jay ferron
play

Jay Ferron The Hackers CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, - PDF document

3/4/2020 Jay Ferron The Hackers CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, MCT, NSA-IAM Tool Kit jferron@interactivesecuritytraining.com blog.mir.net 1 Nation States China North Korea Who are the hackers Russia Iraq 2


  1. 3/4/2020 Jay Ferron The Hackers CEHi, CISSP, CHFIi, C)PTEi, CISM, CRISC, MCT, NSA-IAM… Tool Kit jferron@interactivesecuritytraining.com blog.mir.net 1 • Nation States • China • North Korea Who are the hackers • Russia • Iraq 2 1

  2. 3/4/2020 Your Data What do hacker Your Money want You Information 3 Who are the other hackers • Cyber warriors (Nation States) • Professional mercenary's (paid to hack) • Insiders • Principled Idealist (hacktivist) • Ex- employees • Other business who want your information 4 2

  3. 3/4/2020 Ransomware • General Stats 5 Ransomware • Healthcare 6 3

  4. 3/4/2020 • A team of four Danish security researchers has disclosed this week a security flaw that impacts cable modems that use Broadcom chips. • The vulnerability, codenamed Cable Haunt, is believed to impact an estimated 200 million cable modems in Europe alone, the research team said today. Hundreds of millions Hundreds of millions Hundreds of millions Hundreds of millions • Using Cable Haunt, an attacker could: • Change default DNS server of cable modems are of cable modems are of cable modems are of cable modems are • Conduct remote man-in-the-middle attacks vulnerable to new vulnerable to new vulnerable to new vulnerable to new • Hot-swap code or even the entire firmware • Upload, flash, and upgrade firmware silently Cable Haunt Cable Haunt Cable Haunt Cable Haunt • Disable ISP firmware upgrade vulnerability vulnerability • Change every config file and settings vulnerability vulnerability • Get and Set SNMP OID values • Change all associated MAC Addresses • Change serial numbers • Be exploited in botnet AND yes this effect your home router 7 Some of the methods of the hackers • Social Engineering • Ransomware • Physical Hacking • Network Hacking (outside building) • WIFI • Man in the middle • Denial of service • Sniffing traffic • Non patched systems (routers) • Cell phones • Internal attacks (all of the above plus) • Rubber Duck • Lan Taps • WIFI • Cameras • ….. 8 4

  5. 3/4/2020 Results Your ID is lost or stolen 9 Demo Social engineering Social engineering tool kit 10 5

  6. 3/4/2020 What on your Site Teleport Ultra 11 DNS, DNS, DNS Tools.dnsstuff.com 12 6

  7. 3/4/2020 Man in the Middle Evil Foca 13 WIFI Pineapple 14 7

  8. 3/4/2020 Physical Security Rubber duck 15 Network Scanning Wireshark 16 8

  9. 3/4/2020 WIFI Scanning Wireshark or Flying Squirrel 17 Kali Linux Lots of Tools 18 9

  10. 3/4/2020 RF ID CARDS Reader 19 USB NINJA Cell Phone Charger 20 10

  11. 3/4/2020 Cell Phones Bluetooth 21 11

Recommend


More recommend