Attack and Defense on Linux: Mr Robot Edition presented at sourceseattle 2017

by Jay Beale,

Summary : In this presentation, Jay Beale will demonstrate how an attacker gains access on a server running WordPress and then demonstrate how to break that same attack with a free, open source tool called AppArmor that’s been part of the Linux kernel for years. With his black hat on, he’ll show you how to attack the WordPress server, where he’ll install a web shell and begin scanning for more machines to compromise. Next, Jay will don his white hat and show you how to configure AppArmor to prevent that same attack. AppArmor uses the same Linux Security Modules interface that ties SELinux into the kernel, but doesn’t have the same steep learning curve found in SELinux. You’ll leave this presentation able to use AppArmor to defend a program of your choice on Linux. You’ll also understand what other mechanisms exist at this level of Linux security, including seccomp, containers, and capabilities.