SlideShare a Scribd company logo

Insecurity-In-Security version.2 (2011)

Abhishek Kumar
Abhishek Kumar

Presentation (version.2) from 2011 describing how Security mechanisms placed to secure us are insecure themselves.

Technology
1 of 23
Download to read offline
““Hacker's WorkHacker's Work isis a Form Ofa Form Of ParticipationParticipation in the Work ofin the Work of God in CreationGod in Creation.”.” -by,-by, Father Antonio Sapadaro (Vatican)Father Antonio Sapadaro (Vatican) Recent New s
Do You?Do You? + O.S. User Accounts + Browse Web + Use Web Services + Use Computer Networks Any Way + Have Any Form Of Binary Data
You Are Not Secure If You Don't...You Are Not Secure If You Don't... + Use Strong Passwords 'n Keep Them Safe + Browse Web In Safe Browsers + Use SSL-ified Web Services + Use Patched Name Servers + Keep Your Data Protected
You Are InSecure Even If You Did...You Are InSecure Even If You Did...
IInnSSecurityecurity SSecurityecurity IInn Security is just maintained... it's never achieved.
First Some history from VersionFirst Some history from Version 11
O.S. User AccountsO.S. User Accounts
Bypass Account ProtectionBypass Account Protection
Vaccinated BrowsersVaccinated Browsers
Browsing <Unknown> WWWBrowsing <Unknown> WWW [+] SMBEnum |=+ using 'file ://', 'res ://', 'resource ://' Say, if it gains success accessing 'file:///c:/oracle/ora81/bin/orclcontainer.bmp' [+] ResTiming Attack |=+ using 'res ://', 'resource ://' to execute So, gains timing for different binaries & Identify which exists
Protector of AllProtector of All
Defeating SSLDefeating SSL [] “Signing Authority” field in Digital Certificates [] Tricking SSL Libraries with NULL Mod Certificates [] Online Certificate Revocation Policy {ResponseStatus=3, ResponseBytes='' || SSL}
Basis Of All NetworksBasis Of All Networks
DNSSEC ain't all GOODDNSSEC ain't all GOOD [] Provides 'Origin Auth', 'Integrity Protection', PKI & even Auth. Denial of Data Existence [] Still No 'Confidentiality' {basics of security} AND CPU-flooding is possible due to exhaustive cryptography [] Variation of DNS Rebinding Attack presented at BH2010 still affected network
Data ForensicsData Forensics
Data Forensic HackersData Forensic Hackers [] Data Carving (Imaging RAM, Dig O.S.) [] Dig Information from Files [] Timestomp, Zipbomb -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [] Mining Network Traffic for Files/Sessions
Now Some Mystery for VersionNow Some Mystery for Version 22
Hash-Crack on SteroidsHash-Crack on Steroids http://hashcat.net/oclhashcat/
'RSA' Theft & Threat'RSA' Theft & Threat http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html
Comodo Pwn3d CertSComodo Pwn3d CertS Janam Fadaye Rahbar http://www.wired.com/threatlevel/2011/03/comodo_hack/
OpenBSD 'n BackdoorsOpenBSD 'n Backdoors []10yrs back FBI consulted NETSEC, CTO Perry []Lotz of code commit by NETSEC developers []Few daz back, Perry's NDA expired with FBI []Alleged backdoors in IPSEC Stack []FreeBSD inherited lotz code from OpenBSD http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Samsung Key-loG ConflictSamsung Key-loG Conflict http://arstechnica.com/hardware/news/2011/03/samsung-laptop-keylogger- almost-certainly-a-false-positive.ars
Who Is This Guy?Who Is This Guy? Family Named: AbhishekKr Friends Call: ABK g33k Handle: aBionic {@Twitter, @LinkedIn, @Facebook} Itweet : http://www.twitter.com/aBionic iBlog: http://abhishekkr.wordpress.com Security Enthusiast; Working for ThoughtWorks Inc.; OpenSource Lover My Crime Is That Of CurosityMy Crime Is That Of Curosity ANY QUESTIONS?ANY QUESTIONS?

Recommended

Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...David Timothy Strauss
 
Security Basics For Developers Knowledge
Security Basics For Developers KnowledgeSecurity Basics For Developers Knowledge
Security Basics For Developers KnowledgeSiva Sankar
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Emily Stark
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 

Recommended

Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...
Don't Build "Death Star" Security - O'Reilly Software Architecture Conference...David Timothy Strauss
 
Security Basics For Developers Knowledge
Security Basics For Developers KnowledgeSecurity Basics For Developers Knowledge
Security Basics For Developers KnowledgeSiva Sankar
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Web security at Meteor (Pivotal Labs)
Web security at Meteor (Pivotal Labs)Emily Stark
 
Webinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBWebinar: Securing your data - Mitigating the risks with MongoDB
Webinar: Securing your data - Mitigating the risks with MongoDBMongoDB
 
Meteor Meets Mallory
Meteor Meets MalloryMeteor Meets Mallory
Meteor Meets MalloryEmily Stark
 
Integrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptIntegrity protection for third-party JavaScript
Integrity protection for third-party JavaScriptFrancois Marier
 
rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczZuzannaKornecka
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]RootedCON
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitDavid Timothy Strauss
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and NowPhilippe De Ryck
 
Apache mod security 3.1
Apache mod security 3.1Apache mod security 3.1
Apache mod security 3.1Hai Dinh Tuan
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareKaspersky
 
Real world blockchains
Real world blockchainsReal world blockchains
Real world blockchainsDmitry Meshkov
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Matt Johansen
 
Vault
VaultVault
VaultJean-Philippe Bélanger
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareAyoub Rouzi
 
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)Severalnines
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 

More Related Content

What's hot

rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczZuzannaKornecka
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...RootedCON
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]RootedCON
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitDavid Timothy Strauss
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
 
Apache mod security 3.1
Apache mod security 3.1Apache mod security 3.1
Apache mod security 3.1Hai Dinh Tuan
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareKaspersky
 
Real world blockchains
Real world blockchainsReal world blockchains
Real world blockchainsDmitry Meshkov
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Matt Johansen
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareAyoub Rouzi
 
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)Severalnines
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSPaul Schreiber
 

What's hot (20)

rsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewiczrsa_usa_2019_paula_januszkiewicz
rsa_usa_2019_paula_januszkiewicz
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
Toni de la Fuente - Automate or die! How to survive to an attack in the Cloud...
 
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
Yihan Lian & Zhibin Hu - Smarter Peach: Add Eyes to Peach Fuzzer [rooted2017]
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - Presentation
 
Container Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security SummitContainer Security via Monitoring and Orchestration - Container Security Summit
Container Security via Monitoring and Orchestration - Container Security Summit
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Apache mod security 3.1
Apache mod security 3.1Apache mod security 3.1
Apache mod security 3.1
 
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Adventures in Underland: Is encryption solid as a rock or a handful of dust?
Adventures in Underland: Is encryption solid as a rock or a handful of dust?
 
How to protect your business from Wannacry Ransomware
How to protect your business from Wannacry RansomwareHow to protect your business from Wannacry Ransomware
How to protect your business from Wannacry Ransomware
 
Real world blockchains
Real world blockchainsReal world blockchains
Real world blockchains
 
Top 10 Web Hacks 2013
Top 10 Web Hacks 2013Top 10 Web Hacks 2013
Top 10 Web Hacks 2013
 
Vault
VaultVault
Vault
 
WannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt RansomwareWannaCry / Wannacrypt Ransomware
WannaCry / Wannacrypt Ransomware
 
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
Webinar Slides: Become a MongoDB DBA (if you’re really a MySQL user)
 
WPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPSWPNYC: Moving your site to HTTPS
WPNYC: Moving your site to HTTPS
 

Similar to Insecurity-In-Security version.2 (2011)

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPROIDEA
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential InformationWilliam McBorrough
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityAlexander Benoit
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)Maarten Mulders
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Toni de la Fuente
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Designjonmccoy
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - FalconerTony Godfrey
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!Nahidul Kibria
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)Maarten Mulders
 

Similar to Insecurity-In-Security version.2 (2011) (20)

PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSECPLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
PLNOG 5: Eric Ziegast, Zbigniew Jasinski - DNSSEC
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
 
Best Practices of IoT in the Cloud
Best Practices of IoT in the CloudBest Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
 
Wi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu ExploitationWi-Foo Ninjitsu Exploitation
Wi-Foo Ninjitsu Exploitation
 
ExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint SecurityExpertsLiveEurope The New Era Of Endpoint Security
ExpertsLiveEurope The New Era Of Endpoint Security
 
Enumerating Windows Users
Enumerating Windows UsersEnumerating Windows Users
Enumerating Windows Users
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)SSL/TLS for Mortals (JAX DE 2018)
SSL/TLS for Mortals (JAX DE 2018)
 
Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017Automate or die! Rootedcon 2017
Automate or die! Rootedcon 2017
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
Da APK al Golden Ticket
Da APK al Golden TicketDa APK al Golden Ticket
Da APK al Golden Ticket
 
Kali Linux - Falconer
Kali Linux - FalconerKali Linux - Falconer
Kali Linux - Falconer
 
Breaking the cyber kill chain!
Breaking the cyber kill chain!Breaking the cyber kill chain!
Breaking the cyber kill chain!
 
SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)SSL/TLS for Mortals (Devoxx FR 2018)
SSL/TLS for Mortals (Devoxx FR 2018)
 

More from Abhishek Kumar

xml-motor ~ What,Why,How
xml-motor ~ What,Why,Howxml-motor ~ What,Why,How
xml-motor ~ What,Why,HowAbhishek Kumar
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideAbhishek Kumar
 
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideEthernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideAbhishek Kumar
 
Solaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideSolaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideAbhishek Kumar
 
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAn Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAbhishek Kumar
 
An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring Abhishek Kumar
 
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAn Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAbhishek Kumar
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAbhishek Kumar
 
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Abhishek Kumar
 
XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2Abhishek Kumar
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperAbhishek Kumar
 
FreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSFreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSAbhishek Kumar
 

More from Abhishek Kumar (16)

DevOps?!@
DevOps?!@DevOps?!@
DevOps?!@
 
xml-motor ~ What,Why,How
xml-motor ~ What,Why,Howxml-motor ~ What,Why,How
xml-motor ~ What,Why,How
 
XML-Motor
XML-MotorXML-Motor
XML-Motor
 
DevOps with Sec-ops
DevOps with Sec-opsDevOps with Sec-ops
DevOps with Sec-ops
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress Guide
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
 
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideEthernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
 
Solaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideSolaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress Guide
 
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAn Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
 
An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring
 
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAn Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
 
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource MonitoringAn Express Guide ~ SNMP for Secure Rremote Resource Monitoring
An Express Guide ~ SNMP for Secure Rremote Resource Monitoring
 
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
 
XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaper
 
FreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSFreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOS
 

Recently uploaded

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 

Recently uploaded (20)

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 

Insecurity-In-Security version.2 (2011)

  • 1. ““Hacker's WorkHacker's Work isis a Form Ofa Form Of ParticipationParticipation in the Work ofin the Work of God in CreationGod in Creation.”.” -by,-by, Father Antonio Sapadaro (Vatican)Father Antonio Sapadaro (Vatican) Recent New s
  • 2. Do You?Do You? + O.S. User Accounts + Browse Web + Use Web Services + Use Computer Networks Any Way + Have Any Form Of Binary Data
  • 3. You Are Not Secure If You Don't...You Are Not Secure If You Don't... + Use Strong Passwords 'n Keep Them Safe + Browse Web In Safe Browsers + Use SSL-ified Web Services + Use Patched Name Servers + Keep Your Data Protected
  • 4. You Are InSecure Even If You Did...You Are InSecure Even If You Did...
  • 6. First Some history from VersionFirst Some history from Version 11
  • 7. O.S. User AccountsO.S. User Accounts
  • 8. Bypass Account ProtectionBypass Account Protection
  • 10. Browsing <Unknown> WWWBrowsing <Unknown> WWW [+] SMBEnum |=+ using 'file ://', 'res ://', 'resource ://' Say, if it gains success accessing 'file:///c:/oracle/ora81/bin/orclcontainer.bmp' [+] ResTiming Attack |=+ using 'res ://', 'resource ://' to execute So, gains timing for different binaries & Identify which exists
  • 12. Defeating SSLDefeating SSL [] “Signing Authority” field in Digital Certificates [] Tricking SSL Libraries with NULL Mod Certificates [] Online Certificate Revocation Policy {ResponseStatus=3, ResponseBytes='' || SSL}
  • 13. Basis Of All NetworksBasis Of All Networks
  • 14. DNSSEC ain't all GOODDNSSEC ain't all GOOD [] Provides 'Origin Auth', 'Integrity Protection', PKI & even Auth. Denial of Data Existence [] Still No 'Confidentiality' {basics of security} AND CPU-flooding is possible due to exhaustive cryptography [] Variation of DNS Rebinding Attack presented at BH2010 still affected network
  • 16. Data Forensic HackersData Forensic Hackers [] Data Carving (Imaging RAM, Dig O.S.) [] Dig Information from Files [] Timestomp, Zipbomb -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- [] Mining Network Traffic for Files/Sessions
  • 17. Now Some Mystery for VersionNow Some Mystery for Version 22
  • 18. Hash-Crack on SteroidsHash-Crack on Steroids http://hashcat.net/oclhashcat/
  • 19. 'RSA' Theft & Threat'RSA' Theft & Threat http://www.schneier.com/blog/archives/2011/03/rsa_security_in.html
  • 20. Comodo Pwn3d CertSComodo Pwn3d CertS Janam Fadaye Rahbar http://www.wired.com/threatlevel/2011/03/comodo_hack/
  • 21. OpenBSD 'n BackdoorsOpenBSD 'n Backdoors []10yrs back FBI consulted NETSEC, CTO Perry []Lotz of code commit by NETSEC developers []Few daz back, Perry's NDA expired with FBI []Alleged backdoors in IPSEC Stack []FreeBSD inherited lotz code from OpenBSD http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
  • 22. Samsung Key-loG ConflictSamsung Key-loG Conflict http://arstechnica.com/hardware/news/2011/03/samsung-laptop-keylogger- almost-certainly-a-false-positive.ars
  • 23. Who Is This Guy?Who Is This Guy? Family Named: AbhishekKr Friends Call: ABK g33k Handle: aBionic {@Twitter, @LinkedIn, @Facebook} Itweet : http://www.twitter.com/aBionic iBlog: http://abhishekkr.wordpress.com Security Enthusiast; Working for ThoughtWorks Inc.; OpenSource Lover My Crime Is That Of CurosityMy Crime Is That Of Curosity ANY QUESTIONS?ANY QUESTIONS?