How you can become a hacker with no security experience

  • 432 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
432
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
9
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. How You Can Become a Hacker With No Security Experience Andrei Avădănei President at CCSIR contact@ccsir.org
  • 2. Summary ● Short Bio ● What is a Cyber Hacker ● White Hat vs Black Hat Briefly ● Examples of Security Bypasses by 1337 Hackers ● Why They Matter? ● Are YOU Safe? ● Questions & Conclusions
  • 3. Short Bio ● President at CCSIR ● Founder & Coordinator of DefCamp ● Coordinator of Sparks ● Ambassador of Talks by Softbinator ● Blogger @worldit.info
  • 4. What is a Cyber Hacker ● seeks and exploits weaknesses in IT infrastructures ● motivated by profit, protest, or challenge ● computer programmers argues that they should be called crackers ● security culture is often referred to underground hacking
  • 5. White Hat vs Black Hat ● white-hat breaks security for non-malicious reasons ● black-hat violate computer security for personal benefits BUT - no phishing/spam/credit card stealling ... ● grey-hat may surf the net in order to find and report bugs ● 1337 hackers use various tools to steal or destroy
  • 6. #1 Password Reset Services ● What is Your Mother's Name? ● Where is Your Birthday Place? ● Your Favorite Movie? ● Your Loved One? Yeah, this still works. Don't believe me?
  • 7. But Now?
  • 8. #2 Phishing & Scams
  • 9. #3 Malware ● Tons of Malware Kits free or cheap ● Tons of FUD Crypters for AV bypass ● Tons of Spreading Methods ● Citadel, Zeus, Blackhole Means Something? ● 1337++
  • 10. #4 Wifi Sniffing ● Be The MAN (in the Middle) ● Session Hijacking ● Credentials Sniffing ● Traffic Alteration ● Aircrack-ng sounds friendly to you? ● 1338++
  • 11. #5 Hacking Websites ● Free & Easy to use Applications Scanners ● Nmap – old school (but awesome) port scanner ● SQLMap, Havij, Nessus, Acunetix, w3af for web security ● Metasploit – the Honey for Exploitation ● Many more third parties apps based on those above ● + Tons of Others That You Can Discover ● 1339++
  • 12. #6 - The Insiders ● Do You Trust Your Gf/Bf? You shouldn't! :-) 1339.1++
  • 13. Why They Matter ● these are really simple examples ● most of the „hackers“ of this kind are 14-20 ● they are irresponsible, destructive ● you will see private conversation leaked ● if you have a website they will probably deface it ● if somebody is MitM you might have the chance to see some porn ● if your password is guessed you might loose your accounts (Fb, Y!, GM, Tw, Ppl) ● PLEASE TRY THIS AT HOME, NOT ON YOUR „FRIENDS“!
  • 14. Are You Safe? ● #1 – Hard to Guess and unrelated answers ● #2 – Don't click on any suspicious stuff ● #3 – Use an AV licensed and updated + forgot Windows ● #4 – VPN Tunnels ● #5 – Firewalls, Code Review, Pentest, Audit ● #6 – Trust nobody, even you + LastPass or others
  • 15. Questions?