BSides Rochester 2018 - Virtualization Based Security Strengths and Weaknesses

good Don thinks it would see yeah hello need to be higher alright everybody well thanks for coming out today my name is Anthony DiDonato are you talking about virtualization based security it's a pretty relevant topic it's something I'm very passionate about it's been about 20 years working in information technology mostly around virtualization so have some of my contact information up here if you'd like to reach out later and catch me on LinkedIn or Twitter you need anything afterwards you can ask me I have business cards as well so from an agenda perspective we're just going to go through a couple of different things we're gonna detonate some malware just to prove a point and make a

differentiation between detection and isolation I'm sorry detection versus isolation and containment a lot of the solutions out there today talk about how advanced tecnique detection engines they have they talk about AI they talk about machine learning they talk about all these different ways to detect things but inevitably detection fails so we'll talk about that a little bit we're also going to talk about virtualization based security and what it is why we have it and how it works then I'm going to demonstrate a couple of currently available solutions and we'll discuss the pros and cons so I'd like to kick off with a demo but I also want to preface this with a little bit of

information I mean even today something as simple as one cry or any kind of cryptolocker solution their system that's out there is still hitting people so all these new technologies are out there all these new solutions are out there and people are still getting owned a lot of them still own Oh actually own these next-gen a virus solutions so there are techniques to protect yourself from this but people are not adopting them so this this is to really raise awareness to in particular I'd like to talk about as the attack on the Olympics it was a targeted attack basic North Korea versus South Korea trying to knock their systems offline to ruin their day so we're gonna detonate that that

malware today we're also just going to go through basic wanna cry cryptolocker solution that's out there and how we protect ourselves from that I apologize I'm a little distracted there's a lot of moving around going on here so I just have my can you see my screen over there my presentation still active huh that's seven full screen so Windows 10 platform I have a solution installed called bromium bromium is basically virtualization based security we'll go over what that is exactly as we go through this talk but I just want to do a quick demo and show you what we're talking about here so I have a staged demo I have malware installed or malware available particularly olympic destroyer

if I were to if I were to be a victim of this malware attack it would effectively wipe my system and destroy everything effectively it goes down delete your shadow copies deletes your backups modifies your boot configuration and effectively destroys your entire operating system so I'm running this freely because I'm not I'm not worried about that occurring what why I'm not worried about that occurring is because this application Olympic destroyers actually running in a virtual machine you can see over here in this little live view screen it's running I can let it run all day it doesn't really take that much time so I have it running this screen back here I'm going to kill it while it's running

I'm capturing all of the threat intelligence all of the attack surface that's being exposed and all of the API calls that are occurring in the background give me a second so while that's detonating in the background I'm capturing threat intelligence about it I'm capturing as much of the kill chain as possible obviously I won't know how it got onto my system how it was delivered but after it reached my system I may be able to capture everything that it's doing they're completely contained so I let it execute I let it run its run its course and I capture all the information relative to it so I'm detonating absolutely malicious ypur style soft malware on my system without

any threat at all so let's go back here one other demo that I'd like to show you is want to cry again still relevant today you would think after years and years of being run and captured and signatures delivered to antivirus vendors they still can't seem to stop this software from destroying people's environments so on a typical day you may be your you're running through your normal day-to-day activity you're reading resumes you're working on your spreadsheets you get a resume in particular it's confidential maybe they password-protected it because they wanted to protect that information in transit I received the resume enter the password I start to review that resume this is pretty normal activity that's what users are doing all day but

attackers are effectively embedding macros in these documents because office across the board has its own scripting engine there are a lot of different applications that have their own scripting engine so because they have scripting engines they're exploited and they're often exploited it's pretty common for a red team's to even use these tactics and get right past next-gen a/v current Navy intrusion detection you name it so while we're going through this day-to-day process maybe making notes in the document send to bub in the background this malware is actually executing if you notice here I got this wonderful pop-up screen most threats are not going to tell you they're on your system but when you talk about wanna cry or things

like that they want to make it obvious because they're trying to get some money from you if you notice the pop up screen is moving around but it can't seem to get out of this container so container is a pretty interesting term but this is a little more than just a regular container so you can see that water crys launched it's encrypted all my files I contact IT it has an egg it even has an egg screen so it keeps coming back so if I wanted to save my contents maybe I click Save I don't need to so all of those things occurred and in the background I was I was tracking them still have Olympic destroyer running

trying to take out my system so I've launched want to cry an Olympic destroyer in the matter of two minutes and I'm still up and running the reason I'm still up and running is because it created a hardware based isolation environment it's a micro VM and we'll talk about the details of that so again just show you the kill chain real quick again that full kill chain but definitely kill chain that occurred on my system tells me everything that occurred tells me what processes were invoked and any dropped and executed malicious binaries so I have all the md5 sha-1 sha-256 if I want to take those and send them up to a virus total or

something like that I can go investigate what these are all right

so if I were to if I were to do that same demo without virtualization based security in place my demo would have been over very quickly so I want to talk a little bit about next-gen AV and antivirus in general while they get better and better every day literally every day they still have a lot to be desired in particular it requires incident response the attack occurs someone gets alerted they have to go do something about it a lot of times they're doing nuke and pave so instead of really doing the investigation and finding out what occurred how it got there and what the actual effects were they just wipe the system and move on because the user

needs to get back to work so they miss out on a lot of that threat intelligence you miss out on a lot of things you have a patient zero that first person was affected regardless of whether you detected and grabbed that signature so again patient zero incident response you have any virus out on your system it typically slows your system down so if you're an executive or someone with power in the organization you can say you know I need to turn this off or I need you to put an exclusion in here do whatever you need to do to make this faster those exceptions basically remove all aspects of security they'll say things like I need to launch this

application it runs a macro I need macros enabled okay you see where this is going Oh every time I download this file it right to the temp directory it's temporary we don't care put an exclusion in all bad idea see then there's naturally the administrative overhead it cost money to support these systems it's an arms race and no one's winning then they have sim you have the Splunk s-- and the arc sites of the world and if you have those in your environment you know they're incredibly expensive they're full of noise and there's a lot of false positive that doesn't mean they're ineffective it just means there's a lot of work and money that goes into supporting them and then

obviously if you've ever done any red teaming or adversarial training or if you actually are an attacker you know there's there's a lot of ways to get around AV there's a lot of ways to get around application whitelisting firewalls proxies you name it there's always a way around and most of these antivirus vendors will sell you their software they don't care who you are or where you got it so you install it in your lab and make sure that your malware actually executes in their environment especially if it is a targeted attack so isolation isolation and containment provides another layer of security a trusted computing model basically we're not worried about detection so much we need detection

obviously but we don't rely on detection for protection so we're leveraging the hypervisor on the endpoint as opposed to you know taking that software passing it through a sandbox hoping it executes and hoping we capture it and passing it on we actually put the hypervisor on the endpoint there's a couple different approaches there's more than one solution out there I'm going to talk about two today but when you talk about a trusted computing model what are we actually protecting we're protecting the Master Boot Record we're protecting ourselves from direct memory attacks and we're trying to protect the kernel effectively an attacker typically wants to capture your secrets secrets could be intellectual property your credentials some of your information on customers or

your employees then obviously let's talk about some solutions so Microsoft as they are they're they do a lot of things well and they implemented a solution for virtualization based security around protecting certain components of their operating system so people typically want to capture your credentials they want to capture your your intellectual properties we talked about so Microsoft says ok we know they're coming they've been doing it for 15 years they've been exploiting features in our operating system does anyone ever run a past the hatch hash attack anybody yeah so it's been around for 15 plus years it's not it's not an exploit or I'm sorry it's not so much of a design flaw it's part

of their operating system it's how they wanted to operate you log on to the Opera the operating system you want to log on to another operating systems resources you have to pass credentials along at some point or you have to be challenged if users were challenged every time then obviously they'd have to log in every time and it would be a painful experience so to make it easier they passed that hash along they pass along credentials whether it's a Kerberos ticket whether it's a any any type of credentials doesn't even matter at this point so hardware-based our virtualization based security takes the traditional model where your app it's a little tough to see the slide you

have your device Hardware on top of it you have your operating system which is effectively the kernel you have your services and then you have your applications running on top of it most attackers what they're trying to do now obviously if you're running you know executables that's one thing but a lot of a lot of attackers using file as malware they're not even writing to disk anymore so they're just running a process in memory or getting into the system and injecting into other other processes memory when they do that they're effectively extending the user space into the kernel space and they typically do this three drivers now there's more than one way to attack but

that's one of the common ways to attack so Microsoft says okay let's assume that the that this existing model doesn't work and T OS kernel is basically not trusted anymore we don't want to trust it anymore because we know it's exploitable it's very easily exploitable so they create a secure kernel so the secure kernel runs in parallel to the NT OS kernel and through that secure kernel they create trust loads and what the trust that allows them to do is say these these applications or processes or services are allowed to talk to the secure kernel but they're not allowed to talk to the NT OS kernel and the NT OS kernel is not allowed to talk to them in the implement

this solution through virtualization effectively Microsoft is using hyper-v to create a micro VM effectively I don't want to debate the the semantics of that one because it's not necessarily a VM it's actually a trust lit but they're using hyper-v to run the secure kernel and to run another version of alsace else ass on the NT OS kernel or the legacy model so to speak is the local security authority subsystem it's effectively what you use to authenticate so that process runs as the system and has the ability to access secrets and I'll show you that through another demo yet the secure kernel does not talk to the NT OS kernel also runs as the system but talks directly to the hardware and

it does that through virtual trust levels if you've heard of ring 0 or ring 3 it's a trust it's a computing model Trust trust basis we're saying ring 0 is the most trusted ring 3 is the least trusted the further away from the circle you get the less trusted you are that really didn't work too well because most people don't know where ring 1 and ring to went right or what's below there you have the bio so you have the UEFI those are also places that that are that are part of the attack service so what they're doing is implementing this virtual trust level the virtual trust level 0 is the legacy model we don't trust that at all vt l1

is more trusted which is where the secure kernel a secure kernel is running so if you take the approach of saying I have malicious code I'm going to attack your operating system and now I want to also try to attack the secure kernel it's not allowed because it hasn't there's no trust from that system into the trusted system it's a pretty simple diagram but I'm just trying to build the story here so VT l0 is not trusted by bt l1 they're both running on the same hardware they take the same approach with their browser and when I say their browser I mean edge Internet Explorer is not included in virtualization based security even though it's more prolific

so Microsoft is saying we know that's junk we want to make it more secure problem is corporate America and most users are not going to get away from it people that are in a security space obviously may stay away from it or may plan to attack it a little more often but they take the same approach so they say we have a virtual trust level of zero for the operating system will allow you to run edge in that BTO retail VTL zero but if you need to run secure mode we'll create a micro VM for edge so your browsing activity runs in another VM that feature is called application garden so if that browser tries to talk

back to the NT OS kernel on the VTL 0 it'll be blocked as well so let's let's talk about this in action just basically show it to you so we talked about L SAS we talked about LSA ISO which is effectively chill guard so LSA I so exci is the isolated user mode version of the else ass so let's go there okay it shut down for some reason let me show it to you while that's spinning up I'll show you what it looks like on the regular system so you go into task manager you can go into process Explorer it's really arbitrary but on a regular system we have our processes running and we have

the L SAS process so this is local local security authority subsystem when you authenticate this is where your credentials are being processed and if you've run mini cats if you've done any kind of pass the hash attack you know that this is your target effectively what you're trying to do is capture this process check if the user is an administrator elevate into system context and then dump the memory because the privilege of debug is associated with the system even a user who's an administrator with user at user access control and able won't have that process until they actually run a process as mez memory so they won't have that privilege so let's see if we can get this other

one going here here we go

all right so if I'm on this operating system this actually has credential guard installed and the way that I can tell that is just by launching the system information I have to launch it as an administrator to see all the features so when I go on to that system launch this this is not the attack this is just more of a validation of that it's that it's installed so I have to be running in UEFI I have to have secure boot enabled because without these things I can't effectively protect the system because I cannot support a TPM so I need secure boot I need you AF I and then I need to have a VBS installed so

in this scenario I have it up and running so you'll see here in system information it'll say virtualization based security is running it's a little bit tiny I have secure boot enabled DMA protection DMA is direct memory access things like PCI devices and USB devices that are gonna convert at some point I have credential guard enabled and I also have hypervisor and forced code integrity so effectively what I'm saying there is if I load a driver and I it doesn't pass this check in a VM I'm not gonna allow it in it does that through signing and that signing occurs by Microsoft they don't allow third parties to sign drivers anymore when it comes to

this this solution so if you want to work in the secure kernel you have to be signed by Microsoft and Microsoft only so this is the basic check if I have sit here in this scenario because I have credential guard enabled you'll see LS a LSO I don't know if that's clear enough for you out there but you can see there's else ass running so they're running in parallel they're completely separate processes if I come over here and let's see here we have let's clear that up we go through the process of dumping else ass so else ass this is a proc dump from mark russinovich or the sysinternals tools take the LSS process and dump the memory on it pretty fast

it's pretty easy I can then take that dump run it through mini cats and read all the information that's in it so that's a pretty common attack it's not done manually but it's pretty easy process if I try the same thing with LSS lso which is the counterpart secure isolated user mode version of LSS it can't even see the process so running us running as the administrator I cannot see that process because it's isolated and I'm on a system that's not trusted even though I'm on the same actual host so I can't dump the memory from that so I'm effectively protected Microsoft tried to protect it they did a really good job at building a system leveraging

the right technology isolating it signing it trying to create a barrier between the two what do you think the problem with that was at some point it's too hard so they said we got to fix this we have to make it easier so they give vendors the ability to create their own security support providers come SSP and that SSP has the ability to interact with the LSS system so effectively legacy applications are going to try to authenticate and if they're trying to authenticate and they need to get out into the other space they need to be able to class pass blob storage so that they had to create a channel open to communicate with that process when you

communicate with that process LSS lso its protected but your application coming from where you are is not it's like coming in from the from the mud you're coming in you have muddled over your gonna go into the secure kernel it's gonna clean you up but in process you're still you're still accessible so we'll demonstrate that as well so I have a lot of Windows here that have been shrunken down well let me demonstrate something else really quick so if I am right here if I say Who am I I'm effectively a user so we talked about these attacks if you want to go through and dump memory from Alsace you have to go from administrator

to system wow that was a fast 15 minutes so PS exec yes I D and let's just say when I launch command out exe I'm effectively able to launch that process and change my context from system I'm sorry from user to system once I've done that and how simply I've done that because I'm an administrator I can do anything I want on that system I can now dump the memory so real quick we have made me cats and mimmie cats here is Brett anybody never heard of me me cats okay so effectively what you have here is a tool that's been around for 15 years it's had all these components that I'm going to demonstrate available since

2014 in particular so if I were to log on to mini cats I could go through and do privileged debug which is a pretty common approach it's required to debug memory I'm not running a system sorry

okay once I'm in privilege debug mode to have access to memory what I'm gonna do now is I'm going to load the security provider that Mimi Katz created so it's mem s SP once that's loaded it's running in memory there's no file on the system and it will survive as long as the system is up and hasn't been rebooted if I wanted to establish persistence I would obviously just get the get the files on the system or somewhere on the network and allow it to restart every time it runs so once a user on that system logs on or logs off so if I were to switch users or sign out when I sign back in its gonna capture those

credentials in memory before it ever makes it to L SAS or before it ever makes it to LS s LS LS a LS o so I'm going to log back in apologize for the delay once I've done that because it's running in that it's already running in memory I can go in here and take a look at it so if I say type and I do you take the LS a log you'll see that it captured my passwords even though I had credential guard installed so the whole point of credential guard and virtualization based security is to create an isolated environment but coming from the untrusted side to the trusted side you're still exposed so

effectively you have this security model that's probably better than anything out there if you're coming down from the internet or down from an untrusted source you have the ability to protect that data through isolation and containment but if you have the untrusted side still unprotected and they're going the other direction it's widely exposed so I only had 20 minutes to get through this topic but I've showed you a lot of different things we launched a wiper we launched want to cry we've taken credential guard which is supposed to protect you and shown that it's not actually capable of truly protecting you because you still have the untrusted so there are solutions to these situations complete lockdown but you

really have to go back and wipe your old system to start over put a baseline on there make sure it's a protected system and implement TPMS update your UEFI and then obviously have some kind of next-gen av+ virtualization basic mmm so long BBS all right so that's a quick 20 minutes I've had just enough coffee to make me talk to you fast so if they have any questions shoot but if not we downstairs at the booth [Applause]