SlideShare a Scribd company logo

Hack the Hackers: Client Side Targeting

New Horizons Bulgaria
New Horizons Bulgaria

This document summarizes a presentation given by Sean Hanna on client side hacking. The presentation discussed how hacking has evolved from hobbyists to security research companies to organized criminal gangs producing crimeware. It noted how governments are now developing cyber warfare capabilities in a growing arms race. The presentation demonstrated hacking tools and warned that client systems are increasingly being targeted, and that future threats will be even more advanced as hacking continues to evolve.

TechnologySports
1 of 84
HACK THE HACKERS 2012
About New Horizons World’s largest IT training company since 2002 (IDC) Recognized among the world's Top 20 IT training companies four out of four years (Trainingindustry.com) Deliver a full range of technical, application, and business skills training solutions Advanced technical solutions (Microsoft, IBM, CompTIA, Adobe, ITIL, and various Information Security offerings); Desktop applications (Microsoft Project, Excel, Access, PowerPoint; Adobe Photoshop, Illustrator, InDesign); Business skills (project management, practical selling skills, time management, effective presentations, etc.) Offer more courses, at more times, and in more locations than any other computer and business training company
Partners
Customers
EC-Council Training November 12th, 2012 November 19th, 2012 2 of you will win a CEH voucher TODAY!
Special thanks to:
Sean Hanna SEAN HANNA LPT, ECSA, CEH, CHFI, CISSP, CISM, CISA, GSEC, GCIA, GCIH EC-Council Instructor of the year 2007, 2008, 2010, 2011
Client Side Hacking – Targeting the User Sean Hanna EC-Council Security Instructor of the Year June 7th, 2012
EC-Council
EC-Council HACK! Client Side The Next Target Sean Hanna
Be scared, very scared… BOOMERANGS
EC-Council
EC-Council
Research is where it all starts… EC-Council
Vulnerabilities EC-Council
Weapons R&D EC-Council Finding the next Vulnerability is highly technical Greatest challenge for coders Years of experience required Reverse Engineering Zero Day Attacks
For Example… EC-Council Wi-Fi Protected Setup is designed to ease the task of setting up and configuring security on wireless local area networks It has many weaknesses External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks.
EC-Council
EC-Council Exploits
Exploits EC-Council
The Exploits EC-Council “Delivery Method” Stack Overflow Heap Corruption Format String Integer Bugs Race Conditions Brute Forcing SQL Coding Unicode
For Example… EC-Council Remote Code Buffer Overflows occurs when data written to a buffer, due to insufficient bounds checking, corrupts data values in memory addresses adjacent to the allocated buffer and may allow remote code to be run Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) MS07-029
EC-Council
EC-Council
Payloads EC-Council
The Payloads EC-Council Shells “Dangerous Weapon” Reverse Shells HTTP Reverse HTTP VNC Password Collector Visa Collector Bombs
For Example… EC-Council A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. Shark Botnet Payload Botnet C&C Server
Demo SHARK BOTNET
EC-Council
Frameworks EC-Council
Every attack requires coding EC-Council Assembly Language C+ or C++ Perl Ruby Visual Basic Java .NET Framework So its NOT easy !!!!
Exploit Lifecycle EC-Council
The Frameworks EC-Council There are various frameworks Underground Commercial These are the engines of hacking
Frameworks EC-Council
What would Dr Strangelove do EC-Council next….
if you’ve got it then you might as EC-Council well …
For Example… EC-Council Metasploit a well-known Framework, a tool for developing and executing exploit code against a remote target machine Contains many plug-ins SET
EC-Council
EC-Council THE END
EC-Council OR IS IT…
Random Demos? EC-Council Were these just 3 random demos, or was there something more behind them? Each of the demos targeted a client system This is only the start of our story…
EC-Council
The Arms Race EC-Council The term arms race in its original usage describes a competition between two or more parties for military supremacy. Each party competes to produce larger numbers of weapons, greater armies, or superior military technology in a technological escalation Source: Wiki
EC-Council
The Ingredients Of An Arms Race EC-Council A new technology that might have a use a weapon Existing research in non-weapon areas An accidental or deliberate demonstration of its potential One government to use it against another Big business to see the chance of massive profits
The Dawn of a New Era EC-Council We have just entered the dawn of new era Cyber Warfare is not the stuff of science fiction Militaries around the world deploy Cyber Warfare Weaponry on an hourly bases The technologies is in use in live operational theatres around the world
WHY SHOULD THIS CONCERN ME?
This Time Its Different EC-Council The human race has always been careful to control the availability of weapons This time we can’t
Cyber Weaponry EC-Council When a solider leaves the army You can take his gun of him When a sailor leaves the navy You can take his ship of him When a pilot leaves the air force You can take his plane of him
CYBER WEAPONRY IS KNOWLEDGE
RISK EC-Council Your job is managing Information RISK The risk profile id constantly changing New threats are constantly emerging Everything is a state of constant flux
What Is About To Come Next.. EC-Council
Journey EC-Council Let me take you on journey through hacking From the start though the years to today Then on towards the future Let me share why things are about to change FOREVER.
FROM THE BEGINNING…
DEMO SET ON METASPLOIT
THE FOUR PHASES OF HACKING
Evolution EC-Council Hacking is continuing to evolve If we understand how it has evolved.. We might see how it will evolve in the future
Timeline EC-Council
PHASE1
Hobbyist Hackers EC-Council C0mrade hacked into NASA downloaded the source code of the International Space Station $1.7 million Kevin Mitnick most wanted computer criminal in U.S. history breached the national defence system
Hobbyist Hackers EC-Council Started the whole process Limited success Limited resources Limited skills
PHASE2
Security Research Companies EC-Council HP Fortify Largest commercial research organization in the world Identified over 430 vulnerability categories across 18 programming languages Discovered two entirely new categories of vulnerabilities (JavaScript Hijacking and Cross-Build Injection)
PHASE3
Criminal Gangs EC-Council 431 million adults worldwide were victims of cyber crime last year (Norton Cyber Crime Report 2011) $388 billion is lost globally each year to cyber crime (Norton Cyber Crime Report 2011)
EC-Council
Criminal Gangs EC-Council Russian cybercriminals (Mafia Today) raked in over $4 billion in 2011 consolidated their efforts; organized crime groups are clamoring for a piece of the action most lucrative form of Russian cybercrime last year was online fraud “The cybercrime market originating from Russia costs the global economy billions of dollars every year,” Ilya Sachkov, Group-IB’s CEO
Criminal Gangs EC-Council Cyber crime costs the UK economy £27bn a year, the government has said. £21bn of costs to businesses £2.2bn to government £3.1bn to citizens Security minister Baroness Neville-Jones said the government was determined to work with industry to tackle cyber crime.
Criminal Gangs EC-Council Took the process to second stage Invested money to make money Professional career hackers Large budgets Large multi-skills teams Results in the production of commercial quality hacks: Crimeware is born
Crimeware EC-Council Crimeware is a class of malware designed specifically to automate cybercrime The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group Crimeware is said to started around 2003 Crimeware has made rapid advancements in the last 9 years
Crimeware Part 1 EC-Council Advancement 1: Form-grabbing (spyware) Advancement 2: Anti-detection (stealth) Advancement 3: Web-injects (man-in-the-browser) Advancement 4: Expanded Target Support
Crimeware Part 2 EC-Council Advancement 5: Source Code Availability/Release Advancement 6: Mobile Device Support (man-in-the-mobile) Advancement 7: Anti-removal (persistence) Advancement 8: Commercialisation (market)
PHASE4
Cyber Warfare EC-Council “actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption” “the fifth domain of warfare” “as critical to military operations as land, sea, air, and space”
Cyber Warfare - History EC-Council March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military intervention in Kosovo. May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of cyberattacks from China against U.S. government Web sites. 2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for years. The government code names the attacks Titan Rain and eventually traces them to China. April-May 2007: Hackers believed to be linked to the Russian government bring down the Web sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters. June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked, and some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers. August 2008: Cyber attackers hijack government and commercial Web sites in Georgia during a military conflict with Russia. January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition party. April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.
US First Cyber Warfare General EC-Council The US military appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace. The creation of Cyber Command is in response to increasing anxiety over the vulnerability of the US's military and other networks to a cyber attack The US air force discloses that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare". May 2010 – The Guardian Newspaper UK
EC-Council 9ec4c12949a4f31474f299058ce2b22a
Cyber Warfare EC-Council A cyber attack by one state on another could be considered an "act of war", former top national security adviser (BBC News) William Hague: UK is under cyber-attack (BBC News)
White House warns of Cyber Warfare boomerangs EC-Council Unlike a bullet or missile fired at an enemy, a Cyber Weapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. The Homeland Security Department’s warning about the new virus, known as “Flame,” 3 Days ago – The White House
Germany prepares special unit to EC-Council tackle cyber attack BERLIN: Germany has prepared a special cyber warfare unit of its military to conduct offensive operations against computer hackers, who attack key installations or engage in espionage activities, defence ministry has said. 36 Hours ago – Economic Times
The Government Wants You EC-Council Agencies need to hack clients Al Qaeda operatives for example Millions have been spent in developing the next generation of client side hacking tools
PHASE 5 EC-Council
PHASE 5 EC-Council
Questions and Answers New Horizons Bulgaria 36 Dragan Tsankov blvd. Interpred, block A, floor 6 Phone : +359 2 421 0040 Email: office@newhorizons.bg Web: www.newhorizons.bg Blog: newhorizons.bg/blog

Recommended

Ctf110213 public
Ctf110213 publicCtf110213 public
Ctf110213 publicProf John Walker FRSA Purveyor Dark Intelligence
 
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
 
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...DroneSec
 
Drone Guardian: Countering the drone threat to commercial airports
Drone Guardian: Countering the drone threat to commercial airportsDrone Guardian: Countering the drone threat to commercial airports
Drone Guardian: Countering the drone threat to commercial airportsNicholas Meadows
 
Info sec 12 v1 2
Info sec 12 v1 2Info sec 12 v1 2
Info sec 12 v1 2Prof John Walker FRSA Purveyor Dark Intelligence
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_Directorate of Information Security | Ditjen Aptika
 
UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019ChadCogan
 
municipal_drones_FINAL
municipal_drones_FINALmunicipal_drones_FINAL
municipal_drones_FINALMartin Tom-Petersen
 

Recommended

Ctf110213 public
Ctf110213 publicCtf110213 public
Ctf110213 publicProf John Walker FRSA Purveyor Dark Intelligence
 
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
 
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...
The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) -...DroneSec
 
Drone Guardian: Countering the drone threat to commercial airports
Drone Guardian: Countering the drone threat to commercial airportsDrone Guardian: Countering the drone threat to commercial airports
Drone Guardian: Countering the drone threat to commercial airportsNicholas Meadows
 
Info sec 12 v1 2
Info sec 12 v1 2Info sec 12 v1 2
Info sec 12 v1 2Prof John Walker FRSA Purveyor Dark Intelligence
 
20111214 iisf shinoda_
20111214 iisf shinoda_20111214 iisf shinoda_
20111214 iisf shinoda_Directorate of Information Security | Ditjen Aptika
 
UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019UAS Threat to Aviation - January 2019
UAS Threat to Aviation - January 2019ChadCogan
 
municipal_drones_FINAL
municipal_drones_FINALmunicipal_drones_FINAL
municipal_drones_FINALMartin Tom-Petersen
 
hackers
hackershackers
hackersAya Eltayed
 
java con base de datos
java con base de datos java con base de datos
java con base de datos Fiorella Aguilar Isuiza
 
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...José Antonio García Erce
 
Connection
ConnectionConnection
ConnectionFiorella Aguilar Isuiza
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !Kyos
 
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Impetus Technologies
 
Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)Ferellica
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Gohsuke Takama
 
Hackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCCHackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCCviolet blue
 
Teenage Girls: Who are they?
Teenage Girls: Who are they?Teenage Girls: Who are they?
Teenage Girls: Who are they?Jordan Freedman
 
What teenage girls are to follow
What teenage girls are to followWhat teenage girls are to follow
What teenage girls are to followBalasubramanian Kalyanaraman
 
The parable of the ten teenage girls
The parable of the ten teenage girlsThe parable of the ten teenage girls
The parable of the ten teenage girlsGroovy Group
 
Hackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeHackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeUtkarsh Sengar
 
The Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and CommunicatorThe Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and CommunicatorHavas PR
 
Online Security for Kids
Online Security for KidsOnline Security for Kids
Online Security for KidsPatrick Laverty
 
Peer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention TrainingPeer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention TrainingURGENT, Inc.
 
Privacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to coursePrivacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to courseIIIT Hyderabad
 
Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2IIIT Hyderabad
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?Blue Coat
 
Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6hymasakhamuri
 
Exp w22 exp-w22
Exp w22 exp-w22Exp w22 exp-w22
Exp w22 exp-w22SelectedPresentations
 

More Related Content

Viewers also liked

Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...José Antonio García Erce
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !Kyos
 
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Impetus Technologies
 
Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)Ferellica
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Gohsuke Takama
 
Hackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCCHackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCCviolet blue
 
Teenage Girls: Who are they?
Teenage Girls: Who are they?Teenage Girls: Who are they?
Teenage Girls: Who are they?Jordan Freedman
 
The parable of the ten teenage girls
The parable of the ten teenage girlsThe parable of the ten teenage girls
The parable of the ten teenage girlsGroovy Group
 
Hackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeHackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeUtkarsh Sengar
 
The Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and CommunicatorThe Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and CommunicatorHavas PR
 
Online Security for Kids
Online Security for KidsOnline Security for Kids
Online Security for KidsPatrick Laverty
 
Peer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention TrainingPeer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention TrainingURGENT, Inc.
 
Privacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to coursePrivacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to courseIIIT Hyderabad
 
Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2IIIT Hyderabad
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?Blue Coat
 

Viewers also liked (20)

hackers
hackershackers
hackers
 
java con base de datos
java con base de datos java con base de datos
java con base de datos
 
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
Comunicación Oral 075. Anemia sector Huesca. SEHH SETH Santiago de Compostela...
 
Connection
ConnectionConnection
Connection
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !Détecter et neutraliser efficacement les cybermenaces !
Détecter et neutraliser efficacement les cybermenaces !
 
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
Big Data Use Cases for Different Verticals and Adoption Patterns - Impetus We...
 
Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)Virus (Trojan Horse,Salami Attack)
Virus (Trojan Horse,Salami Attack)
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
 
Hackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCCHackers and Harm Reduction / 29c3 / CCC
Hackers and Harm Reduction / 29c3 / CCC
 
Teenage Girls: Who are they?
Teenage Girls: Who are they?Teenage Girls: Who are they?
Teenage Girls: Who are they?
 
What teenage girls are to follow
What teenage girls are to followWhat teenage girls are to follow
What teenage girls are to follow
 
The parable of the ten teenage girls
The parable of the ten teenage girlsThe parable of the ten teenage girls
The parable of the ten teenage girls
 
Hackers The Anarchists Of Our Time
Hackers The Anarchists Of Our TimeHackers The Anarchists Of Our Time
Hackers The Anarchists Of Our Time
 
The Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and CommunicatorThe Teenage Girl as Consumer and Communicator
The Teenage Girl as Consumer and Communicator
 
Online Security for Kids
Online Security for KidsOnline Security for Kids
Online Security for Kids
 
Peer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention TrainingPeer to Peer Teen Dating Violence Prevention Training
Peer to Peer Teen Dating Violence Prevention Training
 
Privacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to coursePrivacy and Security in Online Social Media : Intro to course
Privacy and Security in Online Social Media : Intro to course
 
Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2Privacy and Security in Online Social Media : Policing and Social Media - Part 2
Privacy and Security in Online Social Media : Policing and Social Media - Part 2
 
Are You a Hacker's Target?
Are You a Hacker's Target?Are You a Hacker's Target?
Are You a Hacker's Target?
 

Similar to Hack the Hackers: Client Side Targeting

Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6hymasakhamuri
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsSteven SIM Kok Leong
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duckSensePost
 
Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6César Celis
 
CYBERCRIME INVESTIGATION AND ANALYSIS.pptx
CYBERCRIME INVESTIGATION AND ANALYSIS.pptxCYBERCRIME INVESTIGATION AND ANALYSIS.pptx
CYBERCRIME INVESTIGATION AND ANALYSIS.pptxOlusegun Mosugu
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)INSIGHT FORENSIC
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsVi Tính Hoàng Nam
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 

Similar to Hack the Hackers: Client Side Targeting (20)

Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6Cyber handbook enterprise v1.6
Cyber handbook enterprise v1.6
 
Exp w22 exp-w22
Exp w22 exp-w22Exp w22 exp-w22
Exp w22 exp-w22
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Future-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threatsFuture-proofing maritime ports against emerging cyber-physical threats
Future-proofing maritime ports against emerging cyber-physical threats
 
20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
 
CrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising DeckCrowdSec A-Round Fundraising Deck
CrowdSec A-Round Fundraising Deck
 
The difference between a duck
The difference between a duckThe difference between a duck
The difference between a duck
 
Threat report h1_2013
Threat report h1_2013Threat report h1_2013
Threat report h1_2013
 
Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6Cyber handbook-enterprise-v1.6
Cyber handbook-enterprise-v1.6
 
CYBERCRIME INVESTIGATION AND ANALYSIS.pptx
CYBERCRIME INVESTIGATION AND ANALYSIS.pptxCYBERCRIME INVESTIGATION AND ANALYSIS.pptx
CYBERCRIME INVESTIGATION AND ANALYSIS.pptx
 
Forensics Expo, London 2015
Forensics Expo, London 2015Forensics Expo, London 2015
Forensics Expo, London 2015
 
Internet(2)
Internet(2)Internet(2)
Internet(2)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
(120715) #fitalk the era of cyber sabotage and warfare (case study - stuxnet)
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 
Ceh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoorsCeh v5 module 06 trojans and backdoors
Ceh v5 module 06 trojans and backdoors
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
Super1
Super1Super1
Super1
 

Recently uploaded

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Hack the Hackers: Client Side Targeting

  • 2. About New Horizons World’s largest IT training company since 2002 (IDC) Recognized among the world's Top 20 IT training companies four out of four years (Trainingindustry.com) Deliver a full range of technical, application, and business skills training solutions Advanced technical solutions (Microsoft, IBM, CompTIA, Adobe, ITIL, and various Information Security offerings); Desktop applications (Microsoft Project, Excel, Access, PowerPoint; Adobe Photoshop, Illustrator, InDesign); Business skills (project management, practical selling skills, time management, effective presentations, etc.) Offer more courses, at more times, and in more locations than any other computer and business training company
  • 5. EC-Council Training November 12th, 2012 November 19th, 2012 2 of you will win a CEH voucher TODAY!
  • 7. Sean Hanna SEAN HANNA LPT, ECSA, CEH, CHFI, CISSP, CISM, CISA, GSEC, GCIA, GCIH EC-Council Instructor of the year 2007, 2008, 2010, 2011
  • 8. Client Side Hacking – Targeting the User Sean Hanna EC-Council Security Instructor of the Year June 7th, 2012
  • 10. EC-Council HACK! Client Side The Next Target Sean Hanna
  • 11. Be scared, very scared… BOOMERANGS
  • 14. Research is where it all starts… EC-Council
  • 15. Vulnerabilities EC-Council
  • 16. Weapons R&D EC-Council Finding the next Vulnerability is highly technical Greatest challenge for coders Years of experience required Reverse Engineering Zero Day Attacks
  • 17. For Example… EC-Council Wi-Fi Protected Setup is designed to ease the task of setting up and configuring security on wireless local area networks It has many weaknesses External Registrar option does not require any kind of authentication apart from providing the PIN, it is potentially vulnerable to brute force attacks.
  • 20. Exploits EC-Council
  • 21. The Exploits EC-Council “Delivery Method” Stack Overflow Heap Corruption Format String Integer Bugs Race Conditions Brute Forcing SQL Coding Unicode
  • 22. For Example… EC-Council Remote Code Buffer Overflows occurs when data written to a buffer, due to insufficient bounds checking, corrupts data values in memory addresses adjacent to the allocated buffer and may allow remote code to be run Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP) MS07-029
  • 25. Payloads EC-Council
  • 26. The Payloads EC-Council Shells “Dangerous Weapon” Reverse Shells HTTP Reverse HTTP VNC Password Collector Visa Collector Bombs
  • 27. For Example… EC-Council A botnet is a collection of compromised computers, each of which is known as a 'bot', connected to the Internet. Shark Botnet Payload Botnet C&C Server
  • 30. Frameworks EC-Council
  • 31. Every attack requires coding EC-Council Assembly Language C+ or C++ Perl Ruby Visual Basic Java .NET Framework So its NOT easy !!!!
  • 32. Exploit Lifecycle EC-Council
  • 33. The Frameworks EC-Council There are various frameworks Underground Commercial These are the engines of hacking
  • 34. Frameworks EC-Council
  • 35. What would Dr Strangelove do EC-Council next….
  • 36. if you’ve got it then you might as EC-Council well …
  • 37. For Example… EC-Council Metasploit a well-known Framework, a tool for developing and executing exploit code against a remote target machine Contains many plug-ins SET
  • 41. Random Demos? EC-Council Were these just 3 random demos, or was there something more behind them? Each of the demos targeted a client system This is only the start of our story…
  • 43. The Arms Race EC-Council The term arms race in its original usage describes a competition between two or more parties for military supremacy. Each party competes to produce larger numbers of weapons, greater armies, or superior military technology in a technological escalation Source: Wiki
  • 45. The Ingredients Of An Arms Race EC-Council A new technology that might have a use a weapon Existing research in non-weapon areas An accidental or deliberate demonstration of its potential One government to use it against another Big business to see the chance of massive profits
  • 46. The Dawn of a New Era EC-Council We have just entered the dawn of new era Cyber Warfare is not the stuff of science fiction Militaries around the world deploy Cyber Warfare Weaponry on an hourly bases The technologies is in use in live operational theatres around the world
  • 47. WHY SHOULD THIS CONCERN ME?
  • 48. This Time Its Different EC-Council The human race has always been careful to control the availability of weapons This time we can’t
  • 49. Cyber Weaponry EC-Council When a solider leaves the army You can take his gun of him When a sailor leaves the navy You can take his ship of him When a pilot leaves the air force You can take his plane of him
  • 51. RISK EC-Council Your job is managing Information RISK The risk profile id constantly changing New threats are constantly emerging Everything is a state of constant flux
  • 52. What Is About To Come Next.. EC-Council
  • 53. Journey EC-Council Let me take you on journey through hacking From the start though the years to today Then on towards the future Let me share why things are about to change FOREVER.
  • 56. THE FOUR PHASES OF HACKING
  • 57. Evolution EC-Council Hacking is continuing to evolve If we understand how it has evolved.. We might see how it will evolve in the future
  • 58. Timeline EC-Council
  • 60. Hobbyist Hackers EC-Council C0mrade hacked into NASA downloaded the source code of the International Space Station $1.7 million Kevin Mitnick most wanted computer criminal in U.S. history breached the national defence system
  • 61. Hobbyist Hackers EC-Council Started the whole process Limited success Limited resources Limited skills
  • 63. Security Research Companies EC-Council HP Fortify Largest commercial research organization in the world Identified over 430 vulnerability categories across 18 programming languages Discovered two entirely new categories of vulnerabilities (JavaScript Hijacking and Cross-Build Injection)
  • 65. Criminal Gangs EC-Council 431 million adults worldwide were victims of cyber crime last year (Norton Cyber Crime Report 2011) $388 billion is lost globally each year to cyber crime (Norton Cyber Crime Report 2011)
  • 67. Criminal Gangs EC-Council Russian cybercriminals (Mafia Today) raked in over $4 billion in 2011 consolidated their efforts; organized crime groups are clamoring for a piece of the action most lucrative form of Russian cybercrime last year was online fraud “The cybercrime market originating from Russia costs the global economy billions of dollars every year,” Ilya Sachkov, Group-IB’s CEO
  • 68. Criminal Gangs EC-Council Cyber crime costs the UK economy £27bn a year, the government has said. £21bn of costs to businesses £2.2bn to government £3.1bn to citizens Security minister Baroness Neville-Jones said the government was determined to work with industry to tackle cyber crime.
  • 69. Criminal Gangs EC-Council Took the process to second stage Invested money to make money Professional career hackers Large budgets Large multi-skills teams Results in the production of commercial quality hacks: Crimeware is born
  • 70. Crimeware EC-Council Crimeware is a class of malware designed specifically to automate cybercrime The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group Crimeware is said to started around 2003 Crimeware has made rapid advancements in the last 9 years
  • 71. Crimeware Part 1 EC-Council Advancement 1: Form-grabbing (spyware) Advancement 2: Anti-detection (stealth) Advancement 3: Web-injects (man-in-the-browser) Advancement 4: Expanded Target Support
  • 72. Crimeware Part 2 EC-Council Advancement 5: Source Code Availability/Release Advancement 6: Mobile Device Support (man-in-the-mobile) Advancement 7: Anti-removal (persistence) Advancement 8: Commercialisation (market)
  • 74. Cyber Warfare EC-Council “actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption” “the fifth domain of warfare” “as critical to military operations as land, sea, air, and space”
  • 75. Cyber Warfare - History EC-Council March 1999: Hackers in Serbia attack NATO systems in retaliation for NATO’s military intervention in Kosovo. May 1999: NATO accidentally bombs the Chinese embassy in Belgrade, spawning a wave of cyberattacks from China against U.S. government Web sites. 2003: Hackers begin a series of assaults on U.S. government computer systems that lasts for years. The government code names the attacks Titan Rain and eventually traces them to China. April-May 2007: Hackers believed to be linked to the Russian government bring down the Web sites of Estonia’s parliament, banks, ministries, newspapers and broadcasters. June-July 2008: Hundreds of government and corporate Web sites in Lithuania are hacked, and some are covered in digital Soviet-era graffiti, implicating Russian nationalist hackers. August 2008: Cyber attackers hijack government and commercial Web sites in Georgia during a military conflict with Russia. January 2009: Attacks shut down at least two of Kyrgyzstan’s four Internet service providers during political squabbling among Russia, the ruling Kyrgyzstan party and an opposition party. April 2009: An attack on neighboring Kazakhstan shuts down a popular news Web site.
  • 76. US First Cyber Warfare General EC-Council The US military appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace. The creation of Cyber Command is in response to increasing anxiety over the vulnerability of the US's military and other networks to a cyber attack The US air force discloses that some 30,000 of its troops had been re-assigned from technical support "to the frontlines of cyber warfare". May 2010 – The Guardian Newspaper UK
  • 78. Cyber Warfare EC-Council A cyber attack by one state on another could be considered an "act of war", former top national security adviser (BBC News) William Hague: UK is under cyber-attack (BBC News)
  • 79. White House warns of Cyber Warfare boomerangs EC-Council Unlike a bullet or missile fired at an enemy, a Cyber Weapon that spreads across the Internet may circle back accidentally to infect computers it was never supposed to target. The Homeland Security Department’s warning about the new virus, known as “Flame,” 3 Days ago – The White House
  • 80. Germany prepares special unit to EC-Council tackle cyber attack BERLIN: Germany has prepared a special cyber warfare unit of its military to conduct offensive operations against computer hackers, who attack key installations or engage in espionage activities, defence ministry has said. 36 Hours ago – Economic Times
  • 81. The Government Wants You EC-Council Agencies need to hack clients Al Qaeda operatives for example Millions have been spent in developing the next generation of client side hacking tools
  • 82. PHASE 5 EC-Council
  • 83. PHASE 5 EC-Council
  • 84. Questions and Answers New Horizons Bulgaria 36 Dragan Tsankov blvd. Interpred, block A, floor 6 Phone : +359 2 421 0040 Email: office@newhorizons.bg Web: www.newhorizons.bg Blog: newhorizons.bg/blog

Editor's Notes

  1. Licensed Penetration Tester (LPT),EC-Council Certified Security Analyst (ECSA), Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH); Director at Nemstar- Offering IT Security, Consultancy & Training services in Ireland, the UK and Europe