SlideShare a Scribd company logo

Hacking Cracking 2008

Jim Geovedi
Jim Geovedi
Technology
1 of 26
hacking/cracking the other side of the story jim geovedi guide to ict megatrend 31 January 2008 — Hotel Shangri-La, Jakarta
‣ information security ‣ 0-day vulnerabilities
infosec ≠ satpam ‣ current trends: identity thefts, botnet, mobile communication hacking, 0-day vulnerabilities, corporate espionage, wiretapping
industry status ‣ big security companies acquire small start-up or spin-off companies to offer more solutions ‣ "palugada" propaganda
software development ‣ cheap software development? outsource to india or china!
security investment ‣ companies bought a lot of security devices or applications ‣ firewall, anti virus, spam and content filtering, ids, ips, patch management, etc.
common issues ‣ companies do not have enough resources. ‣ vendors re-introducing: ‣ weak and easy guessed passwords ‣ clear-text protocols ‣ misconfigurations
‣ information security ‣ 0-day vulnerabilities
‣ 0-day, pronounce zero-day, sometimes oh day, means new. ‣ the term has it's origin in the warez scene, but has become firmly entrenched in the exploit trading scene.
‣ 0-day is used to refer to exploits, software, media or vulnerability information released today and those that have not yet released.
vendor noticed patch released intrusion time value life cycle of 0-day (quick response from vendor)
vendor noticed patch released intrusion time value life cycle of 0-day (very late response from vendor)
‣ 0-day users: intelligence agents, professional penetration testers, product vendors, random hackers/crackers
obtaining 0-day ‣ conducting research (source code/ binary audit) ‣ share/trade between friends ‣ install honeypot ‣ buy from 0-day brokers
market ‣ current 0-day business model is considered weak ‣ the auction model
the players ‣ corporate: ISS, eEye, iDEFENSE, TippingPoint (3Com/ZDI), Immunity, Gleg, Argeniss, wabisabilabi, etc ‣ group or personal: cirt.dk, piotr bania, inge henriksen, mario ballano, neil kettle, etc.
programs ‣ https://labs.idefense.com/vcp/ ‣ http://www.wslabi.com/wabisabilabi/ rrp.do? ‣ http://www.zerodayinitiative.com/ details.html
prizes ‣ remote arbitrary code execution vulnerabilities in specified e-mail clients and servers (outlook, outlook express, thunderbird, sendmail, exchange) $8,000 - $12,000 ‣ remote arbitrary code execution vulnerabilities in specified critical internet infrastructure applications (apache httpd, bind, sendmail, openssh, iis, exchange): $16.00 - $24.000
how many? ‣ every complex software have bugs ‣ we should assume every popular application exist has at least one 0-day exploit in wild ‣ professionals keep their own 0-day!
fin. jim@geovedi.com

Recommended

Keynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersKeynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackers
idsecconf
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking Presentation
AmanUllah115928
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Kunal Gawade, CFE
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Sina Manavi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Vishesh Singhal
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Mukul Agarwal
 

Recommended

Keynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackersKeynote - Jim Geovedi - professional-hackers
Keynote - Jim Geovedi - professional-hackers
idsecconf
 
Ethical Hacking Presentation
Ethical Hacking PresentationEthical Hacking Presentation
Ethical Hacking Presentation
AmanUllah115928
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Kunal Gawade, CFE
 
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Complete Ethical Hacking Course | Ethical Hacking Training for Beginners | Ed...
Edureka!
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Sina Manavi
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Vishesh Singhal
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
Rishabha Garg
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Mukul Agarwal
 
Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
Raghav Bisht
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
Sophos Benelux
 
Ethical hacking course
Ethical hacking courseEthical hacking course
Ethical hacking course
ChitraKuder
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Ravi Rajput
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
kawsarahmedchoudhuryzzz
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
Satria Ady Pradana
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Edureka!
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
Georgekutty Francis
 
ethical hacking
ethical hackingethical hacking
ethical hacking
samprada123
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Mazenetsolution
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Altacit Global
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
justyogesh
 
Hacking
HackingHacking
Hacking
VipinYadav257
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
SVishnupriya5
 
Ethical hacking course ppt
Ethical hacking course pptEthical hacking course ppt
Ethical hacking course ppt
DharsiniRavichandran
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
Jayanth Vinay
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nitheesh Adithyan
 
Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
Jim Geovedi
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
Jim Geovedi
 

More Related Content

What's hot

What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
Edureka!
 

What's hot (20)

Ethical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training ReportEthical Hacking (CEH) - Industrial Training Report
Ethical Hacking (CEH) - Industrial Training Report
 
Hacking Mobile Apps
Hacking Mobile AppsHacking Mobile Apps
Hacking Mobile Apps
 
Ethical hacking course
Ethical hacking courseEthical hacking course
Ethical hacking course
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IOT Security FUN-damental
IOT Security FUN-damentalIOT Security FUN-damental
IOT Security FUN-damental
 
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
Ethical Hacking Career | Ethical Hacker Jobs & Salary | Cybersecurity Course ...
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking course ppt
Ethical hacking course pptEthical hacking course ppt
Ethical hacking course ppt
 
Ethical hacking for information security
Ethical hacking for information securityEthical hacking for information security
Ethical hacking for information security
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Viewers also liked

Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
Jim Geovedi
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Jim Geovedi
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
Jim Geovedi
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
Jim Geovedi
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
Jim Geovedi
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
Jim Geovedi
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
Jim Geovedi
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
Jim Geovedi
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Jim Geovedi
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
Jim Geovedi
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Jim Geovedi
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
Jim Geovedi
 

Viewers also liked (20)

Wireless Hotspot Security
Wireless Hotspot SecurityWireless Hotspot Security
Wireless Hotspot Security
 
Professional Hackers
Professional HackersProfessional Hackers
Professional Hackers
 
IDS & Log Management
IDS & Log ManagementIDS & Log Management
IDS & Log Management
 
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust RelationshipHacking a Bird in the Sky: Exploiting Satellite Trust Relationship
Hacking a Bird in the Sky: Exploiting Satellite Trust Relationship
 
Internet Worms
Internet WormsInternet Worms
Internet Worms
 
Hacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to DiscoverHacking Satellite: A New Universe to Discover
Hacking Satellite: A New Universe to Discover
 
Wireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers PlaygroundWireless Hotspot: The Hackers Playground
Wireless Hotspot: The Hackers Playground
 
AI & NLP pada @begobet
AI & NLP pada @begobetAI & NLP pada @begobet
AI & NLP pada @begobet
 
Cheating the 10,000 hour rule
Cheating the 10,000 hour ruleCheating the 10,000 hour rule
Cheating the 10,000 hour rule
 
Waluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social MediaWaluku: Answering Astronomy Questions through Social Media
Waluku: Answering Astronomy Questions through Social Media
 
Hacking Trust
Hacking TrustHacking Trust
Hacking Trust
 
Hacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry BirdsHacking a Bird in the Sky: The Revenge of Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
 
Satellite Telephony Security
Satellite Telephony SecuritySatellite Telephony Security
Satellite Telephony Security
 
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!Adam Laurie - $atellite Hacking for Fun & Pr0fit!
Adam Laurie - $atellite Hacking for Fun & Pr0fit!
 
Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)Satellite Hacking — Intro by Indianz (2012)
Satellite Hacking — Intro by Indianz (2012)
 
Hacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT ConnectionHacking a Bird in the Sky: Hijacking VSAT Connection
Hacking a Bird in the Sky: Hijacking VSAT Connection
 
The 21st Century Bank Job
The 21st Century Bank JobThe 21st Century Bank Job
The 21st Century Bank Job
 
Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?Is Cyber-offence the New Cyber-defence?
Is Cyber-offence the New Cyber-defence?
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Warezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite HackingWarezzman - DVB-Satellite Hacking
Warezzman - DVB-Satellite Hacking
 

Similar to Hacking Cracking 2008

Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
Exodus Intelligence
 
Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
Exodus Intelligence
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
Denim Group
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Shakacon
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
MITRE ATT&CK
 

Similar to Hacking Cracking 2008 (20)

Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC PerspectiveSecurity Opportunities A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
(Isc)² secure johannesburg
(Isc)² secure johannesburg (Isc)² secure johannesburg
(Isc)² secure johannesburg
 
Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
 
Exodus intel slideshare 2019
Exodus intel slideshare 2019Exodus intel slideshare 2019
Exodus intel slideshare 2019
 
The Magic of Symbiotic Security
The Magic of Symbiotic SecurityThe Magic of Symbiotic Security
The Magic of Symbiotic Security
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets Threat Landscape Lessons from IoTs and Honeynets
Threat Landscape Lessons from IoTs and Honeynets
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Asset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt LabsAsset Discovery in India – Redhunt Labs
Asset Discovery in India – Redhunt Labs
 
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDATop OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
Top OSS for Mobile AppSec Testing: The Latest on R2 and FRIDA
 
HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's ConsumersHITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
HITCON 2017: Building a Public RPZ Service to Protect the World's Consumers
 
Application Security by Ethical Hackers
Application Security by Ethical HackersApplication Security by Ethical Hackers
Application Security by Ethical Hackers
 
SignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT SignaturesSignaturesAreDead Long Live RESILIENT Signatures
SignaturesAreDead Long Live RESILIENT Signatures
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
 
When Insiders ATT&CK!
When Insiders ATT&CK!When Insiders ATT&CK!
When Insiders ATT&CK!
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Hacking Cracking 2008

  • 1. hacking/cracking the other side of the story jim geovedi guide to ict megatrend 31 January 2008 — Hotel Shangri-La, Jakarta
  • 2. information security ‣ 0-day vulnerabilities
  • 3. infosec ≠ satpam ‣ current trends: identity thefts, botnet, mobile communication hacking, 0-day vulnerabilities, corporate espionage, wiretapping
  • 4. industry status ‣ big security companies acquire small start-up or spin-off companies to offer more solutions ‣ "palugada" propaganda
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. software development ‣ cheap software development? outsource to india or china!
  • 10. security investment ‣ companies bought a lot of security devices or applications ‣ firewall, anti virus, spam and content filtering, ids, ips, patch management, etc.
  • 11. common issues ‣ companies do not have enough resources. ‣ vendors re-introducing: ‣ weak and easy guessed passwords ‣ clear-text protocols ‣ misconfigurations
  • 12. information security ‣ 0-day vulnerabilities
  • 13. 0-day, pronounce zero-day, sometimes oh day, means new. ‣ the term has it's origin in the warez scene, but has become firmly entrenched in the exploit trading scene.
  • 14. 0-day is used to refer to exploits, software, media or vulnerability information released today and those that have not yet released.
  • 15. vendor noticed patch released intrusion time value life cycle of 0-day (quick response from vendor)
  • 16. vendor noticed patch released intrusion time value life cycle of 0-day (very late response from vendor)
  • 17.
  • 18.
  • 19. 0-day users: intelligence agents, professional penetration testers, product vendors, random hackers/crackers
  • 20. obtaining 0-day ‣ conducting research (source code/ binary audit) ‣ share/trade between friends ‣ install honeypot ‣ buy from 0-day brokers
  • 21. market ‣ current 0-day business model is considered weak ‣ the auction model
  • 22. the players ‣ corporate: ISS, eEye, iDEFENSE, TippingPoint (3Com/ZDI), Immunity, Gleg, Argeniss, wabisabilabi, etc ‣ group or personal: cirt.dk, piotr bania, inge henriksen, mario ballano, neil kettle, etc.
  • 23. programs ‣ https://labs.idefense.com/vcp/ ‣ http://www.wslabi.com/wabisabilabi/ rrp.do? ‣ http://www.zerodayinitiative.com/ details.html
  • 24. prizes ‣ remote arbitrary code execution vulnerabilities in specified e-mail clients and servers (outlook, outlook express, thunderbird, sendmail, exchange) $8,000 - $12,000 ‣ remote arbitrary code execution vulnerabilities in specified critical internet infrastructure applications (apache httpd, bind, sendmail, openssh, iis, exchange): $16.00 - $24.000
  • 25. how many? ‣ every complex software have bugs ‣ we should assume every popular application exist has at least one 0-day exploit in wild ‣ professionals keep their own 0-day!