Contents● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids
Introduction● Fredrik Nordberg Almroth (@Almroot) Head application engineer and co-founder @ detectify.com IT-security guy Hacked Google. Twice.● Johan Edholm (@norrskal) Server administrator and co-founder @ detectify.com Worked with IT security analytics and anti-scraping Studied system and network management in Linux
What is Detectify?Detectify is an automated vulnerability scanner.
● You press start!● Detectify emulates a hacking attack.
● You get a report regarding your vulnerabilities.
● Detectify is currently in closed beta!● You may try it for free using the beta code: HyperMine● http://detectify.com/● We love feedback! :)
What is data mining?● Data mining is mostly associated with statistics and machine learning.● ...or discovery of patterns (intelligence) in large datasets...● No fancy algorithms! Just real life examples.
Web scraping● Grab content from websites● Host somewhere else● Study the data● Sell the data
Web scraping● Bad scrapers ○ Downloadable or online tools ○ Homemade scripts ○ HTTP rewriters
Web scraping● Homemade scripts ○ Made for one site/purpose ○ No hacking ○ May be against ToS ○ Probably legal
Web scraping● Sosseblaskan.se ○ Copy of aftonbladet (rewrite) ○ A joke ○ Not ads for aftonbladet ○ Not phishing ○ Illegal
SQL● Structured Query Language● Used to talk with databases. MySQL, PostgreSQL, etc...
How its used● Websites use databases to maintain data.● The SQL queries often contain user-data.● You search on a website for a few keywords.● The odds of it being done by some SQL dialect is huge.
What could possibly go wrong?● User supplied data may alter the SQL query.● Example: SELECT title FROM blog WHERE title = $search_keywords;● If the searched data contain a quote, the SQL query will break.● Attackers may gain other data than just the "blog title".● Usernames, passwords, emails, credit-cards...
ConclusionYou can with ease gain access to yourneighbours data.
Speaking of portscanning...● Spring 2010, the "spoon" project.● Got interested in packet crafting.● 3000 packets/second
● Sweden got 25.000.000 allocated IPv4-addresses.● ...Results in a timeframe of 2 hours and 20 min to scan.● Resolve all servers on a given port in a Sweden.● Could of course be applied to any country.
● Early 2011, "spoon2".● 30000 packets/second. Ten times as fast!● From 2½ hour, to approximate 15 minutes.● Same result.
● Imagine a company. Like ACME Corp.● 10 servers running "spoon2".● Get a fresh map of Sweden every 90 second.● 100 servers, every 9th second second.
● ACME Corp got potential to become a global "pingdom".● Results in large scale data mining.● Would require loads of clever algorithms and infrastructure to maintain it all though.
shodanhq.com● The firm shodanhq already crawls countries for open services.● Identified ~438.000 web servers in Sweden alone.● Mostly devices found on local networks. (routers / printers).● No security. Loads of vulnerable devices.
● Eavesdrop your neighbour? No problem.● Why bother?● Can be applied to a whole country.
Summary● Web Scraping● Quick and Dirty SQL Injections● iPhones, WiFi and Evil Twins● Hacking Neighbours● Port scanning on Steroids