SlideShare a Scribd company logo

How you can become a hacker with no security experience

Download as PPT, PDF
Avădănei Andrei
Avădănei Andrei
1 of 17
How You Can Become a Hacker With No Security Experience Andrei Avădănei President at CCSIR contact@ccsir.org
Summary ● Short Bio ● What is a Cyber Hacker ● White Hat vs Black Hat Briefly ● Examples of Security Bypasses by 1337 Hackers ● Why They Matter? ● Are YOU Safe? ● Questions & Conclusions
Short Bio ● President at CCSIR ● Founder & Coordinator of DefCamp ● Coordinator of Sparks ● Ambassador of Talks by Softbinator ● Blogger @worldit.info
What is a Cyber Hacker ● seeks and exploits weaknesses in IT infrastructures ● motivated by profit, protest, or challenge ● computer programmers argues that they should be called crackers ● security culture is often referred to underground hacking
White Hat vs Black Hat ● white-hat breaks security for non-malicious reasons ● black-hat violate computer security for personal benefits BUT - no phishing/spam/credit card stealling ... ● grey-hat may surf the net in order to find and report bugs ● 1337 hackers use various tools to steal or destroy
#1 Password Reset Services ● What is Your Mother's Name? ● Where is Your Birthday Place? ● Your Favorite Movie? ● Your Loved One? Yeah, this still works. Don't believe me?
But Now?
#2 Phishing & Scams
#3 Malware ● Tons of Malware Kits free or cheap ● Tons of FUD Crypters for AV bypass ● Tons of Spreading Methods ● Citadel, Zeus, Blackhole Means Something? ● 1337++
#4 Wifi Sniffing ● Be The MAN (in the Middle) ● Session Hijacking ● Credentials Sniffing ● Traffic Alteration ● Aircrack-ng sounds friendly to you? ● 1338++
#5 Hacking Websites ● Free & Easy to use Applications Scanners ● Nmap – old school (but awesome) port scanner ● SQLMap, Havij, Nessus, Acunetix, w3af for web security ● Metasploit – the Honey for Exploitation ● Many more third parties apps based on those above ● + Tons of Others That You Can Discover ● 1339++
#6 - The Insiders ● Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++
Why They Matter ● these are really simple examples ● most of the „hackers“ of this kind are 14-20 ● they are irresponsible, destructive ● you will see private conversation leaked ● if you have a website they will probably deface it ● if somebody is MitM you might have the chance to see some porn ● if your password is guessed you might loose your accounts (Fb, Y!, GM, Tw, Ppl) ● PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!
Are You Safe? ● #1 – Hard to Guess and unrelated answers ● #2 – Don't click on any suspicious stuff ● #3 – Use an AV licensed and updated + forgot Windows ● #4 – VPN Tunnels ● #5 – Firewalls, Code Review, Pentest, Audit ● #6 – Trust nobody, even you + LastPass or others
Questions?

Recommended

A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthAvădănei Andrei
 
My Bug Hunting With Open Source
My Bug Hunting With Open SourceMy Bug Hunting With Open Source
My Bug Hunting With Open SourceMadhu Akula
 
Fun & profit with bug bounties
Fun & profit with bug bountiesFun & profit with bug bounties
Fun & profit with bug bountiesn|u - The Open Security Community
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
Understanding and implementing website security
Understanding and implementing website securityUnderstanding and implementing website security
Understanding and implementing website securityDrew Gorton
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 
Security for Data Scientists
Security for Data ScientistsSecurity for Data Scientists
Security for Data ScientistsDavid Arcos
 
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMENegative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMEjeffmcjunkin
 

Recommended

A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthAvădănei Andrei
 
My Bug Hunting With Open Source
My Bug Hunting With Open SourceMy Bug Hunting With Open Source
My Bug Hunting With Open SourceMadhu Akula
 
Fun & profit with bug bounties
Fun & profit with bug bountiesFun & profit with bug bounties
Fun & profit with bug bountiesn|u - The Open Security Community
 
Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Online Privacy & Computer Security Basics (September 2017)
Online Privacy & Computer Security Basics (September 2017)Kit O'Connell
 
Understanding and implementing website security
Understanding and implementing website securityUnderstanding and implementing website security
Understanding and implementing website securityDrew Gorton
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 
Security for Data Scientists
Security for Data ScientistsSecurity for Data Scientists
Security for Data ScientistsDavid Arcos
 
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMENegative Unemployment and Great Job Satisfaction? Why infosec is AWESEOME
Negative Unemployment and Great Job Satisfaction? Why infosec is AWESEOMEjeffmcjunkin
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
Passwords
PasswordsPasswords
PasswordsKevin OBrien
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreantsBrandon Levene
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Web Security attacks and defense
Web Security attacks and defenseWeb Security attacks and defense
Web Security attacks and defenseJose Mato
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Kit O'Connell
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into ItCTruncer
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Phd final
Phd finalPhd final
Phd finalPositive Hack Days
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Keeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients OnlineKeeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients OnlineKate Bladow
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet PrivacyGirindro Pringgo Digdo
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingAitezaz Mohsin
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Security & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowSecurity & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowMediaraven vzw
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableAvădănei Andrei
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins ScannerAvădănei Andrei
 

More Related Content

Similar to How you can become a hacker with no security experience

Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidssumitsiddharth6
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and ConcernsPINT Inc
 
Web Security attacks and defense
Web Security attacks and defenseWeb Security attacks and defense
Web Security attacks and defenseJose Mato
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Kit O'Connell
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into ItCTruncer
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
Keeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients OnlineKeeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients OnlineKate Bladow
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To HackingAitezaz Mohsin
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9UISGCON
 
Security & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowSecurity & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowMediaraven vzw
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 

Similar to How you can become a hacker with no security experience (20)

Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
 
Passwords
PasswordsPasswords
Passwords
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreants
 
Cyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kidsCyber Awareness 101 - essentials package for kids
Cyber Awareness 101 - essentials package for kids
 
Corp Web Risks and Concerns
Corp Web Risks and ConcernsCorp Web Risks and Concerns
Corp Web Risks and Concerns
 
Web Security attacks and defense
Web Security attacks and defenseWeb Security attacks and defense
Web Security attacks and defense
 
Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)Computer Security For Activists & Everyone (Oct 2018)
Computer Security For Activists & Everyone (Oct 2018)
 
Hacking - Breaking Into It
Hacking - Breaking Into ItHacking - Breaking Into It
Hacking - Breaking Into It
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Keeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients OnlineKeeping 'Em Safe: Ways to Protect Your Clients Online
Keeping 'Em Safe: Ways to Protect Your Clients Online
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Introduction To Hacking
Introduction To HackingIntroduction To Hacking
Introduction To Hacking
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9Mark Arena - Cyber Threat Intelligence #uisgcon9
Mark Arena - Cyber Threat Intelligence #uisgcon9
 
Security & privacy on the internet: things you should now
Security & privacy on the internet: things you should nowSecurity & privacy on the internet: things you should now
Security & privacy on the internet: things you should now
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 

More from Avădănei Andrei

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableAvădănei Andrei
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscurityAvădănei Andrei
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentareAvădănei Andrei
 

More from Avădănei Andrei (10)

Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them VulnerableHoneypots - The Art of Building Secure Systems by Making them Vulnerable
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

How you can become a hacker with no security experience

  • 1. How You Can Become a Hacker With No Security Experience Andrei Avădănei President at CCSIR contact@ccsir.org
  • 2. Summary ● Short Bio ● What is a Cyber Hacker ● White Hat vs Black Hat Briefly ● Examples of Security Bypasses by 1337 Hackers ● Why They Matter? ● Are YOU Safe? ● Questions & Conclusions
  • 3. Short Bio ● President at CCSIR ● Founder & Coordinator of DefCamp ● Coordinator of Sparks ● Ambassador of Talks by Softbinator ● Blogger @worldit.info
  • 4. What is a Cyber Hacker ● seeks and exploits weaknesses in IT infrastructures ● motivated by profit, protest, or challenge ● computer programmers argues that they should be called crackers ● security culture is often referred to underground hacking
  • 5. White Hat vs Black Hat ● white-hat breaks security for non-malicious reasons ● black-hat violate computer security for personal benefits BUT - no phishing/spam/credit card stealling ... ● grey-hat may surf the net in order to find and report bugs ● 1337 hackers use various tools to steal or destroy
  • 6. #1 Password Reset Services ● What is Your Mother's Name? ● Where is Your Birthday Place? ● Your Favorite Movie? ● Your Loved One? Yeah, this still works. Don't believe me?
  • 9. #3 Malware ● Tons of Malware Kits free or cheap ● Tons of FUD Crypters for AV bypass ● Tons of Spreading Methods ● Citadel, Zeus, Blackhole Means Something? ● 1337++
  • 10.
  • 11. #4 Wifi Sniffing ● Be The MAN (in the Middle) ● Session Hijacking ● Credentials Sniffing ● Traffic Alteration ● Aircrack-ng sounds friendly to you? ● 1338++
  • 12.
  • 13. #5 Hacking Websites ● Free & Easy to use Applications Scanners ● Nmap – old school (but awesome) port scanner ● SQLMap, Havij, Nessus, Acunetix, w3af for web security ● Metasploit – the Honey for Exploitation ● Many more third parties apps based on those above ● + Tons of Others That You Can Discover ● 1339++
  • 14. #6 - The Insiders ● Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++
  • 15. Why They Matter ● these are really simple examples ● most of the „hackers“ of this kind are 14-20 ● they are irresponsible, destructive ● you will see private conversation leaked ● if you have a website they will probably deface it ● if somebody is MitM you might have the chance to see some porn ● if your password is guessed you might loose your accounts (Fb, Y!, GM, Tw, Ppl) ● PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!
  • 16. Are You Safe? ● #1 – Hard to Guess and unrelated answers ● #2 – Don't click on any suspicious stuff ● #3 – Use an AV licensed and updated + forgot Windows ● #4 – VPN Tunnels ● #5 – Firewalls, Code Review, Pentest, Audit ● #6 – Trust nobody, even you + LastPass or others