An introduction to Digital Security - Rishabh Dangwal
-
Upload
rishabh-dangwal -
Category
Technology
-
view
1.548 -
download
1
description
Transcript of An introduction to Digital Security - Rishabh Dangwal
![Page 1: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/1.jpg)
Devinder GoyalParul Khanna
Rishabh Dangwal
![Page 2: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/2.jpg)
Independent security researchers specializing in their domain .
We have provided corporate security solutions to the worthy .
Inculcated the sense of digital security in the generation of today .
![Page 3: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/3.jpg)
Security is a misconception .
No Security, only opportunity.
Proactive security is notch better than Reactive and Preventive security.
Needless to say, security is directly proportional to the awareness.
![Page 4: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/4.jpg)
Countless websites are defaced just for fun.
Prominent methods include SQLi, RFI, LFI, Zero-day/Zero-hour exploits
Massive threat if executed carefully.
![Page 5: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/5.jpg)
Propaganda.
Possible server/data center access.
Sensitive Information disclosure.
Practice by script-kiddies/skids.
Possible botnet creation.
![Page 6: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/6.jpg)
Upload our backdoor by any means on server.
Relies on php include() function . Vulnerable sites will have code like this -
Index.php?page=something
In place of “something” we can upload our backdoor.
![Page 7: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/7.jpg)
Search vulnerable websites using Google dork
“inurl:index.php?page=”Or
inurl:"main.php?x="
Test it by inputting some parameter In the variable, if successful, exploit it.
![Page 8: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/8.jpg)
Attacker can access all data on server by manipulation URL.
Directory traversal attack.
Manipulates php functions to get file level access.
xyz.com/main.php?page=../../etc/ passwd
![Page 9: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/9.jpg)
Client side attack, allows to bypass client side security mechanism
Web 2.0 security nightmare
![Page 10: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/10.jpg)
Persistent XSS – Inserted code is Permanent.
Non Persistent XSS – Inserted code is not permanent
![Page 11: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/11.jpg)
Misuse of XSS -
Steal cookies
Log information
Deface pages
Spread misinformation
URL redirection
![Page 12: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/12.jpg)
GSM/CDMA data stored at base station can be used to trace location.
Calls can be spoofed using commercially available spoof cards.
No regulation on call spoofing.
Google : Call Spoofing
![Page 13: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/13.jpg)
SMS Bombing
Phone Explosion due to overheating of phone IC
Sim Cloning
![Page 14: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/14.jpg)
Google reveals secrets, provided you know how to ask
Efficient manipulation of dorks
Automated tools
Find anything
![Page 15: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/15.jpg)
One of the most exotic places on the web
Considered as the holy grail of all information
Archives of classified information available
Hotline/KDX access and UUCP
![Page 16: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/16.jpg)
Protocol defying tools like Gobbler/yersinia
Black market has the sploits
Easy to setup LOIC, and spam with ddos
Exotic tools can be coded by efficient coders
![Page 17: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/17.jpg)
Casual hunting through Shodan
Open source opens portals for security
Defeat latest security technologies (UTM/XTM) using custom blended attacks.
![Page 18: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/18.jpg)
Again..The only secure computer is the one guarded by 2 guards buried 6 feet down the earth with no internet connection in power off state.
Obscurity is not Security.
Open Source rules
![Page 19: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/19.jpg)
![Page 20: An introduction to Digital Security - Rishabh Dangwal](https://reader035.fdocuments.net/reader035/viewer/2022062220/557e2930d8b42a807e8b4c35/html5/thumbnails/20.jpg)
Thank You