Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl)
IF IT’S A PROTOCOL, YOU CAN PLAY WITH IT
ADVANCED PERSISTENT SECURITY PODCAST
GUEST: Russel Van Tuyl
NOVEMBER 21, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Multi-Tool Multi-User HTTP Proxy (with Russel Van Tuyl) SHOW NOTES
Instead of talking about the news, we continue the conversation from the previous episode about election machine hacking. With this topic, we also venture into the voter registration database and misinformation campaign aspect of voter confidence in the election. Russel provides an interesting perspective about the registration databases. The perspective is that it is not very much different than any other breach. The data is similar to those in other databases.
From the perspective of voting machines, Russel points out the difficulty in compromising a large enough segment of the electorate to be significant enough for the population to care. Because the machines are not online (to our knowledge), the risk is minimal. The same core principles of information security can be applied to the system to ensure good security.
Read Russel’s work about this segment in it’s full glory, here.
Russel kicks off his discussion about his Multi-Tool Multi-User HTTP Proxy. The purpose is to allow a single server to act as a proxy to route traffic from multiple tools: Empire, Metasploit, Meterpreter, and BeEF. The tool aims to help unify command and control (C2) for use in post exploitation. He talks about how IDS and other monitoring tools would find the native ports used by the tools or the context of the tool and prevent the tool from being successful. His use of this tool circumvents this for the most part.
We shift gears from offense to defense and talk about protecting oneself from the Multi-Tool Multi-User HTTP Proxy. Russel says that one must apply the best practices and information security fundamentals as a starting point. He discusses the use of a Proxy like BlueHost to further inspect the packets and understand what is happening. We discuss the use of a Web Application Firewall (WAF) or other proxy tools such as squid or Zed Attack Proxy (ZAP) as a means of prevention. We discuss other preventative measures and best practices in regards to this specific method of attack.
Russel Van Tuyl is the managing consultant for security assessments at Sword & Shield Enterprise Security. His primary role is conducting network vulnerability assessments and penetration tests but also performs web application assessments, firewall configuration audits, wireless assessments, and social engineering.
He has more than 11 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.
PASSWORD BLOG LINKS:
WI-FI BLOG LINK:
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.