Six Myths about Ontologies: The Basics of Formal Ontology
Â
RSA vs Hacker
1. Gli hacker sono ovunque intorno
a noi, ma le persone non lo sanno.
Ancora.
Alessio L.R. Pennasilico
mayhem@alba.st RSA Security vs Ethical Hacker
Linkedin, twitter: mayhemspp Milano, 11 Settembre 2012
Facebook: alessio.pennasilico
2. Alessio L.R. Pennasilico
Security Evangelist @
Members of:
Associazione Informatici Professionisti, CLUSIT, OPSI/AIP
Associazione Italiana Professionisti Sicurezza Informatica
Italian Linux Society, Sikurezza.org, Hackerâs Profiling Project
Spippolatori.org, IISFA, Metro Olografix, CrISTAL
!
Alessio L.R. Pennasilico mayhem@alba.st 2
3. Disclaimer #1
Sono personalmente responsabile
di tutto quel che dirò,
che rappresenta la mia opinione
e la mia soltanto
Alessio L.R. Pennasilico mayhem@alba.st 3
4. Disclaimer #2
Donât try
this at home!
Lâuso di alcune
delle tecniche
descritte su
sistemi altrui
comporta
lâarresto...
Alessio L.R. Pennasilico mayhem@alba.st 4
5. Jargon ďŹle
hacker: n.
1. A person who enjoys exploring the details of
programmable systems and how to stretch their
capabilities, as opposed to most users, who prefer to
learn only the minimum necessary. RFC1392, the Internet
Users' Glossary, usefully ampliďŹes this as: A person who
delights in having an intimate understanding of the
internal workings of a system, computers and computer
networks in particular.
Alessio L.R. Pennasilico mayhem@alba.st 5
6. Il vero lockpicker
Costruisce
Impara
Capisce
Alessio L.R. Pennasilico mayhem@alba.st 6
9. Identity theft
Solo un furto di denaro?
Alessio L.R. Pennasilico mayhem@alba.st 9
10. Uno scherzo?
Danni economici
Danni di immagine
Ripercussioni sul credito
DifďŹcile da dimostrare
Strascichi lunghissimi
Alessio L.R. Pennasilico mayhem@alba.st 10
11. FB from hackers perspective
âThe social reconnaissance enabled us to identify
1402 employees 906 of which used facebook.â
[âŚ]
âWe also populated the proďŹle with information
about our experiences at work by using
combined stories that we collected from real
employee facebook proďŹles.â
http://snosoft.blogspot.com/2009/02/facebook-from-hackers-perspective.html
Alessio L.R. Pennasilico mayhem@alba.st 11
12. FB from hackers perspective
âUpon completion we joined our customer's
facebook group. Joining wasn't an issue and our
request was approved in a matter of hours.
Within twenty minutes of being accepted as
group members, legitimate customer employees
began requesting our friendship. [âŚ] Our friends
list grew very quickly and included managers,
executives, secretaries, interns, and even
contractors.â
Alessio L.R. Pennasilico mayhem@alba.st 12
13. FB from hackers perspective
âWe used those credentials to access the web-
vpn which in turn gave us access to the network.
As it turns out those credentials also allowed us
to access the majority of systems on the network
including the Active Directory server, the
mainframe, pump control systems, the checkpoint
ďŹrewall console, etc.â
Alessio L.R. Pennasilico mayhem@alba.st 13
28. Aircrack
Is an 802.11 WEP and WPA-PSK keys cracking
program that can recover keys once enough data
packets have been captured.
Alessio L.R. Pennasilico mayhem@alba.st 28
30. Dove si usa il WiFi?
Alessio L.R. Pennasilico mayhem@alba.st 30
31. Incidenti
Vitek Boden, in 2000, was arrested, convicted and
jailed because he released millions of liters of
untreated sewage using his wireless laptop. It
happened in Maroochy Shire, Queensland, may be
as a revenge against his last former employer.
http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/
Alessio L.R. Pennasilico mayhem@alba.st 31
32. Non usare il WiFi?
La tecnologia WiFi permette di essere sicura
Eâ necessaria una corretta analisi iniziale
Eâ necessaria una corretta implementazione
Un errore può avere conseguenze
eccessivamente gravose...
Alessio L.R. Pennasilico mayhem@alba.st 32
36. Il problema tempo
Critical Zone
Window of
Exposure
Exploit Applied Patch
Vulnerability Patch
Alessio L.R. Pennasilico mayhem@alba.st 36
37. WoE
La window of exposure si riduce
Il time2market degli exploit diminuisce
Il numero di host compromessi aumenta
Alessio L.R. Pennasilico mayhem@alba.st 37
38. In the wild
Esiste un complesso sottobosco con un
attivissimo mercato nero di exploit scambiati tra
amici / cr3w
Alessio L.R. Pennasilico mayhem@alba.st 38
39. 0day
Oggi hanno sempre piĂš valore:
vengono acquistati dai vendor
vengono acquistati dai security vendor
Alessio L.R. Pennasilico mayhem@alba.st 39
40. 0day 2012
Le applicazioni sono piĂš mature
Le competenze sono aumentate
Lâorganizzazione è migliorata
Alessio L.R. Pennasilico mayhem@alba.st 40
41. 0day
âa remote ssh root shell, nowadays,
is a dead dreamâ
anonymous researcher, 2007
Alessio L.R. Pennasilico mayhem@alba.st 41
45. USB Case
Unâazienda commissiona un PenTest.
Gli attaccanti spargono chiavette contenenti
malware scritto appositamente nei dintorni
dellâazienda.
I dati degli impiegati iniziano subito ad arrivare.
Alessio L.R. Pennasilico mayhem@alba.st 45
47. XSS
AfďŹigge siti web con scarso controllo di variabili
derivate da input dell'utente. Permette di inserire
codice a livello browser al ďŹne di modiďŹcare il
codice sorgente della pagina web visitata. In
questo modo un cracker può tentare di
recuperare dati sensibili quali cookies.
Alessio L.R. Pennasilico mayhem@alba.st 47
48. SQL Injection
Sfrutta la non normalizzazione dellâinput
aâ OR â1â=â1
Alessio L.R. Pennasilico mayhem@alba.st 48
50. SQLninja
Its main goal is to provide a remote shell on the
vulnerable DB server, even in a very hostile
environment. It should be used by penetration
testers to help and automate the process of
taking over a DB Server when a SQL Injection
vulnerability has been discovered.
Alessio L.R. Pennasilico mayhem@alba.st 50
51. 0day
Esistono ancora, sono una minaccia
Sfruttano utenti, non servizi
Alessio L.R. Pennasilico mayhem@alba.st 51
52. Usersâ 0day
Sfruttano falle di browser, client di posta,
visualizzatori di documenti per infettare grandi
quantitĂ di macchine
Alessio L.R. Pennasilico mayhem@alba.st 52
53. Botnet
Lo scopo è creare un network
che si auto-espande
che esegue gli ordini del commander
Alessio L.R. Pennasilico mayhem@alba.st 53
60. Virtualizzazione
  CVE-2007-4496 (September 2008)
UnspeciďŹed vulnerability in [some version of
VMware] allows authenticated users with
administrative privileges on a guest operating
system to corrupt memory and possibly execute
arbitrary code on the host operating system via
unspeciďŹed vectors.
Alessio L.R. Pennasilico mayhem@alba.st 60
61. Drive-By Pharming
First, the attacker creates a web page containing
a simple piece of malicious JavaScript code. When
the page is viewed, the code makes a login
attempt into the user's home broadband router,
and then attempts to change its DNS server
settings to point to an attacker-controlled DNS
server.
Alessio L.R. Pennasilico mayhem@alba.st 61
62. SPIT
Spam over Internet Telephony
Alessio L.R. Pennasilico mayhem@alba.st 62
63. Vishing
VoIP Phishing
Alessio L.R. Pennasilico mayhem@alba.st 63
64. The Pena Case
âEdwin Andreas Pena, a 23 year old Miami resident,
was arrested by the Federal government: he was
involved in a scheme to sell discounted Internet
phone service by breaking into other Internet phone
providers and routing connections through their
networks.â
The New York Times, June 7th 2006
Alessio L.R. Pennasilico mayhem@alba.st 64
65. Robert Moore
"It's so easy a
caveman can do it!"
âI'd say 85% of them were misconďŹgured
routers. They had the default passwords on
them: you would not believe the number of
routers that had 'admin' or 'Cisco0' as
passwords on themâ.
Alessio L.R. Pennasilico mayhem@alba.st 65
67. Hydra
mayhem@coniglio:~$
 hydra
 -ÂâL
 uid.txt
 -ÂâP
 pwd.txt
 /
 127.0.0.1
 ftp
 -Ââf
Hydra
 v4.1
 (c)
 2004
 by
 van
 Hauser
 /
 THC
use
 allowed
 only
 for
 legal
 purposes.
Hydra
 (http://www.thc.org)
 starting
 at
 2004-Ââ06-Ââ26
 13:21:37
[DATA]
 16
 tasks,
 1
 servers,
 132
 login
 tries
 (l:12/p:11),
 ~8
 tries
 per
Â
task
[DATA]
 attacking
 service
 ftp
 on
 port
 21
[21][ftp]
 host:
 127.0.0.1
Â
Â
 login:
 luser
Â
Â
 password:
 pippo
[STATUS]
 attack
 finished
 for
 127.0.0.1
 (valid
 pair
 found)
Hydra
 (http://www.thc.org)
 finished
 at
 2004-Ââ06-Ââ26
 13:21:44
Alessio L.R. Pennasilico mayhem@alba.st 67
68. QoS Theft
Furto del Quality of Service
Maggior prioritĂ al trafďŹco di applicazioni non
autorizzate
Alessio L.R. Pennasilico mayhem@alba.st 68
69. VoipHopper
"VoIP Hopper is the answer to all VoIP solution
providers who make people believe that VLANS
is all you need to secure VoIP"
Sachin Joglekar, Sipera VIPER Lab
Alessio L.R. Pennasilico mayhem@alba.st 69
74. Conclusioni
Il mercato evolve
Le tecnologie evolvono
Le minacce evolvono
La sicurezza deve evolvere
Alessio L.R. Pennasilico mayhem@alba.st 74
75. These slides are
written by Alessio L.R.
Grazie per lâattenzione!
Pennasilico aka
mayhem. They are
subjected to Creative
Commons Attribution-
ShareAlike-2.5
version; you can copy,
modify, or sell them.
âPleaseâ cite your
source and use the
same licence :)
Domande?
Alessio L.R. Pennasilico
mayhem@alba.st RSA Security vs Ethical Hacker
Linkedin, twitter: mayhemspp Milano, 11 Settembre 2012
Facebook: alessio.pennasilico