黑客入侵机场以获得乐趣和教育（以及更好的安全监控）.pdf

1、Hacking Airports for Fun and Education(and better security monitoring,too!)Meredith Kasper&Tom KopchakHurricane LabsSetting the sceneWho are we?Meredith KasperDirector of Technical Services Hurricane Labs.CPTC competition director,former CPTC competitor.Tom KopchakDirector of Technical Operations,Te

2、chnical Account Manager Hurricane Labs.CPTC competition directorWhat is CPTC?CPTC:A premier international offensive security competition.Challenge:Conduct a penetration test of a fictitious company,and deliver the results to management.Started RIT in 2015.Still going strong 10 years later.Offensive

3、Security+Custom Environment+Business=CPTCCPTC ThemesWe create a new theme(target organization)every year.Themes of recent years:2024 Social Media Company2023 Airport2022 Hotel2021 Candy Manufacturing Co.2020 Public Utility2019 Financial Institution2018 Transportation App2017 Elections Provider Build

4、ing the environmentNew Year=New EnvironmentTypical Environment=20-40 HostsBusiness HostsWindows&Linux serversWorking AD environmentCustom ApplicationsTONS of VulnerabilitiesTypically 150+known issues by the time were finished We Log EVERYTHINGOur preferred tool of choice:SplunkSplunk agents(Universa

5、l Forwarders)deployed to all systems that support it in the environment.If theres data to be collected,we try to do it.Most Windows+Linux inputs enabled,higher collection thresholds than“normal”for increased visibility.Custom inputs to support the competition.Key SourcetypesSplunk Stream(HTTP,DNS,TC

6、P and UDP)WinEventLog:Security(Authentication and Change)Sysmon(Process Logging)WinNetMon(Traffic Logs by Process)Bash_history&powershell transcriptsOffice365 admin/message traceAWS VPC flowReally stupid()file integrity monitoring ps and netstatRobert A.Kalka Metropolitan Skyport(RAKMS)Deep Dive Sim