruction in this or that. If we go even lower, it turns out that it was one, de facto, light. If we go even lower, it turns out that it is one, exactly, bit. One bit separates us from a safe and unsafe SSH. So, do all these changes on controllers, disks and the screaming of the disk matter? In my opinion, they do. It's a bit paranoid, but in fact, one bit divides us between a safe and a dangerous binary. So ZFS appears. In
2001, work on ZFS started. ZFS was created by Sun Microsystem. There was also an interesting story that Sun had a big macer and one of the administrators, I don't remember if he wanted to add disk, remove disk, replace disk, he wanted to do something with this macer, he made a bad command and the whole macer went away. It took another week to set it up. The problem was that there were all the home catalogs of all employees in the company. It was a bit expensive, but it also gave a reflection to Bill and Joy, if I remember correctly, to create a new file system, to think about how our file systems work today and they found that this is not the best solution.
In 2005 ZFS was published to wider open source group with OpenSolaris. In 2007 Apple decided that it was a cool idea, that they also wanted to have ZFS in their operating system. In 2008 ZFS landed in FreeBSD. In 2008, the work on ZFS for Linux started. In fact, the support for Linux for many years was quite weak. At the moment it is much better, mainly due to Ubuntu, which put a lot of effort into making ZFS work on their operating system. In 2010, the time for open source and open Solaris came, because Oracle decided that they will no longer support open Solaris. Therefore, Fork Illumo OS was created, which continues to work on ZFS. And
in 2013, Matt Ahrens, the main designer of ZFS, started the project called Open ZFS. This is a short story of ZFS, if anyone is interested. Let's move on to ZFS. Let's start with the name. Why ZFS? ZFS was supposed to be a file system that would allow us to keep zbyte information. a bit much information. I remind you that it was a file system designed in the early 2000s and then 160 GB cost about $275. It was quite a lot at that time. However, engineers at Sun Microsystems assumed that zbyte would be enough, that it would be OK. At that time, for example, If I remember correctly, there was already EXT2 file system, which allowed
for some terabyte or something like that. So it was a big step. They assumed right away that there would be a lot of information stored on disks. At the moment, ZFS has gone a step further, you can keep more than even a zettabyte of information, other file systems are catching up. So what is so special about ZFS? The difference between ZFS and traditional file system is that we have disk pool. It works a bit like malloc. We have our memory and we want to give a given file system some space. And it is done dynamically. So we don't have to decide right away whether we want to have 160 GB for our We can decide about it later. In traditional file systems we have to create
volume, i.e. create our file system on it and then we have to assign its size, we have to determine that this file system will have this much, it will be mounted there and if we want to change it, we have a very big problem. It's different in ZDF. We can connect these disks, we can disconnect them. It's different with disconnection, but we can add more disks to the motherboard, which is a very, very big advantage. And we can expand our pool and we can say: "Okay, I need a new file system, I don't know, we need a new user and, for example, a new user wants to create a new file system, a separate file
system. No problem, this is my memory that I can use as I want. So here we can see a bit of Maloc approach, we have some space and we have it at any time. And as we can see here, if we make a df command that will display a free space, we have a light here, maybe? Oh, great. We can see here that the available space for all file systems is exactly the same. We have our pool and we have 155 GB and we can use it as we want. Each of our file systems has access to this to this place. Here, of course, everyone can take a different place, but all have exactly the same available access. This, of course, can also be
limited in ZFS. We also have some quotes we can put on a given file system or some other restrictions, for example, the minimum size of a given file system, which ZFS must guarantee us. So we can manage very dynamically how our file system looks. And so ZFS gets rid of my first hated problem when I was installing Linux or any other file system. How to partition it? I just never knew if 50 MB per boot is enough or not. Should I give 200 MB? I never knew that, there was always a problem, it always ended up that everything landed in one partition and let there be catalogs. ZFS solves this problem. We have one disk,
we have a pool in it, and we only create file systems in it and we can dynamically decide whether we want it this way or the other way around. That's why I love ZFS, among other things. The same goes for Swap. We can configure Swap on ZFS and we don't have to worry about it. Other interesting features in ZFS. I mentioned those unfortunate one byte, which may not let us sleep at night, because we will be afraid that our disks will change SSH. ZFS solves it. We have checksum. Each block in ZFS, each data that is saved in the file system is checksum. We can choose which one, we can turn it off, but default checksum is on, so all our data is checksummed. Not only data, but
also all metadata. If we have any information about the block, they are also checksummed. An amazing solution is copy on write and transactivity. ZFS never overwrites live data. That means that if we want to change a block, it makes its copy. So if we have a problem, for example, that our system suddenly turns off, there will be no electricity, then we have no problem that our data on the disk is inconsistent. If we try to write something, ZFS takes this block, copies it to another place, changes it and only when all operations succeed, this block is used. So if at any moment we run out of power or there is a error, our data in the file system is exactly the same. So
either the transaction will succeed or not. That's why we don't have FSCK checks. I don't know if you've ever turned on your computer and waited for a few minutes because you have to check if your computer data is correct. It's not like that in ZFS because the data is always consistent. You either managed to record a transaction or you didn't. There are no half-subscriptions. There is also no journaling. It's present in XT3 or UFS. It's about writing metadata somewhere on the side, the file system writes metadata about the records it performed. It's used during FSC to retrieve all the information that could have been lost. So it writes: "I tried to write here, here, here,
here, And FSTK goes through our diary and checks: yes, I can get it back, I can get it back, I don't know what to do with it. There is no such thing in ZFS. So, as I mentioned, we have this copy on write and it consists of trying to write, modify, for example, two blocks, we modify it, but we make copies, these blue data are still on our disk, we have written the green ones, then we write some metadata, we write some metadata and then we write down the current status of our disk. When we write down the uber block, the data we tried to write down in green is available to us. If we get a disk
in any second or third moment, the green data is saved somewhere. But it was not blocked that the uberblock points to it, so these data do not exist for us, we do not have to perform any FSTK, we do not have to do any journaling, etc. There are simply none. That's why our data is always available to us. One of the problems that we have is that we decided to configure mirroring. We have two disks, precise mirroring of disk by disk. and we try to get data from such a disk. It turns out that our cable has cheated us and there are some wrong data on this disk, but on the second disk the cable did not cheat us and we have the correct data. The problem is that
when we use such file systems as EXT, UFS or others, when we try to read the data, they are transferred to the volume manager, for example, it can be a disk controller or some hardware solution. It may not even know what is there, because it does not know the file system, it does not understand how File system writes data on disks. It doesn't know that. It only knows that it's a write, I have one disk, another one, I want to ask write about this data, here, these are your data. So file system gets wrong data. File system maybe knows that this data is wrong, maybe doesn't know that this data is wrong. If he had some kind of summary, he would say: "Ok, these data are
wrong, but what will he do with them?" He doesn't know that he works in the maternity, because our volume manager is on a different level. So he will either return these data to the user of the application or say: "Sorry, I failed to read the data". In ZFS it looks a bit different. Because we have integrated Volume Manager and File System, when we try to read such wrong data, ZFS will say: "No, these data are wrong, I know that I work in Mirror, that I have several disks that have copies of these data, or I know that these data have some kind of parity and so on, so what will I do? I will read
correct data from the second disk, I will check that they are correct, using, for example, checksum, and I say: "OK, there were wrong data, so here I have correct data, so I will write this correct data on the second disk, so that there is no problem". This mechanism is called self-healing in ZFS and it is done automatically, you don't have to turn it on, it just is. And this correct data is transferred to the application. So we are sure that if we have a problem, the disk will be damaged in some way, for example, we will have blocks in the disk or the cable will be bad for us. Still, if we try to get to these disks, the data will be saved automatically for us. Here you
can also use something called scrubbing in ZFS, i.e. checking if these disks are consistent, if the checksum matches all blocks. But this is optional, you can do it if you have any doubts, so that self-healing is done automatically. And now ZFS supports A few different redundancies. One is Stripe, which I told you about earlier, that we have a disk pool and we connect more disks. It works like a malloc, so every new disk is a new space for us. We have mirroring, which is the first raid, so we connect a number of disks, exactly the same data is on all disks. And we have RAIDZ. Here we have RAIDZ1, 2 and 3. It consists of using as many disks as possible, 5, 10, 20, and
1, 2 or 3 disks are used as pairs. So if it turns out that there is some inconsistency in the material, then we get the data from this pair. Here you can see the rides, the recommended number of minimal rides, I mean the disks we have, the parity disks, it is actually correlated, for ride Z1 we have one parity disk, for Z2 two, for Z3 three, and here we lose a little space when it comes to data. If we have three disk 1 TB and we have RAID Z1, then we have only 2 TB for data. This third disk will be used as parity. And also, depending on the number of parity disks, also so many disks can be damaged or
completely removed. If we have a z1 raid, then if one disk is damaged, nothing happened. If two, then unfortunately the mac is not working. If we have a z3 raid, then three disks can die. Other features of ZFS are, for example, that it is Indian independent. That is, if we have, in today's times it is a rarity, but if we have some Spark and we have some AMD64, AMD64 is Little Indian, Spark is Big Indian, if we want to send files systems between these machines, everything will work. There is no meaning for ZFS whether we write it as Little Endian or Big Endian. And compression. We have several types of compression, we can turn it on any file system.
We can turn on LZ4, it was one of the most popular types of compression for 2-3 years. It is also interesting, because if we have server solutions, often the disk operations are the most time-consuming. Sometimes it is said that the disks do not produce. This compression also causes that on the one hand We burden the processor a little more, but we allow the mother to cut off a little more, because if we have a lot of data, it is compressed, which means that we have to perform fewer operations on disks, because there is simply less data to read or write down. So this compression can also help us when it comes to the lack of IOPS. And the
last interesting solution is Z-Standard. Has anyone heard of Z-Standard? It is a new compression created by Facebook. This type of compression is on the BSD license. In general, Facebook really cares about the use of this standard very widely. And, you know, Facebook sends a lot of data to users every day to render that a new friend has appeared on our pages. So they want the viewers to implement the Z-Standard in their engines. So it is open, it is on the BSD license, everyone is happy. The question is what this Z-Standard brings us. So, as I mentioned, the most popular to use was LZ4, because it had relatively good compression, compression ratio and it was very, very fast. If we needed to keep the
place, but it was not interested in decryption and decryption of data, we used Zlib, which is a popularly known Gzip, which had very high compression, but it was very slow. Compression and decompression of data was terribly slow. Zstandard is a new type of compression, which has a higher compression level than but it is almost 4 times faster. In the case of compression 4 times, decompression 3 times faster. So we can, thanks to this, it is still not as fast as LZ4, but with such ratio we can, it is a big profit for us. What's interesting, in Z-lib, I don't know, G-lib generally has 10 compression levels. We can choose between the fastest or the slowest. If we choose the
fastest, we have a lower ratio, if we choose the slowest, we have a higher ratio. In Z-standard, we have over 20 compression levels. Here it is given for the fastest Z-standard and the fastest Z-lib. When it comes to snapshots, we can make snapshots in ZFS and they are very cheap. Generally, we only record the time of creating a given snapshot. We write down the number that determines the time when the snapshot was created. And now if a block is removed from ZFS, for example we want to delete a file, it is checked whether this block is older or younger than our snapshot. If it is older than our snapshot, we save it to snapshot. If
it is younger, we just slow it down because we don't have to hold it longer. Snapshots allow us to go back in time, if we have a snapshot of a file system from a few days ago, we removed some different data, then we can go back and see what the situation was on the file system a few days earlier. And this can also be an interesting solution for a very popular problem recently, with ransomware. So malware that encrypts data on the disk and asks us to pay or you won't get your data. We can easily do snapshots in ZF. They are practically free of charge. They only cost when we delete data and we can
go back in time and get back the data even if it has been encrypted. For example, in my company we do snapshots every five minutes of our main machines. We can do it, it's not very expensive and we can save our data from any malware. Here we have commands. If we want to make a snapshot, we can use the file system, which we are interested in, and this is the name of the snapshot we created. If we want to recover, we can use the rollback command. We can also refer to snapshots through a special file system. This is a catalog that is invisible, but we can enter, if we have a ZFS file system, we can enter .ZFS to the
snapshot catalog and there we will have a list of all snapshots that we have created and we can normally go through the catalogs, review what the current status was. So, we can not only create snapshots, but also send them. So, if we have two machines with ZFS on both ends, we can send a snapshot and have a detailed image of ZFS from this machine on another machine. We can also create clones. Clones are snapshots, but they are also for saving. Snapshot, as I have not mentioned, is only for reading, but from such a snapshot we can create a new file system, which we call a clone, and then we can also modify this file system. For example, we can create snapshot of the file system
on which our database exists, make a clone of it and run the second instance of the same database. If new operations are included, this clone will save all the new information that has been saved in the database. on this file system and we have two instances of the same database. It may be useful if we want to upgrade such database and check if it will be cost-effective. We also have zVols, which are special file systems in ZFS, which are block devices and we can create new file systems on such block devices. So if we would like to have ZFS and all its benefits, but for some reason, for example, we need EXT4 for a moment or we need a disk to
mount it to a virtual machine, we can create such a zVol. We also have deduplication. In ZTF, we have a nice hash map of all the data on the disk. If a given block repeats itself many times, we do not save it on the disk, but we save references to this block. So this block is maintained only once. We have two types of such deduplication: verify, which verifies the block, byte by byte, the accuracy of these blocks, or we can use checksum, for example SHA-256 and on this basis decide whether the blocks are correct or not. We can also use both techniques, i.e. first we check the checksum, and then we check whether the block
is correct. As I said, we can set quotas in the file systems, we can say that this system can have only 10 GB and not more, it is implemented in the file system, we do not have to use any other mechanisms. We can reserve a certain amount of space for a given file system, we can say that this file system will use 2 TB and all others must be subordinated to it, to leave 2 TB to this file system. ZFS has implemented NFS itself, so we can also share our data through this protocol. There is something called re-silvering. It means that if we have a macer and we drop a disk or we want to change it for some reason, we put a
new disk, an empty disk with ZFS and only the data that was actually used in our previous file system will be copied to a new one. ZFS tracks which blocks it uses, so we don't have to do DD We can push the disk to 2TB, if we have 2TB disk and we used only 10MB of this disk, we don't have to push the whole 2TB. ZFS will easily solve which blocks are used. As I mentioned, we can use ZFS for backup, here is an example of a command where we send a snapshot, here we have an incremental snapshot, so we say that we are only interested in the difference between two times, we receive it on some other file system. There is a very
specific thing for FreeBSD. It consists in the fact that FreeBSD has its own virtualizer called Behive and the whole configuration of this Behive is kept in the ZFS metadata. We can create our own metadata in ZFS if, for example, we want to say: "Yes, this file system is to be backuped", we can create our own metadata in ZFS and say, for example, that ZFS backup = yes, in other files systems = no, so we will only backup one file system. Thanks to that we can use it for example for Multimaster cluster. So if we want to have access to data on many nodes, it is again very administrative thing, but it happens that we have some raw data, which we want
to keep on many nodes, on many machines, then we can use snapshots, Create and send to another node and thanks to that we can have access to data from another node. It is a very easy way to transmit data, much lighter than e.g. through rsync. Other interesting features that may interest us are, for example, Centraceive continuation. When we had this SSH command and we sent a snapshot and we received it on another file system, if we lost a network, we had to start all over again. At the moment, ZFS has implemented the possibility of continuous sending. ZFS also has native encryption, we don't have to use any lux or anything like that, we can say
which systems of files are to be encrypted in which way. And what is also interesting, we can send compressed data blocks, so we don't have to, before in ZFS we had to decompress the system first, file system, all blocks and send them. Now we can send already compressed blocks. Unfortunately, we also have the dark side of ZFS, i.e. problems with RAM. ZFS really likes a lot of RAM. It is even said that we need about 1 GB of RAM per 1 TB. It is very large, that's why it is said that in embedded systems ZFS does not work, because we do not have such a large RAM availability. Another problem for ZFS is defragmentation. If we have a very, because
we use this mechanism, Copy on Write, these blocks are always copied, then changed, our disks are very fragmented, so we have a lot of places where there are some gaps between live data and non-live data. Generally, it doesn't matter much, but it is so. If ZFS has a very large occupancy, i.e. about 90% of the occupancy of the entire disk space, it starts to work very slowly, because it is defragmented, finding free blocks takes a little more time, but the solution is simple, we can easily add another disk and that's it. ZFS is available on Illumo OS, as I mentioned, OpenZFS is based on this operating system, it is available for FreeBSD, it is available for OSX, it is used a lot by FreeNAS,
and also Linux. It is used in Linux. Why am I talking about Linux at the end? Because there is a little war for freedom here. ZFS is licensed for CDDL, which means that the source code must remain CDDL, so all the headers, all the rights must remain exactly the same. However, it says that the binary can be licensed at will. We can take such a binary, we can sell it, we can license it as BSD, we can license it as GPL. So the future Free Software Foundation and said: "Sorry guys, it's not really a freedom, we think that our code must also be on GPL 3.2, if it's not, you can't mix it with our binaries, generally it's not a freedom then.
Fortunately, Ubuntu has a slightly different view on this, it said that okay, but ZFS is actually a kernel module and in fact this ZFS is not part of Linux, but it is separate, so we want to have it with us. So if you want to use ZFS, you can use it on Ubuntu, it is quite simple, Canonical supports development ZFS on Linux. I recommend it. Sorry, I've already said that. OK. Is ZFS for me? So if we are paranoid, then check sums are a cool thing, we are sure that everything we have written is consistent, we have native encryption, we do not have to use any luxes, any other truecrypt, we have encryption in ZFS. We can do
easy remote and local backup, snapshots every 5 minutes, sending ZFS to another ZFS, or even sending ZFS to other files system, but then we have it only as a binary blob, so it can be useful for us. We can also save space thanks to built-in compression. whether it's LZ4, if we care about performance, or Z-Standard, if we care about the place. And most importantly, if we don't have a problem with GPL, or we agree with Ubuntu, or it's not a problem for us not to use a GPL solution, then I strongly encourage you to use ZFS. I also wanted to recommend three books. FreeBSD, the design and implementation of the FreeBSD is the only documentation about ZFS implementation.
This chapter was written by Matt Ahrens, the original creator of ZFS. If we are interested in administrative part, we have two books: Michael Lucas and Alana Jud, FreeBSD Mastery and Advanced ZFS. I highly recommend it, it's a very pleasant reading. If what I presented to you is insufficient for you and you want to read more about either the internals or the ZFS services themselves, I encourage you to do so. Are there any questions? Thanks for the presentation. Two quick questions. One, can you change the volume parameters during the life of the volume, i.e. change the compression algorithm? Old data that was compressed will remain, all new data will be compressed in a new way. If we want to compress it, we
can use the snapshot system and get it back. We just have to replicate this data into another file system and then all data will be compressed. And the second question is about SSD support, with their specificity. Yes, ZFS supports Trim in the latest version, so generally this problem appeared at the beginning of SSD disks, when ZFS was killing SSD disks, because it does so many of these operations of writing, but at the moment there is no problem with it. I have a question. You said at the beginning that ZFS is good for home use. I have large files, for example, some movies from the camera. I don't have too many discs. I don't want to carry large deposits on these disc materials. I imagine
that I have to have twice as much space for the largest file so that it can be copied. We have copy on write. If you want to copy a large file to another place, right? Yes, and I don't have too much space because the file, for example, has, I don't know, 120 GB, and I only have... I mean, if you don't modify it, right? Because, again, ZFS works only and exclusively on blocks, right? So if you don't modify it, then simply this metadata has been passed on, that it is in another catalog, right? If you wanted to modify it, it's not like these transactions, you know, work, If you want to modify 500 blocks, it's not like 500 blocks will go into the transaction.
They are divided into smaller transactions. I understand. And the second thing is that the main solution to the problems you presented was to add a new disk. If we are short of space, because it is a common case, if we have ext4, what will you do if you are short of space? You have to take a bigger disk and copy all the data. In ZFS you can simply add, you can't expand ext4, so my solution was to add a second disk. In EXT4 you just need to have Volume Manager on it, so you have to rebuild it all again. And here you just add another disk, if you just lack space. Is it possible to add disks to RAIDZ so easily? That's a very good question.
In RAIDZ 1.2.3 you can't add disks. There are works that are taking place to be able to add disks. Matt Ahrens has just received a grant from Intel to do it. However, you can have RAIDZ 1, create RAIDZ 1.2 and connect them in Stripe. or simply add a mirror. We can simply create a certain hierarchy of these disks. If we already have one matrix, we can add another matrix to this matrix and expand our space. More or less? Ok, then maybe I'll go back to this slide a little bit more. Here, right? If we assume that these two disks are in RAID Z1, we can create a stripe based on these three disks and this disk
will simply not have redundancy. We can connect these macers at will. Another question from the other side. You say encryption, does it allow you to have the entire system encrypted? individual system files. If I remember correctly, you can't decrypt the entire pool, you can only define individual system files. Sorry, I missed the sentence. So, once again, you can't decrypt the entire pool at the moment, if I remember correctly, you can decrypt individual system files. So, if you want to decrypt your home catalog, or boot, or something else, you can, but there will be a Zpool part, information about the pool, etc., which you can't decrypt.
For each file system you can define separate passwords. The question was whether you can set separate passwords for each file system. Yes, for each file system we can set separate passwords. Two short questions. One, data corruption. It happens to me and scrubbing doesn't help. What to do with it? The guides say: delete, go through it again. But if I don't have a copy, what to do? Can you do something with it? But I understand that you didn't have any redundancies on the disk, right? No, there is RAIDZ2. And despite the scrubbing, you still have... Yes. And what could be the reason for this? The only reason is that all three disks were damaged in the same way. In the same sector? I mean, not
in the sector, but in the block. It's the same data, blocks. This is the only explanation. It would be a very strange situation if something like this happened. And the second question is: is there any idea, like with Ubuntu on Linux, are there any projects like Alternative for FreeNAS, - No, I don't. If we wanted to use NAS solution, I would recommend FreeNAS. I don't know any other Linux based alternative. - TrueNAS is, but it's also FreeBSD. - Exactly, that's what I was talking about. - Question, what is the compatibility of ZFS between San and Oracle? Because there was fork and later ZFS. So ZFS is versioned. When it comes to new features, it is versioned and probably by
2029 they are compatible. Then what I said about OpenSolaris was closed, Oracle closed the project and it develops its own ZFS, so it is not compatible from version 29, but OpenZFS has increased its version to 5000, so you will see that it is not compatible with each other. So you can't use OpenZFS and Solaris ZFS, Developers simply have no idea how it changes. I understand that the alternative is that at least once it was possible to force the file system to be on a specific version. Exactly. It also depends on the features you use. Because each new version is a presentation of new features. Let's say in version 29 you won't have Z standard compression. One more quick question, is it possible to use
ZFS in practice? I mean, I'm a big fan and on Solaris it was a joke for the admin to use ZFS, but later on Linux it started, I mean, I'll say this, I stopped five years ago. So I'm wondering if I can take Ubuntu as the main file system, take ZFS and enjoy it like a child, or will it be a sculpture? If you want to enjoy yourself as a child, I recommend FreeBSD. It has great integration with ZFS and it's... It's a perfect solution if we want to use ZFS. I must admit that I still struggle with Ubuntu and its integration. It's much better. I think I was looking at the integration of ZFS from
Ubuntu 5 years ago, it was a massacre, sleepless nights and so on. Now it looks much better, much, much better. However, it's still not perfect, it's a bit off. Some time ago I tried to configure Ubuntu so that there was full encryption of disks on Lux and ZFS. I do not recommend it. It is just a week taken from life and I could not do it. But is TrueCrypt supported in GRUB to decrypt, full encryption? I haven't tried it, somehow I've accepted this luxury, so... Maybe we should have thought more about it. For now, I've only been thinking about Ubuntu and full encryption and ZFS was very difficult for me. However, if you would like to have just ZFS without
any full encryption, but for example use the encryption provided by ZFS, it should be easy. I have a question that is a bit confusing for the host. ZFS or ZFS? This is a very good question. I don't know if you know, but in FreeBSD environment ZFS was exported by a Pole, Paweł Jakub Dawidka to FreeBSD and he was saying it ZFS, but again all Americans were saying ZFS. Yes, exactly. But OpenZFS says, call it whatever you want. But in Polish, right? Exactly. So, it's a problem of Polish and English language. Are you linguists? No? Okay, thanks a lot.
Now we invite you to a break. There is a playlist, from which you can still use. If any of you would like to take more gadgets, we have some laces, some blanks and dents, some pen and paper, some notes, you can download it at the registration desk or at the organisational desk. Information for people on the stream. We start at 13:30, I hope punctually. So see you after lunch break. Information about the change in the agenda. Hanna Tułowiecka will not be there, so everything is moved up and we finish an hour earlier. If someone wants to make an extra presentation, we invite you. A few more minutes to switch.
Okay, I think we can start. Hi, my name is Marcin Karpezo. It's my sixth time here and I'm very pleased about it. Unfortunately, this is the fifth time I'm sick, so I'm sorry that sometimes I can't speak. Today I would like to talk to you about the fact that as people interested in security or currently in the security of applications and solutions at various stages, We can try to educate ourselves and think about how to ensure security not only with our infrastructure, not only with our safe code, but also with the thinking about the application from the beginning, the design. I will show you a few examples of this. I am also an administrator and a devops. I try to do
it less and less. I also conduct cybersecurity workshops for ordinary users, non-governmental organizations, companies, and audits. This presentation is a summary of the last year or the last year and a half of observing what is happening. So we will talk about such a thematic range, namely the weakest link, where we have problems. What is the greatest threat? And then the way to fight this threat. Through UI, UX, communication, default settings, passwords, etc. There will be two smaller topics related to smart devices, which are also a great threat. And the weakest link is the user. What would we not do if we did not secure our infrastructure? It is the user who did not pay attention to the
email he will receive, who will click where he should not. When our application, our service is completely safe, we have a encrypted database, we have passwords, we do not respond to attacks such as, I think there were dolls in Germany last year, smart dolls, which had an unsecured password, an asql database, which you could simply enter, there was a big leak, The result was that on the basis of the German government's "watchdog" application, the doll's possession was considered a spy act. So the doll was withdrawn and all current copies had to be removed, because the doll kept the voice of parents, children, passwords, conversations, all the access to the doll and everything it saved in
this database. And we have more and more of such cases. Here, the infrastructure is dangerous. But moving on, we can have our service destroyed by a social technology. Let's take a Gmail. How many threats do they get to users? A lot. How do they get there? In this way. They get an email in which we have a part of the interface of the link recreated in the content. And clicking on this link causes the login to the default page "Zaloguj się z goglem". The second example is "open Google Docs". These are two images, two elements of the interface that we know very well using Gmail, just like millions or billions of users around the world. And even we may happen
to click on something like this, despite the fact that we would expect it to be much lower in the interface, right? And these are the two examples when we can destroy a user with such a really simple technique. And if we don't have a safe Gmail, our users can be in a lot of danger. Another element is the elements that make our service more reliable. And here we have a basic Zembank email. Such emails come to us, clean text, you have active delivery services, shipping, etc. HTML or PDF attachments, which can often be harmful to our computer, especially if we use Adobe Reader or simply open a code in our browser that is made in a way that hacks the user. Then we have an element,
and this is already a mail set up, this is already a social technology, access to your account has been blocked. We ask you to log in and at that time this element of the stop with capital and so on was correct. And in my workplace, for over 400 users, 10 of them clicked. And only 4 of them were clients of this bank. And they started to fill in there: name, surname, PSL, birth mother's surname, I don't know, how your dog is being licked. More and more stupid fields and some of them were falling off. but also a significant part of users have passed to the end. Of course, this type of form, as it is happening in most cases now, regardless of when we
will be lost, it records this data and processes it. And this is already a slightly more advanced element of the technical association, although in this case we still have relatively complex, relatively complex written in Polish. How many of these mails do we get every day, where this complexity is very strong and this is what alarms us. So these are two examples of a normal mail without a link. It would seem that it is quite okay if there is no link to click to the bank. With a link it is just set up and you can do better. Some banks do it by sending us an attachment to which the opening is probably done by Raytheon, for example. We also need passwords that we get every month with SMS. We're
putting a withdrawal from your account. To open it, you need this and that password. And it seems to be more or less okay. But the next leaks are really tragic for us. Here I will show you, on my browser it would be a bit scattered. It's exactly this field. In this field we have, it's a cut of a huge database from NetEase, which leaked last year in July. 18 TB of such data leaked. There are phone numbers, address for the apartment, phone numbers. It was very interesting. What do we get from sending messages? We can send to anyone. We got one big book "How to become a Pole with social technology". Among them, I will have to guess,
sorry, but there is one important sentence here.
Among them, we have comments related to the telemarketer conversation. It was a database that contained formulations that had been going on for years in NetEase, when the user wanted to order something online or order a contact online, wanted to order a service without contact with the telemarketer, or if the telemarketer was talking to someone about resignation, update, convincing him to a new service. And from this third record, exactly from this comment, without details, I will wait, We learn that with a certain lady, about the service Internet up to 100 megabits per second, the conversation lasted an hour, because there a little further between Emil and I, I'm bad at aiming, I'm sorry for the waving, but you can just believe me, here is information about when the
conversation started, when it ended. It lasted an hour. For an hour we can talk to the lady about anything. If after an hour of conversation about the service, without details, we can come back to her. There is a man who, from what I know, did not use the Internet in his life. He had it for his daughters. In addition, the record related to his conversation is the resignation from the service. However, what leaked about him? Of course, the e-mail address, the mobile phone number. We will also find the address of the apartment, the home phone number. And these are just three records of 18 gigabytes of data that leaked. So at this point sending
I just wanted to start my presentation. I don't care which one. I'm going to break it. Great, thank you very much for your help. And where are we? We are here. So, regardless of whether we will send encrypted contacts, whether we will send SMS, we have a very big problem. And this is basically something where I, for example, am not able to present a ready-made solution, how to do it well, so that when being a bank, send billing to your user. or a listing of the operation from a given month. It would seem that it is a great encryption, but it is not enough. We can approach everyone in this way. What about Giodo? Giodo is terribly behind on this topic. Giodo has no solution
for this. Giodo will not present you at this moment: "Do this and then everything will be safe." Of course, we must register databases, we must store information according to the law, regulations, but Giodo There are no penalties for such leaks. And even if, a good example is from this slide, two more Yahoo, Dropbox companies. For these companies, and this is a very interesting conclusion from one post from last year, because we learned that 500 million users leaked from Yahoo over the years. They didn't boast when exactly, in what way, they said that so much leaked in general. And everyone was shocked. Interestingly, this greatly affected the value of the Yahoo action. Because suddenly users found out that a falling company, which
we hear only when something closes, someone wants to buy them, most often Microsoft, we heard about them only then. Suddenly we find out that they have 500 million users and everyone is now asking for a change of password. What a miracle! It was very evident in the Yahoo! stock market. Second Dropbox. I'm listening. The second example is Dropbox. Here we know a little more. Last year, 26-28 million users were exposed to the threat, their data leaked. How did Dropbox fall? Someone from the accounting department, in fact, very similarly to Netia, these are two nice examples, very similarly to Netia, someone from the accounting department got an infected connector, opened it and then, when another computer is acquired, they walked on the network until they reached someone with an access
to a database. The database leaked, and its content was published. Netia was also leaked. In Netia's case, we have additional circumstances, because there were Belarusians who wanted to protest. By the way, there was probably also Obama in Poland. We can talk a bit about such a modern attack on the bank of the 21st century, because in the same exact time Netia's server had a fire alarm in Warsaw. And 90% is exactly the same time when these 18 GB of data were transferred from NetEase. So, with a high probability, Ukrainians, holding them somewhere near someone, called out a fire alarm and having a smoke shield, transferred data so that no one would notice. After all, NetEase reacted. For a very long time, it denied that
something like this had happened. It's nice to see how you can follow this post on Niebezpiecznik, which informs about it. So, first the media informed, the security informant informed, Then she admitted to the Internet, but she also issued a statement and did not inform her users. In the meantime, they started to get a lot of information on this number. "We apologize for your data leak" or e-mail. "We are very sorry for the leak of your data, we are very sorry. We have prepared a special offer for you, which is in this link, in this ZIP file, in this DOC file, in this PDF file." One and a half years after this leak, they still get
such e-mails. And if in the case of people in our age, as we are going here, not to mention our level of technological development, but in the case of a regular user, this is a really big threat. And this concerns the elderly, the young, the middle-aged. There we have information in this leak that I showed you a moment ago, from which browser, from which IP address someone used when filling out the Internet form. You can really do a lot with it. If you just want to harm someone, get access to it, you have one encyclopedia of how to hack a Pole. and most often with the social engineering. And you don't have to try very hard. And this is the situation we are in now. And it's not like
we can do something with it, of course for the security of the infrastructure, we can do it very well, we can work on it, it's our task. But we have to think about how, by launching new services, how, while constantly testifying to our users, We can provide them with security. How can we raise this security? What can we change in the interface so that it doesn't happen again? Or if it happens again, to protect them from such things. And now we will go back to our Gmail a little earlier. What can we do when, for example, we have this Gmail, our data has leaked? We have such a big problem. of these basic interface elements. And in the case of Gmail, it's quite difficult
to say that we will change the interface. Because at this point we are reaching millions and billions of users who have very large habits and from what I remember, even the smallest change in the interface is really difficult to go through. So we can't just, I don't know, cut something with a red strip, throw it aside somewhere, so that it is outside the message. If we had something new, great. Let's do it exactly like that. Let's make this type of element, despite the fact that it looks like an element of our interface, so that it is placed in such a way that it will look completely out of place. However, in this case, the simplest
action seems to be something they do especially on Android or mobile applications, such as Instagram, I think Facebook also slowly has it, it certainly has Pinterest. If you click on any link, they will display an additional window with a notification, display the address you are going to and open the external browser. - - you see the original link, this is something that should be used by users from a very young age. Before you click something, wait for those two seconds to go to the screen. But what I'm talking about is the additional window display. At the top, on this one. This is your address you're going to. Do you really want to go through? It can be a bit annoying, but the security raises really, really
high. So that the user will see and make sure that, well, I don't know, there's no Google there. There are still emails like this that come from the translator. You probably had to deal with that too. And then we have a bit more difficult task when it comes to warning the user, because when he finds out, he will see the safe domain of the Google translator. Bing, something like that. And it's a bit of a sleepiness when we see the name of a large brand in the domain. And it's quite problematic. So it's not a field where we have a lot of solutions to a huge number of problems we encounter every day. Therefore, I think and I draw your attention that it is not only code. In
fact, as we sit here and we are, let's call it, specialists in security, administrators of infrastructure, the second part of this room should be, for example, designers, who also sit and listen to how people get in, how people break in, how sometimes their whole life online breaks down, how their data leaks, how they can be processed from the whole life, and it happens. Let's go a little further.
The second solution is to create your own application. This is very often used, we already have it in every bank, sooner or later, in fact, most banks have already joined. Some joined better or worse, Blik is a nice solution, how can you do it better, but it is also not entirely safe, especially for the user, because in fact, the security of this type of application for the user can be ensured when it has at least a password to unlock the screen, preferably a code, not a tag. I hope you know that the slug is the worst way to protect our screen because most often we have dirty fingers. So if someone gets to our phone,
we can guess the most frequent movements on the phone.
In Poland, there is no life insurance yet, but in the US, if you have a sling, the police can force you to unlock it, because it is not a code or something like that, but if you have a PIN, they can't force you to unlock it with official legal means. I don't know how it works in Poland. In Poland, we are safer, worse in the UK. In the UK, if you have a encrypted laptop, and if you don't decrypt it, they have a chance to lock you up, because they have full right to lock you up in the building. So if we don't travel much abroad, it can be difficult, of course. But we have
to try to protect ourselves. There is also something else about blocking the police's request, and there is something else about protecting our phone before leaving it in a cafe, not internet, in a cafe. because we will go to the internet and someone will get to our phone. We will use some applications, but more that it will install something for us, which is not a very big achievement. So to do such things, we have to use and think a lot, creating any application, internet, computer, mobile. Whatever we do, we have to think a lot about the default settings. And what's more, when we add something new, it can't be an option to set up your security, to show a window confirming your address,
but we have to unlock it at the start, because the user won't do it for us. We have to think about it a lot and experiment as much as possible, it's also a terrible problem. Often we have to, having a problem related to our falling users, we have to act quickly. Often under stress or tension, the longer we delay the action, the more users it is. You can make a stupid decision, or do something that from the point of view of UX will destroy the use of our service. It will be safe, but users will stop using it, they will move elsewhere. And so we can also fail. At this point, the fact that there are drops, Dropbox, Yahoo, T-Mobile, it's probably
not from yesterday, there are 70 million users, it doesn't move us anymore, it's normal. For this type of companies, big and small, it's included in the cost. It's cheaper for them to have a leak than to plan to increase the security of their cloud, their applications. And we have to agree with that. We are very often dealing with this, working with larger or smaller companies, with safety. When we propose how we can raise the security of the solution, it is a list of quite expensive steps to be taken and purchases, and to be made and development. It's just expensive, but to make it safe, you have to do it. And then we can look at the big ones
and see if it cost them that much, if it cost such a leak. that in case of being a big company, even a net one, the penalty from Giodo will not harm our financial situation. You know what, you will get a microphone. And what about GDPR and the penalties that are already set there? This is 4% of the entire group's income, not only from the department. - The turnover, but the turnover. - Yes, turnover. Okay, this is a more deductible penalty, at most.
We know the values, but no one has been punished yet. We don't know what the procedure will be like in May 2018, but we need to see how the procedure will look like, how the talks with GEODO will look like, how the GEODO control will look like. the GDPR or RODO Act. The first project is a month ago, and there are still consultations. It is possible, I don't even know the term. So, in short, summarizing this discussion, we are talking about a solution that may be very touching, but it will only come. We don't know how it will be executed yet, but on the other hand, let's go back to our NETI. A company that was attacked by someone from accounting. And at this point, the company's
punishment, of course, is as much as possible, they had a very large outflow, but on the other hand, what can such a company do, apart from even more education of its employees, and this at the lowest levels, to raise their security. This is really hard work on the foundations, it is not improving the security of five servers across. These are really big things, and here we are talking about a very large corporation, where introducing something like, I don't know, from now on we block all the links, PDFs, docs, can be very painful, especially in the accounting, but in smaller ones it can be easier. From today we are collecting files only from our walls, from
today the whole post traffic is still passing through the additional antivirus server. This may raise security, but still, if we land at some address where we have to fill out the form, and there are also non-governmental organizations that, for example, have not lost a lot of money, because by submitting applications for funding or some grants, they came across a website that was similar to the website of a given unit to submit applications. and they managed to fill out the entire form and only after confirming the consent, there was an additional window that they did not expect that they must still pay 10% of this grant in the external company in case of receiving a grant, because they were trying to get the grant for them. And there was really
not much missing to do something like that, to mark it with a custom, because consent is consent and we go on. and instead of applying directly to the body that grants grants, they would apply to the company that would do it for them. They would still have to pay for it. And the company did not show up. When they showed me these pages, they were similar to each other, they really did not differ much. So these are things we deal with every day and they become more and more painful, because this organization has decided to, this person has decided to, and after all, in the case of submitting a request, the person who can do something must be aware of it, who can submit a request, who may
possibly make payments, rather an important person in the organization. If such people fall there, then what else, who else can we educate, what else can we do? At this point, really, in service months, we must take care of it, Maximally impossible to make. And we have to pull out the whole arsenal that may come to our mind, because we have few good solutions, because a green pad is not a way to confirm our identity. At this point, the green pad, maybe Internet Explorer is not the best browser to show you this, do I have Chrome or Firefox here? Yes.
The green pad is already the least protection for us. Because we will go to the Orange headquarters or to the majority of companies. After all, at this point, there is a purchase of software, and above all equipment. There are Fortinets, Fortigates, and this is just an example of another company. There are much more of these companies. But we can put a brick in our company for 30,000, which is basically non-service. It serves the internal network, serves the entire traffic and protects our users. But also when we develop such a pad, Let's see the security information. I don't have it on my computer. This is the smallest one. So this is also a big problem. We have it in Firefox and everything is fine
because it shows us who issued the certificate. We have to think a little more. Again, a bad problem from the UI. But we have information who issued the certificate. If we went to Orange, we would go to a company that has this type of software. We will not see here a company or a website for which it would be displayed, but a certificate would be placed, which of course also gives a green bar. Less Encrypt is great for us, but it is a knife that we can use to grease our hands, or cut our meat and have a nice dinner, but we can also use this knife. It's exactly the same. It's not a bad tool in the
sense that the nose is bad. It's in the sense that it can be used for bad purposes and they do it very often. People got used to the green pad, we put a service, generate a certificate and we have a Google Docs website that after clicking like this, it still gives us a green pad. Log in. Paying attention to it is basically pointless.
So we really need to find a way to do it, especially we as people connected with security. When we have to deal with teams, for example, we have a cut of people from a designer to a developer, we have to look for it, pay attention to it, and figure out how to do it, so that our mom or dad doesn't click on something that can touch us in the end. We go on, on, on, on, on. We have this application, we have these default settings. There is also such a cool idea, the first password. We bought a new router and a new camera. We talked about it in March this year at the Warsaw Informatics Days. If we buy an internet camera for monitoring, which we can watch
on the phone, it takes less than 65 seconds to be hacked if we leave the password unchanged. It happens automatically. There are robots that scan and do it. So the first password is OK, but it has to be done wisely. It must be so that when we launch, for example, we buy a router, we buy a camera that we released, or we release a smart device as a start-up, it will not connect to the Internet, it will not allow us to do anything until we introduce a new password, which is different than the one in the box. Can we use it for the first login, but any possibility of using the service only after creating our own new password? Because if we don't do this, we can
end up like EPC. It is one of many websites, there are applications, there are no more in Play Store, but you don't have to look far to have a mobile application that will allow you to hack the five closest available UPC networks in Warsaw or here where we are standing. Because it is very easy to guess the constantly changing key with which these names are generated and what password can be assigned to it, and 90% of users will not change it. and in this way we will be able to work with our applications and services and this can be called a well-known design of our solution. I say that maybe it was good to change the name of the network in the case of routers,
because you changed the password, but on the other hand, it is UPC, so it knows that they have such routers and maybe there are other vulnerabilities. I know, it's about operators, so they can force users, apart from changing the password and changing the SID, to something like "my mom likes cats". I don't know, on this basis. Yes, here we have again such a quarrel with the UX approach. What is the result of the fact that we have a default password, we have a default network name and it seems safe? Because users didn't do it anyway, they got the admin password for many years and they still don't want to do it. - Ok, but if someone is 80 years old and you demand a change in the
name of the network or password, it may not work, right? In this case, you also have, I think that in most cases, when a company comes to you and sets up the Internet, it is the technician who will do it for you, or he will tell you and give you new data that do not cover up and you will write it on a piece of paper. So I think that the problem of an 80-year-old person disappears a bit. because the technician is always there and assists when you start up. So this is also a basic UX of getting the internet from the provider. The technician comes, installs, we would change the data either ourselves or
with the technician and we would be much safer, we would not be at all vulnerable to it practically. Of course, there are still vulnerabilities, but this is already hacking, this is not UX anymore, someone has to try, explore what router we have or know what router we have and try to find a hole and do it, but we won't be able to do much. But it's hard to change. But much simpler. We will now work on releasing a startup that will do something cool. There is no additional application, or another smart vibrator, or other things like that, or another smart vacuum cleaner that will run and vacuum. And we have to think about such things. When you want to connect to the Internet, you should not allow
yourself to connect without changing basic data, because otherwise it will just fall. We had Mirai, I don't know if you've heard about it, I bet you read all the pages about security. That's exactly how it was. With a little thought, at a earlier stage, we are able to prevent such things as people creating solutions. We also have TV and Smart TV. Here, in fact, a completely different topic in the form of Wikileaks, NSA, CIA and the rest, which, in fact, a short story, CI created and demanded installation of backdoors and listening apps on Samsung TVs. Wikileaks published this data and we had a big problem. Because on the basis of this we had attacks that touched... Of course, TVs are the smallest problem of all this. There
were much more spy, hacking, breaking passwords apps. And it was that month, those weeks, when hospitals in the UK were falling, when FedEx got its share, a whole bunch of companies got their share of the ransomware. The ransomware that was processed based on what came out of the Wikileaks was processed into a CI order. There were people who tried to... The first, the biggest destruction of this attack was, as far as I remember, a security specialist found a kill switch in the form of a ransom referring to an domain and if it didn't exist, it worked. So he just bought this domain and just looked at how many hits there were in this domain and managed to stop the first wave of attacks. Is my time running
out? No. and stopped the first wave of attacks. But then, because the code was already open, there were more modifications and it is getting harder. It happened that in June I was still sitting in the pub and around 3 p.m. 10-15 people appeared, they ordered a lot of beer because they told them that they got a ransom and were going to go home. And they worked in Warsaw Spire. So it seemed that the company that was responsible for the security was quite large.
But here we have a problem of such a built-in device, which is almost at home. Here the problem was that this TV, despite being off, that is, displayed us in this place a red light, which we all expect. He was recording everything that was happening and transmitting it to the Internet. Very unkindly Samsung tried to inform users earlier how much legally he could and released an update, as far as I remember, of the security policy. related to TVs, in which he noted that it is good not to have private conversations in the presence of Samsung TVs. Their problem was that when NSA, CIA, etc. came to them, they received a document in which you would
give us everything and do what we want you to do, but you are not allowed to say about it, so they were looking for some kind of way. But of course it wasn't enough, because who reads the Security Policy? There was a bit of news about it, because someone read it and found it, but it was still very little. It's not something we find on the main website, such news. So we have Wikileaks and we have CA. The big problem with solving this is that to break this ransom, the easiest thing would be for CA, which created it, or at the time it was created, to publish some form of a system patch or some form of update that would allow to decrypt this ransom. But they can't do
it, because then they would officially admit that it's from them. And they deny it. And they will deny the death sentence. So very often, in the case of solutions that land on our computers, on our TVs, in our homes, in our apartments, in the event of a threat, we are basically under the influence of a fairly large policy, which we will not do much with.
And here you can think about the problem, how to do it, so that these devices can signal that they are turned off in some other way. Or how such a device can be created, so that the user is more aware of what is happening to him, when some new software is installed, new updates, how to do it, to install updates, it is very difficult. How to do it, to install updates, especially larger ones, and inform him so that he could read it. What could have changed there. Yes, the 0:1 connector, yes, that would also be some option. Maybe you do a quiz, basically, you don't answer, you don't watch a movie, right? Or something. I
will tell you some things, I saw users who come to work after a hard day and just throw such a TV out the window. You go down the street and only those TVs that are flying through the window. What my friend suggested, which already existed, if you played original Amiga games, you had to type a specific word from a specific page of the manual. So it worked, so you can go to that page. So it's like a sentimental journey in the form of a game. Maybe we can look a bit further, what we have when we have a display on Chrome,
Shift F5. You'll get the microphone.
I have a question: how to stop such a movement from Samsung TV? I must admit that my TV is not smart, not connected, but if I wanted to watch movies from YouTube, It's known that apart from YouTube there are 15 different CDNs, some other shit is popping up, these pages are alive. So whitelisting is not an option on Firewall. Are the signatures of this movement detectable to be used at all? Or there are billions of different domains generated randomly and not to be detected? Here we are dealing with the HTTPS problem, which of course spoils our plans in detecting it. But the solutions I mentioned, which provide their own certifications, which are the SSLs, which
are issued from our Internet, provide their own, they allow for such things, because in the case of such a solution, being its administrator, you are able to block the user from sending a messenger link. You are able to block the user from posting images on Facebook, i.e. to detect what kind of traffic it is. Yes, but I'm talking specifically about the spyware from CAA. In this case, we would most likely need a similar solution that unlocks packages, because such a movement is rather done by HTTPS. I would suggest the other way around, that is, to block domains, because this is a limited number of domains with which this device connects to its control servers. In this case, we can also encounter a problem that was with the Windows update
to 10. I don't know if you remember it, but there were such... Windows 10, when we installed Windows 7, it was the next one, first we just sent a notification, very stubborn, but a notification, then the system started to download without our knowledge, and finally there was only one confirmation and it wanted to install itself, which of course slowed down the system terribly, so we started to suddenly magically feel the need for updates to 10 even more. And part of the solutions was also created, that blocked Microsoft's actions. And Microsoft reacted to it. The first basic action was, of course, blocking communication with control servers. What Microsoft did was make these servers respond to other important things in the operating system of Microsoft.
So such companies will also react in this way. It was a basic action that broke marketing, broke the possibility of implementing a free solution. So they reacted. Microsoft updates are more likely to be installed more often than software updates on TVs. Yes, so in this case, changing such a link would be harder. But I suspect that they could also start to react if such a threat appears. Especially if we blacklist servers through which updates are being downloaded. Do you have any more questions about what has been going on so far? Please, put the microphone back. It will be a more skeptical comment. I don't know, I got a little skeptical today. I will say this. First
of all, from my experience, and this is my subjective opinion, so first of all, we never solve the technology with the help of socio-technical experiments. We have been trying to do it for 20 years and it is not working. This is understandable because these are two separate domains. Secondly, the attempt to change habits of users is fighting with windmills. And this analogy can be: imagine that one of you has a car. You go to the mechanic because something is not working in the car. And this mechanic tells you: "You know what, when you're filling the car, you have to stand on your right leg, lean your left hand against the car, load the gun with your right hand and you also have
to wear a green shirt so that it works the way you want it to. And additionally, it's the car's manufacturer's fault that this car doesn't work. None of us will do it. Or almost none. And this results in the third conclusion, very unpopular, especially among people responsible for safety, that educating users makes no sense. Or it makes sense to a certain extent, and again, analogy. It's a bit like in school. Children are learning. If there are several students in a class who want to learn something, we will have a positive effect of education. Most students in this class will not acquire this knowledge. The same is true for the education of users related to security. For me, the conclusion is
very sad, but I accepted it a few years ago that there is no solution for it. And you have to look for, as if in the chain of attack, you have to look for a solution further, and not worry about whether the user clicks phishing or sees this green jacket and some red light will light up. And how would you solve the problem of phishing on the next page? It all depends, but looking from the company's point of view... We can talk about it on our Gmail, if it's a good idea. The most... With my clients, when I work, the most... I put the most emphasis on detection. Yesterday, Borys told about a story, that administrators, who
discovered phishing, wrote some scripts, which started to dedos this phishing website. For Boris, it was unreasonable, and I agree with him, but by modifying this technique, we could have done something different. These administrators could have written these scripts and instead of dedosing, i.e. trying to make this page unavailable, they could have loaded false data to this phishing page, and then Fischer wouldn't know what is true and what is false. We automatically increase its cost of attack, because instead of 20 passwords it will have 20,000 and if it is determined it will try to check them. On our side, of course, we can write an automaton, we can react to it by blocking IPs after 10 incorrect passwords, etc.
So it's always a game. That's it. - The problem is that the machine is not received, but it is used somewhere. - You mean DDoS? I'm on the side of those people who have hope in user education, because at least when they come to my workshops, they are often frightened before the first break and then we work on what to do to make it a little better. The effect of my workshop is usually that they go out in a fairly calm way. If they come across any problems, they can always write and we can solve various problems there. Regardless of whether it will be workshops for librarians, how they can ensure the use of children in the school library, whether it will be the activities of an
outside organization. It seems to me that more aware, and this is really aware of those who want to be aware, and not all of them from above, like religion at school. because it will not work. We can only try to make people want to educate themselves, and not to be forced to do it. Because of course when you get a permission to do training for 200 people on the subject of security, so that they get scared, there is no chance that it will work. You have four hours, you have to talk to these people about the subject, you have to scare them, 200 people sit in front of you, and what do they have to
do with it? This is a lecture of religion at school. Such things make no sense. Comment to comment, if possible, because it's a different practice. On the other hand, there is always a level when further security does not make sense, because the company does not exist to be super secure, but to take money. If it costs more security than losses caused by a hole, then we stop security and it is logical. But when it comes to awareness, especially this example of accounting is good, because at least where I work, I usually find such a team where the lady writes like on a machine, that the keys are flying out. and it's hard to explain everything
to them. Sometimes they need to be helped to turn on this device, they don't know what's going on. But there is a level of training, especially in a bigger company, which makes sense, and then we do it actively. The biggest success where I worked had a password "invitation to Facebook" or "LinkedIn" by a fake president. We looked who would do it, who would react, the coverage in the audit was 100%, the biggest success was with us, but later on, or the next editions of the same exercise, it was getting better and better. People were clicking more and more, they were announcing the tradition and listening to some bullshit to check what it is. And it
works. Even today, with Mrs. Krysia, not approaching anyone, they were coming to us, because I have such weird things here, and the previous thing you told me when I clicked. So if someone takes it, it will come in, but it is possible to reduce this level of training to such a level that if it happens, it will mean that we are really unlucky, and not that we gave our bodies somewhere. Maybe I'll add another comment. From my experience, I can say that it's a bit rude and vulgar, but some people are just morons. We won't skip that. Speaking of Krysia, my colleague once said that in one company you can work for maximum 5 years and you just have to change it, because people are
burning out and so on. Maybe it's not a matter of us not securing, but people who keep people in the wrong places for too long. It is also one of the... Let's say, a lady, or a manager who has been doing the same job for 30 years, let's say, a manager who is now around 60, he has everything done, he has been doing it for 30 years, and he claims that he always does it best, right? And we don't educate such people. Yes, it will be worse in the case of managers with family companies, or state ones, because state ones require these changes more. family companies, would it be a big problem or some such corporation? One more comment and then comments. Yes, I have a
comment, in fact, two comments. Regarding training, it may be that training people is exactly the same as training children, or ourselves when we learn. If we learn something and we don't use it, then we just forget about it. And people will forget about security exactly the same. So it is important to repeat the material, because it is important, i.e. to teach as much as possible, of course, you know how it is, if it is profitable. You have to give them, as in schools or somewhere, practical tasks, i.e. give them the opportunity to use the knowledge they have learned, i.e. do tests, enter the building behind someone, pull something out of the printer, send some mail
phishing. It works for people and it actually works. Regarding Mrs. Krysia and the comment that people are morons. Okay, let's assume that people have some restrictions. For such people, for example, the ideal solution is, I don't know if you have seen, Boris's training. I started this training in my company. I let people train for a whole year, because they had a new lesson every month. There are six lessons. I will tell you that people like Krysia came to me and said: "I didn't know about it, but it's so cool, and now I'm going to tell my husband how to set the password." I think that very briefly I will repeat my thesis yesterday, that it is easier to secure
a small company with 100 people than one with 100,000 people. Even if the company is small, it does not have any money, but with a determined administrator, And this is also known as autopsies. It was much harder to get to a company that had a paranoid, really paranoid, when it comes to IT, than a company that has several dozen thousand employees. The same will be with programs, and here, what you said, educational programs, through practice, I say everything, but the scale kills. Do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do
it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do
it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, do it, What I wanted to say, and I always repeat it to my clients, is that security consists of three processes. Protection, which unfortunately everyone focuses on, including bug hunters, etc. But there are two more elements: detection and response. These
two processes are the most suffering, and we should spend at least the same amount of time on them, as well as patching, changing passwords, policies, educating users, etc. Thank you. Thank you very much for your comments, answers to comments and answers to comments. That's all from me, because the time is up. So, the last sentence: "There is a lot of work ahead of us, and we have to do even more conceptual work." Because we can look for hours and find more examples where we fall at the design stage, and it could have been done better. So, thank you very much for your attention. In case I'm still here for a while, I'm a little sick, so I'll probably roll over.
You can write to me at imiemałpanazwisko.pl. And see you. I hope next year. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
It will take a moment. Still no signal? Still? Yeah, still no signal. Okay. What is this?
- Yeah, it's Ubuntu. - Ubuntu, okay. If you could get a text terminal or do they have like a system thingy? - That's this. - Okay. - Do you have a signal? - Screens. - Stop, stop. - Go to your presentation, everything is good? - It's good. - Okay, now we have a signal. - Great. - You need a clicker?
Okay please take your seats we'll start with the next presentation. Good morning everyone. I'll be talking about cryptography. I'm really happy that so many... that so many cryptographic topics have been beautifully spread at the conference this year. I think I managed to encourage people to show that it's not that scary. Today I'll try to go a bit deeper into the subject. About me? Maybe someone met with my program. Yes, someone met with the tunnel? Yes, a few people met, nice. I don't know if someone met with libp11 or with the PKCS11 engine. Nobody? Oh, one person has met. By the way, what about PKCS11 standard? Does anyone know what PKCS11 is? It is an API interface,
defined by which you can communicate with cryptographic cards. I have been the guardian of the interface between PKCS11 and OpenSSL for more or less two years. This is my new project. And here I will talk about the evolution of something I started a few years ago, the shortcut function. The first version of this shortcut function took off in the competition for SHA-3. It collected a very interesting cryptoanalysis. I think that was the point. The second version served me well for the doctorate. And here is another iteration, the fourth and fifth.
I will tell you what are the shortcuts, such a baseline so that everyone knows what we are talking about, what is it all about and what are the requirements for the shortcut function. We use this concept somehow plus or minus intuitively, it would be nice to systematize it. Later I will tell you about these classic shortcuts functions, which for many, many years, up to the function, up to the actual of the competition for SHA-3, all the shortcut functions we met were the functions based on the Merkle-Tegmar-Damgard construction and I will talk about it. And then I will tell you about my idea of improving it. So, the shortcut functions. Short function is a function that has an input of any length,
some byte or bit, and output of a constant set length for a given variant of the shortcut function. And it would be nice if this layout, if this dependence on input to output was fairly even. These are all the requirements we have for the shortcut function. Does anyone know this shortcut function? What is it for? For control sum? PSL? Who said PSL? I have a notebook. Congratulations. The second function is CRC32. Has anyone heard it? Does anyone know what it is for? For transmission errors. There were a few things that used it. For example, floppy disks to detect errors. The third function, does anyone know? Zlibs, etc. use this type of things. Cryptographic function of a
shortcut. Here is a confusion. If we have a shortcut function and a cryptographic function of a shortcut, what is the difference? The difference is that the usual shortcut function is used to detect data modifications, but not to detect target data modifications, but to detect random data modifications. Like a transmission error. For example, the first one is made to detect when someone changes two digits in reverse order. So that the control digit always changes if someone makes this kind of mistake. Or one digit changes to change. So it detects this kind of things. However, of course, it can be generated in a trivial way. a correct code, knowing the algorithm, because there are not many possibilities for this reason. In the case of cryptographic functions, we
are looking for a little more complex properties. The first thing is unidirectionality. We would like the functions of the shortcut to be unidirectional. This term will come back a few times. in my presentation, so that on the basis of the output, nothing could be said about the input, about the value that is, that is shortened. Yes, the second thing, cryptologists, smarter than me, claim that it is impossible to bring it to the first or the other side, that it is a separate property, that on the basis of some one, one value of the shortcut, so that you can't find another output that gives the same function, that gives the same value, The third thing is resistance
to collision. What are these collisions and what is the difference between them and finding the second counter-image? The second counter-image is the second input data, which gives the same value of the shortcut as the first one. So we have one set, and we are looking for the second one, which is different and at the same time gives the same shortcut. In the case of collision, however, we are looking for two values, we have full freedom of choice of these values, two random values that give the same shortcut. Is it simpler? Yes. We'll see why in a moment. To abstract from the function, from cryptography, from the shortcomings of the function, which can be hidden somewhere inside, there is something called the birthday paradox. As
it is always explained, when we have a class, there are about 23 people in the class, we have a 50% chance that two people in the class have birthdays on the same day. And this probability then increases. with 365 days. It is translated into large numbers in such a way that if we want to ensure security at the level that is currently considered acceptable for the 2 to 128 type, for symmetrical algorithms, that it is necessary to do something with 2 to 128 iterations, to make the attack effective, or the size control, then we need as many as two times as many attempts.
To ensure safety, we need as much as 2 times the length of the shortcut function. That is why these shortcuts are not shorter than 256 bits. To be more precise, the function 2 to 256, to have a 50% probability of collision, these functions must be generated in the order of 1.2 times 2 to 128. a little more than the element of this value. So that's where it comes from. What do we use cryptographic functions for? To detect target modifications. And here are the functions of the shortcut, we know MD5, SH1, SH2, RIPENDI for some time was such a competitor for SH1. All of these functions, except SH3, are based on the Merkle-Damgard scheme, which I will talk about. How do we calculate
the shortcut function? It's a bit like what it looks like from the API side. We have initialization, where we set the initial values of this state, which we will update. Then we update this state many times for subsequent data portions, because we can calculate shortcuts of larger data blocks than would fit in memory. Therefore, this function can be called many times. And finalization. This is the perception. When it comes to collisions, to protect against collisions, the update must ensure them. When it comes to other properties, it is enough to ensure them finalization. And to the promised construction of the Merkel Damgard. Here things may start that not everyone will know. The construction looks like this. that we have a function, it is called, wisely,
the compression function, which is a one-way function. It is a holy grail of cryptologists, one-way, that something is happening on one side, and on the other side it is impossible. We have some mathematical construct, which I will talk about in a moment, which is supposed to ensure this one-way. And we divide the input data stream into blocks, in case of mentioned functions, 512 bits or 1024 bits, for example SHA 512. We divide it into blocks and introduce them to the compression function input, along with the value of the previous block or at the beginning with some value of the initiating vector. And now, if we are able to find some two input blocks that give
us the same value in this place, two blocks that give us the same value in this place, then we have a collision. How does it look for example for SH1, such a one-way compression function? Here we have some bit rotations, here we have some simple function, like XOR and OR, such operations with four words. Here we have five 5 32-bit words at the input, the same at the output. Here we have the module adding operation. Here we introduce a constant, which also changes. There are 4 different constants and 4 different functions f. And here we introduce a piece of these 512 bits that enter. There, processed.
And we do it all together 80 times and we believe that it is one-way, that it cannot be moved to the other side. The disadvantage of doing it 80 times is that it takes a little time, even if it is simple. It is worth noting that when we add these four things here, they reach the first fragment, the first 32-bit number, which in the next iteration, in turn, reaches the second one. So, to a certain extent, these operations can be a little parallel, that we are able to count two rounds more or less at the same time, because we do not use the result of one round immediately. So there is a very limited possibility of parallelism.
But we are limited anyway. These 40 rounds are performed one after another and every second round depends on the previous results. These non-trivial results that we have to calculate the function f, add and so on. This is a simple rotation operation, which is simply switching bits. And the finalization. Here we reach the attack we heard about the first day, the length extension. The finalization is that at the end we write the number of bits converted, the total number of bits converted, we supplement the block to the end with zeros and we convert it normally as if it were an output block. Hence the triviality of the block, that you just need to add something to
it. And then you can finish it and get another correct abbreviation starting from the same number. So if the secret was at the beginning, then in the new abbreviation the secret will be counted at the beginning. The security of this solution, generally there are some to the structure of the Merkle-Damgard. It can be proved that if the compression function is a one-way function, behaves like a random oracle, another holy grail of cryptography, then the structure is safe. However, in practice, cryptologists show that if this function is not entirely ideal, then these properties allow, for example, to replace blocks with places, if only some fragments, blocks' lines are found, which have the same input and output, then they can be replaced with places, because each block is
identical, each compression function is exactly identical.
and length extension, which I've mentioned before. Efficiency. If we have to ensure one-way performance in every block, in every iteration, then unfortunately there is no chance to work super fast. Also the idea of multiple iterations, the function of the round to obtain compression function,
is not very easy to be parallelized. For the simple reason that each next operation must use the results of the previous iteration. In this case, the SH1, which we talked about, every other. But there is a lot of it. So here I saw a possibility of improving this solution. And we come to my idea. The idea is that if it really is, as it seems to me, that one-way is required only in finalization, then let's not do it at every step. Let's not do it at every step. Let's not convert every block of data so that it cannot be reversed, because there is no such need. Because it is wasting time that we can use for something else.
The idea is that instead of having a block of data that we iterate, that we process with subsequent batches of input data, we divide the input data into fragments of 128 bits, not 512, so a little shorter, and we process them, we XOR them from with 128-bit state vector. It is a 4-element state vector. We process these 4 elements of the state vector completely independently, using 4 different non-linear functions. This is a common method for the whole StreamHash family, with accuracy to the number of blocks. One difference concerns the last state vector, where apart from In addition to the previous value and the input value, we also doxorize the number of bits converted so far. What is
the use of two things? First, it makes it impossible to do all these attacks related to block transitions, because each operation is different. and secondly, it takes care of the thing that is done in the finalization of the Merkle-Damgard construction, which means writing down the number of bits converted so far. In the case of the Merkle-Damgard, it is writing down the number of all the converted bits. I write down the number of bits converted so far every time, which means that in each block with exception of the last one, it will be the multiplicity of 128. In the last block it can be a number smaller than 128. This increase of the number of bits converted.
And the finalization. The finalization is done by remembering the state of the function. I remind you, the state of the function is these four numbers, 128-bit. I remember this value. I reset the state and perform 12 iterations of my non-linear function, similar to the actualization function, not identical to the actualization function. One difference is obvious, I do not provide the original input data, because they are already over, I have already converted everything I had to be converted, and now I finalize it, so I give these four values. Here is the difference between the usual AES, I mean I skip the function of key expansion, which is in AES, which prepares the round keys on the basis of the main key. Here
I simply add these four values in a circle three times. I perform these 12 rounds and I process.
I process it and add 12 more rounds to the end and the result is the value of the shortcut. The value of the state function of this state vector, which is at the end, is the value of the shortcut. One question, please. Do these NLF functions have to be identically fast so that this multidirectional, I mean, parallel processing, you wouldn't have to spend too much time on sync, that now you can do this, and now you can do that. I don't know if I pronounced it correctly. Yes, yes. Could these functions be different? I mean, significantly different in terms of efficiency. These functions have the same structure, they are performed at the same time in all
versions of the shortcut function. In the original, maybe it's a good time to tell you what such an NLF looks like inside. In the first, second version of StreamHash, we are at the fourth, In the first and second versions of StreamHash it was just an S-box, a lookup in the table. A simple transformation that provides a sense of non-linearity. Here I used the function of the AES algorithm round. with a constant key. We have four different non-linear functions. They are implemented in such a way that AS is calculated with different constant keys. So there are four constant ones and they are used here. Okay, finalization. What is the efficiency effect? The efficiency effect is such that in comparison
with these SHA-256, SHA-512 functions,
Both scales are logarithmic, here is the number of bytes, so the less the better.
A more general question about efficiency, because it's intuitive to say that the faster the shortcut function, the better, but for example, to store passwords, you use bcrypt, which is cool because it's efficiently heavy, and here it's nice that it's heavy and it's hard to brute force passwords, so the faster the better, or the longer the better, or does it depend? Good question. To the shortcut function, the faster the better. As in cryptography in general. Generally in cryptography, such a philosophical side note, it is not difficult to make a safe function, a safe shift or a safe shortcut function or a safe algorithm. It is difficult to make a safe algorithm that works in a meaningful time. So the faster the
better. But if we want to use it for key derivation or for an application where it is good to work it slowly, Even the efficiency of such raw calculations is not necessarily sufficient, because if we talk about bcrypt, scrypt and this kind of things, they are optimized not only in order to perform - The idea is that it should be done on general purpose software with the same efficiency as in optimized solutions for breaking, so that the use of dedicated hardware does not give the attacker an important advantage. Because even if we use it for passwords, we don't want to stop the attacker, and we had to spend most of our time on our application, which is not only used to check password logging, so
that the application only checks passwords for logging. We don't want the user to wait a minute. Our application is the key. Another question for these ASICs. What are the typical tricks to slow down the hardware optimization? The typical trick is that we generate some table based on this password, and then we count the table as a shortcut. In a way, there are some mechanisms like that. We better count the abbreviations from the back. We fill out the table on one side and count the abbreviations on the other side, so that we can convert what we counted at the very beginning, so that we can write it down physically. So here are the two most popular SHA
functions at the moment: 256-bit and 512-bit. Here is a curiosity that the 512-bit is faster, that is, it needs fewer bytes per cycle, although it is safer. Does anyone know why? Maybe the length of the word or something? Who was the first? I think here somewhere. That's good. Fortunately, I have a lot of messages. Thank you. Yes, the answer is good. SHA-512 has been designed to effectively count on 64-bit processors. Therefore, they can simply process twice as much information in a cycle. And so from the first day of today's conference. A mistake, right? From the perspective of always seems stupid. Well, single round of AS does not provide full diffusion of bits. What is the diffusion of bits? Diffusion of bits is
the property of cryptographic transformations, that all bits of the output depend on one bit of the input. The avalanche effect, and other such definitions are used in cryptography. And the result was a completely complex attack. I will let myself go a bit deeper. To provide diffusion of bits in AES there are two operations. The first is ShiftRows. Maybe a step earlier in AES. AES processes 128-bit portions of information and processes them in such a way that it puts them in a table, at least for the sake of explaining this algorithm, in a 4x4 table. 16 bytes on one side, 4 bytes on the other side, 16 bytes, 8 bits, 128 bits. Thank you. Unfortunately, these
are not my props for the author. So first we move it, so if, let's say, this bit, only this one byte has changed, we have Sbox before, which I omit here, so it only processes single bytes, but here is an important element, that if we have only one byte changed, then this byte remains unchanged. So this operation in the first throw gives us nothing, but in the second throw we have a mix columns operation, which is the most beautiful thing in AES, actually the only such innovation of this algorithm. This is a little bit of magic realized as the multiplication of these things in columns by the matrix, or left-sided multiplication by the matrix. The multiplication through the left-hand matrix. First
there is a matrix, and then there is a vector through which we multiply. So we have these four vectors, we get new vector values, where all these bits mix quite nicely. The effect is very pleasant, that within such a column all the input bytes depend on all the output bytes. Very elegant thing. After the second step of AS, we have the effect that each column is nicely mixed. And this is how it looked in StreamHash 4. We got 4 nicely mixed columns instead of the whole nicely mixed 128-bit value. If we go back to the previous operation, what would happen if we repeated it? It moves. Each line has a piece from each column. If we did
the "mix columns" operation again, we get full diffusion after two iterations. That means that each output byte depends on each input byte.
Hence the first idea for StreamHash 5, i.e. two AS rounds in each step instead of one, for the simple reason that they provide full bit diffusion. The second idea that came to my mind, which I liked less and less as I analyzed the issue, is to increase the dimension of the state vector.
That means instead of counting 4 128-bit numbers, you could count more of them, even up to 12 and only then shorten it at the end. I think that the implementation of StreamHash 5 will appear on GitHub before the end of the year. I would like to think about it a little more. Although I already have a strong conviction that this attack can be fixed, that it is not an attack that fundamentally questions the very idea of the StreamHash family, and only the implementation error of this non-linear transformation. I have clearly exaggerated with simplification. But the idea is that it should be as simple as possible to achieve such an effect. If I go back to the issue of efficiency, here is
the difference in efficiency, let's say up to 128. Why does it look so strange? Because this finalization must be carried out every time, even if we count the shortcut for one byte. Therefore, for one byte, for two bytes, for 4 bytes, it is like this, after 100 cycles per byte, after 1000 cycles per byte, it takes to calculate it, only when we reach a few hundred bytes, 512, 128 bytes, then the results stabilize at some level. What is the difference between this? Between one and the other, it is a row, between the faster SHA-512 and my StreamHash, it is more or less a 12-fold difference. I have a question. There are Shadva functions on this
chart. Shadva 3 won the Ketzak competition. What does it look like in the background of the other functions, including StreamHash? That's why it was not accepted that it does not look better. Because this competition for our 3 was strongly modeled on the previous competition for AESA. When there was a competition for AESA, there was a triple DES. By the way, further, in detail, to attack this Suite32, that the data block is too short, which is not a weakness, implementation of the functions, but the very foundations of this function, then the triple DES is still quite safe. There are no practical attacks, so that the triple DES could be attacked practically. However, it is terribly slow, because the triple DES was designed for hardware implementation. It
did not predict implementation at all. It predicted the implementation of the software and defended itself to be as slow as possible in terms of capabilities. The idea was that the breaking ones would be the American government, and those who would try to secure themselves would be some sort of weaker financial institutions. Therefore, DES was designed to make the hardware implementations fast and the software implementations to be as slow as possible. and the bit change in places that are very unpleasant to implement. So when the AS algorithm was created, the main motivation was not to make it safer, but to make it faster. And in fact, this effect was achieved. It is much faster. even in
software implementations without a hardware igniter, which currently has processors. Currently, both Intel and ARM processors are equipped with hardware-related AS instructions. With Kecak, I understand, this acceleration process did not work. With Kecak, this acceleration process simply did not work. Exactly. And that's why the problem with the adoption of this algorithm is that it is comparable, a bit slower even. I have a perception that the biggest advantage of KetSak is that it is not based on Merkle-Damgard and if there is more milk in it, we have something in the background. Yes, that was exactly the intention, to come up with something that will not be based on it. And with this thought, the first streamhush was also announced for this competition as something that is not based on Merkle-Damgard.
This is sponge, a sponge. This is also a very interesting idea, not orthodox, another solution, another approach to building a shortcut function. Thanks. So, here we have a 12-fold acceleration. Returning to... Returning to my idea, if we would run two rounds of DAS in each step, we would get only 6 times faster than the previous functions, which is still a good result. So I'm of good opinion. when it comes to performance. However, what is my biggest concern, however, is the issue of safety assessment. If someone could come up with an attack that would be applied in this improved version, which will be released soon, it would be valuable.
As for implementation, at the moment the current implementation is StreamHash 4 and the next one is StreamHash 5. It uses the ESP manuals. Maybe it would be worth it if someone would spend some time and implement some kind of a side-channel-resistant implementation on pure C. Or maybe also for ARM. That's what comes to my mind. If someone has any other ideas for other platforms, where it would be possible to implement it, it would also be valuable if someone wanted to join. There were two different solutions for the hardware AS in ARM. At least as processors. Yes, I mean only which ARM, because ARM is quite a wide range of processors. What calibre do you like? I was
thinking about 64-bit HARMs, because that's what's included in 64 architecture. The general question is: where did you get the idea to play with it? If I remember correctly, you also have a encryption algorithm on your account. Is it a hobby? Do you think that something will come out of it? I mean, I think you are probably the only person in Poland who is so serious, or I don't know, to be used for it. These ideas were not rejected at the application stage to various contests of yours, so I assume they are not bad. Only a question from the point of view of the idea for such a hobby or an idea for something more? No, I was not dealing with the keywords. I think I must have been wrong.
I think I must have been wrong. Or with another contest for the European hash? No, no, I was only dealing with the short functions so far. Why the idea? Because it's interesting. Like with everything. In the first slide, when I was talking about myself, I didn't say where I was employed, unlike all my predecessors at this conference, or almost all of them. I have a lot of things to do outside of work to bore you. I don't need to tell you about work. Of course, we are also looking for employees. Everyone is looking for them. Thank you. I don't know, maybe... Yes, I said about the functions of the script, about the construction of Merkle-Dumgarde, about the function of StreamHash.
Does anyone else want to ask any questions? We have some time, a few minutes left. Okay. I think I'm seriously considering making some t-shirts for the next year. For now, I have some notes. No, seriously, very nice. These are more compact than last year. If someone wanted, they are still to be taken, they are still there. Thank you very much. I made myself beautiful new business cards this year. If someone wanted, I would put them. Okay, for those who did not use the tunnels, it turns out that most of the room did not raise their hands, maybe it's just so hard. TLS tunnel is a proxy that can receive connections via TCP and connect to the indicated address
via TLS or vice versa. to receive connections via TLS, and connect to TCP. This is a situation when we have a legacy code that is running on mainframe, we don't have a source code, and people who wrote this source code are no longer alive, and we need to put it on the Internet, then adding to this encryption with cryptographic authentication and so on, can be done in a minute. It ceases to be an impossible task. Normally, in case we wouldn't have the SSL implementation, TLS in the application, it would be a classic solution. You have to take the source of the application and change all network commands to the commands of our SSL or TLS library. Here you can add it quite easily
using proxy. Yes, that's right. So what we are saying is that having access to the certificate, you can do it in the middle as needed. Yes, I sometimes use it in the middle. Maybe it would be worth it if someone would sponsor some automatic generation of certificates signed by the CA data. These things are available. The idea is that I do a bit of business based on this product, the product is free, but sometimes it happens that a company uses it in such a way that it would like to have technical support, which is no longer free, or would like to have some features like, I don't know, HP, for example, ordered me to add OCSP verifications, this
kind of things, because they needed access to their LAN. And the programmer is still alive. So, the question was whether I added it to the... a public repository or just for one company. I try to encourage clients to make the functions they add public. For the community it is valuable, but for the clients it is valuable because they have updates. They don't have their own private fork, which is also possible if they use it internally. Sometimes they buy a license that is not GPL. So in this case I'm successful. I almost always succeed. I had a few cases when clients asked me to fork it and have something exclusively, a piece of code. And I hope they regret it.
Honestly. Maybe I had three such cases. OK. Thank you once again. Five minutes for a break and we'll go on with the next presentation. As I said, Hania Tułowiecka will not be here, so the last presentation will be the penultimate, and the last one will be totally new. So one more person has applied, who said that he necessarily wants to perform and will perform. I will sing now right? Nope nope nope nope nope nope. I don't have money to buy this stage. I know, I know. Do you imagine yourself sitting on a chair or something? Or not so much? Okay, I don't see any sounds, so I'll take this chair. As this is the end,
I'll come to you in a friendly way. I thought there would be less people, there's even less. Oops. I was in the Ministry of Digitalization recently, talking to the Minister, and I was less nervous than now. So, excuse me for some language errors. I decided to dig up an article that appeared on my blog a year ago. It was linked by Z3S, so probably some of you will recognize it. If not, you are not reading the weekend reading. Or you don't read at all, or you should. The guys paid. So yes, an amateur-oriented analysis. I consider myself an amateur in many ways. I try not to consider myself a specialist, because it often loses sooner or later. I will
discuss a case of a person that some people know, let's call him Dzis, because he was under such a pseudonym this time, or Lick Crew. If someone wants to find out later, apart from recording a record, who this person is, possibly what other nicknames he is associated with, and laugh, of course, I invite you. Let's start with the contest that was announced a few days before SBS. It was about finding a flag on the SMS.pl server. The magic of it was that you just had to do curl -v on http.sms.pl and we got, as you can see, a flag, a black flag in a light blue color. There were 10 people who reported any answer, including one woman. There were 5 people who found
the flag, one of whom resigned today because she couldn't come, one of the prelegents. The other three received tickets, identifiers, as the conference was free, but the identifiers were paid, so they were given to me as a small gift in the form of an invitation. The whole thing with this flag is that we use HTTPS, so every time someone from the search engines tried to read this flag through the header using a browser, it was redirected to HTTPS. On HTTPS there is a HSTS header, I would like you to use it as administrators, because it makes it impossible to attack from the SSL or TLS perspective, when it comes to the Internet. It also makes it impossible to communicate with the browser in
this unsigned traffic. It makes it impossible to read the flag through the browser. The only way to read the flag was using the console. The most interesting answer I've ever received was checking the source of the website, reading that the website used the IEO font and finding the flag icon and saying that the flag is grey. One person probably said that the flag is black. Unfortunately, she didn't know the value of the flag, so it wasn't recognized. In Hex, there was this value of the flag in the IEO fund. That's why this short text poem. What we see here is a fragment of the email I received from one of our agents as an answer. What is SMS? I come to you every year, I
introduce myself, Hi, I'm Piotr Jasiek. I do something like SMS, you can compare it with sending SMS via phone. It's Security and Management Systems. At the moment it's a business activity, I'm very happy to be registered. I can legally pay taxes from what I do. I mean from the association, something that grew from the basement of Warsaw Hackerspace. And at the moment it's a computer company, because of course we do some services there. I really appreciate my colleagues from NASK, CERT, Adam, Z3S, who can talk about their work, because my clients are completely aware that if there is a compromise, I cannot talk about these activities, because I am often under the supervision of web developers or server guardians and they invoice the client at the end,
so my work is often hidden in a way, and it hurts a bit, because I have to dig up such things or just try to avoid the topic and talk to you somehow. What do we give to the client? Increased security standards on hosting, VPS, www. You can see it on the website, because it is not a commercial presentation, so as I say, I refer you to the website, if you would like to see it, I would be happy to. If you find errors on the website, I will gladly accept suggestions and so on. I repeat it every year. I am eager to accept suggestions about errors, typos and so on. Analyzing in the concept
of criminology It's searching for a relationship between certain events. Often, this is mistaken as a typical incident investigation. So, this is a big problem. It's about verifying certain behaviors, checking the evidence, checking the next versions. There is a text, I'm trying to read it, I also suspected this year that I may succeed shorter than in previous events, last year's. The biggest analysis that happens is that we call analysis, there are many versions of analysis. There are stock, banking, legal analysis and all of this is due to the fact that someone sits on their four letters and analyzes everything from the beginning, checks all the threads, where and how it appeared, why. Michał, I use you as an
example, because I like you very much. Especially this year, I like you very much for this discussion about the track. When Michał gets information that something is wrong, he sits down, analyzes, checks, it is also a form of analysis. Investigative informatics is one of the sciences of the court. It is a pretty cool thing. It is supposed to provide, first of all, evidence in digital form, i.e. it immediately separates from what technicians do in the form of collecting fingerprints, collecting, I don't know, cigarettes, although in the analysis of investigative informatics, these are fingerprints. Here, my colleagues recently talked about fingerprint printers. I don't know if you know that in photos from phones, apart from metadata, there are also data such as lens data. I think Adam gave
an example of CSI. I want to find out about what is actually happening there. I think that 80-90% of what is shown in CSI about this information issue, i.e. obtaining data from photos or monitoring, actually happens. - They described, for example, the Quake issue, or other such situations, someone became a victim, but why did they click this email? Why did they unconsciously spread this malicious programming? Why did he become a gatekeeper? What was his motive? Maybe he wanted to see pictures of his friends from the holidays on a distributed pendrive. This is probably one of the best known examples. He got an unaddressed email from a friend from the office next to him with a PDF of payment
or, for example, a payment strip. This is also very interesting in companies. I also met with this somewhere in the boulevard, talking to colleagues from pentests. who say that one way is to send emails with payments. I get a specific email every now and then, which theoretically includes the plans for the construction of a shopping mall. The email is only intended for people, and when the virus is back, everything turns red. But to be honest, after starting it in virtual, there are some plans, but after restarting, virtual is completely encrypted. And it wants 100 bitcoins from me. Or, let's say, the old version of ransomware. The sources of information in the investigative informatics are: floppy disks.
Who uses floppy disks? Nobody. Who? NFZ. Okay, it's some... Why did you... ZUS, okay. ZUS, NFZ, you know, it can be. What am I looking for? The disks are currently in this small space where you can hide small files, say a list of compromised passwords, stick it under the desk and the police come looking for the apartment, they will look for pendrives, discs, hard laptops, computers, I don't know what else, SSD disks in the form of electronic, longitudinal, not just ordinary ones. But nobody will look for floppy disks, right? Nobody will look for floppy disks ventilation. And even if they find floppy disks, there is a possibility that the police officer will see a sticker on it, Windows 95 will wave its hand and say that
it is not important. And there we can actually hold some materials that are compromised. Backup tapes, i.e. when someone enters the server, these tapes will of course protect, take away, copy. And this is for people who work in servers something obvious. Hard drives, there is nothing to explain here, as I mentioned before, this is something that the police are looking for, of course. Memory, pendrives, servers. Servers in my opinion, such as VPS, because we also store a lot of data there. and we are not fully aware of how sensitive they can be, like logs, where, when, how we are logging, how we are sometimes processing our traffic, from which IP
Related talks
44:08
1:08:51
49:58
1:14:14
55:53
56:45