Your SlideShare is downloading. ×
0
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
HoneyCon 2014
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

HoneyCon 2014

182

Published on

HoneyCon 2014

HoneyCon 2014

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
182
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. HoneyCon 2014 jeytsai@NIT
  • 2. Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time
  • 3. The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.
  • 4. HoneyCon Agenda
  • 5. Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]
  • 6. Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking
  • 7. SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...
  • 8. SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...
  • 9. DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol
  • 10. DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service
  • 11. DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...
  • 12. Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...
  • 13. Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?
  • 14. HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis
  • 15. HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)
  • 16. HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status
  • 17. HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮
  • 18. CTF Time
  • 19. ● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF
  • 20. HoneyCon - CTF Rules 1. Honeycon2014 會 議 期 間 參 賽 隊 伍 可 隨 時 連 線 至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作,並對外 公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為,將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。
  • 21. Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker
  • 22. How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked
  • 23. PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking
  • 24. Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226
  • 25. Thanks for your attention Q&A

×