A Seriously Righteous Hack | Pen Test HackFest Summit 2021

Описание: The US Department of Energy's Oak Ridge Leadership Computing Facility (OLCF) as a long history of deploying the fastest High Performance Computers (HPC) in the world. These supercomputers employ first-of-its-kind hardware and software technologies in order to provide massive amounts of computational horsepower to teams that are performing open science computational research. Over the past decade, the OLCF security team has been sharpening its penetration testing skills to discover and ultimately fix zero day vulnerabilities on these systems. Using language inspired by the 1995 classic movie 'Hackers', we will examine several zero day vulnerabilities discovered during deployment of the Summit supercomputer and will provide visual demonstration of exploitation. Attendees will learn how the OLCF's security hardening strategy was scoped, developed, and executed to hopefully give you ammunition to convince your organization to support coordinated red/blue/purple team engagements. Specifically, this talk will explore what did and did not work during the management buy-in, engagement planning, vulnerability discovery, exploitation, and vulnerability disclosure phases of the engagement. Overall, the exercise taught us that both offensive and defensive skills must be exercised in order to provide a high level of security assurance to our organization. In OLCF's case, Hacking the Gibson was a fruitful exercise to help secure HPC systems across the Department of Energy.

Presenter: Ryan Adamson, HPC Security and Information Engineering Group Lead, Oak Ridge National Laboratory
https://www.sans.org/profiles/ryan-ad...

View upcoming Summits: http://www.sans.org/u/DuS
Download the presentation slides (SANS account required) at https://www.sans.org/u/1iaE