How you can become a hacker with no security experience
1. How You Can Become a Hacker With No
Security Experience
Andrei Avădănei
President at CCSIR
contact@ccsir.org
2. Summary
●
Short Bio
●
What is a Cyber Hacker
●
White Hat vs Black Hat Briefly
●
Examples of Security Bypasses by 1337 Hackers
●
Why They Matter?
●
Are YOU Safe?
●
Questions & Conclusions
3. Short Bio
●
President at CCSIR
●
Founder & Coordinator of DefCamp
●
Coordinator of Sparks
●
Ambassador of Talks by Softbinator
●
Blogger @worldit.info
4. What is a Cyber Hacker
●
seeks and exploits weaknesses in IT infrastructures
●
motivated by profit, protest, or challenge
●
computer programmers argues that they should be called
crackers
●
security culture is often referred to underground hacking
5. White Hat vs Black Hat
●
white-hat breaks security for non-malicious reasons
●
black-hat violate computer security for personal benefits BUT
- no phishing/spam/credit card stealling ...
●
grey-hat may surf the net in order to find and report bugs
●
1337 hackers use various tools to steal or destroy
6. #1 Password Reset Services
●
What is Your Mother's Name?
●
Where is Your Birthday Place?
●
Your Favorite Movie?
●
Your Loved One?
Yeah, this still works. Don't believe me?
9. #3 Malware
●
Tons of Malware Kits free or cheap
●
Tons of FUD Crypters for AV bypass
●
Tons of Spreading Methods
●
Citadel, Zeus, Blackhole Means Something?
●
1337++
10.
11. #4 Wifi Sniffing
●
Be The MAN (in the Middle)
●
Session Hijacking
●
Credentials Sniffing
●
Traffic Alteration
●
Aircrack-ng sounds friendly to you?
●
1338++
12.
13. #5 Hacking Websites
●
Free & Easy to use Applications Scanners
●
Nmap – old school (but awesome) port scanner
●
SQLMap, Havij, Nessus, Acunetix, w3af for web security
●
Metasploit – the Honey for Exploitation
●
Many more third parties apps based on those above
●
+ Tons of Others That You Can Discover
●
1339++
14. #6 - The Insiders
●
Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++
15. Why They Matter
●
these are really simple examples
●
most of the „hackers“ of this kind are 14-20
●
they are irresponsible, destructive
●
you will see private conversation leaked
●
if you have a website they will probably deface it
●
if somebody is MitM you might have the chance to see some porn
●
if your password is guessed you might loose your accounts (Fb, Y!, GM,
Tw, Ppl)
●
PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!
16. Are You Safe?
●
#1 – Hard to Guess and unrelated answers
●
#2 – Don't click on any suspicious stuff
●
#3 – Use an AV licensed and updated + forgot Windows
●
#4 – VPN Tunnels
●
#5 – Firewalls, Code Review, Pentest, Audit
●
#6 – Trust nobody, even you + LastPass or others