SlideShare a Scribd company logo

HoneyCon 2014

Chia-Hao Tsai
Chia-Hao Tsai

HoneyCon 2014

TechnologyNews & Politics
1 of 26
Download to read offline
HoneyCon 2014 jeytsai@NIT
Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time
The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.
HoneyCon Agenda
Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]
Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking
SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...
SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...
DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol
DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service
DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...
Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...
Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?
HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis
HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)
HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status
HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮
CTF Time
● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF
HoneyCon - CTF Rules 1. Honeycon2014 會 議 期 間 參 賽 隊 伍 可 隨 時 連 線 至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作,並對外 公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為,將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。
Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker
How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked
PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking
Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226
Thanks for your attention Q&A

Recommended

Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
Passwd crack introduction
Passwd crack introductionPasswd crack introduction
Passwd crack introductionChia-Hao Tsai
 
Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Chia-Hao Tsai
 
Build web server
Build web serverBuild web server
Build web serverChia-Hao Tsai
 
Learn Python in 30 min - 4
Learn Python in 30 min - 4Learn Python in 30 min - 4
Learn Python in 30 min - 4Chia-Hao Tsai
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitChia-Hao Tsai
 
Learn python 1
Learn python 1Learn python 1
Learn python 1Chia-Hao Tsai
 
ELF 101
ELF 101ELF 101
ELF 101Chia-Hao Tsai
 

Recommended

Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Security coding c and c++ ch8 (1)
Security coding c and c++ ch8 (1)Chia-Hao Tsai
 
Passwd crack introduction
Passwd crack introductionPasswd crack introduction
Passwd crack introductionChia-Hao Tsai
 
Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Security coding c and c++ ch8(2)
Security coding c and c++ ch8(2)Chia-Hao Tsai
 
Build web server
Build web serverBuild web server
Build web serverChia-Hao Tsai
 
Learn Python in 30 min - 4
Learn Python in 30 min - 4Learn Python in 30 min - 4
Learn Python in 30 min - 4Chia-Hao Tsai
 
Rootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitRootkit 102 - Kernel-Based Rootkit
Rootkit 102 - Kernel-Based RootkitChia-Hao Tsai
 
Learn python 1
Learn python 1Learn python 1
Learn python 1Chia-Hao Tsai
 
ELF 101
ELF 101ELF 101
ELF 101Chia-Hao Tsai
 
Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreantsBrandon Levene
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Crawler
CrawlerCrawler
Crawlerhackstuff
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopFastly
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPierre BERTRAND
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderAltinity Ltd
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows Ron Munitz
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)Javier Junquera
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 
[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001Chia-Hao Tsai
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - ormChia-Hao Tsai
 

More Related Content

Similar to HoneyCon 2014

Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing DevelopmentCTruncer
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.Leszek Mi?
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012Detectify
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopFastly
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPierre BERTRAND
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busbyDavid Busby, CISSP
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderAltinity Ltd
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows Ron Munitz
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)Javier Junquera
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
 
On hacking & security
On hacking & security On hacking & security
On hacking & security Ange Albertini
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)Phillip Maddux
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAbhinav Mishra
 

Similar to HoneyCon 2014 (20)

Pen Testing Development
Pen Testing DevelopmentPen Testing Development
Pen Testing Development
 
Unmasking miscreants
Unmasking miscreantsUnmasking miscreants
Unmasking miscreants
 
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
May The Data Stay with U! Network Data Exfiltration Techniques - Brucon 2017.
 
Hyper Island - 2012
Hyper Island - 2012Hyper Island - 2012
Hyper Island - 2012
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
Crawler
CrawlerCrawler
Crawler
 
Altitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation WorkshopAltitude San Francisco 2018: HTTP Invalidation Workshop
Altitude San Francisco 2018: HTTP Invalidation Workshop
 
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIPPlaylist preprogramming, from (almost) nothing to something cool, ASKIP
Playlist preprogramming, from (almost) nothing to something cool, ASKIP
 
Ple18 web-security-david-busby
Ple18 web-security-david-busbyPle18 web-security-david-busby
Ple18 web-security-david-busby
 
Mux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founderMux loves Clickhouse. By Adam Brown, Mux founder
Mux loves Clickhouse. By Adam Brown, Mux founder
 
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)TSC Summit #4 - Howto get browser persitence and remote execution (JS)
TSC Summit #4 - Howto get browser persitence and remote execution (JS)
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
 
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock
 
On hacking & security
On hacking & security On hacking & security
On hacking & security
 
HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)HoneyPy & HoneyDB (CarolinaCon 13)
HoneyPy & HoneyDB (CarolinaCon 13)
 
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi ChapterAndroid "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
Android "Fight Club" : In pursuit of APPiness -- null Humla Delhi Chapter
 

More from Chia-Hao Tsai

[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001Chia-Hao Tsai
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - ormChia-Hao Tsai
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301Chia-Hao Tsai
 
[2018.12.15] hst python object 102
[2018.12.15] hst python object 102[2018.12.15] hst python object 102
[2018.12.15] hst python object 102Chia-Hao Tsai
 
[2018.11.16] Python Object 101
[2018.11.16] Python Object 101[2018.11.16] Python Object 101
[2018.11.16] Python Object 101Chia-Hao Tsai
 
[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1Chia-Hao Tsai
 
Rootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionRootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionChia-Hao Tsai
 
Learn python in 30 min - 3
Learn python in 30 min - 3Learn python in 30 min - 3
Learn python in 30 min - 3Chia-Hao Tsai
 
Learn python 2 - Real World Case
Learn python 2 - Real World CaseLearn python 2 - Real World Case
Learn python 2 - Real World CaseChia-Hao Tsai
 

More from Chia-Hao Tsai (11)

[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001[2019.05] HST - RegEx 101 ~ 1001
[2019.05] HST - RegEx 101 ~ 1001
 
[2019.02.16] hst - orm
[2019.02.16] hst - orm[2019.02.16] hst - orm
[2019.02.16] hst - orm
 
[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301[2019.01.12] hst iptables 101 to 301
[2019.01.12] hst iptables 101 to 301
 
[2018.12.15] hst python object 102
[2018.12.15] hst python object 102[2018.12.15] hst python object 102
[2018.12.15] hst python object 102
 
[2018.11.16] Python Object 101
[2018.11.16] Python Object 101[2018.11.16] Python Object 101
[2018.11.16] Python Object 101
 
[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1[2017.03.18] hst binary training part 1
[2017.03.18] hst binary training part 1
 
Rootkit 101 - 2nd Edition
Rootkit 101 - 2nd EditionRootkit 101 - 2nd Edition
Rootkit 101 - 2nd Edition
 
Maker - WiFi AP
Maker - WiFi APMaker - WiFi AP
Maker - WiFi AP
 
Learn python in 30 min - 3
Learn python in 30 min - 3Learn python in 30 min - 3
Learn python in 30 min - 3
 
Learn python 2 - Real World Case
Learn python 2 - Real World CaseLearn python 2 - Real World Case
Learn python 2 - Real World Case
 
Rootkit tw(0224)
Rootkit tw(0224)Rootkit tw(0224)
Rootkit tw(0224)
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

HoneyCon 2014

  • 2. Outline ● Ask questions any time ● HoneyCon Agenda ● CTF Time
  • 3. The INFORMATION contained in this slide are generated by random alphanumeric and the images are randomly selected from web.
  • 5. Attack Event ● Past ○ ATM 變彈珠台 ○ Web ATM Vulnerability [2] ○ Website hacked [3] ○ Spam ○ Home router as botnet [4] ○ APT on government [5]
  • 6. Attack Event (cont’d) ● Current ○ APT ○ Hack as a Service [6] ○ Mobile Hacking [7] ○ Heartbleed [8] ○ Orphan (DNS / NTP) Server ○ IOT Hacking
  • 7. SPAM ● The email which you did not want it ○ Random generate ○ APT ● Spam contains ○ Phishing link ○ Malware ○ CryptoLocker [10] ○ ...
  • 8. SPAM + Exploit ● So receive spam have no danger if I… ○ Not download the attachment? ○ Not click the link? ● Exploit on Reception Software ○ Malicious webpage ○ document preview ○ ...
  • 9. DDoS ● Past ○ Ping to Death ○ SYN Flood ○ TearDrop Attack ○ Slow I/O Attack ○ … ● Design issue on program / protocol
  • 10. DDoS ● Current ○ Reflected attack ○ GSM ○ LOIC (低軌道離子砲) ○ SPAM ● Attack target ○ Bandwidth / Infrastructure / Service
  • 11. DDoS + DNS / NTP ● 七傷拳 ○ I DDoS U === U DDoS I ● 放大攻擊 (Reflection) ○ GET request => Full webpage ○ DNS request => DNS response ○ ...
  • 12. Avoid DDoS ● Illusory ○ High-End firewall ○ ISP ○ Lots of backends ● Hacker always attack the weakness ○ Load balancer / Proxy Server / DNS Server / ...
  • 13. Hard to Avoid DDoS ● Pattern matching ○ Not immediately respond ○ How about simulate general user ○ Variant is easy ● Total solution ○ 鎖國政策? ○ ISP?
  • 14. HoneyPot ● A trap set to detect an unauthorized user. ○ 蜜罐 / 誘捕系統 ○ A logging system based on full / simulation system ● Concept ○ Assume should be hacked ○ Logging ○ Analysis
  • 15. HoneyPot (cont’d) ● Low-interaction ○ Dionae / HoneyD / Kippo / Glastopf / Conpot ● High-interaction ○ Honeypot / Sebek ● Real Honeypot ○ HonEeeBox ○ Raspberry PI (潮)
  • 16. HoneyPot + Analysis ● SPAM ○ Register a never used mail domain ○ Receive mail => SPAM which send to random addr ● SandBox ○ Simulate human behavior ○ Analysis the system status
  • 17. HoneyPot + Analysis ● HoneyPot always be hacked ○ Too many events ○ Hard to analysis by trace the log one-by-one ● Visualization ○ 潮
  • 19. ● Capture the Flag ○ Problem solve ○ Put flat on the website ○ Protect your server ● Under the rule ○ you can do anything… What’s CTF
  • 20. HoneyCon - CTF Rules 1. Honeycon2014 會 議 期 間 參 賽 隊 伍 可 隨 時 連 線 至 WarGame主機參賽。 2. 參賽者必需維持所守護主機的網頁服務正常運作,並對外 公開服務。 3. 刻意的D[D]oS行為將被取消比賽資格。 4. 任何防礙遊戲進行之行為,將被取消比賽資格。 5. 攻防行為僅限於WarGame環境中進行。 6. 遊戲中會有GM一同參與。 7. 遊戲中可能會有中毒的風險。 8. 獲獎隊伍需進行技術分享。
  • 21. Why CTF ● Practice as a hacker in legal way ● Simulate how hacker to attack ● Defence hacker
  • 22. How CTF ● In the open network ○ On-line ○ Give a hink (IP address with service / binary) ○ Find the flag ● In the closed network ○ Non-limit ○ All device in subnet can be hacked
  • 23. PenTest Flow ● Social Engineering ● Scan by nmap [9] (DDoS…) ● Choice one target / service ○ Web / SSH / SMB / FTP / UPnP / IRC / ... ● Hacking
  • 24.
  • 25. Reference 1. http://www.honeynet.org/ 2. http://www.i-security.tw/learn/tips_content.asp?Tid=134 3. http://www.zone-h.org/archive 4. http://hexus.net/tech/news/network/61245-easy-exploit-backdoor- found-several-d-link-router-models/ 5. http://techorange.com/2013/07/30/9th-hitcon-are-we-the-loser-in- the-cyber-war/ 6. https://blog.damballa.com/archives/330 7. http://www.ewdna.com/2014/05/phishing.html 8. http://www.ithome.com.tw/special_report/heartbleed 9. http://nmap.org/ 10. http://www.ithome.com.tw/node/83226
  • 26. Thanks for your attention Q&A