Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2018/
Deadline is 30th June 2018!

<< previous next >>

Index This: What We Can Learn from Log Search

Nikolay Akatyev & Cyril Quitevis

1 vote(s)

Misconfiguration of web services and their discovery with search queries (aka dorks) is well-known but still the most infamous problem, causing many cyber attacks and breaches.

In this talk, we will show the recent state of the problem, our enhancement of dorks with generic strings from contents of files and how we take on the challenge to reduce false positives. Our findings show interesting numbers of misconfigured websites which grow on a weekly basis, and not in favor of good guys. We started our discovery with misconfigured awstats and expanded to other popular tools including wordpress. Our method includes searching generic strings which are present across versions of log files and readme.txt of popular tools.

Our tests show that the number of websites that have their awstats indexed grew by 6 after 3 weeks, while the wordpress readme.txt files grew by 11 after 2 weeks. In total, we found 146 unique websites for awstats related searches and 35 for wordpress related searches. Finally, it is also possible to do filetype search to find server keys (including private keys), access logs, error logs and configuration files. With these methods, it is possible to get a list of websites that are misconfigured without scanning the websites themselves.

===

Nikolay is VP of Engineering at Horangi Cyber Security and a digital forensics mentor at the “Best of the Best” security education program in South Korea. He builds a cybersecurity platform and researches threat intelligence, digital forensics, security of IoT systems and international relations in cyberspace. He publishes academic papers and presents at academic and hacking conferences. His team’s recent research of Korean dark web was presented in Panama and at Hitcon Pacific and VXCon.

As a technocrat and active supporter of a community, he manages a group of international tech enthusiasts, Seoul Tech Society.

---

Cyril is a Software Engineer at Horangi Cyber Security and a 4th year college student at the University of the Philippines. He contributes to the backend server of Horangi and to the research team of Horangi by creating analyzer scripts and helps in data collection. He has a hobby of breaking servers in an attempt to find vulnerabilities. He also has background in Deep Learning, where he developed an algorithm to group malicious data from a log file to separate them from harmless ones.